summaryrefslogtreecommitdiff
path: root/security/nss/cmd/lib
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/cmd/lib')
-rw-r--r--security/nss/cmd/lib/Makefile82
-rw-r--r--security/nss/cmd/lib/NSPRerrs.h153
-rw-r--r--security/nss/cmd/lib/SECerrs.h557
-rw-r--r--security/nss/cmd/lib/SSLerrs.h392
-rw-r--r--security/nss/cmd/lib/berparse.c407
-rw-r--r--security/nss/cmd/lib/config.mk47
-rw-r--r--security/nss/cmd/lib/derprint.c622
-rw-r--r--security/nss/cmd/lib/ffs.c51
-rw-r--r--security/nss/cmd/lib/manifest.mn65
-rw-r--r--security/nss/cmd/lib/moreoids.c180
-rw-r--r--security/nss/cmd/lib/pk11table.c1449
-rw-r--r--security/nss/cmd/lib/pk11table.h212
-rw-r--r--security/nss/cmd/lib/pppolicy.c299
-rw-r--r--security/nss/cmd/lib/secerror.c110
-rw-r--r--security/nss/cmd/lib/secpwd.c199
-rw-r--r--security/nss/cmd/lib/secutil.c4116
-rw-r--r--security/nss/cmd/lib/secutil.h460
17 files changed, 0 insertions, 9401 deletions
diff --git a/security/nss/cmd/lib/Makefile b/security/nss/cmd/lib/Makefile
deleted file mode 100644
index 54ef29fdf..000000000
--- a/security/nss/cmd/lib/Makefile
+++ /dev/null
@@ -1,82 +0,0 @@
-#! gmake
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include config.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-export:: private_export
-
-$(OBJDIR)/secerror$(OBJ_SUFFIX): NSPRerrs.h SECerrs.h SSLerrs.h
-
diff --git a/security/nss/cmd/lib/NSPRerrs.h b/security/nss/cmd/lib/NSPRerrs.h
deleted file mode 100644
index b11169847..000000000
--- a/security/nss/cmd/lib/NSPRerrs.h
+++ /dev/null
@@ -1,153 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* General NSPR 2.0 errors */
-/* Caller must #include "prerror.h" */
-
-ER2( PR_OUT_OF_MEMORY_ERROR, "Memory allocation attempt failed." )
-ER2( PR_BAD_DESCRIPTOR_ERROR, "Invalid file descriptor." )
-ER2( PR_WOULD_BLOCK_ERROR, "The operation would have blocked." )
-ER2( PR_ACCESS_FAULT_ERROR, "Invalid memory address argument." )
-ER2( PR_INVALID_METHOD_ERROR, "Invalid function for file type." )
-ER2( PR_ILLEGAL_ACCESS_ERROR, "Invalid memory address argument." )
-ER2( PR_UNKNOWN_ERROR, "Some unknown error has occurred." )
-ER2( PR_PENDING_INTERRUPT_ERROR,"Operation interrupted by another thread." )
-ER2( PR_NOT_IMPLEMENTED_ERROR, "function not implemented." )
-ER2( PR_IO_ERROR, "I/O function error." )
-ER2( PR_IO_TIMEOUT_ERROR, "I/O operation timed out." )
-ER2( PR_IO_PENDING_ERROR, "I/O operation on busy file descriptor." )
-ER2( PR_DIRECTORY_OPEN_ERROR, "The directory could not be opened." )
-ER2( PR_INVALID_ARGUMENT_ERROR, "Invalid function argument." )
-ER2( PR_ADDRESS_NOT_AVAILABLE_ERROR, "Network address not available (in use?)." )
-ER2( PR_ADDRESS_NOT_SUPPORTED_ERROR, "Network address type not supported." )
-ER2( PR_IS_CONNECTED_ERROR, "Already connected." )
-ER2( PR_BAD_ADDRESS_ERROR, "Network address is invalid." )
-ER2( PR_ADDRESS_IN_USE_ERROR, "Local Network address is in use." )
-ER2( PR_CONNECT_REFUSED_ERROR, "Connection refused by peer." )
-ER2( PR_NETWORK_UNREACHABLE_ERROR, "Network address is presently unreachable." )
-ER2( PR_CONNECT_TIMEOUT_ERROR, "Connection attempt timed out." )
-ER2( PR_NOT_CONNECTED_ERROR, "Network file descriptor is not connected." )
-ER2( PR_LOAD_LIBRARY_ERROR, "Failure to load dynamic library." )
-ER2( PR_UNLOAD_LIBRARY_ERROR, "Failure to unload dynamic library." )
-ER2( PR_FIND_SYMBOL_ERROR,
-"Symbol not found in any of the loaded dynamic libraries." )
-ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." )
-ER2( PR_DIRECTORY_LOOKUP_ERROR,
-"A directory lookup on a network address has failed." )
-ER2( PR_TPD_RANGE_ERROR,
-"Attempt to access a TPD key that is out of range." )
-ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." )
-ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." )
-ER2( PR_NOT_SOCKET_ERROR,
-"Network operation attempted on non-network file descriptor." )
-ER2( PR_NOT_TCP_SOCKET_ERROR,
-"TCP-specific function attempted on a non-TCP file descriptor." )
-ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." )
-ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." )
-ER2( PR_OPERATION_NOT_SUPPORTED_ERROR,
-"The requested operation is not supported by the platform." )
-ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR,
-"The host operating system does not support the protocol requested." )
-ER2( PR_REMOTE_FILE_ERROR, "Access to the remote file has been severed." )
-ER2( PR_BUFFER_OVERFLOW_ERROR,
-"The value requested is too large to be stored in the data buffer provided." )
-ER2( PR_CONNECT_RESET_ERROR, "TCP connection reset by peer." )
-ER2( PR_RANGE_ERROR, "Unused." )
-ER2( PR_DEADLOCK_ERROR, "The operation would have deadlocked." )
-ER2( PR_FILE_IS_LOCKED_ERROR, "The file is already locked." )
-ER2( PR_FILE_TOO_BIG_ERROR,
-"Write would result in file larger than the system allows." )
-ER2( PR_NO_DEVICE_SPACE_ERROR, "The device for storing the file is full." )
-ER2( PR_PIPE_ERROR, "Unused." )
-ER2( PR_NO_SEEK_DEVICE_ERROR, "Unused." )
-ER2( PR_IS_DIRECTORY_ERROR,
-"Cannot perform a normal file operation on a directory." )
-ER2( PR_LOOP_ERROR, "Symbolic link loop." )
-ER2( PR_NAME_TOO_LONG_ERROR, "File name is too long." )
-ER2( PR_FILE_NOT_FOUND_ERROR, "File not found." )
-ER2( PR_NOT_DIRECTORY_ERROR,
-"Cannot perform directory operation on a normal file." )
-ER2( PR_READ_ONLY_FILESYSTEM_ERROR,
-"Cannot write to a read-only file system." )
-ER2( PR_DIRECTORY_NOT_EMPTY_ERROR,
-"Cannot delete a directory that is not empty." )
-ER2( PR_FILESYSTEM_MOUNTED_ERROR,
-"Cannot delete or rename a file object while the file system is busy." )
-ER2( PR_NOT_SAME_DEVICE_ERROR,
-"Cannot rename a file to a file system on another device." )
-ER2( PR_DIRECTORY_CORRUPTED_ERROR,
-"The directory object in the file system is corrupted." )
-ER2( PR_FILE_EXISTS_ERROR,
-"Cannot create or rename a filename that already exists." )
-ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR,
-"Directory is full. No additional filenames may be added." )
-ER2( PR_INVALID_DEVICE_STATE_ERROR,
-"The required device was in an invalid state." )
-ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." )
-ER2( PR_NO_MORE_FILES_ERROR, "No more entries in the directory." )
-ER2( PR_END_OF_FILE_ERROR, "Encountered end of file." )
-ER2( PR_FILE_SEEK_ERROR, "Seek error." )
-ER2( PR_FILE_IS_BUSY_ERROR, "The file is busy." )
-ER2( PR_IN_PROGRESS_ERROR,
-"Operation is still in progress (probably a non-blocking connect)." )
-ER2( PR_ALREADY_INITIATED_ERROR,
-"Operation has already been initiated (probably a non-blocking connect)." )
-
-#ifdef PR_GROUP_EMPTY_ERROR
-ER2( PR_GROUP_EMPTY_ERROR, "The wait group is empty." )
-#endif
-
-#ifdef PR_INVALID_STATE_ERROR
-ER2( PR_INVALID_STATE_ERROR, "Object state improper for request." )
-#endif
-
-#ifdef PR_NETWORK_DOWN_ERROR
-ER2( PR_NETWORK_DOWN_ERROR, "Network is down." )
-#endif
-
-#ifdef PR_SOCKET_SHUTDOWN_ERROR
-ER2( PR_SOCKET_SHUTDOWN_ERROR, "The socket was previously shut down." )
-#endif
-
-#ifdef PR_CONNECT_ABORTED_ERROR
-ER2( PR_CONNECT_ABORTED_ERROR, "TCP Connection aborted." )
-#endif
-
-#ifdef PR_HOST_UNREACHABLE_ERROR
-ER2( PR_HOST_UNREACHABLE_ERROR, "Host is unreachable." )
-#endif
-
-/* always last */
-ER2( PR_MAX_ERROR, "Placeholder for the end of the list" )
diff --git a/security/nss/cmd/lib/SECerrs.h b/security/nss/cmd/lib/SECerrs.h
deleted file mode 100644
index de81429b4..000000000
--- a/security/nss/cmd/lib/SECerrs.h
+++ /dev/null
@@ -1,557 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/* General security error codes */
-/* Caller must #include "secerr.h" */
-
-ER3(SEC_ERROR_IO, SEC_ERROR_BASE + 0,
-"An I/O error occurred during security authorization.")
-
-ER3(SEC_ERROR_LIBRARY_FAILURE, SEC_ERROR_BASE + 1,
-"security library failure.")
-
-ER3(SEC_ERROR_BAD_DATA, SEC_ERROR_BASE + 2,
-"security library: received bad data.")
-
-ER3(SEC_ERROR_OUTPUT_LEN, SEC_ERROR_BASE + 3,
-"security library: output length error.")
-
-ER3(SEC_ERROR_INPUT_LEN, SEC_ERROR_BASE + 4,
-"security library has experienced an input length error.")
-
-ER3(SEC_ERROR_INVALID_ARGS, SEC_ERROR_BASE + 5,
-"security library: invalid arguments.")
-
-ER3(SEC_ERROR_INVALID_ALGORITHM, SEC_ERROR_BASE + 6,
-"security library: invalid algorithm.")
-
-ER3(SEC_ERROR_INVALID_AVA, SEC_ERROR_BASE + 7,
-"security library: invalid AVA.")
-
-ER3(SEC_ERROR_INVALID_TIME, SEC_ERROR_BASE + 8,
-"Improperly formatted time string.")
-
-ER3(SEC_ERROR_BAD_DER, SEC_ERROR_BASE + 9,
-"security library: improperly formatted DER-encoded message.")
-
-ER3(SEC_ERROR_BAD_SIGNATURE, SEC_ERROR_BASE + 10,
-"Peer's certificate has an invalid signature.")
-
-ER3(SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_BASE + 11,
-"Peer's Certificate has expired.")
-
-ER3(SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_BASE + 12,
-"Peer's Certificate has been revoked.")
-
-ER3(SEC_ERROR_UNKNOWN_ISSUER, SEC_ERROR_BASE + 13,
-"Peer's Certificate issuer is not recognized.")
-
-ER3(SEC_ERROR_BAD_KEY, SEC_ERROR_BASE + 14,
-"Peer's public key is invalid.")
-
-ER3(SEC_ERROR_BAD_PASSWORD, SEC_ERROR_BASE + 15,
-"The security password entered is incorrect.")
-
-ER3(SEC_ERROR_RETRY_PASSWORD, SEC_ERROR_BASE + 16,
-"New password entered incorrectly. Please try again.")
-
-ER3(SEC_ERROR_NO_NODELOCK, SEC_ERROR_BASE + 17,
-"security library: no nodelock.")
-
-ER3(SEC_ERROR_BAD_DATABASE, SEC_ERROR_BASE + 18,
-"security library: bad database.")
-
-ER3(SEC_ERROR_NO_MEMORY, SEC_ERROR_BASE + 19,
-"security library: memory allocation failure.")
-
-ER3(SEC_ERROR_UNTRUSTED_ISSUER, SEC_ERROR_BASE + 20,
-"Peer's certificate issuer has been marked as not trusted by the user.")
-
-ER3(SEC_ERROR_UNTRUSTED_CERT, SEC_ERROR_BASE + 21,
-"Peer's certificate has been marked as not trusted by the user.")
-
-ER3(SEC_ERROR_DUPLICATE_CERT, (SEC_ERROR_BASE + 22),
-"Certificate already exists in your database.")
-
-ER3(SEC_ERROR_DUPLICATE_CERT_NAME, (SEC_ERROR_BASE + 23),
-"Downloaded certificate's name duplicates one already in your database.")
-
-ER3(SEC_ERROR_ADDING_CERT, (SEC_ERROR_BASE + 24),
-"Error adding certificate to database.")
-
-ER3(SEC_ERROR_FILING_KEY, (SEC_ERROR_BASE + 25),
-"Error refiling the key for this certificate.")
-
-ER3(SEC_ERROR_NO_KEY, (SEC_ERROR_BASE + 26),
-"The private key for this certificate cannot be found in key database")
-
-ER3(SEC_ERROR_CERT_VALID, (SEC_ERROR_BASE + 27),
-"This certificate is valid.")
-
-ER3(SEC_ERROR_CERT_NOT_VALID, (SEC_ERROR_BASE + 28),
-"This certificate is not valid.")
-
-ER3(SEC_ERROR_CERT_NO_RESPONSE, (SEC_ERROR_BASE + 29),
-"Cert Library: No Response")
-
-ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, (SEC_ERROR_BASE + 30),
-"The certificate issuer's certificate has expired. Check your system date and time.")
-
-ER3(SEC_ERROR_CRL_EXPIRED, (SEC_ERROR_BASE + 31),
-"The CRL for the certificate's issuer has expired. Update it or check your system date and time.")
-
-ER3(SEC_ERROR_CRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 32),
-"The CRL for the certificate's issuer has an invalid signature.")
-
-ER3(SEC_ERROR_CRL_INVALID, (SEC_ERROR_BASE + 33),
-"New CRL has an invalid format.")
-
-ER3(SEC_ERROR_EXTENSION_VALUE_INVALID, (SEC_ERROR_BASE + 34),
-"Certificate extension value is invalid.")
-
-ER3(SEC_ERROR_EXTENSION_NOT_FOUND, (SEC_ERROR_BASE + 35),
-"Certificate extension not found.")
-
-ER3(SEC_ERROR_CA_CERT_INVALID, (SEC_ERROR_BASE + 36),
-"Issuer certificate is invalid.")
-
-ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID, (SEC_ERROR_BASE + 37),
-"Certificate path length constraint is invalid.")
-
-ER3(SEC_ERROR_CERT_USAGES_INVALID, (SEC_ERROR_BASE + 38),
-"Certificate usages field is invalid.")
-
-ER3(SEC_INTERNAL_ONLY, (SEC_ERROR_BASE + 39),
-"**Internal ONLY module**")
-
-ER3(SEC_ERROR_INVALID_KEY, (SEC_ERROR_BASE + 40),
-"The key does not support the requested operation.")
-
-ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 41),
-"Certificate contains unknown critical extension.")
-
-ER3(SEC_ERROR_OLD_CRL, (SEC_ERROR_BASE + 42),
-"New CRL is not later than the current one.")
-
-ER3(SEC_ERROR_NO_EMAIL_CERT, (SEC_ERROR_BASE + 43),
-"Not encrypted or signed: you do not yet have an email certificate.")
-
-ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY, (SEC_ERROR_BASE + 44),
-"Not encrypted: you do not have certificates for each of the recipients.")
-
-ER3(SEC_ERROR_NOT_A_RECIPIENT, (SEC_ERROR_BASE + 45),
-"Cannot decrypt: you are not a recipient, or matching certificate and \
-private key not found.")
-
-ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH, (SEC_ERROR_BASE + 46),
-"Cannot decrypt: key encryption algorithm does not match your certificate.")
-
-ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE, (SEC_ERROR_BASE + 47),
-"Signature verification failed: no signer found, too many signers found, \
-or improper or corrupted data.")
-
-ER3(SEC_ERROR_UNSUPPORTED_KEYALG, (SEC_ERROR_BASE + 48),
-"Unsupported or unknown key algorithm.")
-
-ER3(SEC_ERROR_DECRYPTION_DISALLOWED, (SEC_ERROR_BASE + 49),
-"Cannot decrypt: encrypted using a disallowed algorithm or key size.")
-
-
-/* Fortezza Alerts */
-ER3(XP_SEC_FORTEZZA_BAD_CARD, (SEC_ERROR_BASE + 50),
-"Fortezza card has not been properly initialized. \
-Please remove it and return it to your issuer.")
-
-ER3(XP_SEC_FORTEZZA_NO_CARD, (SEC_ERROR_BASE + 51),
-"No Fortezza cards Found")
-
-ER3(XP_SEC_FORTEZZA_NONE_SELECTED, (SEC_ERROR_BASE + 52),
-"No Fortezza card selected")
-
-ER3(XP_SEC_FORTEZZA_MORE_INFO, (SEC_ERROR_BASE + 53),
-"Please select a personality to get more info on")
-
-ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND, (SEC_ERROR_BASE + 54),
-"Personality not found")
-
-ER3(XP_SEC_FORTEZZA_NO_MORE_INFO, (SEC_ERROR_BASE + 55),
-"No more information on that Personality")
-
-ER3(XP_SEC_FORTEZZA_BAD_PIN, (SEC_ERROR_BASE + 56),
-"Invalid Pin")
-
-ER3(XP_SEC_FORTEZZA_PERSON_ERROR, (SEC_ERROR_BASE + 57),
-"Couldn't initialize Fortezza personalities.")
-/* end fortezza alerts. */
-
-ER3(SEC_ERROR_NO_KRL, (SEC_ERROR_BASE + 58),
-"No KRL for this site's certificate has been found.")
-
-ER3(SEC_ERROR_KRL_EXPIRED, (SEC_ERROR_BASE + 59),
-"The KRL for this site's certificate has expired.")
-
-ER3(SEC_ERROR_KRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 60),
-"The KRL for this site's certificate has an invalid signature.")
-
-ER3(SEC_ERROR_REVOKED_KEY, (SEC_ERROR_BASE + 61),
-"The key for this site's certificate has been revoked.")
-
-ER3(SEC_ERROR_KRL_INVALID, (SEC_ERROR_BASE + 62),
-"New KRL has an invalid format.")
-
-ER3(SEC_ERROR_NEED_RANDOM, (SEC_ERROR_BASE + 63),
-"security library: need random data.")
-
-ER3(SEC_ERROR_NO_MODULE, (SEC_ERROR_BASE + 64),
-"security library: no security module can perform the requested operation.")
-
-ER3(SEC_ERROR_NO_TOKEN, (SEC_ERROR_BASE + 65),
-"The security card or token does not exist, needs to be initialized, or has been removed.")
-
-ER3(SEC_ERROR_READ_ONLY, (SEC_ERROR_BASE + 66),
-"security library: read-only database.")
-
-ER3(SEC_ERROR_NO_SLOT_SELECTED, (SEC_ERROR_BASE + 67),
-"No slot or token was selected.")
-
-ER3(SEC_ERROR_CERT_NICKNAME_COLLISION, (SEC_ERROR_BASE + 68),
-"A certificate with the same nickname already exists.")
-
-ER3(SEC_ERROR_KEY_NICKNAME_COLLISION, (SEC_ERROR_BASE + 69),
-"A key with the same nickname already exists.")
-
-ER3(SEC_ERROR_SAFE_NOT_CREATED, (SEC_ERROR_BASE + 70),
-"error while creating safe object")
-
-ER3(SEC_ERROR_BAGGAGE_NOT_CREATED, (SEC_ERROR_BASE + 71),
-"error while creating baggage object")
-
-ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR, (SEC_ERROR_BASE + 72),
-"Couldn't remove the principal")
-
-ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR, (SEC_ERROR_BASE + 73),
-"Couldn't delete the privilege")
-
-ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR, (SEC_ERROR_BASE + 74),
-"This principal doesn't have a certificate")
-
-ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM, (SEC_ERROR_BASE + 75),
-"Required algorithm is not allowed.")
-
-ER3(SEC_ERROR_EXPORTING_CERTIFICATES, (SEC_ERROR_BASE + 76),
-"Error attempting to export certificates.")
-
-ER3(SEC_ERROR_IMPORTING_CERTIFICATES, (SEC_ERROR_BASE + 77),
-"Error attempting to import certificates.")
-
-ER3(SEC_ERROR_PKCS12_DECODING_PFX, (SEC_ERROR_BASE + 78),
-"Unable to import. Decoding error. File not valid.")
-
-ER3(SEC_ERROR_PKCS12_INVALID_MAC, (SEC_ERROR_BASE + 79),
-"Unable to import. Invalid MAC. Incorrect password or corrupt file.")
-
-ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM, (SEC_ERROR_BASE + 80),
-"Unable to import. MAC algorithm not supported.")
-
-ER3(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE,(SEC_ERROR_BASE + 81),
-"Unable to import. Only password integrity and privacy modes supported.")
-
-ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE, (SEC_ERROR_BASE + 82),
-"Unable to import. File structure is corrupt.")
-
-ER3(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, (SEC_ERROR_BASE + 83),
-"Unable to import. Encryption algorithm not supported.")
-
-ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION, (SEC_ERROR_BASE + 84),
-"Unable to import. File version not supported.")
-
-ER3(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT,(SEC_ERROR_BASE + 85),
-"Unable to import. Incorrect privacy password.")
-
-ER3(SEC_ERROR_PKCS12_CERT_COLLISION, (SEC_ERROR_BASE + 86),
-"Unable to import. Same nickname already exists in database.")
-
-ER3(SEC_ERROR_USER_CANCELLED, (SEC_ERROR_BASE + 87),
-"The user pressed cancel.")
-
-ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA, (SEC_ERROR_BASE + 88),
-"Not imported, already in database.")
-
-ER3(SEC_ERROR_MESSAGE_SEND_ABORTED, (SEC_ERROR_BASE + 89),
-"Message not sent.")
-
-ER3(SEC_ERROR_INADEQUATE_KEY_USAGE, (SEC_ERROR_BASE + 90),
-"Certificate key usage inadequate for attempted operation.")
-
-ER3(SEC_ERROR_INADEQUATE_CERT_TYPE, (SEC_ERROR_BASE + 91),
-"Certificate type not approved for application.")
-
-ER3(SEC_ERROR_CERT_ADDR_MISMATCH, (SEC_ERROR_BASE + 92),
-"Address in signing certificate does not match address in message headers.")
-
-ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY, (SEC_ERROR_BASE + 93),
-"Unable to import. Error attempting to import private key.")
-
-ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN, (SEC_ERROR_BASE + 94),
-"Unable to import. Error attempting to import certificate chain.")
-
-ER3(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, (SEC_ERROR_BASE + 95),
-"Unable to export. Unable to locate certificate or key by nickname.")
-
-ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY, (SEC_ERROR_BASE + 96),
-"Unable to export. Private Key could not be located and exported.")
-
-ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, (SEC_ERROR_BASE + 97),
-"Unable to export. Unable to write the export file.")
-
-ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ, (SEC_ERROR_BASE + 98),
-"Unable to import. Unable to read the import file.")
-
-ER3(SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, (SEC_ERROR_BASE + 99),
-"Unable to export. Key database corrupt or deleted.")
-
-ER3(SEC_ERROR_KEYGEN_FAIL, (SEC_ERROR_BASE + 100),
-"Unable to generate public/private key pair.")
-
-ER3(SEC_ERROR_INVALID_PASSWORD, (SEC_ERROR_BASE + 101),
-"Password entered is invalid. Please pick a different one.")
-
-ER3(SEC_ERROR_RETRY_OLD_PASSWORD, (SEC_ERROR_BASE + 102),
-"Old password entered incorrectly. Please try again.")
-
-ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103),
-"Certificate nickname already in use.")
-
-ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104),
-"Peer FORTEZZA chain has a non-FORTEZZA Certificate.")
-
-ER3(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY, (SEC_ERROR_BASE + 105),
-"A sensitive key cannot be moved to the slot where it is needed.")
-
-ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, (SEC_ERROR_BASE + 106),
-"Invalid module name.")
-
-ER3(SEC_ERROR_JS_INVALID_DLL, (SEC_ERROR_BASE + 107),
-"Invalid module path/filename")
-
-ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, (SEC_ERROR_BASE + 108),
-"Unable to add module")
-
-ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, (SEC_ERROR_BASE + 109),
-"Unable to delete module")
-
-ER3(SEC_ERROR_OLD_KRL, (SEC_ERROR_BASE + 110),
-"New KRL is not later than the current one.")
-
-ER3(SEC_ERROR_CKL_CONFLICT, (SEC_ERROR_BASE + 111),
-"New CKL has different issuer than current CKL. Delete current CKL.")
-
-ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, (SEC_ERROR_BASE + 112),
-"The Certifying Authority for this certificate is not permitted to issue a \
-certificate with this name.")
-
-ER3(SEC_ERROR_KRL_NOT_YET_VALID, (SEC_ERROR_BASE + 113),
-"The key revocation list for this certificate is not yet valid.")
-
-ER3(SEC_ERROR_CRL_NOT_YET_VALID, (SEC_ERROR_BASE + 114),
-"The certificate revocation list for this certificate is not yet valid.")
-
-ER3(SEC_ERROR_UNKNOWN_CERT, (SEC_ERROR_BASE + 115),
-"The requested certificate could not be found.")
-
-ER3(SEC_ERROR_UNKNOWN_SIGNER, (SEC_ERROR_BASE + 116),
-"The signer's certificate could not be found.")
-
-ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, (SEC_ERROR_BASE + 117),
-"The location for the certificate status server has invalid format.")
-
-ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE, (SEC_ERROR_BASE + 118),
-"The OCSP response cannot be fully decoded; it is of an unknown type.")
-
-ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 119),
-"The OCSP server returned unexpected/invalid HTTP data.")
-
-ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST, (SEC_ERROR_BASE + 120),
-"The OCSP server found the request to be corrupted or improperly formed.")
-
-ER3(SEC_ERROR_OCSP_SERVER_ERROR, (SEC_ERROR_BASE + 121),
-"The OCSP server experienced an internal error.")
-
-ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER, (SEC_ERROR_BASE + 122),
-"The OCSP server suggests trying again later.")
-
-ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, (SEC_ERROR_BASE + 123),
-"The OCSP server requires a signature on this request.")
-
-ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, (SEC_ERROR_BASE + 124),
-"The OCSP server has refused this request as unauthorized.")
-
-ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, (SEC_ERROR_BASE + 125),
-"The OCSP server returned an unrecognizable status.")
-
-ER3(SEC_ERROR_OCSP_UNKNOWN_CERT, (SEC_ERROR_BASE + 126),
-"The OCSP server has no status for the certificate.")
-
-ER3(SEC_ERROR_OCSP_NOT_ENABLED, (SEC_ERROR_BASE + 127),
-"You must enable OCSP before performing this operation.")
-
-ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER, (SEC_ERROR_BASE + 128),
-"You must set the OCSP default responder before performing this operation.")
-
-ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE, (SEC_ERROR_BASE + 129),
-"The response from the OCSP server was corrupted or improperly formed.")
-
-ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE, (SEC_ERROR_BASE + 130),
-"The signer of the OCSP response is not authorized to give status for \
-this certificate.")
-
-ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE, (SEC_ERROR_BASE + 131),
-"The OCSP response is not yet valid (contains a date in the future).")
-
-ER3(SEC_ERROR_OCSP_OLD_RESPONSE, (SEC_ERROR_BASE + 132),
-"The OCSP response contains out-of-date information.")
-
-ER3(SEC_ERROR_DIGEST_NOT_FOUND, (SEC_ERROR_BASE + 133),
-"The CMS or PKCS #7 Digest was not found in signed message.")
-
-ER3(SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE, (SEC_ERROR_BASE + 134),
-"The CMS or PKCS #7 Message type is unsupported.")
-
-ER3(SEC_ERROR_MODULE_STUCK, (SEC_ERROR_BASE + 135),
-"PKCS #11 module could not be removed because it is still in use.")
-
-ER3(SEC_ERROR_BAD_TEMPLATE, (SEC_ERROR_BASE + 136),
-"Could not decode ASN.1 data. Specified template was invalid.")
-
-ER3(SEC_ERROR_CRL_NOT_FOUND, (SEC_ERROR_BASE + 137),
-"No matching CRL was found.")
-
-ER3(SEC_ERROR_REUSED_ISSUER_AND_SERIAL, (SEC_ERROR_BASE + 138),
-"You are attempting to import a cert with the same issuer/serial as \
-an existing cert, but that is not the same cert.")
-
-ER3(SEC_ERROR_BUSY, (SEC_ERROR_BASE + 139),
-"NSS could not shutdown. Objects are still in use.")
-
-ER3(SEC_ERROR_EXTRA_INPUT, (SEC_ERROR_BASE + 140),
-"DER-encoded message contained extra unused data.")
-
-ER3(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE, (SEC_ERROR_BASE + 141),
-"Unsupported elliptic curve.")
-
-ER3(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM, (SEC_ERROR_BASE + 142),
-"Unsupported elliptic curve point form.")
-
-ER3(SEC_ERROR_UNRECOGNIZED_OID, (SEC_ERROR_BASE + 143),
-"Unrecognized Object Identifier.")
-
-ER3(SEC_ERROR_OCSP_INVALID_SIGNING_CERT, (SEC_ERROR_BASE + 144),
-"Invalid OCSP signing certificate in OCSP response.")
-
-ER3(SEC_ERROR_REVOKED_CERTIFICATE_CRL, (SEC_ERROR_BASE + 145),
-"Certificate is revoked in issuer's certificate revocation list.")
-
-ER3(SEC_ERROR_REVOKED_CERTIFICATE_OCSP, (SEC_ERROR_BASE + 146),
-"Issuer's OCSP responder reports certificate is revoked.")
-
-ER3(SEC_ERROR_CRL_INVALID_VERSION, (SEC_ERROR_BASE + 147),
-"Issuer's Certificate Revocation List has an unknown version number.")
-
-ER3(SEC_ERROR_CRL_V1_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 148),
-"Issuer's V1 Certificate Revocation List has a critical extension.")
-
-ER3(SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 149),
-"Issuer's V2 Certificate Revocation List has an unknown critical extension.")
-
-ER3(SEC_ERROR_UNKNOWN_OBJECT_TYPE, (SEC_ERROR_BASE + 150),
-"Unknown object type specified.")
-
-ER3(SEC_ERROR_INCOMPATIBLE_PKCS11, (SEC_ERROR_BASE + 151),
-"PKCS #11 driver violates the spec in an incompatible way.")
-
-ER3(SEC_ERROR_NO_EVENT, (SEC_ERROR_BASE + 152),
-"No new slot event is available at this time.")
-
-ER3(SEC_ERROR_CRL_ALREADY_EXISTS, (SEC_ERROR_BASE + 153),
-"CRL already exists.")
-
-ER3(SEC_ERROR_NOT_INITIALIZED, (SEC_ERROR_BASE + 154),
-"NSS is not initialized.")
-
-ER3(SEC_ERROR_TOKEN_NOT_LOGGED_IN, (SEC_ERROR_BASE + 155),
-"The operation failed because the PKCS#11 token is not logged in.")
-
-ER3(SEC_ERROR_OCSP_RESPONDER_CERT_INVALID, (SEC_ERROR_BASE + 156),
-"Configured OCSP responder's certificate is invalid.")
-
-ER3(SEC_ERROR_OCSP_BAD_SIGNATURE, (SEC_ERROR_BASE + 157),
-"OCSP response has an invalid signature.")
-
-ER3(SEC_ERROR_OUT_OF_SEARCH_LIMITS, (SEC_ERROR_BASE + 158),
-"Cert validation search is out of search limits")
-
-ER3(SEC_ERROR_INVALID_POLICY_MAPPING, (SEC_ERROR_BASE + 159),
-"Policy mapping contains anypolicy")
-
-ER3(SEC_ERROR_POLICY_VALIDATION_FAILED, (SEC_ERROR_BASE + 160),
-"Cert chain fails policy validation")
-
-ER3(SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE, (SEC_ERROR_BASE + 161),
-"Unknown location type in cert AIA extension")
-
-ER3(SEC_ERROR_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 162),
-"Server returned bad HTTP response")
-
-ER3(SEC_ERROR_BAD_LDAP_RESPONSE, (SEC_ERROR_BASE + 163),
-"Server returned bad LDAP response")
-
-ER3(SEC_ERROR_FAILED_TO_ENCODE_DATA, (SEC_ERROR_BASE + 164),
-"Failed to encode data with ASN1 encoder")
-
-ER3(SEC_ERROR_BAD_INFO_ACCESS_LOCATION, (SEC_ERROR_BASE + 165),
-"Bad information access location in cert extension")
-
-ER3(SEC_ERROR_LIBPKIX_INTERNAL, (SEC_ERROR_BASE + 166),
-"Libpkix internal error occured during cert validation.")
-
-ER3(SEC_ERROR_PKCS11_GENERAL_ERROR, (SEC_ERROR_BASE + 167),
-"A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an unrecoverable error has occurred.")
-
-ER3(SEC_ERROR_PKCS11_FUNCTION_FAILED, (SEC_ERROR_BASE + 168),
-"A PKCS #11 module returned CKR_FUNCTION_FAILED, indicating that the requested function could not be performed. Trying the same operation again might succeed.")
-
-ER3(SEC_ERROR_PKCS11_DEVICE_ERROR, (SEC_ERROR_BASE + 169),
-"A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot.")
diff --git a/security/nss/cmd/lib/SSLerrs.h b/security/nss/cmd/lib/SSLerrs.h
deleted file mode 100644
index 023524929..000000000
--- a/security/nss/cmd/lib/SSLerrs.h
+++ /dev/null
@@ -1,392 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/* SSL-specific security error codes */
-/* caller must include "sslerr.h" */
-
-ER3(SSL_ERROR_EXPORT_ONLY_SERVER, SSL_ERROR_BASE + 0,
-"Unable to communicate securely. Peer does not support high-grade encryption.")
-
-ER3(SSL_ERROR_US_ONLY_SERVER, SSL_ERROR_BASE + 1,
-"Unable to communicate securely. Peer requires high-grade encryption which is not supported.")
-
-ER3(SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BASE + 2,
-"Cannot communicate securely with peer: no common encryption algorithm(s).")
-
-ER3(SSL_ERROR_NO_CERTIFICATE, SSL_ERROR_BASE + 3,
-"Unable to find the certificate or key necessary for authentication.")
-
-ER3(SSL_ERROR_BAD_CERTIFICATE, SSL_ERROR_BASE + 4,
-"Unable to communicate securely with peer: peers's certificate was rejected.")
-
-/* unused (SSL_ERROR_BASE + 5),*/
-
-ER3(SSL_ERROR_BAD_CLIENT, SSL_ERROR_BASE + 6,
-"The server has encountered bad data from the client.")
-
-ER3(SSL_ERROR_BAD_SERVER, SSL_ERROR_BASE + 7,
-"The client has encountered bad data from the server.")
-
-ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, SSL_ERROR_BASE + 8,
-"Unsupported certificate type.")
-
-ER3(SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_BASE + 9,
-"Peer using unsupported version of security protocol.")
-
-/* unused (SSL_ERROR_BASE + 10),*/
-
-ER3(SSL_ERROR_WRONG_CERTIFICATE, SSL_ERROR_BASE + 11,
-"Client authentication failed: private key in key database does not match public key in certificate database.")
-
-ER3(SSL_ERROR_BAD_CERT_DOMAIN, SSL_ERROR_BASE + 12,
-"Unable to communicate securely with peer: requested domain name does not match the server's certificate.")
-
-/* SSL_ERROR_POST_WARNING (SSL_ERROR_BASE + 13),
- defined in sslerr.h
-*/
-
-ER3(SSL_ERROR_SSL2_DISABLED, (SSL_ERROR_BASE + 14),
-"Peer only supports SSL version 2, which is locally disabled.")
-
-
-ER3(SSL_ERROR_BAD_MAC_READ, (SSL_ERROR_BASE + 15),
-"SSL received a record with an incorrect Message Authentication Code.")
-
-ER3(SSL_ERROR_BAD_MAC_ALERT, (SSL_ERROR_BASE + 16),
-"SSL peer reports incorrect Message Authentication Code.")
-
-ER3(SSL_ERROR_BAD_CERT_ALERT, (SSL_ERROR_BASE + 17),
-"SSL peer cannot verify your certificate.")
-
-ER3(SSL_ERROR_REVOKED_CERT_ALERT, (SSL_ERROR_BASE + 18),
-"SSL peer rejected your certificate as revoked.")
-
-ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19),
-"SSL peer rejected your certificate as expired.")
-
-ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20),
-"Cannot connect: SSL is disabled.")
-
-ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21),
-"Cannot connect: SSL peer is in another FORTEZZA domain.")
-
-
-ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE , (SSL_ERROR_BASE + 22),
-"An unknown SSL cipher suite has been requested.")
-
-ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED , (SSL_ERROR_BASE + 23),
-"No cipher suites are present and enabled in this program.")
-
-ER3(SSL_ERROR_BAD_BLOCK_PADDING , (SSL_ERROR_BASE + 24),
-"SSL received a record with bad block padding.")
-
-ER3(SSL_ERROR_RX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 25),
-"SSL received a record that exceeded the maximum permissible length.")
-
-ER3(SSL_ERROR_TX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 26),
-"SSL attempted to send a record that exceeded the maximum permissible length.")
-
-/*
- * Received a malformed (too long or short or invalid content) SSL handshake.
- */
-ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST , (SSL_ERROR_BASE + 27),
-"SSL received a malformed Hello Request handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO , (SSL_ERROR_BASE + 28),
-"SSL received a malformed Client Hello handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO , (SSL_ERROR_BASE + 29),
-"SSL received a malformed Server Hello handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE , (SSL_ERROR_BASE + 30),
-"SSL received a malformed Certificate handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 31),
-"SSL received a malformed Server Key Exchange handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST , (SSL_ERROR_BASE + 32),
-"SSL received a malformed Certificate Request handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE , (SSL_ERROR_BASE + 33),
-"SSL received a malformed Server Hello Done handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY , (SSL_ERROR_BASE + 34),
-"SSL received a malformed Certificate Verify handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 35),
-"SSL received a malformed Client Key Exchange handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_FINISHED , (SSL_ERROR_BASE + 36),
-"SSL received a malformed Finished handshake message.")
-
-/*
- * Received a malformed (too long or short) SSL record.
- */
-ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER , (SSL_ERROR_BASE + 37),
-"SSL received a malformed Change Cipher Spec record.")
-
-ER3(SSL_ERROR_RX_MALFORMED_ALERT , (SSL_ERROR_BASE + 38),
-"SSL received a malformed Alert record.")
-
-ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE , (SSL_ERROR_BASE + 39),
-"SSL received a malformed Handshake record.")
-
-ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40),
-"SSL received a malformed Application Data record.")
-
-/*
- * Received an SSL handshake that was inappropriate for the state we're in.
- * E.g. Server received message from server, or wrong state in state machine.
- */
-ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST , (SSL_ERROR_BASE + 41),
-"SSL received an unexpected Hello Request handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO , (SSL_ERROR_BASE + 42),
-"SSL received an unexpected Client Hello handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO , (SSL_ERROR_BASE + 43),
-"SSL received an unexpected Server Hello handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE , (SSL_ERROR_BASE + 44),
-"SSL received an unexpected Certificate handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45),
-"SSL received an unexpected Server Key Exchange handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST , (SSL_ERROR_BASE + 46),
-"SSL received an unexpected Certificate Request handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE , (SSL_ERROR_BASE + 47),
-"SSL received an unexpected Server Hello Done handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY , (SSL_ERROR_BASE + 48),
-"SSL received an unexpected Certificate Verify handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49),
-"SSL received an unexpected Client Key Exchange handshake message.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED , (SSL_ERROR_BASE + 50),
-"SSL received an unexpected Finished handshake message.")
-
-/*
- * Received an SSL record that was inappropriate for the state we're in.
- */
-ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER , (SSL_ERROR_BASE + 51),
-"SSL received an unexpected Change Cipher Spec record.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 52),
-"SSL received an unexpected Alert record.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE , (SSL_ERROR_BASE + 53),
-"SSL received an unexpected Handshake record.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54),
-"SSL received an unexpected Application Data record.")
-
-/*
- * Received record/message with unknown discriminant.
- */
-ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE , (SSL_ERROR_BASE + 55),
-"SSL received a record with an unknown content type.")
-
-ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE , (SSL_ERROR_BASE + 56),
-"SSL received a handshake message with an unknown message type.")
-
-ER3(SSL_ERROR_RX_UNKNOWN_ALERT , (SSL_ERROR_BASE + 57),
-"SSL received an alert record with an unknown alert description.")
-
-/*
- * Received an alert reporting what we did wrong. (more alerts above)
- */
-ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT , (SSL_ERROR_BASE + 58),
-"SSL peer has closed this connection.")
-
-ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 59),
-"SSL peer was not expecting a handshake message it received.")
-
-ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT , (SSL_ERROR_BASE + 60),
-"SSL peer was unable to successfully decompress an SSL record it received.")
-
-ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT , (SSL_ERROR_BASE + 61),
-"SSL peer was unable to negotiate an acceptable set of security parameters.")
-
-ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT , (SSL_ERROR_BASE + 62),
-"SSL peer rejected a handshake message for unacceptable content.")
-
-ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT , (SSL_ERROR_BASE + 63),
-"SSL peer does not support certificates of the type it received.")
-
-ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT , (SSL_ERROR_BASE + 64),
-"SSL peer had some unspecified issue with the certificate it received.")
-
-
-ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE , (SSL_ERROR_BASE + 65),
-"SSL experienced a failure of its random number generator.")
-
-ER3(SSL_ERROR_SIGN_HASHES_FAILURE , (SSL_ERROR_BASE + 66),
-"Unable to digitally sign data required to verify your certificate.")
-
-ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE , (SSL_ERROR_BASE + 67),
-"SSL was unable to extract the public key from the peer's certificate.")
-
-ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 68),
-"Unspecified failure while processing SSL Server Key Exchange handshake.")
-
-ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 69),
-"Unspecified failure while processing SSL Client Key Exchange handshake.")
-
-ER3(SSL_ERROR_ENCRYPTION_FAILURE , (SSL_ERROR_BASE + 70),
-"Bulk data encryption algorithm failed in selected cipher suite.")
-
-ER3(SSL_ERROR_DECRYPTION_FAILURE , (SSL_ERROR_BASE + 71),
-"Bulk data decryption algorithm failed in selected cipher suite.")
-
-ER3(SSL_ERROR_SOCKET_WRITE_FAILURE , (SSL_ERROR_BASE + 72),
-"Attempt to write encrypted data to underlying socket failed.")
-
-ER3(SSL_ERROR_MD5_DIGEST_FAILURE , (SSL_ERROR_BASE + 73),
-"MD5 digest function failed.")
-
-ER3(SSL_ERROR_SHA_DIGEST_FAILURE , (SSL_ERROR_BASE + 74),
-"SHA-1 digest function failed.")
-
-ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE , (SSL_ERROR_BASE + 75),
-"MAC computation failed.")
-
-ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE , (SSL_ERROR_BASE + 76),
-"Failure to create Symmetric Key context.")
-
-ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE , (SSL_ERROR_BASE + 77),
-"Failure to unwrap the Symmetric key in Client Key Exchange message.")
-
-ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED , (SSL_ERROR_BASE + 78),
-"SSL Server attempted to use domestic-grade public key with export cipher suite.")
-
-ER3(SSL_ERROR_IV_PARAM_FAILURE , (SSL_ERROR_BASE + 79),
-"PKCS11 code failed to translate an IV into a param.")
-
-ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE , (SSL_ERROR_BASE + 80),
-"Failed to initialize the selected cipher suite.")
-
-ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE , (SSL_ERROR_BASE + 81),
-"Client failed to generate session keys for SSL session.")
-
-ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG , (SSL_ERROR_BASE + 82),
-"Server has no key for the attempted key exchange algorithm.")
-
-ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL , (SSL_ERROR_BASE + 83),
-"PKCS#11 token was inserted or removed while operation was in progress.")
-
-ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND , (SSL_ERROR_BASE + 84),
-"No PKCS#11 token could be found to do a required operation.")
-
-ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP , (SSL_ERROR_BASE + 85),
-"Cannot communicate securely with peer: no common compression algorithm(s).")
-
-ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED , (SSL_ERROR_BASE + 86),
-"Cannot initiate another SSL handshake until current handshake is complete.")
-
-ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE , (SSL_ERROR_BASE + 87),
-"Received incorrect handshakes hash values from peer.")
-
-ER3(SSL_ERROR_CERT_KEA_MISMATCH , (SSL_ERROR_BASE + 88),
-"The certificate provided cannot be used with the selected key exchange algorithm.")
-
-ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA , (SSL_ERROR_BASE + 89),
-"No certificate authority is trusted for SSL client authentication.")
-
-ER3(SSL_ERROR_SESSION_NOT_FOUND , (SSL_ERROR_BASE + 90),
-"Client's SSL session ID not found in server's session cache.")
-
-ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT , (SSL_ERROR_BASE + 91),
-"Peer was unable to decrypt an SSL record it received.")
-
-ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT , (SSL_ERROR_BASE + 92),
-"Peer received an SSL record that was longer than is permitted.")
-
-ER3(SSL_ERROR_UNKNOWN_CA_ALERT , (SSL_ERROR_BASE + 93),
-"Peer does not recognize and trust the CA that issued your certificate.")
-
-ER3(SSL_ERROR_ACCESS_DENIED_ALERT , (SSL_ERROR_BASE + 94),
-"Peer received a valid certificate, but access was denied.")
-
-ER3(SSL_ERROR_DECODE_ERROR_ALERT , (SSL_ERROR_BASE + 95),
-"Peer could not decode an SSL handshake message.")
-
-ER3(SSL_ERROR_DECRYPT_ERROR_ALERT , (SSL_ERROR_BASE + 96),
-"Peer reports failure of signature verification or key exchange.")
-
-ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT , (SSL_ERROR_BASE + 97),
-"Peer reports negotiation not in compliance with export regulations.")
-
-ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT , (SSL_ERROR_BASE + 98),
-"Peer reports incompatible or unsupported protocol version.")
-
-ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT , (SSL_ERROR_BASE + 99),
-"Server requires ciphers more secure than those supported by client.")
-
-ER3(SSL_ERROR_INTERNAL_ERROR_ALERT , (SSL_ERROR_BASE + 100),
-"Peer reports it experienced an internal error.")
-
-ER3(SSL_ERROR_USER_CANCELED_ALERT , (SSL_ERROR_BASE + 101),
-"Peer user canceled handshake.")
-
-ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT , (SSL_ERROR_BASE + 102),
-"Peer does not permit renegotiation of SSL security parameters.")
-
-ER3(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED , (SSL_ERROR_BASE + 103),
-"SSL server cache not configured and not disabled for this socket.")
-
-ER3(SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT , (SSL_ERROR_BASE + 104),
-"SSL peer does not support requested TLS hello extension.")
-
-ER3(SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT , (SSL_ERROR_BASE + 105),
-"SSL peer could not obtain your certificate from the supplied URL.")
-
-ER3(SSL_ERROR_UNRECOGNIZED_NAME_ALERT , (SSL_ERROR_BASE + 106),
-"SSL peer has no certificate for the requested DNS name.")
-
-ER3(SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT , (SSL_ERROR_BASE + 107),
-"SSL peer was unable to get an OCSP response for its certificate.")
-
-ER3(SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT , (SSL_ERROR_BASE + 108),
-"SSL peer reported bad certificate hash value.")
-
-ER3(SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET, (SSL_ERROR_BASE + 109),
-"SSL received an unexpected New Session Ticket handshake message.")
-
-ER3(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET, (SSL_ERROR_BASE + 110),
-"SSL received a malformed New Session Ticket handshake message.")
diff --git a/security/nss/cmd/lib/berparse.c b/security/nss/cmd/lib/berparse.c
deleted file mode 100644
index 930d0b7c1..000000000
--- a/security/nss/cmd/lib/berparse.c
+++ /dev/null
@@ -1,407 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#include "secutil.h"
-
-typedef enum {
- tagDone, lengthDone, leafDone, compositeDone,
- notDone,
- parseError, parseComplete
-} ParseState;
-
-typedef unsigned char Byte;
-typedef void (*ParseProc)(BERParse *h, unsigned char **buf, int *len);
-typedef struct {
- SECArb arb;
- int pos; /* length from global start to item start */
- SECArb *parent;
-} ParseStackElem;
-
-struct BERParseStr {
- PRArenaPool *his;
- PRArenaPool *mine;
- ParseProc proc;
- int stackDepth;
- ParseStackElem *stackPtr;
- ParseStackElem *stack;
- int pending; /* bytes remaining to complete this part */
- int pos; /* running length of consumed characters */
- ParseState state;
- PRBool keepLeaves;
- PRBool derOnly;
- BERFilterProc filter;
- void *filterArg;
- BERNotifyProc before;
- void *beforeArg;
- BERNotifyProc after;
- void *afterArg;
-};
-
-#define UNKNOWN -1
-
-static unsigned char NextChar(BERParse *h, unsigned char **buf, int *len)
-{
- unsigned char c = *(*buf)++;
- (*len)--;
- h->pos++;
- if (h->filter)
- (*h->filter)(h->filterArg, &c, 1);
- return c;
-}
-
-static void ParseTag(BERParse *h, unsigned char **buf, int *len)
-{
- SECArb* arb = &(h->stackPtr->arb);
- arb->tag = NextChar(h, buf, len);
-
- PORT_Assert(h->state == notDone);
-
- /*
- * NOTE: This does not handle the high-tag-number form
- */
- if ((arb->tag & DER_HIGH_TAG_NUMBER) == DER_HIGH_TAG_NUMBER) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- h->state = parseError;
- return;
- }
-
- h->pending = UNKNOWN;
- arb->length = UNKNOWN;
- if (arb->tag & DER_CONSTRUCTED) {
- arb->body.cons.numSubs = 0;
- arb->body.cons.subs = NULL;
- } else {
- arb->body.item.len = UNKNOWN;
- arb->body.item.data = NULL;
- }
-
- h->state = tagDone;
-}
-
-static void ParseLength(BERParse *h, unsigned char **buf, int *len)
-{
- Byte b;
- SECArb *arb = &(h->stackPtr->arb);
-
- PORT_Assert(h->state == notDone);
-
- if (h->pending == UNKNOWN) {
- b = NextChar(h, buf, len);
- if ((b & 0x80) == 0) { /* short form */
- arb->length = b;
- /*
- * if the tag and the length are both zero bytes, then this
- * should be the marker showing end of list for the
- * indefinite length composite
- */
- if (arb->length == 0 && arb->tag == 0)
- h->state = compositeDone;
- else
- h->state = lengthDone;
- return;
- }
-
- h->pending = b & 0x7f;
- /* 0 implies this is an indefinite length */
- if (h->pending > 4) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- h->state = parseError;
- return;
- }
- arb->length = 0;
- }
-
- while ((*len > 0) && (h->pending > 0)) {
- b = NextChar(h, buf, len);
- arb->length = (arb->length << 8) + b;
- h->pending--;
- }
- if (h->pending == 0) {
- if (h->derOnly && (arb->length == 0))
- h->state = parseError;
- else
- h->state = lengthDone;
- }
- return;
-}
-
-static void ParseLeaf(BERParse *h, unsigned char **buf, int *len)
-{
- int count;
- SECArb *arb = &(h->stackPtr->arb);
-
- PORT_Assert(h->state == notDone);
- PORT_Assert(h->pending >= 0);
-
- if (*len < h->pending)
- count = *len;
- else
- count = h->pending;
-
- if (h->keepLeaves)
- memcpy(arb->body.item.data + arb->body.item.len, *buf, count);
- if (h->filter)
- (*h->filter)(h->filterArg, *buf, count);
- *buf += count;
- *len -= count;
- arb->body.item.len += count;
- h->pending -= count;
- h->pos += count;
- if (h->pending == 0) {
- h->state = leafDone;
- }
- return;
-}
-
-static void CreateArbNode(BERParse *h)
-{
- SECArb *arb = PORT_ArenaAlloc(h->his, sizeof(SECArb));
-
- *arb = h->stackPtr->arb;
-
- /*
- * Special case closing the root
- */
- if (h->stackPtr == h->stack) {
- PORT_Assert(arb->tag & DER_CONSTRUCTED);
- h->state = parseComplete;
- } else {
- SECArb *parent = h->stackPtr->parent;
- parent->body.cons.subs = DS_ArenaGrow(
- h->his, parent->body.cons.subs,
- (parent->body.cons.numSubs) * sizeof(SECArb*),
- (parent->body.cons.numSubs + 1) * sizeof(SECArb*));
- parent->body.cons.subs[parent->body.cons.numSubs] = arb;
- parent->body.cons.numSubs++;
- h->proc = ParseTag;
- h->state = notDone;
- h->pending = UNKNOWN;
- }
- if (h->after)
- (*h->after)(h->afterArg, arb, h->stackPtr - h->stack, PR_FALSE);
-}
-
-SECStatus BER_ParseSome(BERParse *h, unsigned char *buf, int len)
-{
- if (h->state == parseError) return PR_TRUE;
-
- while (len) {
- (*h->proc)(h, &buf, &len);
- if (h->state == parseComplete) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- h->state = parseError;
- return PR_TRUE;
- }
- if (h->state == parseError) return PR_TRUE;
- PORT_Assert(h->state != parseComplete);
-
- if (h->state <= compositeDone) {
- if (h->proc == ParseTag) {
- PORT_Assert(h->state == tagDone);
- h->proc = ParseLength;
- h->state = notDone;
- } else if (h->proc == ParseLength) {
- SECArb *arb = &(h->stackPtr->arb);
- PORT_Assert(h->state == lengthDone || h->state == compositeDone);
-
- if (h->before)
- (*h->before)(h->beforeArg, arb,
- h->stackPtr - h->stack, PR_TRUE);
-
- /*
- * Check to see if this is the end of an indefinite
- * length composite
- */
- if (h->state == compositeDone) {
- SECArb *parent = h->stackPtr->parent;
- PORT_Assert(parent);
- PORT_Assert(parent->tag & DER_CONSTRUCTED);
- if (parent->length != 0) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- h->state = parseError;
- return PR_TRUE;
- }
- /*
- * NOTE: This does not check for an indefinite length
- * composite being contained inside a definite length
- * composite. It is not clear that is legal.
- */
- h->stackPtr--;
- CreateArbNode(h);
- } else {
- h->stackPtr->pos = h->pos;
-
-
- if (arb->tag & DER_CONSTRUCTED) {
- SECArb *parent;
- /*
- * Make sure there is room on the stack before we
- * stick anything else there.
- */
- PORT_Assert(h->stackPtr - h->stack < h->stackDepth);
- if (h->stackPtr - h->stack == h->stackDepth - 1) {
- int newDepth = h->stackDepth * 2;
- h->stack = DS_ArenaGrow(h->mine, h->stack,
- sizeof(ParseStackElem) * h->stackDepth,
- sizeof(ParseStackElem) * newDepth);
- h->stackPtr = h->stack + h->stackDepth + 1;
- h->stackDepth = newDepth;
- }
- parent = &(h->stackPtr->arb);
- h->stackPtr++;
- h->stackPtr->parent = parent;
- h->proc = ParseTag;
- h->state = notDone;
- h->pending = UNKNOWN;
- } else {
- if (arb->length < 0) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- h->state = parseError;
- return PR_TRUE;
- }
- arb->body.item.len = 0;
- if (arb->length > 0 && h->keepLeaves) {
- arb->body.item.data =
- PORT_ArenaAlloc(h->his, arb->length);
- } else {
- arb->body.item.data = NULL;
- }
- h->proc = ParseLeaf;
- h->state = notDone;
- h->pending = arb->length;
- }
- }
- } else {
- ParseStackElem *parent;
- PORT_Assert(h->state = leafDone);
- PORT_Assert(h->proc == ParseLeaf);
-
- for (;;) {
- CreateArbNode(h);
- if (h->stackPtr == h->stack)
- break;
- parent = (h->stackPtr - 1);
- PORT_Assert(parent->arb.tag & DER_CONSTRUCTED);
- if (parent->arb.length == 0) /* need explicit end */
- break;
- if (parent->pos + parent->arb.length > h->pos)
- break;
- if (parent->pos + parent->arb.length < h->pos) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- h->state = parseError;
- return PR_TRUE;
- }
- h->stackPtr = parent;
- }
- }
-
- }
- }
- return PR_FALSE;
-}
-BERParse *BER_ParseInit(PRArenaPool *arena, PRBool derOnly)
-{
- BERParse *h;
- PRArenaPool *temp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (temp == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
- h = PORT_ArenaAlloc(temp, sizeof(BERParse));
- if (h == NULL) {
- PORT_FreeArena(temp, PR_FALSE);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
- }
- h->his = arena;
- h->mine = temp;
- h->proc = ParseTag;
- h->stackDepth = 20;
- h->stack = PORT_ArenaZAlloc(h->mine,
- sizeof(ParseStackElem) * h->stackDepth);
- h->stackPtr = h->stack;
- h->state = notDone;
- h->pos = 0;
- h->keepLeaves = PR_TRUE;
- h->before = NULL;
- h->after = NULL;
- h->filter = NULL;
- h->derOnly = derOnly;
- return h;
-}
-
-SECArb *BER_ParseFini(BERParse *h)
-{
- PRArenaPool *myArena = h->mine;
- SECArb *arb;
-
- if (h->state != parseComplete) {
- arb = NULL;
- } else {
- arb = PORT_ArenaAlloc(h->his, sizeof(SECArb));
- *arb = h->stackPtr->arb;
- }
-
- PORT_FreeArena(myArena, PR_FALSE);
-
- return arb;
-}
-
-
-void BER_SetFilter(BERParse *h, BERFilterProc proc, void *instance)
-{
- h->filter = proc;
- h->filterArg = instance;
-}
-
-void BER_SetLeafStorage(BERParse *h, PRBool keep)
-{
- h->keepLeaves = keep;
-}
-
-void BER_SetNotifyProc(BERParse *h, BERNotifyProc proc, void *instance,
- PRBool beforeData)
-{
- if (beforeData) {
- h->before = proc;
- h->beforeArg = instance;
- } else {
- h->after = proc;
- h->afterArg = instance;
- }
-}
-
-
-
diff --git a/security/nss/cmd/lib/config.mk b/security/nss/cmd/lib/config.mk
deleted file mode 100644
index 665828c63..000000000
--- a/security/nss/cmd/lib/config.mk
+++ /dev/null
@@ -1,47 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-
-#
-# Override TARGETS variable so that only static libraries
-# are specifed as dependencies within rules.mk.
-#
-
-TARGETS = $(LIBRARY)
-SHARED_LIBRARY =
-IMPORT_LIBRARY =
-PROGRAM =
-
diff --git a/security/nss/cmd/lib/derprint.c b/security/nss/cmd/lib/derprint.c
deleted file mode 100644
index 50c6d02e6..000000000
--- a/security/nss/cmd/lib/derprint.c
+++ /dev/null
@@ -1,622 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#include "secutil.h"
-#include "secoid.h"
-
-#ifdef __sun
-extern int fprintf(FILE *strm, const char *format, .../* args */);
-extern int fflush(FILE *stream);
-#endif
-
-#define RIGHT_MARGIN 24
-/*#define RAW_BYTES 1 */
-
-static int prettyColumn = 0;
-
-static int
-getInteger256(unsigned char *data, unsigned int nb)
-{
- int val;
-
- switch (nb) {
- case 1:
- val = data[0];
- break;
- case 2:
- val = (data[0] << 8) | data[1];
- break;
- case 3:
- val = (data[0] << 16) | (data[1] << 8) | data[2];
- break;
- case 4:
- val = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3];
- break;
- default:
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
-
- return val;
-}
-
-static int
-prettyNewline(FILE *out)
-{
- int rv;
-
- if (prettyColumn != -1) {
- rv = fprintf(out, "\n");
- prettyColumn = -1;
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
- }
- return 0;
-}
-
-static int
-prettyIndent(FILE *out, unsigned level)
-{
- unsigned int i;
- int rv;
-
- if (prettyColumn == -1) {
- prettyColumn = level;
- for (i = 0; i < level; i++) {
- rv = fprintf(out, " ");
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
- }
- }
-
- return 0;
-}
-
-static int
-prettyPrintByte(FILE *out, unsigned char item, unsigned int level)
-{
- int rv;
-
- rv = prettyIndent(out, level);
- if (rv < 0)
- return rv;
-
- rv = fprintf(out, "%02x ", item);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
-
- prettyColumn++;
- if (prettyColumn >= RIGHT_MARGIN) {
- return prettyNewline(out);
- }
-
- return 0;
-}
-
-static int
-prettyPrintLeaf(FILE *out, unsigned char *data,
- unsigned int len, unsigned int lv)
-{
- unsigned int i;
- int rv;
-
- for (i = 0; i < len; i++) {
- rv = prettyPrintByte(out, *data++, lv);
- if (rv < 0)
- return rv;
- }
- return prettyNewline(out);
-}
-
-static int
-prettyPrintStringStart(FILE *out, unsigned char *str,
- unsigned int len, unsigned int level)
-{
-#define BUF_SIZE 100
- unsigned char buf[BUF_SIZE];
- int rv;
-
- if (len >= BUF_SIZE)
- len = BUF_SIZE - 1;
-
- rv = prettyNewline(out);
- if (rv < 0)
- return rv;
-
- rv = prettyIndent(out, level);
- if (rv < 0)
- return rv;
-
- memcpy(buf, str, len);
- buf[len] = '\000';
-
- rv = fprintf(out, "\"%s\"", buf);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
-
- return 0;
-#undef BUF_SIZE
-}
-
-static int
-prettyPrintString(FILE *out, unsigned char *str,
- unsigned int len, unsigned int level, PRBool raw)
-{
- int rv;
-
- rv = prettyPrintStringStart(out, str, len, level);
- if (rv < 0)
- return rv;
-
- rv = prettyNewline(out);
- if (rv < 0)
- return rv;
-
- if (raw) {
- rv = prettyPrintLeaf(out, str, len, level);
- if (rv < 0)
- return rv;
- }
-
- return 0;
-}
-
-static int
-prettyPrintTime(FILE *out, unsigned char *str,
- unsigned int len, unsigned int level, PRBool raw, PRBool utc)
-{
- SECItem time_item;
- int rv;
-
- rv = prettyPrintStringStart(out, str, len, level);
- if (rv < 0)
- return rv;
-
- time_item.data = str;
- time_item.len = len;
-
- rv = fprintf(out, " (");
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
-
- if (utc)
- SECU_PrintUTCTime(out, &time_item, NULL, 0);
- else
- SECU_PrintGeneralizedTime(out, &time_item, NULL, 0);
-
- rv = fprintf(out, ")");
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
-
- rv = prettyNewline(out);
- if (rv < 0)
- return rv;
-
- if (raw) {
- rv = prettyPrintLeaf(out, str, len, level);
- if (rv < 0)
- return rv;
- }
-
- return 0;
-}
-
-static int
-prettyPrintObjectID(FILE *out, unsigned char *data,
- unsigned int len, unsigned int level, PRBool raw)
-{
- SECOidData *oiddata;
- SECItem oiditem;
- unsigned int i;
- unsigned long val;
- int rv;
-
-
- /*
- * First print the Object Id in numeric format
- */
-
- rv = prettyIndent(out, level);
- if (rv < 0)
- return rv;
-
- val = data[0];
- i = val % 40;
- val = val / 40;
- rv = fprintf(out, "%lu %u ", val, i);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
-
- val = 0;
- for (i = 1; i < len; ++i) {
- unsigned long j;
-
- j = data[i];
- val = (val << 7) | (j & 0x7f);
- if (j & 0x80)
- continue;
- rv = fprintf(out, "%lu ", val);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
- val = 0;
- }
-
- /*
- * Now try to look it up and print a symbolic version.
- */
- oiditem.data = data;
- oiditem.len = len;
- oiddata = SECOID_FindOID(&oiditem);
- if (oiddata != NULL) {
- i = PORT_Strlen(oiddata->desc);
- if ((prettyColumn + 1 + (i / 3)) > RIGHT_MARGIN) {
- rv = prettyNewline(out);
- if (rv < 0)
- return rv;
- }
-
- rv = prettyIndent(out, level);
- if (rv < 0)
- return rv;
-
- rv = fprintf(out, "(%s)", oiddata->desc);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
- }
-
- /*
- * Finally, on a new line, print the raw bytes (if requested).
- */
- if (raw) {
- rv = prettyNewline(out);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
-
- for (i = 0; i < len; i++) {
- rv = prettyPrintByte(out, *data++, level);
- if (rv < 0)
- return rv;
- }
- }
-
- return prettyNewline(out);
-}
-
-static char *prettyTagType [32] = {
- "End of Contents",
- "Boolean",
- "Integer",
- "Bit String",
- "Octet String",
- "NULL",
- "Object Identifier",
- "0x07",
- "0x08",
- "0x09",
- "Enumerated",
- "0x0B",
- "UTF8 String",
- "0x0D",
- "0x0E",
- "0x0F",
- "Sequence",
- "Set",
- "0x12",
- "Printable String",
- "T61 String",
- "0x15",
- "IA5 String",
- "UTC Time",
- "Generalized Time",
- "0x19",
- "Visible String",
- "0x1B",
- "Universal String",
- "0x1D",
- "BMP String",
- "High-Tag-Number"
-};
-
-static int
-prettyPrintTag(FILE *out, unsigned char *src, unsigned char *end,
- unsigned char *codep, unsigned int level, PRBool raw)
-{
- int rv;
- unsigned char code, tagnum;
-
- if (src >= end) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
-
- code = *src;
- tagnum = code & SEC_ASN1_TAGNUM_MASK;
-
- /*
- * NOTE: This code does not (yet) handle the high-tag-number form!
- */
- if (tagnum == SEC_ASN1_HIGH_TAG_NUMBER) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
-
- if (raw)
- rv = prettyPrintByte(out, code, level);
- else
- rv = prettyIndent(out, level);
-
- if (rv < 0)
- return rv;
-
- if (code & SEC_ASN1_CONSTRUCTED) {
- rv = fprintf(out, "C-");
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
- }
-
- switch (code & SEC_ASN1_CLASS_MASK) {
- case SEC_ASN1_UNIVERSAL:
- rv = fprintf(out, "%s ", prettyTagType[tagnum]);
- break;
- case SEC_ASN1_APPLICATION:
- rv = fprintf(out, "Application: %d ", tagnum);
- break;
- case SEC_ASN1_CONTEXT_SPECIFIC:
- rv = fprintf(out, "[%d] ", tagnum);
- break;
- case SEC_ASN1_PRIVATE:
- rv = fprintf(out, "Private: %d ", tagnum);
- break;
- }
-
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
-
- *codep = code;
-
- return 1;
-}
-
-static int
-prettyPrintLength(FILE *out, unsigned char *data, unsigned char *end,
- int *lenp, PRBool *indefinitep, unsigned int lv, PRBool raw)
-{
- unsigned char lbyte;
- int lenLen;
- int rv;
-
- if (data >= end) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
-
- rv = fprintf(out, " ");
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
-
- *indefinitep = PR_FALSE;
-
- lbyte = *data++;
- if (lbyte >= 0x80) {
- /* Multibyte length */
- unsigned nb = (unsigned) (lbyte & 0x7f);
- if (nb > 4) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
- if (nb > 0) {
- int il;
-
- if ((data + nb) > end) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
- il = getInteger256(data, nb);
- if (il < 0) return -1;
- *lenp = (unsigned) il;
- } else {
- *lenp = 0;
- *indefinitep = PR_TRUE;
- }
- lenLen = nb + 1;
- if (raw) {
- int i;
-
- rv = prettyPrintByte(out, lbyte, lv);
- if (rv < 0)
- return rv;
- for (i = 0; i < nb; i++) {
- rv = prettyPrintByte(out, data[i], lv);
- if (rv < 0)
- return rv;
- }
- }
- } else {
- *lenp = lbyte;
- lenLen = 1;
- if (raw) {
- rv = prettyPrintByte(out, lbyte, lv);
- if (rv < 0)
- return rv;
- }
- }
- if (*indefinitep)
- rv = fprintf(out, "(indefinite)\n");
- else
- rv = fprintf(out, "(%d)\n", *lenp);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
- return rv;
- }
-
- prettyColumn = -1;
- return lenLen;
-}
-
-static int
-prettyPrintItem(FILE *out, unsigned char *data, unsigned char *end,
- unsigned int lv, PRBool raw)
-{
- int slen;
- int lenLen;
- unsigned char *orig = data;
- int rv;
-
- while (data < end) {
- unsigned char code;
- PRBool indefinite;
-
- slen = prettyPrintTag(out, data, end, &code, lv, raw);
- if (slen < 0)
- return slen;
- data += slen;
-
- lenLen = prettyPrintLength(out, data, end, &slen, &indefinite, lv, raw);
- if (lenLen < 0)
- return lenLen;
- data += lenLen;
-
- /*
- * Just quit now if slen more bytes puts us off the end.
- */
- if ((data + slen) > end) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
-
- if (code & SEC_ASN1_CONSTRUCTED) {
- if (slen > 0 || indefinite) {
- slen = prettyPrintItem(out, data,
- slen == 0 ? end : data + slen,
- lv+1, raw);
- if (slen < 0)
- return slen;
- data += slen;
- }
- } else if (code == 0) {
- if (slen != 0 || lenLen != 1) {
- PORT_SetError(SEC_ERROR_BAD_DER);
- return -1;
- }
- break;
- } else {
- switch (code) {
- case SEC_ASN1_PRINTABLE_STRING:
- case SEC_ASN1_IA5_STRING:
- case SEC_ASN1_VISIBLE_STRING:
- rv = prettyPrintString(out, data, slen, lv+1, raw);
- if (rv < 0)
- return rv;
- break;
- case SEC_ASN1_UTC_TIME:
- rv = prettyPrintTime(out, data, slen, lv+1, raw, PR_TRUE);
- if (rv < 0)
- return rv;
- break;
- case SEC_ASN1_GENERALIZED_TIME:
- rv = prettyPrintTime(out, data, slen, lv+1, raw, PR_FALSE);
- if (rv < 0)
- return rv;
- break;
- case SEC_ASN1_OBJECT_ID:
- rv = prettyPrintObjectID(out, data, slen, lv+1, raw);
- if (rv < 0)
- return rv;
- break;
- case SEC_ASN1_BOOLEAN: /* could do nicer job */
- case SEC_ASN1_INTEGER: /* could do nicer job */
- case SEC_ASN1_BIT_STRING: /* could do nicer job */
- case SEC_ASN1_OCTET_STRING:
- case SEC_ASN1_NULL:
- case SEC_ASN1_ENUMERATED: /* could do nicer job, as INTEGER */
- case SEC_ASN1_UTF8_STRING:
- case SEC_ASN1_T61_STRING: /* print as printable string? */
- case SEC_ASN1_UNIVERSAL_STRING:
- case SEC_ASN1_BMP_STRING:
- default:
- rv = prettyPrintLeaf(out, data, slen, lv+1);
- if (rv < 0)
- return rv;
- break;
- }
- data += slen;
- }
- }
-
- rv = prettyNewline(out);
- if (rv < 0)
- return rv;
-
- return data - orig;
-}
-
-SECStatus
-DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw)
-{
- int rv;
-
- prettyColumn = -1;
-
- rv = prettyPrintItem(out, it->data, it->data + it->len, 0, raw);
- if (rv < 0)
- return SECFailure;
- return SECSuccess;
-}
diff --git a/security/nss/cmd/lib/ffs.c b/security/nss/cmd/lib/ffs.c
deleted file mode 100644
index c7105eb20..000000000
--- a/security/nss/cmd/lib/ffs.c
+++ /dev/null
@@ -1,51 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#if !defined(XP_UNIX) && !defined(XP_OS2)
-
-int ffs( unsigned int i)
-{
- int rv = 1;
-
- if (!i) return 0;
-
- while (!(i & 1)) {
- i >>= 1;
- ++rv;
- }
-
- return rv;
-}
-#endif
diff --git a/security/nss/cmd/lib/manifest.mn b/security/nss/cmd/lib/manifest.mn
deleted file mode 100644
index 767b58a10..000000000
--- a/security/nss/cmd/lib/manifest.mn
+++ /dev/null
@@ -1,65 +0,0 @@
-#
-# ***** BEGIN LICENSE BLOCK *****
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an "AS IS" basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the "GPL"), or
-# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
-# in which case the provisions of the GPL or the LGPL are applicable instead
-# of those above. If you wish to allow use of your version of this file only
-# under the terms of either the GPL or the LGPL, and not to allow others to
-# use your version of this file under the terms of the MPL, indicate your
-# decision by deleting the provisions above and replace them with the notice
-# and other provisions required by the GPL or the LGPL. If you do not delete
-# the provisions above, a recipient may use your version of this file under
-# the terms of any one of the MPL, the GPL or the LGPL.
-#
-# ***** END LICENSE BLOCK *****
-CORE_DEPTH = ../../..
-
-LIBRARY_NAME = sectool
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = nss
-
-DEFINES = -DNSPR20
-
-PRIVATE_EXPORTS = secutil.h \
- NSPRerrs.h \
- SECerrs.h \
- SSLerrs.h \
- pk11table.h \
- $(NULL)
-
-CSRCS = secutil.c \
- secpwd.c \
- derprint.c \
- moreoids.c \
- pppolicy.c \
- secerror.c \
- ffs.c \
- pk11table.c \
- $(NULL)
-
-REQUIRES = dbm
-
-NO_MD_RELEASE = 1
diff --git a/security/nss/cmd/lib/moreoids.c b/security/nss/cmd/lib/moreoids.c
deleted file mode 100644
index 27488c59e..000000000
--- a/security/nss/cmd/lib/moreoids.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 2004
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "secoid.h"
-#include "secmodt.h" /* for CKM_INVALID_MECHANISM */
-
-#define OI(x) { siDEROID, (unsigned char *)x, sizeof x }
-#define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext }
-#define ODN(oid,desc) \
- { OI(oid), 0, desc, CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION }
-
-#define OIDT static const unsigned char
-
-/* OIW Security Special Interest Group defined algorithms. */
-#define OIWSSIG 0x2B, 13, 3, 2
-
-OIDT oiwMD5RSA[] = { OIWSSIG, 3 };
-OIDT oiwDESCBC[] = { OIWSSIG, 7 };
-OIDT oiwRSAsig[] = { OIWSSIG, 11 };
-OIDT oiwDSA [] = { OIWSSIG, 12 };
-OIDT oiwMD5RSAsig[] = { OIWSSIG, 25 };
-OIDT oiwSHA1 [] = { OIWSSIG, 26 };
-OIDT oiwDSASHA1[] = { OIWSSIG, 27 };
-OIDT oiwDSASHA1param[] = { OIWSSIG, 28 };
-OIDT oiwSHA1RSA[] = { OIWSSIG, 29 };
-
-
-/* Microsoft OIDs. (1 3 6 1 4 1 311 ... ) */
-#define MICROSOFT 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37
-
-OIDT mCTL[] = { MICROSOFT, 10, 3, 1 }; /* Cert Trust List signing */
-OIDT mTSS[] = { MICROSOFT, 10, 3, 2 }; /* Time Stamp Signing */
-OIDT mSGC[] = { MICROSOFT, 10, 3, 3 }; /* Server gated cryptography */
-OIDT mEFS[] = { MICROSOFT, 10, 3, 4 }; /* Encrypted File System */
-OIDT mSMIME[] = { MICROSOFT, 16, 4 }; /* SMIME encryption key prefs */
-
-OIDT mECRTT[] = { MICROSOFT, 20, 2 }; /* Enrollment cert type xtn */
-OIDT mEAGNT[] = { MICROSOFT, 20, 2, 1 }; /* Enrollment Agent */
-OIDT mKPSCL[] = { MICROSOFT, 20, 2, 2 }; /* KP SmartCard Logon */
-OIDT mNTPN [] = { MICROSOFT, 20, 2, 3 }; /* NT Principal Name */
-OIDT mCASRV[] = { MICROSOFT, 21, 1 }; /* CertServ CA version */
-
-/* AOL OIDs (1 3 6 1 4 1 1066 ... ) */
-#define AOL 0x2B, 0x06, 0x01, 0x04, 0x01, 0x88, 0x2A
-
-/* PKIX IDs (1 3 6 1 5 5 7 ...) */
-#define ID_PKIX 0x2B, 6, 1, 5, 5, 7
-/* PKIX Access Descriptors (methods for Authority Info Access Extns) */
-#define ID_AD ID_PKIX, 48
-
-OIDT padOCSP[] = { ID_AD, 1 }; /* OCSP method */
-OIDT padCAissuer[] = { ID_AD, 2 }; /* URI (for CRL ?) */
-OIDT padTimeStamp[] = { ID_AD, 3 }; /* time stamping */
-
-/* ISO Cert Extension type OIDs (id-ce) (2 5 29 ...) */
-#define X500 0x55
-#define X520_ATTRIBUTE_TYPE X500, 0x04
-#define X500_ALG X500, 0x08
-#define X500_ALG_ENCRYPTION X500_ALG, 0x01
-#define ID_CE X500, 29
-
-OIDT cePlcyObs[] = { ID_CE, 3 }; /* Cert policies, obsolete. */
-OIDT cePlcyCns[] = { ID_CE, 36 }; /* Cert policy constraints. */
-
-/* US Company arc (2 16 840 1 ...) */
-#define USCOM 0x60, 0x86, 0x48, 0x01
-#define USGOV USCOM, 0x65
-#define USDOD USGOV, 2
-#define ID_INFOSEC USDOD, 1
-
-/* Verisign PKI OIDs (2 16 840 1 113733 1 ...) */
-#define VERISIGN_PKI USCOM, 0x86, 0xf8, 0x45, 1
-#define VERISIGN_XTN VERISIGN_PKI, 6
-#define VERISIGN_POL VERISIGN_PKI, 7 /* Cert policies */
-#define VERISIGN_TNET VERISIGN_POL, 23 /* Verisign Trust Network */
-
-OIDT vcx7[] = { VERISIGN_XTN, 7 }; /* Cert Extension 7 (?) */
-OIDT vcp1[] = { VERISIGN_TNET, 1 }; /* class 1 cert policy */
-OIDT vcp2[] = { VERISIGN_TNET, 2 }; /* class 2 cert policy */
-OIDT vcp3[] = { VERISIGN_TNET, 3 }; /* class 3 cert policy */
-OIDT vcp4[] = { VERISIGN_TNET, 4 }; /* class 4 cert policy */
-
-
-/* ------------------------------------------------------------------- */
-static const SECOidData oids[] = {
-/* OIW Security Special Interest Group OIDs */
- ODN( oiwMD5RSA, "OIWSecSIG MD5 with RSA"),
- ODN( oiwDESCBC, "OIWSecSIG DES CBC"),
- ODN( oiwRSAsig, "OIWSecSIG RSA signature"),
- ODN( oiwDSA , "OIWSecSIG DSA"),
- ODN( oiwMD5RSAsig, "OIWSecSIG MD5 with RSA signature"),
- ODN( oiwSHA1 , "OIWSecSIG SHA1"),
- ODN( oiwDSASHA1, "OIWSecSIG DSA with SHA1"),
- ODN( oiwDSASHA1param, "OIWSecSIG DSA with SHA1 with params"),
- ODN( oiwSHA1RSA, "OIWSecSIG MD5 with RSA"),
-
-/* Microsoft OIDs */
- ODN( mCTL, "Microsoft Cert Trust List signing"),
- ODN( mTSS, "Microsoft Time Stamp signing"),
- ODN( mSGC, "Microsoft SGC SSL server"),
- ODN( mEFS, "Microsoft Encrypted File System"),
- ODN( mSMIME, "Microsoft SMIME preferences"),
- ODN( mECRTT, "Microsoft Enrollment Cert Type Extension"),
- ODN( mEAGNT, "Microsoft Enrollment Agent"),
- ODN( mKPSCL, "Microsoft KP SmartCard Logon"),
- ODN( mNTPN, "Microsoft NT Principal Name"),
- ODN( mCASRV, "Microsoft CertServ CA version"),
-
-/* PKIX OIDs */
- ODN( padOCSP, "PKIX OCSP method"),
- ODN( padCAissuer, "PKIX CA Issuer method"),
- ODN( padTimeStamp, "PKIX Time Stamping method"),
-
-/* ID_CE OIDs. */
- ODN( cePlcyObs, "Certificate Policies (Obsolete)"),
- ODN( cePlcyCns, "Certificate Policy Constraints"),
-
-/* Verisign OIDs. */
- ODN( vcx7, "Verisign Cert Extension 7 (?)"),
- ODN( vcp1, "Verisign Class 1 Certificate Policy"),
- ODN( vcp2, "Verisign Class 2 Certificate Policy"),
- ODN( vcp3, "Verisign Class 3 Certificate Policy"),
- ODN( vcp4, "Verisign Class 4 Certificate Policy"),
-
-};
-
-static const unsigned int numOids = (sizeof oids) / (sizeof oids[0]);
-
-SECStatus
-SECU_RegisterDynamicOids(void)
-{
- unsigned int i;
- SECStatus rv = SECSuccess;
-
- for (i = 0; i < numOids; ++i) {
- SECOidTag tag = SECOID_AddEntry(&oids[i]);
- if (tag == SEC_OID_UNKNOWN) {
- rv = SECFailure;
-#ifdef DEBUG_DYN_OIDS
- fprintf(stderr, "Add OID[%d] failed\n", i);
- } else {
- fprintf(stderr, "Add OID[%d] returned tag %d\n", i, tag);
-#endif
- }
- }
- return rv;
-}
diff --git a/security/nss/cmd/lib/pk11table.c b/security/nss/cmd/lib/pk11table.c
deleted file mode 100644
index 5ec551fb2..000000000
--- a/security/nss/cmd/lib/pk11table.c
+++ /dev/null
@@ -1,1449 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "pk11table.h"
-
-const char *_valueString[] = {
- "None",
- "Variable",
- "CK_ULONG",
- "Data",
- "UTF8",
- "CK_INFO",
- "CK_SLOT_INFO",
- "CK_TOKEN_INFO",
- "CK_SESSION_INFO",
- "CK_ATTRIBUTE",
- "CK_MECHANISM",
- "CK_MECHANISM_INFO",
- "CK_C_INITIALIZE_ARGS",
- "CK_FUNCTION_LIST"
-};
-
-const char **valueString = &_valueString[0];
-const int valueCount = sizeof(_valueString)/sizeof(_valueString[0]);
-
-const char *_constTypeString[] = {
- "None",
- "Bool",
- "InfoFlags",
- "SlotFlags",
- "TokenFlags",
- "SessionFlags",
- "MechanismFlags",
- "InitializeFlags",
- "Users",
- "SessionState",
- "Object",
- "Hardware",
- "KeyType",
- "CertificateType",
- "Attribute",
- "Mechanism",
- "Result",
- "Trust",
- "AvailableSizes",
- "CurrentSize"
-};
-
-const char **constTypeString = &_constTypeString[0];
-const int constTypeCount = sizeof(_constTypeString)/sizeof(_constTypeString[0]);
-
-#define mkEntry(x,t) { #x, x, Const##t, ConstNone }
-#define mkEntry2(x,t,t2) { #x, x, Const##t, Const##t2 }
-
-const Constant _consts[] = {
- mkEntry(CK_FALSE, Bool),
- mkEntry(CK_TRUE, Bool),
-
- mkEntry(CKF_TOKEN_PRESENT, SlotFlags),
- mkEntry(CKF_REMOVABLE_DEVICE, SlotFlags),
- mkEntry(CKF_HW_SLOT, SlotFlags),
-
- mkEntry(CKF_RNG, TokenFlags),
- mkEntry(CKF_WRITE_PROTECTED, TokenFlags),
- mkEntry(CKF_LOGIN_REQUIRED, TokenFlags),
- mkEntry(CKF_USER_PIN_INITIALIZED, TokenFlags),
- mkEntry(CKF_RESTORE_KEY_NOT_NEEDED, TokenFlags),
- mkEntry(CKF_CLOCK_ON_TOKEN, TokenFlags),
- mkEntry(CKF_PROTECTED_AUTHENTICATION_PATH, TokenFlags),
- mkEntry(CKF_DUAL_CRYPTO_OPERATIONS, TokenFlags),
- mkEntry(CKF_TOKEN_INITIALIZED, TokenFlags),
- mkEntry(CKF_SECONDARY_AUTHENTICATION, TokenFlags),
- mkEntry(CKF_USER_PIN_COUNT_LOW, TokenFlags),
- mkEntry(CKF_USER_PIN_FINAL_TRY, TokenFlags),
- mkEntry(CKF_USER_PIN_LOCKED, TokenFlags),
- mkEntry(CKF_USER_PIN_TO_BE_CHANGED, TokenFlags),
- mkEntry(CKF_SO_PIN_COUNT_LOW, TokenFlags),
- mkEntry(CKF_SO_PIN_FINAL_TRY, TokenFlags),
- mkEntry(CKF_SO_PIN_LOCKED, TokenFlags),
- mkEntry(CKF_SO_PIN_TO_BE_CHANGED, TokenFlags),
-
- mkEntry(CKF_RW_SESSION, SessionFlags),
- mkEntry(CKF_SERIAL_SESSION, SessionFlags),
-
- mkEntry(CKF_HW, MechanismFlags),
- mkEntry(CKF_ENCRYPT, MechanismFlags),
- mkEntry(CKF_DECRYPT, MechanismFlags),
- mkEntry(CKF_DIGEST, MechanismFlags),
- mkEntry(CKF_SIGN, MechanismFlags),
- mkEntry(CKF_SIGN_RECOVER, MechanismFlags),
- mkEntry(CKF_VERIFY, MechanismFlags),
- mkEntry(CKF_VERIFY_RECOVER, MechanismFlags),
- mkEntry(CKF_GENERATE, MechanismFlags),
- mkEntry(CKF_GENERATE_KEY_PAIR, MechanismFlags),
- mkEntry(CKF_WRAP, MechanismFlags),
- mkEntry(CKF_UNWRAP, MechanismFlags),
- mkEntry(CKF_DERIVE, MechanismFlags),
- mkEntry(CKF_EC_FP, MechanismFlags),
- mkEntry(CKF_EC_F_2M, MechanismFlags),
- mkEntry(CKF_EC_ECPARAMETERS, MechanismFlags),
- mkEntry(CKF_EC_NAMEDCURVE, MechanismFlags),
- mkEntry(CKF_EC_UNCOMPRESS, MechanismFlags),
- mkEntry(CKF_EC_COMPRESS, MechanismFlags),
-
- mkEntry(CKF_LIBRARY_CANT_CREATE_OS_THREADS, InitializeFlags),
- mkEntry(CKF_OS_LOCKING_OK, InitializeFlags),
-
- mkEntry(CKU_SO, Users),
- mkEntry(CKU_USER, Users),
-
- mkEntry(CKS_RO_PUBLIC_SESSION, SessionState),
- mkEntry(CKS_RO_USER_FUNCTIONS, SessionState),
- mkEntry(CKS_RW_PUBLIC_SESSION, SessionState),
- mkEntry(CKS_RW_USER_FUNCTIONS, SessionState),
- mkEntry(CKS_RW_SO_FUNCTIONS, SessionState),
-
- mkEntry(CKO_DATA, Object),
- mkEntry(CKO_CERTIFICATE, Object),
- mkEntry(CKO_PUBLIC_KEY, Object),
- mkEntry(CKO_PRIVATE_KEY, Object),
- mkEntry(CKO_SECRET_KEY, Object),
- mkEntry(CKO_HW_FEATURE, Object),
- mkEntry(CKO_DOMAIN_PARAMETERS, Object),
- mkEntry(CKO_KG_PARAMETERS, Object),
- mkEntry(CKO_NETSCAPE_CRL, Object),
- mkEntry(CKO_NETSCAPE_SMIME, Object),
- mkEntry(CKO_NETSCAPE_TRUST, Object),
- mkEntry(CKO_NETSCAPE_BUILTIN_ROOT_LIST, Object),
-
- mkEntry(CKH_MONOTONIC_COUNTER, Hardware),
- mkEntry(CKH_CLOCK, Hardware),
-
- mkEntry(CKK_RSA, KeyType),
- mkEntry(CKK_DSA, KeyType),
- mkEntry(CKK_DH, KeyType),
- mkEntry(CKK_ECDSA, KeyType),
- mkEntry(CKK_EC, KeyType),
- mkEntry(CKK_X9_42_DH, KeyType),
- mkEntry(CKK_KEA, KeyType),
- mkEntry(CKK_GENERIC_SECRET, KeyType),
- mkEntry(CKK_RC2, KeyType),
- mkEntry(CKK_RC4, KeyType),
- mkEntry(CKK_DES, KeyType),
- mkEntry(CKK_DES2, KeyType),
- mkEntry(CKK_DES3, KeyType),
- mkEntry(CKK_CAST, KeyType),
- mkEntry(CKK_CAST3, KeyType),
- mkEntry(CKK_CAST5, KeyType),
- mkEntry(CKK_CAST128, KeyType),
- mkEntry(CKK_RC5, KeyType),
- mkEntry(CKK_IDEA, KeyType),
- mkEntry(CKK_SKIPJACK, KeyType),
- mkEntry(CKK_BATON, KeyType),
- mkEntry(CKK_JUNIPER, KeyType),
- mkEntry(CKK_CDMF, KeyType),
- mkEntry(CKK_AES, KeyType),
- mkEntry(CKK_CAMELLIA, KeyType),
- mkEntry(CKK_NETSCAPE_PKCS8, KeyType),
-
- mkEntry(CKC_X_509, CertType),
- mkEntry(CKC_X_509_ATTR_CERT, CertType),
-
- mkEntry2(CKA_CLASS, Attribute, Object),
- mkEntry2(CKA_TOKEN, Attribute, Bool),
- mkEntry2(CKA_PRIVATE, Attribute, Bool),
- mkEntry2(CKA_LABEL, Attribute, None),
- mkEntry2(CKA_APPLICATION, Attribute, None),
- mkEntry2(CKA_VALUE, Attribute, None),
- mkEntry2(CKA_OBJECT_ID, Attribute, None),
- mkEntry2(CKA_CERTIFICATE_TYPE, Attribute, CertType),
- mkEntry2(CKA_ISSUER, Attribute, None),
- mkEntry2(CKA_SERIAL_NUMBER, Attribute, None),
- mkEntry2(CKA_AC_ISSUER, Attribute, None),
- mkEntry2(CKA_OWNER, Attribute, None),
- mkEntry2(CKA_ATTR_TYPES, Attribute, None),
- mkEntry2(CKA_TRUSTED, Attribute, Bool),
- mkEntry2(CKA_KEY_TYPE, Attribute, KeyType),
- mkEntry2(CKA_SUBJECT, Attribute, None),
- mkEntry2(CKA_ID, Attribute, None),
- mkEntry2(CKA_SENSITIVE, Attribute, Bool),
- mkEntry2(CKA_ENCRYPT, Attribute, Bool),
- mkEntry2(CKA_DECRYPT, Attribute, Bool),
- mkEntry2(CKA_WRAP, Attribute, Bool),
- mkEntry2(CKA_UNWRAP, Attribute, Bool),
- mkEntry2(CKA_SIGN, Attribute, Bool),
- mkEntry2(CKA_SIGN_RECOVER, Attribute, Bool),
- mkEntry2(CKA_VERIFY, Attribute, Bool),
- mkEntry2(CKA_VERIFY_RECOVER, Attribute, Bool),
- mkEntry2(CKA_DERIVE, Attribute, Bool),
- mkEntry2(CKA_START_DATE, Attribute, None),
- mkEntry2(CKA_END_DATE, Attribute, None),
- mkEntry2(CKA_MODULUS, Attribute, None),
- mkEntry2(CKA_MODULUS_BITS, Attribute, None),
- mkEntry2(CKA_PUBLIC_EXPONENT, Attribute, None),
- mkEntry2(CKA_PRIVATE_EXPONENT, Attribute, None),
- mkEntry2(CKA_PRIME_1, Attribute, None),
- mkEntry2(CKA_PRIME_2, Attribute, None),
- mkEntry2(CKA_EXPONENT_1, Attribute, None),
- mkEntry2(CKA_EXPONENT_2, Attribute, None),
- mkEntry2(CKA_COEFFICIENT, Attribute, None),
- mkEntry2(CKA_PRIME, Attribute, None),
- mkEntry2(CKA_SUBPRIME, Attribute, None),
- mkEntry2(CKA_BASE, Attribute, None),
- mkEntry2(CKA_PRIME_BITS, Attribute, None),
- mkEntry2(CKA_SUB_PRIME_BITS, Attribute, None),
- mkEntry2(CKA_VALUE_BITS, Attribute, None),
- mkEntry2(CKA_VALUE_LEN, Attribute, None),
- mkEntry2(CKA_EXTRACTABLE, Attribute, Bool),
- mkEntry2(CKA_LOCAL, Attribute, Bool),
- mkEntry2(CKA_NEVER_EXTRACTABLE, Attribute, Bool),
- mkEntry2(CKA_ALWAYS_SENSITIVE, Attribute, Bool),
- mkEntry2(CKA_KEY_GEN_MECHANISM, Attribute, Mechanism),
- mkEntry2(CKA_MODIFIABLE, Attribute, Bool),
- mkEntry2(CKA_ECDSA_PARAMS, Attribute, None),
- mkEntry2(CKA_EC_PARAMS, Attribute, None),
- mkEntry2(CKA_EC_POINT, Attribute, None),
- mkEntry2(CKA_SECONDARY_AUTH, Attribute, None),
- mkEntry2(CKA_AUTH_PIN_FLAGS, Attribute, None),
- mkEntry2(CKA_HW_FEATURE_TYPE, Attribute, Hardware),
- mkEntry2(CKA_RESET_ON_INIT, Attribute, Bool),
- mkEntry2(CKA_HAS_RESET, Attribute, Bool),
- mkEntry2(CKA_NETSCAPE_URL, Attribute, None),
- mkEntry2(CKA_NETSCAPE_EMAIL, Attribute, None),
- mkEntry2(CKA_NETSCAPE_SMIME_INFO, Attribute, None),
- mkEntry2(CKA_NETSCAPE_SMIME_TIMESTAMP, Attribute, None),
- mkEntry2(CKA_NETSCAPE_PKCS8_SALT, Attribute, None),
- mkEntry2(CKA_NETSCAPE_PASSWORD_CHECK, Attribute, None),
- mkEntry2(CKA_NETSCAPE_EXPIRES, Attribute, None),
- mkEntry2(CKA_NETSCAPE_KRL, Attribute, None),
- mkEntry2(CKA_NETSCAPE_PQG_COUNTER, Attribute, None),
- mkEntry2(CKA_NETSCAPE_PQG_SEED, Attribute, None),
- mkEntry2(CKA_NETSCAPE_PQG_H, Attribute, None),
- mkEntry2(CKA_NETSCAPE_PQG_SEED_BITS, Attribute, None),
- mkEntry2(CKA_TRUST_DIGITAL_SIGNATURE, Attribute, Trust),
- mkEntry2(CKA_TRUST_NON_REPUDIATION, Attribute, Trust),
- mkEntry2(CKA_TRUST_KEY_ENCIPHERMENT, Attribute, Trust),
- mkEntry2(CKA_TRUST_DATA_ENCIPHERMENT, Attribute, Trust),
- mkEntry2(CKA_TRUST_KEY_AGREEMENT, Attribute, Trust),
- mkEntry2(CKA_TRUST_KEY_CERT_SIGN, Attribute, Trust),
- mkEntry2(CKA_TRUST_CRL_SIGN, Attribute, Trust),
- mkEntry2(CKA_TRUST_SERVER_AUTH, Attribute, Trust),
- mkEntry2(CKA_TRUST_CLIENT_AUTH, Attribute, Trust),
- mkEntry2(CKA_TRUST_CODE_SIGNING, Attribute, Trust),
- mkEntry2(CKA_TRUST_EMAIL_PROTECTION, Attribute, Trust),
- mkEntry2(CKA_TRUST_IPSEC_END_SYSTEM, Attribute, Trust),
- mkEntry2(CKA_TRUST_IPSEC_TUNNEL, Attribute, Trust),
- mkEntry2(CKA_TRUST_IPSEC_USER, Attribute, Trust),
- mkEntry2(CKA_TRUST_TIME_STAMPING, Attribute, Trust),
- mkEntry2(CKA_CERT_SHA1_HASH, Attribute, None),
- mkEntry2(CKA_CERT_MD5_HASH, Attribute, None),
- mkEntry2(CKA_NETSCAPE_DB, Attribute, None),
- mkEntry2(CKA_NETSCAPE_TRUST, Attribute, Trust),
-
- mkEntry(CKM_RSA_PKCS, Mechanism),
- mkEntry(CKM_RSA_9796, Mechanism),
- mkEntry(CKM_RSA_X_509, Mechanism),
- mkEntry(CKM_RSA_PKCS_KEY_PAIR_GEN, Mechanism),
- mkEntry(CKM_MD2_RSA_PKCS, Mechanism),
- mkEntry(CKM_MD5_RSA_PKCS, Mechanism),
- mkEntry(CKM_SHA1_RSA_PKCS, Mechanism),
- mkEntry(CKM_RIPEMD128_RSA_PKCS, Mechanism),
- mkEntry(CKM_RIPEMD160_RSA_PKCS, Mechanism),
- mkEntry(CKM_RSA_PKCS_OAEP, Mechanism),
- mkEntry(CKM_RSA_X9_31_KEY_PAIR_GEN, Mechanism),
- mkEntry(CKM_RSA_X9_31, Mechanism),
- mkEntry(CKM_SHA1_RSA_X9_31, Mechanism),
- mkEntry(CKM_DSA_KEY_PAIR_GEN, Mechanism),
- mkEntry(CKM_DSA, Mechanism),
- mkEntry(CKM_DSA_SHA1, Mechanism),
- mkEntry(CKM_DH_PKCS_KEY_PAIR_GEN, Mechanism),
- mkEntry(CKM_DH_PKCS_DERIVE, Mechanism),
- mkEntry(CKM_X9_42_DH_DERIVE, Mechanism),
- mkEntry(CKM_X9_42_DH_HYBRID_DERIVE, Mechanism),
- mkEntry(CKM_X9_42_MQV_DERIVE, Mechanism),
- mkEntry(CKM_SHA256_RSA_PKCS, Mechanism),
- mkEntry(CKM_SHA384_RSA_PKCS, Mechanism),
- mkEntry(CKM_SHA512_RSA_PKCS, Mechanism),
- mkEntry(CKM_RC2_KEY_GEN, Mechanism),
- mkEntry(CKM_RC2_ECB, Mechanism),
- mkEntry(CKM_RC2_CBC, Mechanism),
- mkEntry(CKM_RC2_MAC, Mechanism),
- mkEntry(CKM_RC2_MAC_GENERAL, Mechanism),
- mkEntry(CKM_RC2_CBC_PAD, Mechanism),
- mkEntry(CKM_RC4_KEY_GEN, Mechanism),
- mkEntry(CKM_RC4, Mechanism),
- mkEntry(CKM_DES_KEY_GEN, Mechanism),
- mkEntry(CKM_DES_ECB, Mechanism),
- mkEntry(CKM_DES_CBC, Mechanism),
- mkEntry(CKM_DES_MAC, Mechanism),
- mkEntry(CKM_DES_MAC_GENERAL, Mechanism),
- mkEntry(CKM_DES_CBC_PAD, Mechanism),
- mkEntry(CKM_DES2_KEY_GEN, Mechanism),
- mkEntry(CKM_DES3_KEY_GEN, Mechanism),
- mkEntry(CKM_DES3_ECB, Mechanism),
- mkEntry(CKM_DES3_CBC, Mechanism),
- mkEntry(CKM_DES3_MAC, Mechanism),
- mkEntry(CKM_DES3_MAC_GENERAL, Mechanism),
- mkEntry(CKM_DES3_CBC_PAD, Mechanism),
- mkEntry(CKM_CDMF_KEY_GEN, Mechanism),
- mkEntry(CKM_CDMF_ECB, Mechanism),
- mkEntry(CKM_CDMF_CBC, Mechanism),
- mkEntry(CKM_CDMF_MAC, Mechanism),
- mkEntry(CKM_CDMF_MAC_GENERAL, Mechanism),
- mkEntry(CKM_CDMF_CBC_PAD, Mechanism),
- mkEntry(CKM_MD2, Mechanism),
- mkEntry(CKM_MD2_HMAC, Mechanism),
- mkEntry(CKM_MD2_HMAC_GENERAL, Mechanism),
- mkEntry(CKM_MD5, Mechanism),
- mkEntry(CKM_MD5_HMAC, Mechanism),
- mkEntry(CKM_MD5_HMAC_GENERAL, Mechanism),
- mkEntry(CKM_SHA_1, Mechanism),
- mkEntry(CKM_SHA_1_HMAC, Mechanism),
- mkEntry(CKM_SHA_1_HMAC_GENERAL, Mechanism),
- mkEntry(CKM_RIPEMD128, Mechanism),
- mkEntry(CKM_RIPEMD128_HMAC, Mechanism),
- mkEntry(CKM_RIPEMD128_HMAC_GENERAL, Mechanism),
- mkEntry(CKM_RIPEMD160, Mechanism),
- mkEntry(CKM_RIPEMD160_HMAC, Mechanism),
- mkEntry(CKM_RIPEMD160_HMAC_GENERAL, Mechanism),
- mkEntry(CKM_SHA256, Mechanism),
- mkEntry(CKM_SHA256_HMAC_GENERAL, Mechanism),
- mkEntry(CKM_SHA256_HMAC, Mechanism),
- mkEntry(CKM_SHA384, Mechanism),
- mkEntry(CKM_SHA384_HMAC_GENERAL, Mechanism),
- mkEntry(CKM_SHA384_HMAC, Mechanism),
- mkEntry(CKM_SHA512, Mechanism),
- mkEntry(CKM_SHA512_HMAC_GENERAL, Mechanism),
- mkEntry(CKM_SHA512_HMAC, Mechanism),
- mkEntry(CKM_CAST_KEY_GEN, Mechanism),
- mkEntry(CKM_CAST_ECB, Mechanism),
- mkEntry(CKM_CAST_CBC, Mechanism),
- mkEntry(CKM_CAST_MAC, Mechanism),
- mkEntry(CKM_CAST_MAC_GENERAL, Mechanism),
- mkEntry(CKM_CAST_CBC_PAD, Mechanism),
- mkEntry(CKM_CAST3_KEY_GEN, Mechanism),
- mkEntry(CKM_CAST3_ECB, Mechanism),
- mkEntry(CKM_CAST3_CBC, Mechanism),
- mkEntry(CKM_CAST3_MAC, Mechanism),
- mkEntry(CKM_CAST3_MAC_GENERAL, Mechanism),
- mkEntry(CKM_CAST3_CBC_PAD, Mechanism),
- mkEntry(CKM_CAST5_KEY_GEN, Mechanism),
- mkEntry(CKM_CAST128_KEY_GEN, Mechanism),
- mkEntry(CKM_CAST5_ECB, Mechanism),
- mkEntry(CKM_CAST128_ECB, Mechanism),
- mkEntry(CKM_CAST5_CBC, Mechanism),
- mkEntry(CKM_CAST128_CBC, Mechanism),
- mkEntry(CKM_CAST5_MAC, Mechanism),
- mkEntry(CKM_CAST128_MAC, Mechanism),
- mkEntry(CKM_CAST5_MAC_GENERAL, Mechanism),
- mkEntry(CKM_CAST128_MAC_GENERAL, Mechanism),
- mkEntry(CKM_CAST5_CBC_PAD, Mechanism),
- mkEntry(CKM_CAST128_CBC_PAD, Mechanism),
- mkEntry(CKM_RC5_KEY_GEN, Mechanism),
- mkEntry(CKM_RC5_ECB, Mechanism),
- mkEntry(CKM_RC5_CBC, Mechanism),
- mkEntry(CKM_RC5_MAC, Mechanism),
- mkEntry(CKM_RC5_MAC_GENERAL, Mechanism),
- mkEntry(CKM_RC5_CBC_PAD, Mechanism),
- mkEntry(CKM_IDEA_KEY_GEN, Mechanism),
- mkEntry(CKM_IDEA_ECB, Mechanism),
- mkEntry(CKM_IDEA_CBC, Mechanism),
- mkEntry(CKM_IDEA_MAC, Mechanism),
- mkEntry(CKM_IDEA_MAC_GENERAL, Mechanism),
- mkEntry(CKM_IDEA_CBC_PAD, Mechanism),
- mkEntry(CKM_GENERIC_SECRET_KEY_GEN, Mechanism),
- mkEntry(CKM_CONCATENATE_BASE_AND_KEY, Mechanism),
- mkEntry(CKM_CONCATENATE_BASE_AND_DATA, Mechanism),
- mkEntry(CKM_CONCATENATE_DATA_AND_BASE, Mechanism),
- mkEntry(CKM_XOR_BASE_AND_DATA, Mechanism),
- mkEntry(CKM_EXTRACT_KEY_FROM_KEY, Mechanism),
- mkEntry(CKM_SSL3_PRE_MASTER_KEY_GEN, Mechanism),
- mkEntry(CKM_SSL3_MASTER_KEY_DERIVE, Mechanism),
- mkEntry(CKM_SSL3_KEY_AND_MAC_DERIVE, Mechanism),
- mkEntry(CKM_SSL3_MASTER_KEY_DERIVE_DH, Mechanism),
- mkEntry(CKM_TLS_PRE_MASTER_KEY_GEN, Mechanism),
- mkEntry(CKM_TLS_MASTER_KEY_DERIVE, Mechanism),
- mkEntry(CKM_TLS_KEY_AND_MAC_DERIVE, Mechanism),
- mkEntry(CKM_TLS_MASTER_KEY_DERIVE_DH, Mechanism),
- mkEntry(CKM_SSL3_MD5_MAC, Mechanism),
- mkEntry(CKM_SSL3_SHA1_MAC, Mechanism),
- mkEntry(CKM_MD5_KEY_DERIVATION, Mechanism),
- mkEntry(CKM_MD2_KEY_DERIVATION, Mechanism),
- mkEntry(CKM_SHA1_KEY_DERIVATION, Mechanism),
- mkEntry(CKM_SHA256_KEY_DERIVATION, Mechanism),
- mkEntry(CKM_SHA384_KEY_DERIVATION, Mechanism),
- mkEntry(CKM_SHA512_KEY_DERIVATION, Mechanism),
- mkEntry(CKM_PBE_MD2_DES_CBC, Mechanism),
- mkEntry(CKM_PBE_MD5_DES_CBC, Mechanism),
- mkEntry(CKM_PBE_MD5_CAST_CBC, Mechanism),
- mkEntry(CKM_PBE_MD5_CAST3_CBC, Mechanism),
- mkEntry(CKM_PBE_MD5_CAST5_CBC, Mechanism),
- mkEntry(CKM_PBE_MD5_CAST128_CBC, Mechanism),
- mkEntry(CKM_PBE_SHA1_CAST5_CBC, Mechanism),
- mkEntry(CKM_PBE_SHA1_CAST128_CBC, Mechanism),
- mkEntry(CKM_PBE_SHA1_RC4_128, Mechanism),
- mkEntry(CKM_PBE_SHA1_RC4_40, Mechanism),
- mkEntry(CKM_PBE_SHA1_DES3_EDE_CBC, Mechanism),
- mkEntry(CKM_PBE_SHA1_DES2_EDE_CBC, Mechanism),
- mkEntry(CKM_PBE_SHA1_RC2_128_CBC, Mechanism),
- mkEntry(CKM_PBE_SHA1_RC2_40_CBC, Mechanism),
- mkEntry(CKM_PKCS5_PBKD2, Mechanism),
- mkEntry(CKM_PBA_SHA1_WITH_SHA1_HMAC, Mechanism),
- mkEntry(CKM_KEY_WRAP_LYNKS, Mechanism),
- mkEntry(CKM_KEY_WRAP_SET_OAEP, Mechanism),
- mkEntry(CKM_SKIPJACK_KEY_GEN, Mechanism),
- mkEntry(CKM_SKIPJACK_ECB64, Mechanism),
- mkEntry(CKM_SKIPJACK_CBC64, Mechanism),
- mkEntry(CKM_SKIPJACK_OFB64, Mechanism),
- mkEntry(CKM_SKIPJACK_CFB64, Mechanism),
- mkEntry(CKM_SKIPJACK_CFB32, Mechanism),
- mkEntry(CKM_SKIPJACK_CFB16, Mechanism),
- mkEntry(CKM_SKIPJACK_CFB8, Mechanism),
- mkEntry(CKM_SKIPJACK_WRAP, Mechanism),
- mkEntry(CKM_SKIPJACK_PRIVATE_WRAP, Mechanism),
- mkEntry(CKM_SKIPJACK_RELAYX, Mechanism),
- mkEntry(CKM_KEA_KEY_PAIR_GEN, Mechanism),
- mkEntry(CKM_KEA_KEY_DERIVE, Mechanism),
- mkEntry(CKM_FORTEZZA_TIMESTAMP, Mechanism),
- mkEntry(CKM_BATON_KEY_GEN, Mechanism),
- mkEntry(CKM_BATON_ECB128, Mechanism),
- mkEntry(CKM_BATON_ECB96, Mechanism),
- mkEntry(CKM_BATON_CBC128, Mechanism),
- mkEntry(CKM_BATON_COUNTER, Mechanism),
- mkEntry(CKM_BATON_SHUFFLE, Mechanism),
- mkEntry(CKM_BATON_WRAP, Mechanism),
- mkEntry(CKM_ECDSA_KEY_PAIR_GEN, Mechanism),
- mkEntry(CKM_EC_KEY_PAIR_GEN, Mechanism),
- mkEntry(CKM_ECDSA, Mechanism),
- mkEntry(CKM_ECDSA_SHA1, Mechanism),
- mkEntry(CKM_ECDH1_DERIVE, Mechanism),
- mkEntry(CKM_ECDH1_COFACTOR_DERIVE, Mechanism),
- mkEntry(CKM_ECMQV_DERIVE, Mechanism),
- mkEntry(CKM_JUNIPER_KEY_GEN, Mechanism),
- mkEntry(CKM_JUNIPER_ECB128, Mechanism),
- mkEntry(CKM_JUNIPER_CBC128, Mechanism),
- mkEntry(CKM_JUNIPER_COUNTER, Mechanism),
- mkEntry(CKM_JUNIPER_SHUFFLE, Mechanism),
- mkEntry(CKM_JUNIPER_WRAP, Mechanism),
- mkEntry(CKM_FASTHASH, Mechanism),
- mkEntry(CKM_AES_KEY_GEN, Mechanism),
- mkEntry(CKM_AES_ECB, Mechanism),
- mkEntry(CKM_AES_CBC, Mechanism),
- mkEntry(CKM_AES_MAC, Mechanism),
- mkEntry(CKM_AES_MAC_GENERAL, Mechanism),
- mkEntry(CKM_AES_CBC_PAD, Mechanism),
- mkEntry(CKM_CAMELLIA_KEY_GEN, Mechanism),
- mkEntry(CKM_CAMELLIA_ECB, Mechanism),
- mkEntry(CKM_CAMELLIA_CBC, Mechanism),
- mkEntry(CKM_CAMELLIA_MAC, Mechanism),
- mkEntry(CKM_CAMELLIA_MAC_GENERAL, Mechanism),
- mkEntry(CKM_CAMELLIA_CBC_PAD, Mechanism),
- mkEntry(CKM_SEED_KEY_GEN, Mechanism),
- mkEntry(CKM_SEED_ECB, Mechanism),
- mkEntry(CKM_SEED_CBC, Mechanism),
- mkEntry(CKM_SEED_MAC, Mechanism),
- mkEntry(CKM_SEED_MAC_GENERAL, Mechanism),
- mkEntry(CKM_SEED_CBC_PAD, Mechanism),
- mkEntry(CKM_SEED_ECB_ENCRYPT_DATA, Mechanism),
- mkEntry(CKM_SEED_CBC_ENCRYPT_DATA, Mechanism),
- mkEntry(CKM_DSA_PARAMETER_GEN, Mechanism),
- mkEntry(CKM_DH_PKCS_PARAMETER_GEN, Mechanism),
- mkEntry(CKM_NETSCAPE_AES_KEY_WRAP, Mechanism),
- mkEntry(CKM_NETSCAPE_AES_KEY_WRAP_PAD, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_SHA1_DES_CBC, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN, Mechanism),
- mkEntry(CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN, Mechanism),
- mkEntry(CKM_TLS_PRF_GENERAL, Mechanism),
-
- mkEntry(CKR_OK, Result),
- mkEntry(CKR_CANCEL, Result),
- mkEntry(CKR_HOST_MEMORY, Result),
- mkEntry(CKR_SLOT_ID_INVALID, Result),
- mkEntry(CKR_GENERAL_ERROR, Result),
- mkEntry(CKR_FUNCTION_FAILED, Result),
- mkEntry(CKR_ARGUMENTS_BAD, Result),
- mkEntry(CKR_NO_EVENT, Result),
- mkEntry(CKR_NEED_TO_CREATE_THREADS, Result),
- mkEntry(CKR_CANT_LOCK, Result),
- mkEntry(CKR_ATTRIBUTE_READ_ONLY, Result),
- mkEntry(CKR_ATTRIBUTE_SENSITIVE, Result),
- mkEntry(CKR_ATTRIBUTE_TYPE_INVALID, Result),
- mkEntry(CKR_ATTRIBUTE_VALUE_INVALID, Result),
- mkEntry(CKR_DATA_INVALID, Result),
- mkEntry(CKR_DATA_LEN_RANGE, Result),
- mkEntry(CKR_DEVICE_ERROR, Result),
- mkEntry(CKR_DEVICE_MEMORY, Result),
- mkEntry(CKR_DEVICE_REMOVED, Result),
- mkEntry(CKR_ENCRYPTED_DATA_INVALID, Result),
- mkEntry(CKR_ENCRYPTED_DATA_LEN_RANGE, Result),
- mkEntry(CKR_FUNCTION_CANCELED, Result),
- mkEntry(CKR_FUNCTION_NOT_PARALLEL, Result),
- mkEntry(CKR_FUNCTION_NOT_SUPPORTED, Result),
- mkEntry(CKR_KEY_HANDLE_INVALID, Result),
- mkEntry(CKR_KEY_SIZE_RANGE, Result),
- mkEntry(CKR_KEY_TYPE_INCONSISTENT, Result),
- mkEntry(CKR_KEY_NOT_NEEDED, Result),
- mkEntry(CKR_KEY_CHANGED, Result),
- mkEntry(CKR_KEY_NEEDED, Result),
- mkEntry(CKR_KEY_INDIGESTIBLE, Result),
- mkEntry(CKR_KEY_FUNCTION_NOT_PERMITTED, Result),
- mkEntry(CKR_KEY_NOT_WRAPPABLE, Result),
- mkEntry(CKR_KEY_UNEXTRACTABLE, Result),
- mkEntry(CKR_KEY_PARAMS_INVALID, Result),
- mkEntry(CKR_MECHANISM_INVALID, Result),
- mkEntry(CKR_MECHANISM_PARAM_INVALID, Result),
- mkEntry(CKR_OBJECT_HANDLE_INVALID, Result),
- mkEntry(CKR_OPERATION_ACTIVE, Result),
- mkEntry(CKR_OPERATION_NOT_INITIALIZED, Result),
- mkEntry(CKR_PIN_INCORRECT, Result),
- mkEntry(CKR_PIN_INVALID, Result),
- mkEntry(CKR_PIN_LEN_RANGE, Result),
- mkEntry(CKR_PIN_EXPIRED, Result),
- mkEntry(CKR_PIN_LOCKED, Result),
- mkEntry(CKR_SESSION_CLOSED, Result),
- mkEntry(CKR_SESSION_COUNT, Result),
- mkEntry(CKR_SESSION_HANDLE_INVALID, Result),
- mkEntry(CKR_SESSION_PARALLEL_NOT_SUPPORTED, Result),
- mkEntry(CKR_SESSION_READ_ONLY, Result),
- mkEntry(CKR_SESSION_EXISTS, Result),
- mkEntry(CKR_SESSION_READ_ONLY_EXISTS, Result),
- mkEntry(CKR_SESSION_READ_WRITE_SO_EXISTS, Result),
- mkEntry(CKR_SIGNATURE_INVALID, Result),
- mkEntry(CKR_SIGNATURE_LEN_RANGE, Result),
- mkEntry(CKR_TEMPLATE_INCOMPLETE, Result),
- mkEntry(CKR_TEMPLATE_INCONSISTENT, Result),
- mkEntry(CKR_TOKEN_NOT_PRESENT, Result),
- mkEntry(CKR_TOKEN_NOT_RECOGNIZED, Result),
- mkEntry(CKR_TOKEN_WRITE_PROTECTED, Result),
- mkEntry(CKR_UNWRAPPING_KEY_HANDLE_INVALID, Result),
- mkEntry(CKR_UNWRAPPING_KEY_SIZE_RANGE, Result),
- mkEntry(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, Result),
- mkEntry(CKR_USER_ALREADY_LOGGED_IN, Result),
- mkEntry(CKR_USER_NOT_LOGGED_IN, Result),
- mkEntry(CKR_USER_PIN_NOT_INITIALIZED, Result),
- mkEntry(CKR_USER_TYPE_INVALID, Result),
- mkEntry(CKR_USER_ANOTHER_ALREADY_LOGGED_IN, Result),
- mkEntry(CKR_USER_TOO_MANY_TYPES, Result),
- mkEntry(CKR_WRAPPED_KEY_INVALID, Result),
- mkEntry(CKR_WRAPPED_KEY_LEN_RANGE, Result),
- mkEntry(CKR_WRAPPING_KEY_HANDLE_INVALID, Result),
- mkEntry(CKR_WRAPPING_KEY_SIZE_RANGE, Result),
- mkEntry(CKR_WRAPPING_KEY_TYPE_INCONSISTENT, Result),
- mkEntry(CKR_RANDOM_SEED_NOT_SUPPORTED, Result),
- mkEntry(CKR_RANDOM_NO_RNG, Result),
- mkEntry(CKR_DOMAIN_PARAMS_INVALID, Result),
- mkEntry(CKR_BUFFER_TOO_SMALL, Result),
- mkEntry(CKR_SAVED_STATE_INVALID, Result),
- mkEntry(CKR_INFORMATION_SENSITIVE, Result),
- mkEntry(CKR_STATE_UNSAVEABLE, Result),
- mkEntry(CKR_CRYPTOKI_NOT_INITIALIZED, Result),
- mkEntry(CKR_CRYPTOKI_ALREADY_INITIALIZED, Result),
- mkEntry(CKR_MUTEX_BAD, Result),
- mkEntry(CKR_MUTEX_NOT_LOCKED, Result),
- mkEntry(CKR_VENDOR_DEFINED, Result),
-
- mkEntry(CKT_NETSCAPE_TRUSTED, Trust),
- mkEntry(CKT_NETSCAPE_TRUSTED_DELEGATOR, Trust),
- mkEntry(CKT_NETSCAPE_UNTRUSTED, Trust),
- mkEntry(CKT_NETSCAPE_MUST_VERIFY, Trust),
- mkEntry(CKT_NETSCAPE_TRUST_UNKNOWN, Trust),
- mkEntry(CKT_NETSCAPE_VALID, Trust),
- mkEntry(CKT_NETSCAPE_VALID_DELEGATOR, Trust),
-
- mkEntry(CK_EFFECTIVELY_INFINITE, AvailableSizes),
- mkEntry(CK_UNAVAILABLE_INFORMATION, CurrentSize),
-};
-
-const Constant *consts = &_consts[0];
-const int constCount = sizeof(_consts)/sizeof(_consts[0]);
-
-const Commands _commands[] = {
- {"C_Initialize", F_C_Initialize,
-"C_Initialize pInitArgs\n\n"
-"C_Initialize initializes the PKCS #11 library.\n"
-" pInitArgs if this is not NULL_PTR it gets cast to and dereferenced\n",
- {ArgInitializeArgs, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_Finalize", F_C_Finalize,
-"C_Finalize pReserved\n\n"
-"C_Finalize indicates that an application is done with the PKCS #11 library.\n"
-" pReserved reserved. Should be NULL_PTR\n",
- {ArgInitializeArgs, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetInfo", F_C_GetInfo,
-"C_GetInfo pInfo\n\n"
-"C_GetInfo returns general information about PKCS #11.\n"
-" pInfo location that receives information\n",
- {ArgInfo|ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetFunctionList", F_C_GetFunctionList,
-"C_GetFunctionList ppFunctionList\n\n"
-"C_GetFunctionList returns the function list.\n"
-" ppFunctionList receives pointer to function list\n",
- {ArgFunctionList|ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetSlotList", F_C_GetSlotList,
-"C_GetSlotList tokenPresent pSlotList pulCount\n\n"
-"C_GetSlotList obtains a list of slots in the system.\n"
-" tokenPresent only slots with tokens?\n"
-" pSlotList receives array of slot IDs\n"
-" pulCount receives number of slots\n",
- {ArgULong, ArgULong|ArgArray|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetSlotInfo", F_C_GetSlotInfo,
-"C_GetSlotInfo slotID pInfo\n\n"
-"C_GetSlotInfo obtains information about a particular slot in the system.\n"
-" slotID the ID of the slot\n"
-" pInfo receives the slot information\n",
- {ArgULong, ArgSlotInfo|ArgOut, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetTokenInfo", F_C_GetTokenInfo,
-"C_GetTokenInfo slotID pInfo\n\n"
-"C_GetTokenInfo obtains information about a particular token in the system.\n"
-" slotID ID of the token's slot\n"
-" pInfo receives the token information\n",
- {ArgULong, ArgTokenInfo|ArgOut, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetMechanismList", F_C_GetMechanismList,
-"C_GetMechanismList slotID pMechanismList pulCount\n\n"
-"C_GetMechanismList obtains a list of mechanism types supported by a token.\n"
-" slotID ID of token's slot\n"
-" pMechanismList gets mech. array\n"
-" pulCount gets # of mechs.\n",
- {ArgULong, ArgULong|ArgArray|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetMechanismInfo", F_C_GetMechanismInfo,
-"C_GetMechanismInfo slotID type pInfo\n\n"
-"C_GetMechanismInfo obtains information about a particular mechanism possibly\n"
-"supported by a token.\n"
-" slotID ID of the token's slot\n"
-" type type of mechanism\n"
-" pInfo receives mechanism info\n",
- {ArgULong, ArgULong, ArgMechanismInfo|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_InitToken", F_C_InitToken,
-"C_InitToken slotID pPin ulPinLen pLabel\n\n"
-"C_InitToken initializes a token.\n"
-" slotID ID of the token's slot\n"
-" pPin the SO's initial PIN\n"
-" ulPinLen length in bytes of the PIN\n"
-" pLabel 32-byte token label (blank padded)\n",
- {ArgULong, ArgUTF8, ArgULong, ArgUTF8, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_InitPIN", F_C_InitPIN,
-"C_InitPIN hSession pPin ulPinLen\n\n"
-"C_InitPIN initializes the normal user's PIN.\n"
-" hSession the session's handle\n"
-" pPin the normal user's PIN\n"
-" ulPinLen length in bytes of the PIN\n",
- {ArgULong, ArgUTF8, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SetPIN", F_C_SetPIN,
-"C_SetPIN hSession pOldPin ulOldLen pNewPin ulNewLen\n\n"
-"C_SetPIN modifies the PIN of the user who is logged in.\n"
-" hSession the session's handle\n"
-" pOldPin the old PIN\n"
-" ulOldLen length of the old PIN\n"
-" pNewPin the new PIN\n"
-" ulNewLen length of the new PIN\n",
- {ArgULong, ArgUTF8, ArgULong, ArgUTF8, ArgULong,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_OpenSession", F_C_OpenSession,
-"C_OpenSession slotID flags phSession\n\n"
-"C_OpenSession opens a session between an application and a token.\n"
-" slotID the slot's ID\n"
-" flags from\n"
-" phSession gets session handle\n",
- {ArgULong, ArgULong, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_CloseSession", F_C_CloseSession,
-"C_CloseSession hSession\n\n"
-"C_CloseSession closes a session between an application and a token.\n"
-" hSession the session's handle\n",
- {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_CloseAllSessions", F_C_CloseAllSessions,
-"C_CloseAllSessions slotID\n\n"
-"C_CloseAllSessions closes all sessions with a token.\n"
-" slotID the token's slot\n",
- {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetSessionInfo", F_C_GetSessionInfo,
-"C_GetSessionInfo hSession pInfo\n\n"
-"C_GetSessionInfo obtains information about the session.\n"
-" hSession the session's handle\n"
-" pInfo receives session info\n",
- {ArgULong, ArgSessionInfo|ArgOut, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetOperationState", F_C_GetOperationState,
-"C_GetOperationState hSession pOpState pulOpStateLen\n\n"
-"C_GetOperationState obtains the state of the cryptographic operation in a\n"
-"session.\n"
-" hSession session's handle\n"
-" pOpState gets state\n"
-" pulOpStateLen gets state length\n",
- {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SetOperationState", F_C_SetOperationState,
-"C_SetOperationState hSession pOpState ulOpStateLen hEncKey hAuthKey\n\n"
-"C_SetOperationState restores the state of the cryptographic operation in a\n"
-"session.\n"
-" hSession session's handle\n"
-" pOpState holds state\n"
-" ulOpStateLen holds state length\n"
-" hEncKey en/decryption key\n"
-" hAuthnKey sign/verify key\n",
- {ArgULong, ArgChar|ArgOut, ArgULong, ArgULong, ArgULong,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_Login", F_C_Login,
-"C_Login hSession userType pPin ulPinLen\n\n"
-"C_Login logs a user into a token.\n"
-" hSession the session's handle\n"
-" userType the user type\n"
-" pPin the user's PIN\n"
-" ulPinLen the length of the PIN\n",
- {ArgULong, ArgULong, ArgVar, ArgULong, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_Logout", F_C_Logout,
-"C_Logout hSession\n\n"
-"C_Logout logs a user out from a token.\n"
-" hSession the session's handle\n",
- {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_CreateObject", F_C_CreateObject,
-"C_CreateObject hSession pTemplate ulCount phObject\n\n"
-"C_CreateObject creates a new object.\n"
-" hSession the session's handle\n"
-" pTemplate the object's template\n"
-" ulCount attributes in template\n"
-" phObject gets new object's handle.\n",
- {ArgULong, ArgAttribute|ArgArray, ArgULong, ArgULong|ArgOut, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_CopyObject", F_C_CopyObject,
-"C_CopyObject hSession hObject pTemplate ulCount phNewObject\n\n"
-"C_CopyObject copies an object creating a new object for the copy.\n"
-" hSession the session's handle\n"
-" hObject the object's handle\n"
-" pTemplate template for new object\n"
-" ulCount attributes in template\n"
-" phNewObject receives handle of copy\n",
- {ArgULong, ArgULong, ArgAttribute|ArgArray, ArgULong, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DestroyObject", F_C_DestroyObject,
-"C_DestroyObject hSession hObject\n\n"
-"C_DestroyObject destroys an object.\n"
-" hSession the session's handle\n"
-" hObject the object's handle\n",
- {ArgULong, ArgULong, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetObjectSize", F_C_GetObjectSize,
-"C_GetObjectSize hSession hObject pulSize\n\n"
-"C_GetObjectSize gets the size of an object in bytes.\n"
-" hSession the session's handle\n"
-" hObject the object's handle\n"
-" pulSize receives size of object\n",
- {ArgULong, ArgULong, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetAttributeValue", F_C_GetAttributeValue,
-"C_GetAttributeValue hSession hObject pTemplate ulCount\n\n"
-"C_GetAttributeValue obtains the value of one or more object attributes.\n"
-" hSession the session's handle\n"
-" hObject the object's handle\n"
-" pTemplate specifies attrs; gets vals\n"
-" ulCount attributes in template\n",
- {ArgULong, ArgULong, ArgAttribute|ArgArray, ArgULong, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SetAttributeValue", F_C_SetAttributeValue,
-"C_SetAttributeValue hSession hObject pTemplate ulCount\n\n"
-"C_SetAttributeValue modifies the value of one or more object attributes\n"
-" hSession the session's handle\n"
-" hObject the object's handle\n"
-" pTemplate specifies attrs and values\n"
-" ulCount attributes in template\n",
- {ArgULong, ArgULong, ArgAttribute|ArgArray, ArgULong, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_FindObjectsInit", F_C_FindObjectsInit,
-"C_FindObjectsInit hSession pTemplate ulCount\n\n"
-"C_FindObjectsInit initializes a search for token and session objects that\n"
-"match a template.\n"
-" hSession the session's handle\n"
-" pTemplate attribute values to match\n"
-" ulCount attrs in search template\n",
- {ArgULong, ArgAttribute|ArgArray, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_FindObjectsFinal", F_C_FindObjectsFinal,
-"C_FindObjectsFinal hSession\n\n"
-"C_FindObjectsFinal finishes a search for token and session objects.\n"
-" hSession the session's handle\n",
- {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_FindObjects", F_C_FindObjects,
-"C_FindObjects hSession phObject ulMaxObjectCount pulObjectCount\n\n"
-"C_FindObjects continues a search for token and session objects that match\n"
-"a template obtaining additional object handles.\n"
-" hSession session's handle\n"
-" phObject gets obj. handles\n"
-" ulMaxObjectCount max handles to get\n"
-" pulObjectCount actual # returned\n",
- {ArgULong, ArgULong|ArgOut, ArgULong, ArgULong|ArgOut, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_EncryptInit", F_C_EncryptInit,
-"C_EncryptInit hSession pMechanism hKey\n\n"
-"C_EncryptInit initializes an encryption operation.\n"
-" hSession the session's handle\n"
-" pMechanism the encryption mechanism\n"
-" hKey handle of encryption key\n",
- {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_EncryptUpdate", F_C_EncryptUpdate,
-"C_EncryptUpdate hSession pPart ulPartLen pEncryptedPart pulEncryptedPartLen\n"
-"\n"
-"C_EncryptUpdate continues a multiple-part encryption operation.\n"
-" hSession session's handle\n"
-" pPart the plaintext data\n"
-" ulPartLen plaintext data len\n"
-" pEncryptedPart gets ciphertext\n"
-" pulEncryptedPartLen gets c-text size\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_EncryptFinal", F_C_EncryptFinal,
-"C_EncryptFinal hSession pLastEncryptedPart pulLastEncryptedPartLen\n\n"
-"C_EncryptFinal finishes a multiple-part encryption operation.\n"
-" hSession session handle\n"
-" pLastEncryptedPart last c-text\n"
-" pulLastEncryptedPartLen gets last size\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_Encrypt", F_C_Encrypt,
-"C_Encrypt hSession pData ulDataLen pEncryptedData pulEncryptedDataLen\n\n"
-"C_Encrypt encrypts single-part data.\n"
-" hSession session's handle\n"
-" pData the plaintext data\n"
-" ulDataLen bytes of plaintext\n"
-" pEncryptedData gets ciphertext\n"
-" pulEncryptedDataLen gets c-text size\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DecryptInit", F_C_DecryptInit,
-"C_DecryptInit hSession pMechanism hKey\n\n"
-"C_DecryptInit initializes a decryption operation.\n"
-" hSession the session's handle\n"
-" pMechanism the decryption mechanism\n"
-" hKey handle of decryption key\n",
- {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DecryptUpdate", F_C_DecryptUpdate,
-"C_DecryptUpdate hSession pEncryptedPart ulEncryptedPartLen pPart pulPartLen\n"
-"\n"
-"C_DecryptUpdate continues a multiple-part decryption operation.\n"
-" hSession session's handle\n"
-" pEncryptedPart encrypted data\n"
-" ulEncryptedPartLen input length\n"
-" pPart gets plaintext\n"
-" pulPartLen p-text size\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DecryptFinal", F_C_DecryptFinal,
-"C_DecryptFinal hSession pLastPart pulLastPartLen\n\n"
-"C_DecryptFinal finishes a multiple-part decryption operation.\n"
-" hSession the session's handle\n"
-" pLastPart gets plaintext\n"
-" pulLastPartLen p-text size\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_Decrypt", F_C_Decrypt,
-"C_Decrypt hSession pEncryptedData ulEncryptedDataLen pData pulDataLen\n\n"
-"C_Decrypt decrypts encrypted data in a single part.\n"
-" hSession session's handle\n"
-" pEncryptedData ciphertext\n"
-" ulEncryptedDataLen ciphertext length\n"
-" pData gets plaintext\n"
-" pulDataLen gets p-text size\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DigestInit", F_C_DigestInit,
-"C_DigestInit hSession pMechanism\n\n"
-"C_DigestInit initializes a message-digesting operation.\n"
-" hSession the session's handle\n"
-" pMechanism the digesting mechanism\n",
- {ArgULong, ArgMechanism, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DigestUpdate", F_C_DigestUpdate,
-"C_DigestUpdate hSession pPart ulPartLen\n\n"
-"C_DigestUpdate continues a multiple-part message-digesting operation.\n"
-" hSession the session's handle\n"
-" pPart data to be digested\n"
-" ulPartLen bytes of data to be digested\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DigestKey", F_C_DigestKey,
-"C_DigestKey hSession hKey\n\n"
-"C_DigestKey continues a multi-part message-digesting operation by digesting\n"
-"the value of a secret key as part of the data already digested.\n"
-" hSession the session's handle\n"
-" hKey secret key to digest\n",
- {ArgULong, ArgULong, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DigestFinal", F_C_DigestFinal,
-"C_DigestFinal hSession pDigest pulDigestLen\n\n"
-"C_DigestFinal finishes a multiple-part message-digesting operation.\n"
-" hSession the session's handle\n"
-" pDigest gets the message digest\n"
-" pulDigestLen gets byte count of digest\n",
- {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_Digest", F_C_Digest,
-"C_Digest hSession pData ulDataLen pDigest pulDigestLen\n\n"
-"C_Digest digests data in a single part.\n"
-" hSession the session's handle\n"
-" pData data to be digested\n"
-" ulDataLen bytes of data to digest\n"
-" pDigest gets the message digest\n"
-" pulDigestLen gets digest length\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SignInit", F_C_SignInit,
-"C_SignInit hSession pMechanism hKey\n\n"
-"C_SignInit initializes a signature (private key encryption operation where\n"
-"the signature is (will be) an appendix to the data and plaintext cannot be\n"
-"recovered from the signature.\n"
-" hSession the session's handle\n"
-" pMechanism the signature mechanism\n"
-" hKey handle of signature key\n",
- {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SignUpdate", F_C_SignUpdate,
-"C_SignUpdate hSession pPart ulPartLen\n\n"
-"C_SignUpdate continues a multiple-part signature operation where the\n"
-"signature is (will be) an appendix to the data and plaintext cannot be\n"
-"recovered from the signature.\n"
-" hSession the session's handle\n"
-" pPart the data to sign\n"
-" ulPartLen count of bytes to sign\n",
- {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SignFinal", F_C_SignFinal,
-"C_SignFinal hSession pSignature pulSignatureLen\n\n"
-"C_SignFinal finishes a multiple-part signature operation returning the\n"
-"signature.\n"
-" hSession the session's handle\n"
-" pSignature gets the signature\n"
-" pulSignatureLen gets signature length\n",
- {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SignRecoverInit", F_C_SignRecoverInit,
-"C_SignRecoverInit hSession pMechanism hKey\n\n"
-"C_SignRecoverInit initializes a signature operation where the data can be\n"
-"recovered from the signature.\n"
-" hSession the session's handle\n"
-" pMechanism the signature mechanism\n"
-" hKey handle of the signature key\n",
- {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SignRecover", F_C_SignRecover,
-"C_SignRecover hSession pData ulDataLen pSignature pulSignatureLen\n\n"
-"C_SignRecover signs data in a single operation where the data can be\n"
-"recovered from the signature.\n"
-" hSession the session's handle\n"
-" pData the data to sign\n"
-" ulDataLen count of bytes to sign\n"
-" pSignature gets the signature\n"
-" pulSignatureLen gets signature length\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_Sign", F_C_Sign,
-"C_Sign hSession pData ulDataLen pSignature pulSignatureLen\n\n"
-"C_Sign signs (encrypts with private key) data in a single part where the\n"
-"signature is (will be) an appendix to the data and plaintext cannot be\n"
-"recovered from the signature.\n"
-" hSession the session's handle\n"
-" pData the data to sign\n"
-" ulDataLen count of bytes to sign\n"
-" pSignature gets the signature\n"
-" pulSignatureLen gets signature length\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_VerifyInit", F_C_VerifyInit,
-"C_VerifyInit hSession pMechanism hKey\n\n"
-"C_VerifyInit initializes a verification operation where the signature is an\n"
-"appendix to the data and plaintext cannot cannot be recovered from the\n"
-"signature (e.g. DSA).\n"
-" hSession the session's handle\n"
-" pMechanism the verification mechanism\n"
-" hKey verification key\n",
- {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_VerifyUpdate", F_C_VerifyUpdate,
-"C_VerifyUpdate hSession pPart ulPartLen\n\n"
-"C_VerifyUpdate continues a multiple-part verification operation where the\n"
-"signature is an appendix to the data and plaintext cannot be recovered from\n"
-"the signature.\n"
-" hSession the session's handle\n"
-" pPart signed data\n"
-" ulPartLen length of signed data\n",
- {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_VerifyFinal", F_C_VerifyFinal,
-"C_VerifyFinal hSession pSignature ulSignatureLen\n\n"
-"C_VerifyFinal finishes a multiple-part verification operation checking the\n"
-"signature.\n"
-" hSession the session's handle\n"
-" pSignature signature to verify\n"
-" ulSignatureLen signature length\n",
- {ArgULong, ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_VerifyRecoverInit", F_C_VerifyRecoverInit,
-"C_VerifyRecoverInit hSession pMechanism hKey\n\n"
-"C_VerifyRecoverInit initializes a signature verification operation where the\n"
-"data is recovered from the signature.\n"
-" hSession the session's handle\n"
-" pMechanism the verification mechanism\n"
-" hKey verification key\n",
- {ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_VerifyRecover", F_C_VerifyRecover,
-"C_VerifyRecover hSession pSignature ulSignatureLen pData pulDataLen\n\n"
-"C_VerifyRecover verifies a signature in a single-part operation where the\n"
-"data is recovered from the signature.\n"
-" hSession the session's handle\n"
-" pSignature signature to verify\n"
-" ulSignatureLen signature length\n"
-" pData gets signed data\n"
-" pulDataLen gets signed data len\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_Verify", F_C_Verify,
-"C_Verify hSession pData ulDataLen pSignature ulSignatureLen\n\n"
-"C_Verify verifies a signature in a single-part operation where the signature\n"
-"is an appendix to the data and plaintext cannot be recovered from the\n"
-"signature.\n"
-" hSession the session's handle\n"
-" pData signed data\n"
-" ulDataLen length of signed data\n"
-" pSignature signature\n"
-" ulSignatureLen signature length*/\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DigestEncryptUpdate", F_C_DigestEncryptUpdate,
-"C_DigestEncryptUpdate hSession pPart ulPartLen pEncryptedPart \\\n"
-" pulEncryptedPartLen\n\n"
-"C_DigestEncryptUpdate continues a multiple-part digesting and encryption\n"
-"operation.\n"
-" hSession session's handle\n"
-" pPart the plaintext data\n"
-" ulPartLen plaintext length\n"
-" pEncryptedPart gets ciphertext\n"
-" pulEncryptedPartLen gets c-text length\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DecryptDigestUpdate", F_C_DecryptDigestUpdate,
-"C_DecryptDigestUpdate hSession pEncryptedPart ulEncryptedPartLen pPart \\\n"
-" pulPartLen\n\n"
-"C_DecryptDigestUpdate continues a multiple-part decryption and digesting\n"
-"operation.\n"
-" hSession session's handle\n"
-" pEncryptedPart ciphertext\n"
-" ulEncryptedPartLen ciphertext length\n"
-" pPart gets plaintext\n"
-" pulPartLen gets plaintext len\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SignEncryptUpdate", F_C_SignEncryptUpdate,
-"C_SignEncryptUpdate hSession pPart ulPartLen pEncryptedPart \\\n"
-" pulEncryptedPartLen\n\n"
-"C_SignEncryptUpdate continues a multiple-part signing and encryption\n"
-"operation.\n"
-" hSession session's handle\n"
-" pPart the plaintext data\n"
-" ulPartLen plaintext length\n"
-" pEncryptedPart gets ciphertext\n"
-" pulEncryptedPartLen gets c-text length\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_DecryptVerifyUpdate", F_C_DecryptVerifyUpdate,
-"C_DecryptVerifyUpdate hSession pEncryptedPart ulEncryptedPartLen pPart \\\n"
-" pulPartLen\n\n"
-"C_DecryptVerifyUpdate continues a multiple-part decryption and verify\n"
-"operation.\n"
-" hSession session's handle\n"
-" pEncryptedPart ciphertext\n"
-" ulEncryptedPartLen ciphertext length\n"
-" pPart gets plaintext\n"
-" pulPartLen gets p-text length\n",
- {ArgULong, ArgChar, ArgULong, ArgChar|ArgOut, ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GenerateKeyPair", F_C_GenerateKeyPair,
-"C_GenerateKeyPair hSession pMechanism pPublicKeyTemplate \\\n"
-" ulPublicKeyAttributeCount pPrivateKeyTemplate ulPrivateKeyAttributeCount \\\n"
-" phPublicKey phPrivateKey\n\n"
-"C_GenerateKeyPair generates a public-key/private-key pair creating new key\n"
-"objects.\n"
-" hSession sessionhandle\n"
-" pMechanism key-genmech.\n"
-" pPublicKeyTemplate templatefor pub. key\n"
-" ulPublicKeyAttributeCount # pub. attrs.\n"
-" pPrivateKeyTemplate templatefor priv. key\n"
-" ulPrivateKeyAttributeCount # priv. attrs.\n"
-" phPublicKey gets pub. keyhandle\n"
-" phPrivateKey getspriv. keyhandle\n",
- {ArgULong, ArgMechanism, ArgAttribute|ArgArray, ArgULong,
- ArgAttribute|ArgArray,
- ArgULong, ArgULong|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone }},
- {"C_GenerateKey", F_C_GenerateKey,
-"C_GenerateKey hSession pMechanism pTemplate ulCount phKey\n\n"
-"C_GenerateKey generates a secret key creating a new key object.\n"
-" hSession the session's handle\n"
-" pMechanism key generation mech.\n"
-" pTemplate template for new key\n"
-" ulCount # of attrs in template\n"
-" phKey gets handle of new key\n",
- {ArgULong, ArgMechanism, ArgAttribute|ArgArray, ArgULong,
- ArgULong|ArgOut,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_WrapKey", F_C_WrapKey,
-"C_WrapKey hSession pMechanism hWrappingKey hKey pWrappedKey pulWrappedKeyLen\n\n"
-"C_WrapKey wraps (i.e. encrypts) a key.\n"
-" hSession the session's handle\n"
-" pMechanism the wrapping mechanism\n"
-" hWrappingKey wrapping key\n"
-" hKey key to be wrapped\n"
-" pWrappedKey gets wrapped key\n"
-" pulWrappedKeyLen gets wrapped key size\n",
- {ArgULong, ArgMechanism, ArgULong, ArgULong, ArgULong,
- ArgChar|ArgOut, ArgULong|ArgOut, ArgNone, ArgNone, ArgNone }},
- {"C_UnwrapKey", F_C_UnwrapKey,
-"C_UnwrapKey hSession pMechanism hUnwrappingKey pWrappedKey ulWrappedKeyLen \\\n"
-" pTemplate ulAttributeCount phKey\n\n"
-"C_UnwrapKey unwraps (decrypts) a wrapped key creating a new key object.\n"
-" hSession session's handle\n"
-" pMechanism unwrapping mech.\n"
-" hUnwrappingKey unwrapping key\n"
-" pWrappedKey the wrapped key\n"
-" ulWrappedKeyLen wrapped key len\n"
-" pTemplate new key template\n"
-" ulAttributeCount template length\n"
-" phKey gets new handle\n",
- {ArgULong, ArgMechanism, ArgULong, ArgChar, ArgULong,
- ArgAttribute|ArgArray, ArgULong, ArgULong|ArgOut, ArgNone, ArgNone }},
- {"C_DeriveKey", F_C_DeriveKey,
-"C_DeriveKey hSession pMechanism hBaseKey pTemplate ulAttributeCount phKey\n\n"
-"C_DeriveKey derives a key from a base key creating a new key object.\n"
-" hSession session's handle\n"
-" pMechanism key deriv. mech.\n"
-" hBaseKey base key\n"
-" pTemplate new key template\n"
-" ulAttributeCount template length\n"
-" phKey gets new handle\n",
- {ArgULong, ArgMechanism, ArgULong, ArgAttribute|ArgArray, ArgULong,
- ArgULong|ArgOut, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_SeedRandom", F_C_SeedRandom,
-"C_SeedRandom hSession pSeed ulSeedLen\n\n"
-"C_SeedRandom mixes additional seed material into the token's random number\n"
-"generator.\n"
-" hSession the session's handle\n"
-" pSeed the seed material\n"
-" ulSeedLen length of seed material\n",
- {ArgULong, ArgChar, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GenerateRandom", F_C_GenerateRandom,
-"C_GenerateRandom hSession RandomData ulRandomLen\n\n"
-"C_GenerateRandom generates random data.\n"
-" hSession the session's handle\n"
-" RandomData receives the random data\n"
-" ulRandomLen # of bytes to generate\n",
- {ArgULong, ArgChar, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_GetFunctionStatus", F_C_GetFunctionStatus,
-"C_GetFunctionStatus hSession\n\n"
-"C_GetFunctionStatus is a legacy function; it obtains an updated status of\n"
-"a function running in parallel with an application.\n"
-" hSession the session's handle\n",
- {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_CancelFunction", F_C_CancelFunction,
-"C_CancelFunction hSession\n\n"
-"C_CancelFunction is a legacy function; it cancels a function running in\n"
-"parallel.\n"
-" hSession the session's handle\n",
- {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"C_WaitForSlotEvent", F_C_WaitForSlotEvent,
-"C_WaitForSlotEvent flags pSlot pRserved\n\n"
-"C_WaitForSlotEvent waits for a slot event (token insertion removal etc.)\n"
-"to occur.\n"
-" flags blocking/nonblocking flag\n"
-" pSlot location that receives the slot ID\n"
-" pRserved reserved. Should be NULL_PTR\n",
- {ArgULong, ArgULong|ArgArray, ArgVar, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"NewArray", F_NewArray,
-"NewArray varName varType array size\n\n"
-"Creates a new array variable.\n"
-" varName variable name of the new array\n"
-" varType data type of the new array\n"
-" size number of elements in the array\n",
- {ArgVar|ArgNew, ArgVar, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"NewInitArg", F_NewInitializeArgs,
-"NewInitArg varName flags string\n\n"
-"Creates a new init variable.\n"
-" varName variable name of the new initArg\n"
-" flags value to set the flags field\n"
-" string string parameter for init arg\n",
- {ArgVar|ArgNew, ArgULong, ArgVar|ArgNew, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"NewTemplate", F_NewTemplate,
-"NewTemplate varName attributeList\n\n"
-"Create a new empty template and populate the attribute list\n"
-" varName variable name of the new template\n"
-" attributeList comma separated list of CKA_ATTRIBUTE types\n",
- {ArgVar|ArgNew, ArgVar, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"NewMechanism", F_NewMechanism,
-"NewMechanism varName mechanismType\n\n"
-"Create a new CK_MECHANISM object with type NULL paramters and specified type\n"
-" varName variable name of the new mechansim\n"
-" mechanismType CKM_ mechanism type value to set int the type field\n",
- {ArgVar|ArgNew, ArgULong, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"BuildTemplate", F_BuildTemplate,
-"BuildTemplate template\n\n"
-"Allocates space for the value in a template which has the sizes filled in,\n"
-"but no values allocated yet.\n"
-" template variable name of the template\n",
- {ArgAttribute, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"SetTemplate", F_SetTemplate,
-"SetTemplate template index value\n\n"
-"Sets a particular element of a template to a CK_ULONG\n"
-" template variable name of the template\n"
-" index index into the template to the element to change\n"
-" value 32 bit value to set in the template\n",
- {ArgAttribute, ArgULong, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"SetString", F_SetStringVar,
-"SetString varName string\n\n"
-"Sets a particular variable to a string value\n"
-" variable variable name of new string\n"
-" string String to set the variable to\n",
- {ArgVar|ArgNew, ArgVar, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Set", F_SetVar,
-"Set varName value\n\n"
-"Sets a particular variable to CK_ULONG\n"
-" variable name of the new variable\n"
-" value 32 bit value to set variable to\n",
- {ArgVar|ArgNew, ArgULong, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Print", F_Print,
-"Print varName\n\n"
-"prints a variable\n"
-" variable name of the variable to print\n",
- {ArgVar, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Delete", F_Delete,
-"Delete varName\n\n"
-"delete a variable\n"
-" variable name of the variable to delete\n",
- {ArgVar|ArgNew, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Load", F_Load,
-"load libraryName\n\n"
-"load a pkcs #11 module\n"
-" libraryName Name of a shared library\n",
- {ArgVar, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Save", F_SaveVar,
-"Save filename variable\n\n"
-"Saves the binary value of 'variable' in file 'filename'\n"
-" fileName target file to save the variable in\n"
-" variable variable to save\n",
- {ArgVar|ArgNew, ArgVar, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Restore", F_RestoreVar,
-"Restore filename variable\n\n"
-"Restores a variable from a file\n"
-" fileName target file to restore the variable from\n"
-" variable variable to restore\n",
- {ArgVar|ArgNew, ArgVar, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Increment", F_Increment,
-"Increment variable value\n\n"
-"Increment a variable by value\n",
- {ArgVar, ArgULong, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Decrement", F_Decrement,
-"Decrement variable value\n\n"
-"Decrement a variable by value\n",
- {ArgVar, ArgULong, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"List", F_List,
-"List all the variables\n",
- {ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Unload", F_Unload,
-"Unload the currrently loaded PKCS #11 library\n",
- {ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Run", F_Run,
-"Run filename\n\n"
-"reads filename as script of commands to execute\n",
- {ArgVar|ArgNew, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Time", F_Time,
-"Time pkcs11 command\n\n"
-"Execute a pkcs #11 command and time the results\n",
- {ArgVar|ArgFull, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"System", F_System,
- "Set System Flag",
- {ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"LoopRun", F_Loop,
-"LoopRun filename var start end step\n\n"
-"Run in a loop. Loop exit if scrip does and explicit quit (Quit QuitIf etc.)",
- {ArgVar|ArgNew, ArgVar|ArgNew, ArgULong, ArgULong, ArgULong,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Help", F_Help,
-"Help [command]\n\n"
-"print general help, or help for a specific command\n",
- {ArgVar|ArgOpt, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"QuitIf", F_QuitIf,
-"QuitIf arg1 comparator arg2\n\n"
-"Exit from this program if Condition is valid, valid comparators:\n"
-" < > <= >= = !=\n",
- {ArgULong, ArgVar|ArgNew, ArgULong, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"QuitIfString", F_QuitIfString,
-"QuitIfString arg1 comparator arg2\n\n"
-"Exit from this program if Condition is valid, valid comparators:\n"
-" = !=\n",
- {ArgVar|ArgNew, ArgVar|ArgNew, ArgVar|ArgNew, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
- {"Quit", F_Quit,
-"Exit from this program",
- {ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
- ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
-};
-
-const Commands *commands= &_commands[0];
-const int commandCount = sizeof(_commands) / sizeof(_commands[0]);
-
-const Topics _topics[] = {
- { "variables",
-"Variables are random strings of characters. These should begin with alpha\n"
-" characters, and should not contain any spaces, nor should they match any\n"
-" built-in constants. There is some checking in the code for these things,\n"
-" but it's not 100% and using invalid variable names can cause problems.\n"
-" Variables are created by any 'OUT' parameter. If the variable does not\n"
-" exist, it will be created. For in parameters variables must already exist.\n"
- },
- { "constants",
-"pk11util recognizes *lots* of constants. All CKA_, CKF_, CKO_, CKU_, CKS_,\n"
-" CKC_, CKK_, CKH_, CKM_, CKT_ values from the PKCS #11 spec are recognized.\n"
-" Constants can be specified with their fully qualified CK?_ value, or the\n"
-" prefix can be dropped. Constants are matched case insensitve.\n"
- },
- { "arrays",
-"Arrays are special variables which represent 'C' arrays. Each array \n"
-" variable can be referenced as a group (using just the name), or as \n"
-" individual elements (with the [int] operator). Example:\n"
-" print myArray # prints the full array.\n"
-" print myArray[3] # prints the 3rd elemement of the array \n"
- },
- { "sizes",
-"Size operaters returns the size in bytes of a variable, or the number of\n"
-" elements in an array.\n"
-" size(var) and sizeof(var) return the size of var in bytes.\n"
-" sizea(var) and sizeofarray(var) return the number of elements in var.\n"
-" If var is not an array, sizea(var) returns 1.\n"
- },
-};
-
-const Topics *topics= &_topics[0];
-const int topicCount = sizeof(_topics) / sizeof(_topics[0]);
-
-const char *
-getName(CK_ULONG value, ConstType type)
-{
- int i;
-
- for (i=0; i < constCount; i++) {
- if (consts[i].type == type && consts[i].value == value) {
- return consts[i].name;
- }
- if (type == ConstNone && consts[i].value == value) {
- return consts[i].name;
- }
- }
-
- return NULL;
-}
-
-const char *
-getNameFromAttribute(CK_ATTRIBUTE_TYPE type)
-{
- return getName(type, ConstAttribute);
-}
-
-int totalKnownType(ConstType type) {
- int count = 0;
- int i;
-
- for (i=0; i < constCount; i++) {
- if (consts[i].type == type) count++;
- }
- return count;
-}
diff --git a/security/nss/cmd/lib/pk11table.h b/security/nss/cmd/lib/pk11table.h
deleted file mode 100644
index 4c2e3f038..000000000
--- a/security/nss/cmd/lib/pk11table.h
+++ /dev/null
@@ -1,212 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#ifndef _PK11_TABLE_H_
-#define _PK11_TABLE_H_
-
-/*
- * Supported functions..
- */
-#include <pkcs11.h>
-#include "nspr.h"
-#include "prtypes.h"
-
-typedef enum {
- F_No_Function,
-#undef CK_NEED_ARG_LIST
-#define CK_PKCS11_FUNCTION_INFO(func) F_##func,
-#include "pkcs11f.h"
-#undef CK_NEED_ARG_LISt
-#undef CK_PKCS11_FUNCTION_INFO
- F_SetVar,
- F_SetStringVar,
- F_NewArray,
- F_NewInitializeArgs,
- F_NewTemplate,
- F_NewMechanism,
- F_BuildTemplate,
- F_SetTemplate,
- F_Print,
- F_SaveVar,
- F_RestoreVar,
- F_Increment,
- F_Decrement,
- F_Delete,
- F_List,
- F_Run,
- F_Load,
- F_Unload,
- F_System,
- F_Loop,
- F_Time,
- F_Help,
- F_Quit,
- F_QuitIf,
- F_QuitIfString,
-} FunctionType;
-
-/*
- * Supported Argument Types
- */
-typedef enum {
- ArgNone,
- ArgVar,
- ArgULong,
- ArgChar,
- ArgUTF8,
- ArgInfo,
- ArgSlotInfo,
- ArgTokenInfo,
- ArgSessionInfo,
- ArgAttribute,
- ArgMechanism,
- ArgMechanismInfo,
- ArgInitializeArgs,
- ArgFunctionList,
-/* Modifier Flags */
- ArgMask = 0xff,
- ArgOut = 0x100,
- ArgArray = 0x200,
- ArgNew = 0x400,
- ArgFile = 0x800,
- ArgStatic = 0x1000,
- ArgOpt = 0x2000,
- ArgFull = 0x4000,
-} ArgType;
-
-typedef enum _constType
-{
- ConstNone,
- ConstBool,
- ConstInfoFlags,
- ConstSlotFlags,
- ConstTokenFlags,
- ConstSessionFlags,
- ConstMechanismFlags,
- ConstInitializeFlags,
- ConstUsers,
- ConstSessionState,
- ConstObject,
- ConstHardware,
- ConstKeyType,
- ConstCertType,
- ConstAttribute,
- ConstMechanism,
- ConstResult,
- ConstTrust,
- ConstAvailableSizes,
- ConstCurrentSize
-} ConstType;
-
-typedef struct _constant {
- const char *name;
- CK_ULONG value;
- ConstType type;
- ConstType attrType;
-} Constant ;
-
-/*
- * Values structures.
- */
-typedef struct _values {
- ArgType type;
- ConstType constType;
- int size;
- char *filename;
- void *data;
- int reference;
- int arraySize;
-} Value;
-
-/*
- * Variables
- */
-typedef struct _variable Variable;
-struct _variable {
- Variable *next;
- char *vname;
- Value *value;
-};
-
-/* NOTE: if you change MAX_ARGS, you need to change the commands array
- * below as well.
- */
-
-#define MAX_ARGS 10
-/*
- * structure for master command array
- */
-typedef struct _commands {
- char *fname;
- FunctionType fType;
- char *helpString;
- ArgType args[MAX_ARGS];
-} Commands;
-
-typedef struct _module {
- PRLibrary *library;
- CK_FUNCTION_LIST *functionList;
-} Module;
-
-typedef struct _topics {
- char *name;
- char *helpString;
-} Topics;
-
-/*
- * the command array itself. Make name to function and it's arguments
- */
-
-extern const char **valueString;
-extern const int valueCount;
-extern const char **constTypeString;
-extern const int constTypeCount;
-extern const Constant *consts;
-extern const int constCount;
-extern const Commands *commands;
-extern const int commandCount;
-extern const Topics *topics;
-extern const int topicCount;
-
-extern const char *
-getName(CK_ULONG value, ConstType type);
-
-extern const char *
-getNameFromAttribute(CK_ATTRIBUTE_TYPE type);
-
-extern int totalKnownType(ConstType type);
-
-#endif /* _PK11_TABLE_H_ */
-
diff --git a/security/nss/cmd/lib/pppolicy.c b/security/nss/cmd/lib/pppolicy.c
deleted file mode 100644
index c0094083c..000000000
--- a/security/nss/cmd/lib/pppolicy.c
+++ /dev/null
@@ -1,299 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 2004
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/*
- * Support for various policy related extensions
- *
- * $Id$
- */
-
-#include "seccomon.h"
-#include "secport.h"
-#include "secder.h"
-#include "cert.h"
-#include "secoid.h"
-#include "secasn1.h"
-#include "secerr.h"
-#include "nspr.h"
-#include "secutil.h"
-
-/* This implementation is derived from the one in nss/lib/certdb/policyxtn.c .
-** The chief difference is the addition of the OPTIONAL flag to many
-** parts. The idea is to be able to parse and print as much of the
-** policy extension as possible, even if some parts are invalid.
-**
-** If this approach still is unable to decode policy extensions that
-** contain invalid parts, then the next approach will be to parse
-** the PolicyInfos as a SEQUENCE of ANYs, and then parse each of them
-** as PolicyInfos, with the PolicyQualifiers being ANYs, and finally
-** parse each of the PolicyQualifiers.
-*/
-
-static const SEC_ASN1Template secu_PolicyQualifierTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTPolicyQualifier) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(CERTPolicyQualifier, qualifierID) },
- { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL,
- offsetof(CERTPolicyQualifier, qualifierValue) },
- { 0 }
-};
-
-static const SEC_ASN1Template secu_PolicyInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTPolicyInfo) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(CERTPolicyInfo, policyID) },
- { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_OPTIONAL,
- offsetof(CERTPolicyInfo, policyQualifiers),
- secu_PolicyQualifierTemplate },
- { 0 }
-};
-
-static const SEC_ASN1Template secu_CertificatePoliciesTemplate[] = {
- { SEC_ASN1_SEQUENCE_OF,
- offsetof(CERTCertificatePolicies, policyInfos),
- secu_PolicyInfoTemplate, sizeof(CERTCertificatePolicies) }
-};
-
-
-static CERTCertificatePolicies *
-secu_DecodeCertificatePoliciesExtension(SECItem *extnValue)
-{
- PRArenaPool *arena = NULL;
- SECStatus rv;
- CERTCertificatePolicies *policies;
- CERTPolicyInfo **policyInfos, *policyInfo;
- CERTPolicyQualifier **policyQualifiers, *policyQualifier;
- SECItem newExtnValue;
-
- /* make a new arena */
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( !arena ) {
- goto loser;
- }
-
- /* allocate the certifiate policies structure */
- policies = PORT_ArenaZNew(arena, CERTCertificatePolicies);
- if ( policies == NULL ) {
- goto loser;
- }
-
- policies->arena = arena;
-
- /* copy the DER into the arena, since Quick DER returns data that points
- into the DER input, which may get freed by the caller */
- rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- /* decode the policy info */
- rv = SEC_QuickDERDecodeItem(arena, policies,
- secu_CertificatePoliciesTemplate,
- &newExtnValue);
-
- if ( rv != SECSuccess ) {
- goto loser;
- }
-
- /* initialize the oid tags */
- policyInfos = policies->policyInfos;
- while (policyInfos != NULL && *policyInfos != NULL ) {
- policyInfo = *policyInfos;
- policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID);
- policyQualifiers = policyInfo->policyQualifiers;
- while ( policyQualifiers && *policyQualifiers != NULL ) {
- policyQualifier = *policyQualifiers;
- policyQualifier->oid =
- SECOID_FindOIDTag(&policyQualifier->qualifierID);
- policyQualifiers++;
- }
- policyInfos++;
- }
-
- return(policies);
-
-loser:
- if ( arena != NULL ) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-
- return(NULL);
-}
-
-
-static char *
-itemToString(SECItem *item)
-{
- char *string;
-
- string = PORT_ZAlloc(item->len+1);
- if (string == NULL) return NULL;
- PORT_Memcpy(string,item->data,item->len);
- string[item->len] = 0;
- return string;
-}
-
-static SECStatus
-secu_PrintUserNoticeQualifier(FILE *out, SECItem * qualifierValue,
- char *msg, int level)
-{
- CERTUserNotice *userNotice = NULL;
- if (qualifierValue)
- userNotice = CERT_DecodeUserNotice(qualifierValue);
- if (userNotice) {
- if (userNotice->noticeReference.organization.len != 0) {
- char *string =
- itemToString(&userNotice->noticeReference.organization);
- SECItem **itemList = userNotice->noticeReference.noticeNumbers;
-
- while (itemList && *itemList) {
- SECU_PrintInteger(out,*itemList,string,level+1);
- itemList++;
- }
- PORT_Free(string);
- }
- if (userNotice->displayText.len != 0) {
- SECU_PrintString(out,&userNotice->displayText,
- "Display Text", level+1);
- }
- CERT_DestroyUserNotice(userNotice);
- return SECSuccess;
- }
- return SECFailure; /* caller will print this value */
-}
-
-static SECStatus
-secu_PrintPolicyQualifier(FILE *out,CERTPolicyQualifier *policyQualifier,
- char *msg,int level)
-{
- SECStatus rv;
- SECItem * qualifierValue = &policyQualifier->qualifierValue;
-
- SECU_PrintObjectID(out, &policyQualifier->qualifierID ,
- "Policy Qualifier Name", level);
- if (!qualifierValue->data) {
- SECU_Indent(out, level);
- fprintf(out,"Error: missing qualifier\n");
- } else
- switch (policyQualifier->oid) {
- case SEC_OID_PKIX_USER_NOTICE_QUALIFIER:
- rv = secu_PrintUserNoticeQualifier(out, qualifierValue, msg, level);
- if (SECSuccess == rv)
- break;
- /* fall through on error */
- case SEC_OID_PKIX_CPS_POINTER_QUALIFIER:
- default:
- SECU_PrintAny(out, qualifierValue, "Policy Qualifier Data", level);
- break;
- }
- return SECSuccess;
-}
-
-static SECStatus
-secu_PrintPolicyInfo(FILE *out,CERTPolicyInfo *policyInfo,char *msg,int level)
-{
- CERTPolicyQualifier **policyQualifiers;
-
- policyQualifiers = policyInfo->policyQualifiers;
- SECU_PrintObjectID(out, &policyInfo->policyID , "Policy Name", level);
-
- while (policyQualifiers && *policyQualifiers != NULL) {
- secu_PrintPolicyQualifier(out,*policyQualifiers,"",level+1);
- policyQualifiers++;
- }
- return SECSuccess;
-}
-
-void
-SECU_PrintPolicy(FILE *out, SECItem *value, char *msg, int level)
-{
- CERTCertificatePolicies *policies = NULL;
- CERTPolicyInfo **policyInfos;
-
- if (msg) {
- SECU_Indent(out, level);
- fprintf(out,"%s: \n",msg);
- level++;
- }
- policies = secu_DecodeCertificatePoliciesExtension(value);
- if (policies == NULL) {
- SECU_PrintAny(out, value, "Invalid Policy Data", level);
- return;
- }
-
- policyInfos = policies->policyInfos;
- while (policyInfos && *policyInfos != NULL) {
- secu_PrintPolicyInfo(out,*policyInfos,"",level);
- policyInfos++;
- }
-
- CERT_DestroyCertificatePoliciesExtension(policies);
-}
-
-
-void
-SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value,
- char *msg, int level)
-{
- CERTPrivKeyUsagePeriod * prd;
- PLArenaPool * arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if ( !arena ) {
- goto loser;
- }
- prd = CERT_DecodePrivKeyUsagePeriodExtension(arena, value);
- if (!prd) {
- goto loser;
- }
- if (prd->notBefore.data) {
- SECU_PrintGeneralizedTime(out, &prd->notBefore, "Not Before", level);
- }
- if (prd->notAfter.data) {
- SECU_PrintGeneralizedTime(out, &prd->notAfter, "Not After ", level);
- }
- if (!prd->notBefore.data && !prd->notAfter.data) {
- SECU_Indent(out, level);
- fprintf(out, "Error: notBefore or notAfter MUST be present.\n");
-loser:
- SECU_PrintAny(out, value, msg, level);
- }
- if (arena) {
- PORT_FreeArena(arena, PR_FALSE);
- }
-}
diff --git a/security/nss/cmd/lib/secerror.c b/security/nss/cmd/lib/secerror.c
deleted file mode 100644
index 651cf5520..000000000
--- a/security/nss/cmd/lib/secerror.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#include "nspr.h"
-
-struct tuple_str {
- PRErrorCode errNum;
- const char * errString;
-};
-
-typedef struct tuple_str tuple_str;
-
-#define ER2(a,b) {a, b},
-#define ER3(a,b,c) {a, c},
-
-#include "secerr.h"
-#include "sslerr.h"
-
-const tuple_str errStrings[] = {
-
-/* keep this list in asceding order of error numbers */
-#include "SSLerrs.h"
-#include "SECerrs.h"
-#include "NSPRerrs.h"
-
-};
-
-const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str);
-
-/* Returns a UTF-8 encoded constant error string for "errNum".
- * Returns NULL of errNum is unknown.
- */
-const char *
-SECU_Strerror(PRErrorCode errNum) {
- PRInt32 low = 0;
- PRInt32 high = numStrings - 1;
- PRInt32 i;
- PRErrorCode num;
- static int initDone;
-
- /* make sure table is in ascending order.
- * binary search depends on it.
- */
- if (!initDone) {
- PRErrorCode lastNum = ((PRInt32)0x80000000);
- for (i = low; i <= high; ++i) {
- num = errStrings[i].errNum;
- if (num <= lastNum) {
- fprintf(stderr,
-"sequence error in error strings at item %d\n"
-"error %d (%s)\n"
-"should come after \n"
-"error %d (%s)\n",
- i, lastNum, errStrings[i-1].errString,
- num, errStrings[i].errString);
- }
- lastNum = num;
- }
- initDone = 1;
- }
-
- /* Do binary search of table. */
- while (low + 1 < high) {
- i = (low + high) / 2;
- num = errStrings[i].errNum;
- if (errNum == num)
- return errStrings[i].errString;
- if (errNum < num)
- high = i;
- else
- low = i;
- }
- if (errNum == errStrings[low].errNum)
- return errStrings[low].errString;
- if (errNum == errStrings[high].errNum)
- return errStrings[high].errString;
- return NULL;
-}
diff --git a/security/nss/cmd/lib/secpwd.c b/security/nss/cmd/lib/secpwd.c
deleted file mode 100644
index ea4bc31d7..000000000
--- a/security/nss/cmd/lib/secpwd.c
+++ /dev/null
@@ -1,199 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#include "secutil.h"
-
-/*
- * NOTE: The contents of this file are NOT used by the client.
- * (They are part of the security library as a whole, but they are
- * NOT USED BY THE CLIENT.) Do not change things on behalf of the
- * client (like localizing strings), or add things that are only
- * for the client (put them elsewhere).
- */
-
-
-#ifdef XP_UNIX
-#include <termios.h>
-#endif
-
-#if defined(XP_UNIX) || defined(XP_BEOS)
-#include <unistd.h> /* for isatty() */
-#endif
-
-#if( defined(_WINDOWS) && !defined(_WIN32_WCE))
-#include <conio.h>
-#include <io.h>
-#define QUIET_FGETS quiet_fgets
-static char * quiet_fgets (char *buf, int length, FILE *input);
-#else
-#define QUIET_FGETS fgets
-#endif
-
-static void echoOff(int fd)
-{
-#if defined(XP_UNIX) && !defined(VMS)
- if (isatty(fd)) {
- struct termios tio;
- tcgetattr(fd, &tio);
- tio.c_lflag &= ~ECHO;
- tcsetattr(fd, TCSAFLUSH, &tio);
- }
-#endif
-}
-
-static void echoOn(int fd)
-{
-#if defined(XP_UNIX) && !defined(VMS)
- if (isatty(fd)) {
- struct termios tio;
- tcgetattr(fd, &tio);
- tio.c_lflag |= ECHO;
- tcsetattr(fd, TCSAFLUSH, &tio);
- }
-#endif
-}
-
-char *SEC_GetPassword(FILE *input, FILE *output, char *prompt,
- PRBool (*ok)(char *))
-{
-#if defined(_WINDOWS)
- int isTTY = (input == stdin);
-#define echoOn(x)
-#define echoOff(x)
-#else
- int infd = fileno(input);
- int isTTY = isatty(infd);
-#endif
- char phrase[200] = {'\0'}; /* ensure EOF doesn't return junk */
-
- for (;;) {
- /* Prompt for password */
- if (isTTY) {
- fprintf(output, "%s", prompt);
- fflush (output);
- echoOff(infd);
- }
-
- QUIET_FGETS ( phrase, sizeof(phrase), input);
-
- if (isTTY) {
- fprintf(output, "\n");
- echoOn(infd);
- }
-
- /* stomp on newline */
- phrase[PORT_Strlen(phrase)-1] = 0;
-
- /* Validate password */
- if (!(*ok)(phrase)) {
- /* Not weird enough */
- if (!isTTY) return 0;
- fprintf(output, "Password must be at least 8 characters long with one or more\n");
- fprintf(output, "non-alphabetic characters\n");
- continue;
- }
- return (char*) PORT_Strdup(phrase);
- }
-}
-
-
-
-PRBool SEC_CheckPassword(char *cp)
-{
- int len;
- char *end;
-
- len = PORT_Strlen(cp);
- if (len < 8) {
- return PR_FALSE;
- }
- end = cp + len;
- while (cp < end) {
- unsigned char ch = *cp++;
- if (!((ch >= 'A') && (ch <= 'Z')) &&
- !((ch >= 'a') && (ch <= 'z'))) {
- /* pass phrase has at least one non alphabetic in it */
- return PR_TRUE;
- }
- }
- return PR_FALSE;
-}
-
-PRBool SEC_BlindCheckPassword(char *cp)
-{
- if (cp != NULL) {
- return PR_TRUE;
- }
- return PR_FALSE;
-}
-
-/* Get a password from the input terminal, without echoing */
-
-#if defined(_WINDOWS)
-static char * quiet_fgets (char *buf, int length, FILE *input)
- {
- int c;
- char *end = buf;
-
- /* fflush (input); */
- memset (buf, 0, length);
-
- if (!isatty(fileno(input))) {
- return fgets(buf,length,input);
- }
-
- while (1)
- {
-#if defined (_WIN32_WCE)
- c = getchar(); /* gets a character from stdin */
-#else
- c = getch(); /* getch gets a character from the console */
-#endif
- if (c == '\b')
- {
- if (end > buf)
- end--;
- }
-
- else if (--length > 0)
- *end++ = c;
-
- if (!c || c == '\n' || c == '\r')
- break;
- }
-
- return buf;
- }
-#endif
diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c
deleted file mode 100644
index b2ae2042f..000000000
--- a/security/nss/cmd/lib/secutil.c
+++ /dev/null
@@ -1,4116 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/*
-** secutil.c - various functions used by security stuff
-**
-*/
-
-#include "prtypes.h"
-#include "prtime.h"
-#include "prlong.h"
-#include "prerror.h"
-#include "prprf.h"
-#include "plgetopt.h"
-#include "prenv.h"
-#include "prnetdb.h"
-
-#include "cryptohi.h"
-#include "secutil.h"
-#include "secpkcs7.h"
-#include "secpkcs5.h"
-#include <stdarg.h>
-#if !defined(_WIN32_WCE)
-#include <sys/stat.h>
-#include <errno.h>
-#endif
-
-#ifdef XP_UNIX
-#include <unistd.h>
-#endif
-
-/* for SEC_TraverseNames */
-#include "cert.h"
-#include "certt.h"
-#include "certdb.h"
-
-/* #include "secmod.h" */
-#include "pk11func.h"
-#include "secoid.h"
-
-static char consoleName[] = {
-#ifdef XP_UNIX
-#ifdef VMS
- "TT"
-#else
- "/dev/tty"
-#endif
-#else
-#ifdef XP_OS2
- "\\DEV\\CON"
-#else
- "CON:"
-#endif
-#endif
-};
-
-
-char *
-SECU_GetString(int16 error_number)
-{
-
- static char errString[80];
- sprintf(errString, "Unknown error string (%d)", error_number);
- return errString;
-}
-
-void
-SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...)
-{
- va_list args;
- PRErrorCode err = PORT_GetError();
- const char * errString = SECU_Strerror(err);
-
- va_start(args, msg);
-
- SECU_Indent(out, level);
- fprintf(out, "%s: ", progName);
- vfprintf(out, msg, args);
- if (errString != NULL && PORT_Strlen(errString) > 0)
- fprintf(out, ": %s\n", errString);
- else
- fprintf(out, ": error %d\n", (int)err);
-
- va_end(args);
-}
-
-void
-SECU_PrintError(char *progName, char *msg, ...)
-{
- va_list args;
- PRErrorCode err = PORT_GetError();
- const char * errString = SECU_Strerror(err);
-
- va_start(args, msg);
-
- fprintf(stderr, "%s: ", progName);
- vfprintf(stderr, msg, args);
- if (errString != NULL && PORT_Strlen(errString) > 0)
- fprintf(stderr, ": %s\n", errString);
- else
- fprintf(stderr, ": error %d\n", (int)err);
-
- va_end(args);
-}
-
-void
-SECU_PrintSystemError(char *progName, char *msg, ...)
-{
- va_list args;
-
- va_start(args, msg);
- fprintf(stderr, "%s: ", progName);
- vfprintf(stderr, msg, args);
-#if defined(_WIN32_WCE)
- fprintf(stderr, ": %d\n", PR_GetOSError());
-#else
- fprintf(stderr, ": %s\n", strerror(errno));
-#endif
- va_end(args);
-}
-
-static void
-secu_ClearPassword(char *p)
-{
- if (p) {
- PORT_Memset(p, 0, PORT_Strlen(p));
- PORT_Free(p);
- }
-}
-
-char *
-SECU_GetPasswordString(void *arg, char *prompt)
-{
-#ifndef _WINDOWS
- char *p = NULL;
- FILE *input, *output;
-
- /* open terminal */
- input = fopen(consoleName, "r");
- if (input == NULL) {
- fprintf(stderr, "Error opening input terminal for read\n");
- return NULL;
- }
-
- output = fopen(consoleName, "w");
- if (output == NULL) {
- fprintf(stderr, "Error opening output terminal for write\n");
- return NULL;
- }
-
- p = SEC_GetPassword (input, output, prompt, SEC_BlindCheckPassword);
-
-
- fclose(input);
- fclose(output);
-
- return p;
-
-#else
- /* Win32 version of above. opening the console may fail
- on windows95, and certainly isn't necessary.. */
-
- char *p = NULL;
-
- p = SEC_GetPassword (stdin, stdout, prompt, SEC_BlindCheckPassword);
- return p;
-
-#endif
-}
-
-
-/*
- * p a s s w o r d _ h a r d c o d e
- *
- * A function to use the password passed in the -f(pwfile) argument
- * of the command line.
- * After use once, null it out otherwise PKCS11 calls us forever.?
- *
- */
-char *
-SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg)
-{
- char* phrases, *phrase;
- PRFileDesc *fd;
- PRInt32 nb;
- char *pwFile = arg;
- int i;
- const long maxPwdFileSize = 4096;
- char* tokenName = NULL;
- int tokenLen = 0;
-
- if (!pwFile)
- return 0;
-
- if (retry) {
- return 0; /* no good retrying - the files contents will be the same */
- }
-
- phrases = PORT_ZAlloc(maxPwdFileSize);
-
- if (!phrases) {
- return 0; /* out of memory */
- }
-
- fd = PR_Open(pwFile, PR_RDONLY, 0);
- if (!fd) {
- fprintf(stderr, "No password file \"%s\" exists.\n", pwFile);
- PORT_Free(phrases);
- return NULL;
- }
-
- nb = PR_Read(fd, phrases, maxPwdFileSize);
-
- PR_Close(fd);
-
- if (nb == 0) {
- fprintf(stderr,"password file contains no data\n");
- PORT_Free(phrases);
- return NULL;
- }
-
- if (slot) {
- tokenName = PK11_GetTokenName(slot);
- if (tokenName) {
- tokenLen = PORT_Strlen(tokenName);
- }
- }
- i = 0;
- do
- {
- int startphrase = i;
- int phraseLen;
-
- /* handle the Windows EOL case */
- while (phrases[i] != '\r' && phrases[i] != '\n' && i < nb) i++;
- /* terminate passphrase */
- phrases[i++] = '\0';
- /* clean up any EOL before the start of the next passphrase */
- while ( (i<nb) && (phrases[i] == '\r' || phrases[i] == '\n')) {
- phrases[i++] = '\0';
- }
- /* now analyze the current passphrase */
- phrase = &phrases[startphrase];
- if (!tokenName)
- break;
- if (PORT_Strncmp(phrase, tokenName, tokenLen)) continue;
- phraseLen = PORT_Strlen(phrase);
- if (phraseLen < (tokenLen+1)) continue;
- if (phrase[tokenLen] != ':') continue;
- phrase = &phrase[tokenLen+1];
- break;
-
- } while (i<nb);
-
- phrase = PORT_Strdup((char*)phrase);
- PORT_Free(phrases);
- return phrase;
-}
-
-char *
-SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg)
-{
- char prompt[255];
- secuPWData *pwdata = (secuPWData *)arg;
- secuPWData pwnull = { PW_NONE, 0 };
- secuPWData pwxtrn = { PW_EXTERNAL, "external" };
- char *pw;
-
- if (pwdata == NULL)
- pwdata = &pwnull;
-
- if (PK11_ProtectedAuthenticationPath(slot)) {
- pwdata = &pwxtrn;
- }
- if (retry && pwdata->source != PW_NONE) {
- PR_fprintf(PR_STDERR, "Incorrect password/PIN entered.\n");
- return NULL;
- }
-
- switch (pwdata->source) {
- case PW_NONE:
- sprintf(prompt, "Enter Password or Pin for \"%s\":",
- PK11_GetTokenName(slot));
- return SECU_GetPasswordString(NULL, prompt);
- case PW_FROMFILE:
- /* Instead of opening and closing the file every time, get the pw
- * once, then keep it in memory (duh).
- */
- pw = SECU_FilePasswd(slot, retry, pwdata->data);
- pwdata->source = PW_PLAINTEXT;
- pwdata->data = PL_strdup(pw);
- /* it's already been dup'ed */
- return pw;
- case PW_EXTERNAL:
- sprintf(prompt,
- "Press Enter, then enter PIN for \"%s\" on external device.\n",
- PK11_GetTokenName(slot));
- (void) SECU_GetPasswordString(NULL, prompt);
- /* Fall Through */
- case PW_PLAINTEXT:
- return PL_strdup(pwdata->data);
- default:
- break;
- }
-
- PR_fprintf(PR_STDERR, "Password check failed: No password found.\n");
- return NULL;
-}
-
-char *
-secu_InitSlotPassword(PK11SlotInfo *slot, PRBool retry, void *arg)
-{
- char *p0 = NULL;
- char *p1 = NULL;
- FILE *input, *output;
- secuPWData *pwdata = arg;
-
- if (pwdata->source == PW_FROMFILE) {
- return SECU_FilePasswd(slot, retry, pwdata->data);
- }
- if (pwdata->source == PW_PLAINTEXT) {
- return PL_strdup(pwdata->data);
- }
-
- /* PW_NONE - get it from tty */
- /* open terminal */
-#ifdef _WINDOWS
- input = stdin;
-#else
- input = fopen(consoleName, "r");
-#endif
- if (input == NULL) {
- PR_fprintf(PR_STDERR, "Error opening input terminal for read\n");
- return NULL;
- }
-
- /* we have no password, so initialize database with one */
- PR_fprintf(PR_STDERR,
- "Enter a password which will be used to encrypt your keys.\n"
- "The password should be at least 8 characters long,\n"
- "and should contain at least one non-alphabetic character.\n\n");
-
- output = fopen(consoleName, "w");
- if (output == NULL) {
- PR_fprintf(PR_STDERR, "Error opening output terminal for write\n");
- return NULL;
- }
-
-
- for (;;) {
- if (p0)
- PORT_Free(p0);
- p0 = SEC_GetPassword(input, output, "Enter new password: ",
- SEC_BlindCheckPassword);
-
- if (p1)
- PORT_Free(p1);
- p1 = SEC_GetPassword(input, output, "Re-enter password: ",
- SEC_BlindCheckPassword);
- if (p0 && p1 && !PORT_Strcmp(p0, p1)) {
- break;
- }
- PR_fprintf(PR_STDERR, "Passwords do not match. Try again.\n");
- }
-
- /* clear out the duplicate password string */
- secu_ClearPassword(p1);
-
- fclose(input);
- fclose(output);
-
- return p0;
-}
-
-SECStatus
-SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile)
-{
- return SECU_ChangePW2(slot, passwd, 0, pwFile, 0);
-}
-
-SECStatus
-SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass,
- char *oldPwFile, char *newPwFile)
-{
- SECStatus rv;
- secuPWData pwdata, newpwdata;
- char *oldpw = NULL, *newpw = NULL;
-
- if (oldPass) {
- pwdata.source = PW_PLAINTEXT;
- pwdata.data = oldPass;
- } else if (oldPwFile) {
- pwdata.source = PW_FROMFILE;
- pwdata.data = oldPwFile;
- } else {
- pwdata.source = PW_NONE;
- pwdata.data = NULL;
- }
-
- if (newPass) {
- newpwdata.source = PW_PLAINTEXT;
- newpwdata.data = newPass;
- } else if (newPwFile) {
- newpwdata.source = PW_FROMFILE;
- newpwdata.data = newPwFile;
- } else {
- newpwdata.source = PW_NONE;
- newpwdata.data = NULL;
- }
-
- if (PK11_NeedUserInit(slot)) {
- newpw = secu_InitSlotPassword(slot, PR_FALSE, &pwdata);
- rv = PK11_InitPin(slot, (char*)NULL, newpw);
- goto done;
- }
-
- for (;;) {
- oldpw = SECU_GetModulePassword(slot, PR_FALSE, &pwdata);
-
- if (PK11_CheckUserPassword(slot, oldpw) != SECSuccess) {
- if (pwdata.source == PW_NONE) {
- PR_fprintf(PR_STDERR, "Invalid password. Try again.\n");
- } else {
- PR_fprintf(PR_STDERR, "Invalid password.\n");
- PORT_Memset(oldpw, 0, PL_strlen(oldpw));
- PORT_Free(oldpw);
- return SECFailure;
- }
- } else
- break;
-
- PORT_Free(oldpw);
- }
-
- newpw = secu_InitSlotPassword(slot, PR_FALSE, &newpwdata);
-
- if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) {
- PR_fprintf(PR_STDERR, "Failed to change password.\n");
- return SECFailure;
- }
-
- PORT_Memset(oldpw, 0, PL_strlen(oldpw));
- PORT_Free(oldpw);
-
- PR_fprintf(PR_STDOUT, "Password changed successfully.\n");
-
-done:
- PORT_Memset(newpw, 0, PL_strlen(newpw));
- PORT_Free(newpw);
- return SECSuccess;
-}
-
-struct matchobj {
- SECItem index;
- char *nname;
- PRBool found;
-};
-
-char *
-SECU_DefaultSSLDir(void)
-{
- char *dir;
- static char sslDir[1000];
-
- dir = PR_GetEnv("SSL_DIR");
- if (!dir)
- return NULL;
-
- sprintf(sslDir, "%s", dir);
-
- if (sslDir[strlen(sslDir)-1] == '/')
- sslDir[strlen(sslDir)-1] = 0;
-
- return sslDir;
-}
-
-char *
-SECU_AppendFilenameToDir(char *dir, char *filename)
-{
- static char path[1000];
-
- if (dir[strlen(dir)-1] == '/')
- sprintf(path, "%s%s", dir, filename);
- else
- sprintf(path, "%s/%s", dir, filename);
- return path;
-}
-
-char *
-SECU_ConfigDirectory(const char* base)
-{
- static PRBool initted = PR_FALSE;
- const char *dir = ".netscape";
- char *home;
- static char buf[1000];
-
- if (initted) return buf;
-
-
- if (base == NULL || *base == 0) {
- home = PR_GetEnv("HOME");
- if (!home) home = "";
-
- if (*home && home[strlen(home) - 1] == '/')
- sprintf (buf, "%.900s%s", home, dir);
- else
- sprintf (buf, "%.900s/%s", home, dir);
- } else {
- sprintf(buf, "%.900s", base);
- if (buf[strlen(buf) - 1] == '/')
- buf[strlen(buf) - 1] = 0;
- }
-
-
- initted = PR_TRUE;
- return buf;
-}
-
-/*Turn off SSL for now */
-/* This gets called by SSL when server wants our cert & key */
-int
-SECU_GetClientAuthData(void *arg, PRFileDesc *fd,
- struct CERTDistNamesStr *caNames,
- struct CERTCertificateStr **pRetCert,
- struct SECKEYPrivateKeyStr **pRetKey)
-{
- SECKEYPrivateKey *key;
- CERTCertificate *cert;
- int errsave;
-
- if (arg == NULL) {
- fprintf(stderr, "no key/cert name specified for client auth\n");
- return -1;
- }
- cert = PK11_FindCertFromNickname(arg, NULL);
- errsave = PORT_GetError();
- if (!cert) {
- if (errsave == SEC_ERROR_BAD_PASSWORD)
- fprintf(stderr, "Bad password\n");
- else if (errsave > 0)
- fprintf(stderr, "Unable to read cert (error %d)\n", errsave);
- else if (errsave == SEC_ERROR_BAD_DATABASE)
- fprintf(stderr, "Unable to get cert from database (%d)\n", errsave);
- else
- fprintf(stderr, "SECKEY_FindKeyByName: internal error %d\n", errsave);
- return -1;
- }
-
- key = PK11_FindKeyByAnyCert(arg,NULL);
- if (!key) {
- fprintf(stderr, "Unable to get key (%d)\n", PORT_GetError());
- return -1;
- }
-
-
- *pRetCert = cert;
- *pRetKey = key;
-
- return 0;
-}
-
-SECStatus
-secu_StdinToItem(SECItem *dst)
-{
- unsigned char buf[1000];
- PRInt32 numBytes;
- PRBool notDone = PR_TRUE;
-
- dst->len = 0;
- dst->data = NULL;
-
- while (notDone) {
- numBytes = PR_Read(PR_STDIN, buf, sizeof(buf));
-
- if (numBytes < 0) {
- return SECFailure;
- }
-
- if (numBytes == 0)
- break;
-
- if (dst->data) {
- unsigned char * p = dst->data;
- dst->data = (unsigned char*)PORT_Realloc(p, dst->len + numBytes);
- if (!dst->data) {
- PORT_Free(p);
- }
- } else {
- dst->data = (unsigned char*)PORT_Alloc(numBytes);
- }
- if (!dst->data) {
- return SECFailure;
- }
- PORT_Memcpy(dst->data + dst->len, buf, numBytes);
- dst->len += numBytes;
- }
-
- return SECSuccess;
-}
-
-SECStatus
-SECU_FileToItem(SECItem *dst, PRFileDesc *src)
-{
- PRFileInfo info;
- PRInt32 numBytes;
- PRStatus prStatus;
-
- if (src == PR_STDIN)
- return secu_StdinToItem(dst);
-
- prStatus = PR_GetOpenFileInfo(src, &info);
-
- if (prStatus != PR_SUCCESS) {
- PORT_SetError(SEC_ERROR_IO);
- return SECFailure;
- }
-
- /* XXX workaround for 3.1, not all utils zero dst before sending */
- dst->data = 0;
- if (!SECITEM_AllocItem(NULL, dst, info.size))
- goto loser;
-
- numBytes = PR_Read(src, dst->data, info.size);
- if (numBytes != info.size) {
- PORT_SetError(SEC_ERROR_IO);
- goto loser;
- }
-
- return SECSuccess;
-loser:
- SECITEM_FreeItem(dst, PR_FALSE);
- dst->data = NULL;
- return SECFailure;
-}
-
-SECStatus
-SECU_TextFileToItem(SECItem *dst, PRFileDesc *src)
-{
- PRFileInfo info;
- PRInt32 numBytes;
- PRStatus prStatus;
- unsigned char *buf;
-
- if (src == PR_STDIN)
- return secu_StdinToItem(dst);
-
- prStatus = PR_GetOpenFileInfo(src, &info);
-
- if (prStatus != PR_SUCCESS) {
- PORT_SetError(SEC_ERROR_IO);
- return SECFailure;
- }
-
- buf = (unsigned char*)PORT_Alloc(info.size);
- if (!buf)
- return SECFailure;
-
- numBytes = PR_Read(src, buf, info.size);
- if (numBytes != info.size) {
- PORT_SetError(SEC_ERROR_IO);
- goto loser;
- }
-
- if (buf[numBytes-1] == '\n') numBytes--;
-#ifdef _WINDOWS
- if (buf[numBytes-1] == '\r') numBytes--;
-#endif
-
- /* XXX workaround for 3.1, not all utils zero dst before sending */
- dst->data = 0;
- if (!SECITEM_AllocItem(NULL, dst, numBytes))
- goto loser;
-
- memcpy(dst->data, buf, numBytes);
-
- PORT_Free(buf);
- return SECSuccess;
-loser:
- PORT_Free(buf);
- return SECFailure;
-}
-
-SECStatus
-SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii)
-{
- SECStatus rv;
- if (ascii) {
- /* First convert ascii to binary */
- SECItem filedata;
- char *asc, *body;
-
- /* Read in ascii data */
- rv = SECU_FileToItem(&filedata, inFile);
- asc = (char *)filedata.data;
- if (!asc) {
- fprintf(stderr, "unable to read data from input file\n");
- return SECFailure;
- }
-
- /* check for headers and trailers and remove them */
- if ((body = strstr(asc, "-----BEGIN")) != NULL) {
- char *trailer = NULL;
- asc = body;
- body = PORT_Strchr(body, '\n');
- if (!body)
- body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */
- if (body)
- trailer = strstr(++body, "-----END");
- if (trailer != NULL) {
- *trailer = '\0';
- } else {
- fprintf(stderr, "input has header but no trailer\n");
- PORT_Free(filedata.data);
- return SECFailure;
- }
- } else {
- body = asc;
- }
-
- /* Convert to binary */
- rv = ATOB_ConvertAsciiToItem(der, body);
- if (rv) {
- fprintf(stderr, "error converting ascii to binary (%s)\n",
- SECU_Strerror(PORT_GetError()));
- PORT_Free(filedata.data);
- return SECFailure;
- }
-
- PORT_Free(filedata.data);
- } else {
- /* Read in binary der */
- rv = SECU_FileToItem(der, inFile);
- if (rv) {
- fprintf(stderr, "error converting der (%s)\n",
- SECU_Strerror(PORT_GetError()));
- return SECFailure;
- }
- }
- return SECSuccess;
-}
-
-#define INDENT_MULT 4
-void
-SECU_Indent(FILE *out, int level)
-{
- int i;
-
- for (i = 0; i < level; i++) {
- fprintf(out, " ");
- }
-}
-
-static void secu_Newline(FILE *out)
-{
- fprintf(out, "\n");
-}
-
-void
-SECU_PrintAsHex(FILE *out, SECItem *data, const char *m, int level)
-{
- unsigned i;
- int column;
- PRBool isString = PR_TRUE;
- PRBool isWhiteSpace = PR_TRUE;
- PRBool printedHex = PR_FALSE;
- unsigned int limit = 15;
-
- if ( m ) {
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- level++;
- }
-
- SECU_Indent(out, level); column = level*INDENT_MULT;
- if (!data->len) {
- fprintf(out, "(empty)\n");
- return;
- }
- /* take a pass to see if it's all printable. */
- for (i = 0; i < data->len; i++) {
- unsigned char val = data->data[i];
- if (!val || !isprint(val)) {
- isString = PR_FALSE;
- break;
- }
- if (isWhiteSpace && !isspace(val)) {
- isWhiteSpace = PR_FALSE;
- }
- }
-
- /* Short values, such as bit strings (which are printed with this
- ** function) often look like strings, but we want to see the bits.
- ** so this test assures that short values will be printed in hex,
- ** perhaps in addition to being printed as strings.
- ** The threshold size (4 bytes) is arbitrary.
- */
- if (!isString || data->len <= 4) {
- for (i = 0; i < data->len; i++) {
- if (i != data->len - 1) {
- fprintf(out, "%02x:", data->data[i]);
- column += 3;
- } else {
- fprintf(out, "%02x", data->data[i]);
- column += 2;
- break;
- }
- if (column > 76 || (i % 16 == limit)) {
- secu_Newline(out);
- SECU_Indent(out, level);
- column = level*INDENT_MULT;
- limit = i % 16;
- }
- }
- printedHex = PR_TRUE;
- }
- if (isString && !isWhiteSpace) {
- if (printedHex != PR_FALSE) {
- secu_Newline(out);
- SECU_Indent(out, level); column = level*INDENT_MULT;
- }
- for (i = 0; i < data->len; i++) {
- unsigned char val = data->data[i];
-
- if (val) {
- fprintf(out,"%c",val);
- column++;
- } else {
- column = 77;
- }
- if (column > 76) {
- secu_Newline(out);
- SECU_Indent(out, level); column = level*INDENT_MULT;
- }
- }
- }
-
- if (column != level*INDENT_MULT) {
- secu_Newline(out);
- }
-}
-
-static const char *hex = "0123456789abcdef";
-
-static const char printable[257] = {
- "................" /* 0x */
- "................" /* 1x */
- " !\"#$%&'()*+,-./" /* 2x */
- "0123456789:;<=>?" /* 3x */
- "@ABCDEFGHIJKLMNO" /* 4x */
- "PQRSTUVWXYZ[\\]^_" /* 5x */
- "`abcdefghijklmno" /* 6x */
- "pqrstuvwxyz{|}~." /* 7x */
- "................" /* 8x */
- "................" /* 9x */
- "................" /* ax */
- "................" /* bx */
- "................" /* cx */
- "................" /* dx */
- "................" /* ex */
- "................" /* fx */
-};
-
-void
-SECU_PrintBuf(FILE *out, const char *msg, const void *vp, int len)
-{
- const unsigned char *cp = (const unsigned char *)vp;
- char buf[80];
- char *bp;
- char *ap;
-
- fprintf(out, "%s [Len: %d]\n", msg, len);
- memset(buf, ' ', sizeof buf);
- bp = buf;
- ap = buf + 50;
- while (--len >= 0) {
- unsigned char ch = *cp++;
- *bp++ = hex[(ch >> 4) & 0xf];
- *bp++ = hex[ch & 0xf];
- *bp++ = ' ';
- *ap++ = printable[ch];
- if (ap - buf >= 66) {
- *ap = 0;
- fprintf(out, " %s\n", buf);
- memset(buf, ' ', sizeof buf);
- bp = buf;
- ap = buf + 50;
- }
- }
- if (bp > buf) {
- *ap = 0;
- fprintf(out, " %s\n", buf);
- }
-}
-
-SECStatus
-SECU_StripTagAndLength(SECItem *i)
-{
- unsigned int start;
-
- if (!i || !i->data || i->len < 2) { /* must be at least tag and length */
- return SECFailure;
- }
- start = ((i->data[1] & 0x80) ? (i->data[1] & 0x7f) + 2 : 2);
- if (i->len < start) {
- return SECFailure;
- }
- i->data += start;
- i->len -= start;
- return SECSuccess;
-}
-
-
-/* This expents i->data[0] to be the MSB of the integer.
-** if you want to print a DER-encoded integer (with the tag and length)
-** call SECU_PrintEncodedInteger();
-*/
-void
-SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level)
-{
- int iv;
-
- if (!i || !i->len || !i->data) {
- SECU_Indent(out, level);
- if (m) {
- fprintf(out, "%s: (null)\n", m);
- } else {
- fprintf(out, "(null)\n");
- }
- } else if (i->len > 4) {
- SECU_PrintAsHex(out, i, m, level);
- } else {
- if (i->type == siUnsignedInteger && *i->data & 0x80) {
- /* Make sure i->data has zero in the highest bite
- * if i->data is an unsigned integer */
- SECItem tmpI;
- char data[] = {0, 0, 0, 0, 0};
-
- PORT_Memcpy(data + 1, i->data, i->len);
- tmpI.len = i->len + 1;
- tmpI.data = (void*)data;
-
- iv = DER_GetInteger(&tmpI);
- } else {
- iv = DER_GetInteger(i);
- }
- SECU_Indent(out, level);
- if (m) {
- fprintf(out, "%s: %d (0x%x)\n", m, iv, iv);
- } else {
- fprintf(out, "%d (0x%x)\n", iv, iv);
- }
- }
-}
-
-static void
-secu_PrintRawString(FILE *out, SECItem *si, char *m, int level)
-{
- int column;
- unsigned int i;
-
- if ( m ) {
- SECU_Indent(out, level); fprintf(out, "%s: ", m);
- column = (level * INDENT_MULT) + strlen(m) + 2;
- level++;
- } else {
- SECU_Indent(out, level);
- column = level*INDENT_MULT;
- }
- fprintf(out, "\""); column++;
-
- for (i = 0; i < si->len; i++) {
- unsigned char val = si->data[i];
- if (column > 76) {
- secu_Newline(out);
- SECU_Indent(out, level); column = level*INDENT_MULT;
- }
-
- fprintf(out,"%c", printable[val]); column++;
- }
-
- fprintf(out, "\""); column++;
- if (column != level*INDENT_MULT || column > 76) {
- secu_Newline(out);
- }
-}
-
-void
-SECU_PrintString(FILE *out, SECItem *si, char *m, int level)
-{
- SECItem my = *si;
-
- if (SECSuccess != SECU_StripTagAndLength(&my) || !my.len)
- return;
- secu_PrintRawString(out, &my, m, level);
-}
-
-/* print an unencoded boolean */
-static void
-secu_PrintBoolean(FILE *out, SECItem *i, const char *m, int level)
-{
- int val = 0;
-
- if ( i->data && i->len ) {
- val = i->data[0];
- }
-
- if (!m) {
- m = "Boolean";
- }
- SECU_Indent(out, level);
- fprintf(out, "%s: %s\n", m, (val ? "True" : "False"));
-}
-
-/*
- * Format and print "time". If the tag message "m" is not NULL,
- * do indent formatting based on "level" and add a newline afterward;
- * otherwise just print the formatted time string only.
- */
-static void
-secu_PrintTime(FILE *out, int64 time, char *m, int level)
-{
- PRExplodedTime printableTime;
- char *timeString;
-
- /* Convert to local time */
- PR_ExplodeTime(time, PR_GMTParameters, &printableTime);
-
- timeString = PORT_Alloc(256);
- if (timeString == NULL)
- return;
-
- if (m != NULL) {
- SECU_Indent(out, level);
- fprintf(out, "%s: ", m);
- }
-
- if (PR_FormatTime(timeString, 256, "%a %b %d %H:%M:%S %Y", &printableTime)) {
- fprintf(out, timeString);
- }
-
- if (m != NULL)
- fprintf(out, "\n");
-
- PORT_Free(timeString);
-}
-
-/*
- * Format and print the UTC Time "t". If the tag message "m" is not NULL,
- * do indent formatting based on "level" and add a newline afterward;
- * otherwise just print the formatted time string only.
- */
-void
-SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level)
-{
- int64 time;
- SECStatus rv;
-
- rv = DER_UTCTimeToTime(&time, t);
- if (rv != SECSuccess)
- return;
-
- secu_PrintTime(out, time, m, level);
-}
-
-/*
- * Format and print the Generalized Time "t". If the tag message "m"
- * is not NULL, * do indent formatting based on "level" and add a newline
- * afterward; otherwise just print the formatted time string only.
- */
-void
-SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m, int level)
-{
- int64 time;
- SECStatus rv;
-
-
- rv = DER_GeneralizedTimeToTime(&time, t);
- if (rv != SECSuccess)
- return;
-
- secu_PrintTime(out, time, m, level);
-}
-
-/*
- * Format and print the UTC or Generalized Time "t". If the tag message
- * "m" is not NULL, do indent formatting based on "level" and add a newline
- * afterward; otherwise just print the formatted time string only.
- */
-void
-SECU_PrintTimeChoice(FILE *out, SECItem *t, char *m, int level)
-{
- switch (t->type) {
- case siUTCTime:
- SECU_PrintUTCTime(out, t, m, level);
- break;
-
- case siGeneralizedTime:
- SECU_PrintGeneralizedTime(out, t, m, level);
- break;
-
- default:
- PORT_Assert(0);
- break;
- }
-}
-
-
-/* This prints a SET or SEQUENCE */
-void
-SECU_PrintSet(FILE *out, SECItem *t, char *m, int level)
-{
- int type = t->data[0] & SEC_ASN1_TAGNUM_MASK;
- int constructed = t->data[0] & SEC_ASN1_CONSTRUCTED;
- const char * label;
- SECItem my = *t;
-
- if (!constructed) {
- SECU_PrintAsHex(out, t, m, level);
- return;
- }
- if (SECSuccess != SECU_StripTagAndLength(&my))
- return;
-
- SECU_Indent(out, level);
- if (m) {
- fprintf(out, "%s: ", m);
- }
-
- if (type == SEC_ASN1_SET)
- label = "Set ";
- else if (type == SEC_ASN1_SEQUENCE)
- label = "Sequence ";
- else
- label = "";
- fprintf(out,"%s{\n", label); /* } */
-
- while (my.len >= 2) {
- SECItem tmp = my;
-
- if (tmp.data[1] & 0x80) {
- unsigned int i;
- unsigned int lenlen = tmp.data[1] & 0x7f;
- if (lenlen > sizeof tmp.len)
- break;
- tmp.len = 0;
- for (i=0; i < lenlen; i++) {
- tmp.len = (tmp.len << 8) | tmp.data[2+i];
- }
- tmp.len += lenlen + 2;
- } else {
- tmp.len = tmp.data[1] + 2;
- }
- if (tmp.len > my.len) {
- tmp.len = my.len;
- }
- my.data += tmp.len;
- my.len -= tmp.len;
- SECU_PrintAny(out, &tmp, NULL, level + 1);
- }
- SECU_Indent(out, level); fprintf(out, /* { */ "}\n");
-}
-
-static void
-secu_PrintContextSpecific(FILE *out, SECItem *i, char *m, int level)
-{
- int type = i->data[0] & SEC_ASN1_TAGNUM_MASK;
- int constructed = i->data[0] & SEC_ASN1_CONSTRUCTED;
- SECItem tmp;
-
- if (constructed) {
- char * m2;
- if (!m)
- m2 = PR_smprintf("[%d]", type);
- else
- m2 = PR_smprintf("%s: [%d]", m, type);
- if (m2) {
- SECU_PrintSet(out, i, m2, level);
- PR_smprintf_free(m2);
- }
- return;
- }
-
- SECU_Indent(out, level);
- if (m) {
- fprintf(out, "%s: ", m);
- }
- fprintf(out,"[%d]\n", type);
-
- tmp = *i;
- if (SECSuccess == SECU_StripTagAndLength(&tmp))
- SECU_PrintAsHex(out, &tmp, m, level+1);
-}
-
-static void
-secu_PrintOctetString(FILE *out, SECItem *i, char *m, int level)
-{
- SECItem tmp = *i;
- if (SECSuccess == SECU_StripTagAndLength(&tmp))
- SECU_PrintAsHex(out, &tmp, m, level);
-}
-
-static void
-secu_PrintBitString(FILE *out, SECItem *i, char *m, int level)
-{
- int unused_bits;
- SECItem tmp = *i;
-
- if (SECSuccess != SECU_StripTagAndLength(&tmp) || tmp.len < 2)
- return;
-
- unused_bits = *tmp.data++;
- tmp.len--;
-
- SECU_PrintAsHex(out, &tmp, m, level);
- if (unused_bits) {
- SECU_Indent(out, level + 1);
- fprintf(out, "(%d least significant bits unused)\n", unused_bits);
- }
-}
-
-/* in a decoded bit string, the len member is a bit length. */
-static void
-secu_PrintDecodedBitString(FILE *out, SECItem *i, char *m, int level)
-{
- int unused_bits;
- SECItem tmp = *i;
-
-
- unused_bits = (tmp.len & 0x7) ? 8 - (tmp.len & 7) : 0;
- DER_ConvertBitString(&tmp); /* convert length to byte length */
-
- SECU_PrintAsHex(out, &tmp, m, level);
- if (unused_bits) {
- SECU_Indent(out, level + 1);
- fprintf(out, "(%d least significant bits unused)\n", unused_bits);
- }
-}
-
-
-/* Print a DER encoded Boolean */
-void
-SECU_PrintEncodedBoolean(FILE *out, SECItem *i, char *m, int level)
-{
- SECItem my = *i;
- if (SECSuccess == SECU_StripTagAndLength(&my))
- secu_PrintBoolean(out, &my, m, level);
-}
-
-/* Print a DER encoded integer */
-void
-SECU_PrintEncodedInteger(FILE *out, SECItem *i, char *m, int level)
-{
- SECItem my = *i;
- if (SECSuccess == SECU_StripTagAndLength(&my))
- SECU_PrintInteger(out, &my, m, level);
-}
-
-/* Print a DER encoded OID */
-void
-SECU_PrintEncodedObjectID(FILE *out, SECItem *i, char *m, int level)
-{
- SECItem my = *i;
- if (SECSuccess == SECU_StripTagAndLength(&my))
- SECU_PrintObjectID(out, &my, m, level);
-}
-
-static void
-secu_PrintBMPString(FILE *out, SECItem *i, char *m, int level)
-{
- unsigned char * s;
- unsigned char * d;
- int len;
- SECItem tmp = {0, 0, 0};
- SECItem my = *i;
-
- if (SECSuccess != SECU_StripTagAndLength(&my))
- goto loser;
- if (my.len % 2)
- goto loser;
- len = (int)(my.len / 2);
- tmp.data = (unsigned char *)PORT_Alloc(len);
- if (!tmp.data)
- goto loser;
- tmp.len = len;
- for (s = my.data, d = tmp.data ; len > 0; len--) {
- PRUint32 bmpChar = (s[0] << 8) | s[1]; s += 2;
- if (!isprint(bmpChar))
- goto loser;
- *d++ = (unsigned char)bmpChar;
- }
- secu_PrintRawString(out, &tmp, m, level);
- PORT_Free(tmp.data);
- return;
-
-loser:
- SECU_PrintAsHex(out, i, m, level);
- if (tmp.data)
- PORT_Free(tmp.data);
-}
-
-static void
-secu_PrintUniversalString(FILE *out, SECItem *i, char *m, int level)
-{
- unsigned char * s;
- unsigned char * d;
- int len;
- SECItem tmp = {0, 0, 0};
- SECItem my = *i;
-
- if (SECSuccess != SECU_StripTagAndLength(&my))
- goto loser;
- if (my.len % 4)
- goto loser;
- len = (int)(my.len / 4);
- tmp.data = (unsigned char *)PORT_Alloc(len);
- if (!tmp.data)
- goto loser;
- tmp.len = len;
- for (s = my.data, d = tmp.data ; len > 0; len--) {
- PRUint32 bmpChar = (s[0] << 24) | (s[1] << 16) | (s[2] << 8) | s[3];
- s += 4;
- if (!isprint(bmpChar))
- goto loser;
- *d++ = (unsigned char)bmpChar;
- }
- secu_PrintRawString(out, &tmp, m, level);
- PORT_Free(tmp.data);
- return;
-
-loser:
- SECU_PrintAsHex(out, i, m, level);
- if (tmp.data)
- PORT_Free(tmp.data);
-}
-
-static void
-secu_PrintUniversal(FILE *out, SECItem *i, char *m, int level)
-{
- switch (i->data[0] & SEC_ASN1_TAGNUM_MASK) {
- case SEC_ASN1_ENUMERATED:
- case SEC_ASN1_INTEGER:
- SECU_PrintEncodedInteger(out, i, m, level);
- break;
- case SEC_ASN1_OBJECT_ID:
- SECU_PrintEncodedObjectID(out, i, m, level);
- break;
- case SEC_ASN1_BOOLEAN:
- SECU_PrintEncodedBoolean(out, i, m, level);
- break;
- case SEC_ASN1_UTF8_STRING:
- case SEC_ASN1_PRINTABLE_STRING:
- case SEC_ASN1_VISIBLE_STRING:
- case SEC_ASN1_IA5_STRING:
- case SEC_ASN1_T61_STRING:
- SECU_PrintString(out, i, m, level);
- break;
- case SEC_ASN1_GENERALIZED_TIME:
- SECU_PrintGeneralizedTime(out, i, m, level);
- break;
- case SEC_ASN1_UTC_TIME:
- SECU_PrintUTCTime(out, i, m, level);
- break;
- case SEC_ASN1_NULL:
- SECU_Indent(out, level);
- if (m && m[0])
- fprintf(out, "%s: NULL\n", m);
- else
- fprintf(out, "NULL\n");
- break;
- case SEC_ASN1_SET:
- case SEC_ASN1_SEQUENCE:
- SECU_PrintSet(out, i, m, level);
- break;
- case SEC_ASN1_OCTET_STRING:
- secu_PrintOctetString(out, i, m, level);
- break;
- case SEC_ASN1_BIT_STRING:
- secu_PrintBitString(out, i, m, level);
- break;
- case SEC_ASN1_BMP_STRING:
- secu_PrintBMPString(out, i, m, level);
- break;
- case SEC_ASN1_UNIVERSAL_STRING:
- secu_PrintUniversalString(out, i, m, level);
- break;
- default:
- SECU_PrintAsHex(out, i, m, level);
- break;
- }
-}
-
-void
-SECU_PrintAny(FILE *out, SECItem *i, char *m, int level)
-{
- if ( i && i->len && i->data ) {
- switch (i->data[0] & SEC_ASN1_CLASS_MASK) {
- case SEC_ASN1_CONTEXT_SPECIFIC:
- secu_PrintContextSpecific(out, i, m, level);
- break;
- case SEC_ASN1_UNIVERSAL:
- secu_PrintUniversal(out, i, m, level);
- break;
- default:
- SECU_PrintAsHex(out, i, m, level);
- break;
- }
- }
-}
-
-static int
-secu_PrintValidity(FILE *out, CERTValidity *v, char *m, int level)
-{
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintTimeChoice(out, &v->notBefore, "Not Before", level+1);
- SECU_PrintTimeChoice(out, &v->notAfter, "Not After ", level+1);
- return 0;
-}
-
-/* This function does NOT expect a DER type and length. */
-SECOidTag
-SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level)
-{
- SECOidData *oiddata;
- char * oidString = NULL;
-
- oiddata = SECOID_FindOID(oid);
- if (oiddata != NULL) {
- const char *name = oiddata->desc;
- SECU_Indent(out, level);
- if (m != NULL)
- fprintf(out, "%s: ", m);
- fprintf(out, "%s\n", name);
- return oiddata->offset;
- }
- oidString = CERT_GetOidString(oid);
- if (oidString) {
- SECU_Indent(out, level);
- if (m != NULL)
- fprintf(out, "%s: ", m);
- fprintf(out, "%s\n", oidString);
- PR_smprintf_free(oidString);
- return SEC_OID_UNKNOWN;
- }
- SECU_PrintAsHex(out, oid, m, level);
- return SEC_OID_UNKNOWN;
-}
-
-typedef struct secuPBEParamsStr {
- SECItem salt;
- SECItem iterationCount;
- SECItem keyLength;
- SECAlgorithmID cipherAlg;
- SECAlgorithmID kdfAlg;
-} secuPBEParams;
-
-SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate);
-
-/* SECOID_PKCS5_PBKDF2 */
-const SEC_ASN1Template secuKDF2Params[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
- { SEC_ASN1_OCTET_STRING, offsetof(secuPBEParams, salt) },
- { SEC_ASN1_INTEGER, offsetof(secuPBEParams, iterationCount) },
- { SEC_ASN1_INTEGER, offsetof(secuPBEParams, keyLength) },
- { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, kdfAlg),
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { 0 }
-};
-
-/* PKCS5v1 & PKCS12 */
-const SEC_ASN1Template secuPBEParamsTemp[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
- { SEC_ASN1_OCTET_STRING, offsetof(secuPBEParams, salt) },
- { SEC_ASN1_INTEGER, offsetof(secuPBEParams, iterationCount) },
- { 0 }
-};
-
-/* SEC_OID_PKCS5_PBES2, SEC_OID_PKCS5_PBMAC1 */
-const SEC_ASN1Template secuPBEV2Params[] =
-{
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams)},
- { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, kdfAlg),
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, cipherAlg),
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
- { 0 }
-};
-
-void
-secu_PrintKDF2Params(FILE *out, SECItem *value, char *m, int level)
-{
- PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- SECStatus rv;
- secuPBEParams param;
-
- if (m) {
- SECU_Indent(out, level);
- fprintf (out, "%s:\n", m);
- }
-
- if (!pool) {
- SECU_Indent(out, level);
- fprintf(out, "Out of memory\n");
- return;
- }
-
- PORT_Memset(&param, 0, sizeof param);
- rv = SEC_QuickDERDecodeItem(pool, &param, secuKDF2Params, value);
- if (rv == SECSuccess) {
- SECU_PrintAsHex(out, &param.salt, "Salt", level+1);
- SECU_PrintInteger(out, &param.iterationCount, "Iteration Count",
- level+1);
- SECU_PrintInteger(out, &param.keyLength, "Key Length", level+1);
- SECU_PrintAlgorithmID(out, &param.kdfAlg, "KDF algorithm", level+1);
- }
- PORT_FreeArena(pool, PR_FALSE);
-}
-
-void
-secu_PrintPKCS5V2Params(FILE *out, SECItem *value, char *m, int level)
-{
- PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- SECStatus rv;
- secuPBEParams param;
-
- if (m) {
- SECU_Indent(out, level);
- fprintf (out, "%s:\n", m);
- }
-
- if (!pool) {
- SECU_Indent(out, level);
- fprintf(out, "Out of memory\n");
- return;
- }
-
- PORT_Memset(&param, 0, sizeof param);
- rv = SEC_QuickDERDecodeItem(pool, &param, secuPBEV2Params, value);
- if (rv == SECSuccess) {
- SECU_PrintAlgorithmID(out, &param.kdfAlg, "KDF", level+1);
- SECU_PrintAlgorithmID(out, &param.cipherAlg, "Cipher", level+1);
- }
- PORT_FreeArena(pool, PR_FALSE);
-}
-
-void
-secu_PrintPBEParams(FILE *out, SECItem *value, char *m, int level)
-{
- PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- SECStatus rv;
- secuPBEParams param;
-
- if (m) {
- SECU_Indent(out, level);
- fprintf (out, "%s:\n", m);
- }
-
- if (!pool) {
- SECU_Indent(out, level);
- fprintf(out, "Out of memory\n");
- return;
- }
-
- PORT_Memset(&param, 0, sizeof(secuPBEParams));
- rv = SEC_QuickDERDecodeItem(pool, &param, secuPBEParamsTemp, value);
- if (rv == SECSuccess) {
- SECU_PrintAsHex(out, &param.salt, "Salt", level+1);
- SECU_PrintInteger(out, &param.iterationCount, "Iteration Count",
- level+1);
- }
- PORT_FreeArena(pool, PR_FALSE);
-}
-
-/* This function does NOT expect a DER type and length. */
-void
-SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, int level)
-{
- SECOidTag algtag;
- SECU_PrintObjectID(out, &a->algorithm, m, level);
-
- algtag = SECOID_GetAlgorithmTag(a);
- if (SEC_PKCS5IsAlgorithmPBEAlgTag(algtag)) {
- switch (algtag) {
- case SEC_OID_PKCS5_PBKDF2:
- secu_PrintKDF2Params(out, &a->parameters, "Parameters", level+1);
- break;
- case SEC_OID_PKCS5_PBES2:
- secu_PrintPKCS5V2Params(out, &a->parameters, "Encryption", level+1);
- break;
- case SEC_OID_PKCS5_PBMAC1:
- secu_PrintPKCS5V2Params(out, &a->parameters, "MAC", level+1);
- break;
- default:
- secu_PrintPBEParams(out, &a->parameters, "Parameters", level+1);
- break;
- }
- return;
- }
-
-
- if (a->parameters.len == 0
- || (a->parameters.len == 2
- && PORT_Memcmp(a->parameters.data, "\005\000", 2) == 0)) {
- /* No arguments or NULL argument */
- } else {
- /* Print args to algorithm */
- SECU_PrintAsHex(out, &a->parameters, "Args", level+1);
- }
-}
-
-static void
-secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level)
-{
- SECItem *value;
- int i;
- char om[100];
-
- if (m) {
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- }
-
- /*
- * Should make this smarter; look at the type field and then decode
- * and print the value(s) appropriately!
- */
- SECU_PrintObjectID(out, &(attr->type), "Type", level+1);
- if (attr->values != NULL) {
- i = 0;
- while ((value = attr->values[i++]) != NULL) {
- sprintf(om, "Value (%d)%s", i, attr->encoded ? " (encoded)" : "");
- if (attr->encoded || attr->typeTag == NULL) {
- SECU_PrintAny(out, value, om, level+1);
- } else {
- switch (attr->typeTag->offset) {
- default:
- SECU_PrintAsHex(out, value, om, level+1);
- break;
- case SEC_OID_PKCS9_CONTENT_TYPE:
- SECU_PrintObjectID(out, value, om, level+1);
- break;
- case SEC_OID_PKCS9_SIGNING_TIME:
- SECU_PrintTimeChoice(out, value, om, level+1);
- break;
- }
- }
- }
- }
-}
-
-static void
-secu_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
-{
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &pk->u.rsa.modulus, "Modulus", level+1);
- SECU_PrintInteger(out, &pk->u.rsa.publicExponent, "Exponent", level+1);
- if (pk->u.rsa.publicExponent.len == 1 &&
- pk->u.rsa.publicExponent.data[0] == 1) {
- SECU_Indent(out, level +1); fprintf(out, "Error: INVALID RSA KEY!\n");
- }
-}
-
-static void
-secu_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
-{
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &pk->u.dsa.params.prime, "Prime", level+1);
- SECU_PrintInteger(out, &pk->u.dsa.params.subPrime, "Subprime", level+1);
- SECU_PrintInteger(out, &pk->u.dsa.params.base, "Base", level+1);
- SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level+1);
-}
-
-#ifdef NSS_ENABLE_ECC
-static void
-secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
-{
- SECItem curveOID = { siBuffer, NULL, 0};
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &pk->u.ec.publicValue, "PublicValue", level+1);
- /* For named curves, the DEREncodedParams field contains an
- * ASN Object ID (0x06 is SEC_ASN1_OBJECT_ID).
- */
- if ((pk->u.ec.DEREncodedParams.len > 2) &&
- (pk->u.ec.DEREncodedParams.data[0] == 0x06)) {
- curveOID.len = pk->u.ec.DEREncodedParams.data[1];
- curveOID.data = pk->u.ec.DEREncodedParams.data + 2;
- SECU_PrintObjectID(out, &curveOID, "Curve", level +1);
- }
-}
-#endif /* NSS_ENABLE_ECC */
-
-static void
-secu_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena,
- CERTSubjectPublicKeyInfo *i, char *msg, int level)
-{
- SECKEYPublicKey *pk;
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", msg);
- SECU_PrintAlgorithmID(out, &i->algorithm, "Public Key Algorithm", level+1);
-
- pk = SECKEY_ExtractPublicKey(i);
- if (pk) {
- switch (pk->keyType) {
- case rsaKey:
- secu_PrintRSAPublicKey(out, pk, "RSA Public Key", level +1);
- break;
-
- case dsaKey:
- secu_PrintDSAPublicKey(out, pk, "DSA Public Key", level +1);
- break;
-
-#ifdef NSS_ENABLE_ECC
- case ecKey:
- secu_PrintECPublicKey(out, pk, "EC Public Key", level +1);
- break;
-#endif
-
- case dhKey:
- case fortezzaKey:
- case keaKey:
- SECU_Indent(out, level);
- fprintf(out, "unable to format this SPKI algorithm type\n");
- goto loser;
- default:
- SECU_Indent(out, level);
- fprintf(out, "unknown SPKI algorithm type\n");
- goto loser;
- }
- PORT_FreeArena(pk->arena, PR_FALSE);
- } else {
- SECU_PrintErrMsg(out, level, "Error", "Parsing public key");
-loser:
- if (i->subjectPublicKey.data) {
- SECU_PrintAny(out, &i->subjectPublicKey, "Raw", level);
- }
- }
-}
-
-static SECStatus
-secu_PrintX509InvalidDate(FILE *out, SECItem *value, char *msg, int level)
-{
- SECItem decodedValue;
- SECStatus rv;
- int64 invalidTime;
- char *formattedTime = NULL;
-
- decodedValue.data = NULL;
- rv = SEC_ASN1DecodeItem (NULL, &decodedValue,
- SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
- value);
- if (rv == SECSuccess) {
- rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue);
- if (rv == SECSuccess) {
- formattedTime = CERT_GenTime2FormattedAscii
- (invalidTime, "%a %b %d %H:%M:%S %Y");
- SECU_Indent(out, level +1);
- fprintf (out, "%s: %s\n", msg, formattedTime);
- PORT_Free (formattedTime);
- }
- }
- PORT_Free (decodedValue.data);
- return (rv);
-}
-
-static SECStatus
-PrintExtKeyUsageExtension (FILE *out, SECItem *value, char *msg, int level)
-{
- CERTOidSequence *os;
- SECItem **op;
-
- os = CERT_DecodeOidSequence(value);
- if( (CERTOidSequence *)NULL == os ) {
- return SECFailure;
- }
-
- for( op = os->oids; *op; op++ ) {
- SECU_PrintObjectID(out, *op, msg, level + 1);
- }
- CERT_DestroyOidSequence(os);
- return SECSuccess;
-}
-
-static SECStatus
-secu_PrintBasicConstraints(FILE *out, SECItem *value, char *msg, int level) {
- CERTBasicConstraints constraints;
- SECStatus rv;
-
- SECU_Indent(out, level);
- if (msg) {
- fprintf(out,"%s: ",msg);
- }
- rv = CERT_DecodeBasicConstraintValue(&constraints,value);
- if (rv == SECSuccess && constraints.isCA) {
- if (constraints.pathLenConstraint >= 0) {
- fprintf(out,"Is a CA with a maximum path length of %d.\n",
- constraints.pathLenConstraint);
- } else {
- fprintf(out,"Is a CA with no maximum path length.\n");
- }
- } else {
- fprintf(out,"Is not a CA.\n");
- }
- return SECSuccess;
-}
-
-static const char * const nsTypeBits[] = {
- "SSL Client",
- "SSL Server",
- "S/MIME",
- "Object Signing",
- "Reserved",
- "SSL CA",
- "S/MIME CA",
- "ObjectSigning CA"
-};
-
-/* NSCertType is merely a bit string whose bits are displayed symbolically */
-static SECStatus
-secu_PrintNSCertType(FILE *out, SECItem *value, char *msg, int level)
-{
- int unused;
- int NS_Type;
- int i;
- int found = 0;
- SECItem my = *value;
-
- if ((my.data[0] != SEC_ASN1_BIT_STRING) ||
- SECSuccess != SECU_StripTagAndLength(&my)) {
- SECU_PrintAny(out, value, "Data", level);
- return SECSuccess;
- }
-
- unused = (my.len == 2) ? (my.data[0] & 0x0f) : 0;
- NS_Type = my.data[1] & (0xff << unused);
-
-
- SECU_Indent(out, level);
- if (msg) {
- fprintf(out,"%s: ",msg);
- } else {
- fprintf(out,"Netscape Certificate Type: ");
- }
- for (i=0; i < 8; i++) {
- if ( (0x80 >> i) & NS_Type) {
- fprintf(out, "%c%s", (found ? ',' : '<'), nsTypeBits[i]);
- found = 1;
- }
- }
- fprintf(out, (found ? ">\n" : "none\n"));
- return SECSuccess;
-}
-
-static const char * const usageBits[] = {
- "Digital Signature", /* 0x80 */
- "Non-Repudiation", /* 0x40 */
- "Key Encipherment", /* 0x20 */
- "Data Encipherment", /* 0x10 */
- "Key Agreement", /* 0x08 */
- "Certificate Signing", /* 0x04 */
- "CRL Signing", /* 0x02 */
- "Encipher Only", /* 0x01 */
- "Decipher Only", /* 0x0080 */
- NULL
-};
-
-/* X509KeyUsage is merely a bit string whose bits are displayed symbolically */
-static void
-secu_PrintX509KeyUsage(FILE *out, SECItem *value, char *msg, int level)
-{
- int unused;
- int usage;
- int i;
- int found = 0;
- SECItem my = *value;
-
- if ((my.data[0] != SEC_ASN1_BIT_STRING) ||
- SECSuccess != SECU_StripTagAndLength(&my)) {
- SECU_PrintAny(out, value, "Data", level);
- return;
- }
-
- unused = (my.len >= 2) ? (my.data[0] & 0x0f) : 0;
- usage = (my.len == 2) ? (my.data[1] & (0xff << unused)) << 8
- : (my.data[1] << 8) |
- (my.data[2] & (0xff << unused));
-
- SECU_Indent(out, level);
- fprintf(out, "Usages: ");
- for (i=0; usageBits[i]; i++) {
- if ( (0x8000 >> i) & usage) {
- if (found)
- SECU_Indent(out, level + 2);
- fprintf(out, "%s\n", usageBits[i]);
- found = 1;
- }
- }
- if (!found) {
- fprintf(out, "(none)\n");
- }
-}
-
-static void
-secu_PrintIPAddress(FILE *out, SECItem *value, char *msg, int level)
-{
- PRStatus st;
- PRNetAddr addr;
- char addrBuf[80];
-
- memset(&addr, 0, sizeof addr);
- if (value->len == 4) {
- addr.inet.family = PR_AF_INET;
- memcpy(&addr.inet.ip, value->data, value->len);
- } else if (value->len == 16) {
- addr.ipv6.family = PR_AF_INET6;
- memcpy(addr.ipv6.ip.pr_s6_addr, value->data, value->len);
- if (PR_IsNetAddrType(&addr, PR_IpAddrV4Mapped)) {
- /* convert to IPv4. */
- addr.inet.family = PR_AF_INET;
- memcpy(&addr.inet.ip, &addr.ipv6.ip.pr_s6_addr[12], 4);
- memset(&addr.inet.pad[0], 0, sizeof addr.inet.pad);
- }
- } else {
- goto loser;
- }
-
- st = PR_NetAddrToString(&addr, addrBuf, sizeof addrBuf);
- if (st == PR_SUCCESS) {
- SECU_Indent(out, level);
- fprintf(out, "%s: %s\n", msg, addrBuf);
- } else {
-loser:
- SECU_PrintAsHex(out, value, msg, level);
- }
-}
-
-
-static void
-secu_PrintGeneralName(FILE *out, CERTGeneralName *gname, char *msg, int level)
-{
- char label[40];
- if (msg && msg[0]) {
- SECU_Indent(out, level++); fprintf(out, "%s: \n", msg);
- }
- switch (gname->type) {
- case certOtherName :
- SECU_PrintAny( out, &gname->name.OthName.name, "Other Name", level);
- SECU_PrintObjectID(out, &gname->name.OthName.oid, "OID", level+1);
- break;
- case certDirectoryName :
- SECU_PrintName(out, &gname->name.directoryName, "Directory Name", level);
- break;
- case certRFC822Name :
- secu_PrintRawString( out, &gname->name.other, "RFC822 Name", level);
- break;
- case certDNSName :
- secu_PrintRawString( out, &gname->name.other, "DNS name", level);
- break;
- case certURI :
- secu_PrintRawString( out, &gname->name.other, "URI", level);
- break;
- case certIPAddress :
- secu_PrintIPAddress(out, &gname->name.other, "IP Address", level);
- break;
- case certRegisterID :
- SECU_PrintObjectID( out, &gname->name.other, "Registered ID", level);
- break;
- case certX400Address :
- SECU_PrintAny( out, &gname->name.other, "X400 Address", level);
- break;
- case certEDIPartyName :
- SECU_PrintAny( out, &gname->name.other, "EDI Party", level);
- break;
- default:
- PR_snprintf(label, sizeof label, "unknown type [%d]",
- (int)gname->type - 1);
- SECU_PrintAsHex(out, &gname->name.other, label, level);
- break;
- }
-}
-
-static void
-secu_PrintGeneralNames(FILE *out, CERTGeneralName *gname, char *msg, int level)
-{
- CERTGeneralName *name = gname;
- do {
- secu_PrintGeneralName(out, name, msg, level);
- name = CERT_GetNextGeneralName(name);
- } while (name && name != gname);
-}
-
-
-static void
-secu_PrintAuthKeyIDExtension(FILE *out, SECItem *value, char *msg, int level)
-{
- CERTAuthKeyID *kid = NULL;
- PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if (!pool) {
- SECU_PrintError("Error", "Allocating new ArenaPool");
- return;
- }
- kid = CERT_DecodeAuthKeyID(pool, value);
- if (!kid) {
- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
- SECU_PrintAny(out, value, "Data", level);
- } else {
- int keyIDPresent = (kid->keyID.data && kid->keyID.len);
- int issuerPresent = kid->authCertIssuer != NULL;
- int snPresent = (kid->authCertSerialNumber.data &&
- kid->authCertSerialNumber.len);
-
- if (keyIDPresent)
- SECU_PrintAsHex(out, &kid->keyID, "Key ID", level);
- if (issuerPresent)
- secu_PrintGeneralName(out, kid->authCertIssuer, "Issuer", level);
- if (snPresent)
- SECU_PrintInteger(out, &kid->authCertSerialNumber,
- "Serial Number", level);
- }
- PORT_FreeArena(pool, PR_FALSE);
-}
-
-
-static void
-secu_PrintAltNameExtension(FILE *out, SECItem *value, char *msg, int level)
-{
- CERTGeneralName * nameList;
- CERTGeneralName * current;
- PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if (!pool) {
- SECU_PrintError("Error", "Allocating new ArenaPool");
- return;
- }
- nameList = current = CERT_DecodeAltNameExtension(pool, value);
- if (!current) {
- if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) {
- /* Decoder found empty sequence, which is invalid. */
- PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
- }
- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
- SECU_PrintAny(out, value, "Data", level);
- } else {
- do {
- secu_PrintGeneralName(out, current, msg, level);
- current = CERT_GetNextGeneralName(current);
- } while (current != nameList);
- }
- PORT_FreeArena(pool, PR_FALSE);
-}
-
-static void
-secu_PrintCRLDistPtsExtension(FILE *out, SECItem *value, char *msg, int level)
-{
- CERTCrlDistributionPoints * dPoints;
- PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if (!pool) {
- SECU_PrintError("Error", "Allocating new ArenaPool");
- return;
- }
- dPoints = CERT_DecodeCRLDistributionPoints(pool, value);
- if (dPoints && dPoints->distPoints && dPoints->distPoints[0]) {
- CRLDistributionPoint ** pPoints = dPoints->distPoints;
- CRLDistributionPoint * pPoint;
- while (NULL != (pPoint = *pPoints++)) {
- if (pPoint->distPointType == generalName &&
- pPoint->distPoint.fullName != NULL) {
- secu_PrintGeneralNames(out, pPoint->distPoint.fullName, NULL,
- level);
- } else if (pPoint->distPointType == relativeDistinguishedName &&
- pPoint->distPoint.relativeName.avas) {
- SECU_PrintRDN(out, &pPoint->distPoint.relativeName, "RDN",
- level);
- } else if (pPoint->derDistPoint.data) {
- SECU_PrintAny(out, &pPoint->derDistPoint, "Point", level);
- }
- if (pPoint->reasons.data) {
- secu_PrintDecodedBitString(out, &pPoint->reasons, "Reasons",
- level);
- }
- if (pPoint->crlIssuer) {
- secu_PrintGeneralName(out, pPoint->crlIssuer, "Issuer", level);
- }
- }
- } else {
- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
- SECU_PrintAny(out, value, "Data", level);
- }
- PORT_FreeArena(pool, PR_FALSE);
-}
-
-
-static void
-secu_PrintNameConstraintSubtree(FILE *out, CERTNameConstraint *value,
- char *msg, int level)
-{
- CERTNameConstraint *head = value;
- SECU_Indent(out, level); fprintf(out, "%s Subtree:\n", msg);
- level++;
- do {
- secu_PrintGeneralName(out, &value->name, NULL, level);
- if (value->min.data)
- SECU_PrintInteger(out, &value->min, "Minimum", level+1);
- if (value->max.data)
- SECU_PrintInteger(out, &value->max, "Maximum", level+1);
- value = CERT_GetNextNameConstraint(value);
- } while (value != head);
-}
-
-static void
-secu_PrintNameConstraintsExtension(FILE *out, SECItem *value, char *msg, int level)
-{
- CERTNameConstraints * cnstrnts;
- PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if (!pool) {
- SECU_PrintError("Error", "Allocating new ArenaPool");
- return;
- }
- cnstrnts = CERT_DecodeNameConstraintsExtension(pool, value);
- if (!cnstrnts) {
- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
- SECU_PrintAny(out, value, "Raw", level);
- } else {
- if (cnstrnts->permited)
- secu_PrintNameConstraintSubtree(out, cnstrnts->permited,
- "Permitted", level);
- if (cnstrnts->excluded)
- secu_PrintNameConstraintSubtree(out, cnstrnts->excluded,
- "Excluded", level);
- }
- PORT_FreeArena(pool, PR_FALSE);
-}
-
-
-static void
-secu_PrintAuthorityInfoAcess(FILE *out, SECItem *value, char *msg, int level)
-{
- CERTAuthInfoAccess **infos = NULL;
- PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-
- if (!pool) {
- SECU_PrintError("Error", "Allocating new ArenaPool");
- return;
- }
- infos = CERT_DecodeAuthInfoAccessExtension(pool, value);
- if (!infos) {
- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
- SECU_PrintAny(out, value, "Raw", level);
- } else {
- CERTAuthInfoAccess *info;
- while (NULL != (info = *infos++)) {
- if (info->method.data) {
- SECU_PrintObjectID(out, &info->method, "Method", level);
- } else {
- SECU_Indent(out,level);
- fprintf(out, "Error: missing method\n");
- }
- if (info->location) {
- secu_PrintGeneralName(out, info->location, "Location", level);
- } else {
- SECU_PrintAny(out, &info->derLocation, "Location", level);
- }
- }
- }
- PORT_FreeArena(pool, PR_FALSE);
-}
-
-
-void
-SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
- char *msg, int level)
-{
- SECOidTag oidTag;
-
- if ( extensions ) {
- if (msg && *msg) {
- SECU_Indent(out, level++); fprintf(out, "%s:\n", msg);
- }
-
- while ( *extensions ) {
- SECItem *tmpitem;
-
- tmpitem = &(*extensions)->id;
- SECU_PrintObjectID(out, tmpitem, "Name", level);
-
- tmpitem = &(*extensions)->critical;
- if ( tmpitem->len ) {
- secu_PrintBoolean(out, tmpitem, "Critical", level);
- }
-
- oidTag = SECOID_FindOIDTag (&((*extensions)->id));
- tmpitem = &((*extensions)->value);
-
- switch (oidTag) {
- case SEC_OID_X509_INVALID_DATE:
- case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME:
- secu_PrintX509InvalidDate(out, tmpitem, "Date", level );
- break;
- case SEC_OID_X509_CERTIFICATE_POLICIES:
- SECU_PrintPolicy(out, tmpitem, "Data", level );
- break;
- case SEC_OID_NS_CERT_EXT_BASE_URL:
- case SEC_OID_NS_CERT_EXT_REVOCATION_URL:
- case SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL:
- case SEC_OID_NS_CERT_EXT_CA_CRL_URL:
- case SEC_OID_NS_CERT_EXT_CA_CERT_URL:
- case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL:
- case SEC_OID_NS_CERT_EXT_CA_POLICY_URL:
- case SEC_OID_NS_CERT_EXT_HOMEPAGE_URL:
- case SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL:
- case SEC_OID_OCSP_RESPONDER:
- SECU_PrintString(out,tmpitem, "URL", level);
- break;
- case SEC_OID_NS_CERT_EXT_COMMENT:
- SECU_PrintString(out,tmpitem, "Comment", level);
- break;
- case SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME:
- SECU_PrintString(out,tmpitem, "ServerName", level);
- break;
- case SEC_OID_NS_CERT_EXT_CERT_TYPE:
- secu_PrintNSCertType(out,tmpitem,"Data",level);
- break;
- case SEC_OID_X509_BASIC_CONSTRAINTS:
- secu_PrintBasicConstraints(out,tmpitem,"Data",level);
- break;
- case SEC_OID_X509_EXT_KEY_USAGE:
- PrintExtKeyUsageExtension(out, tmpitem, NULL, level);
- break;
- case SEC_OID_X509_KEY_USAGE:
- secu_PrintX509KeyUsage(out, tmpitem, NULL, level );
- break;
- case SEC_OID_X509_AUTH_KEY_ID:
- secu_PrintAuthKeyIDExtension(out, tmpitem, NULL, level );
- break;
- case SEC_OID_X509_SUBJECT_ALT_NAME:
- case SEC_OID_X509_ISSUER_ALT_NAME:
- secu_PrintAltNameExtension(out, tmpitem, NULL, level );
- break;
- case SEC_OID_X509_CRL_DIST_POINTS:
- secu_PrintCRLDistPtsExtension(out, tmpitem, NULL, level );
- break;
- case SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD:
- SECU_PrintPrivKeyUsagePeriodExtension(out, tmpitem, NULL,
- level );
- break;
- case SEC_OID_X509_NAME_CONSTRAINTS:
- secu_PrintNameConstraintsExtension(out, tmpitem, NULL, level);
- break;
- case SEC_OID_X509_AUTH_INFO_ACCESS:
- secu_PrintAuthorityInfoAcess(out, tmpitem, NULL, level);
- break;
-
- case SEC_OID_X509_CRL_NUMBER:
- case SEC_OID_X509_REASON_CODE:
-
- /* PKIX OIDs */
- case SEC_OID_PKIX_OCSP:
- case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
- case SEC_OID_PKIX_OCSP_NONCE:
- case SEC_OID_PKIX_OCSP_CRL:
- case SEC_OID_PKIX_OCSP_RESPONSE:
- case SEC_OID_PKIX_OCSP_NO_CHECK:
- case SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF:
- case SEC_OID_PKIX_OCSP_SERVICE_LOCATOR:
- case SEC_OID_PKIX_REGCTRL_REGTOKEN:
- case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
- case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
- case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
- case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
- case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
- case SEC_OID_PKIX_REGINFO_UTF8_PAIRS:
- case SEC_OID_PKIX_REGINFO_CERT_REQUEST:
-
- /* Netscape extension OIDs. */
- case SEC_OID_NS_CERT_EXT_NETSCAPE_OK:
- case SEC_OID_NS_CERT_EXT_ISSUER_LOGO:
- case SEC_OID_NS_CERT_EXT_SUBJECT_LOGO:
- case SEC_OID_NS_CERT_EXT_ENTITY_LOGO:
- case SEC_OID_NS_CERT_EXT_USER_PICTURE:
-
- /* x.509 v3 Extensions */
- case SEC_OID_X509_SUBJECT_DIRECTORY_ATTR:
- case SEC_OID_X509_SUBJECT_KEY_ID:
- case SEC_OID_X509_POLICY_MAPPINGS:
- case SEC_OID_X509_POLICY_CONSTRAINTS:
-
-
- default:
- SECU_PrintAny(out, tmpitem, "Data", level);
- break;
- }
-
- secu_Newline(out);
- extensions++;
- }
- }
-}
-
-/* An RDN is a subset of a DirectoryName, and we already know how to
- * print those, so make a directory name out of the RDN, and print it.
- */
-void
-SECU_PrintRDN(FILE *out, CERTRDN *rdn, char *msg, int level)
-{
- CERTName name;
- CERTRDN *rdns[2];
-
- name.arena = NULL;
- name.rdns = rdns;
- rdns[0] = rdn;
- rdns[1] = NULL;
- SECU_PrintName(out, &name, msg, level);
-}
-
-void
-SECU_PrintName(FILE *out, CERTName *name, char *msg, int level)
-{
- char *nameStr;
- char *str;
- SECItem my;
-
- if (!name) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return;
- }
- if (!name->rdns || !name->rdns[0]) {
- str = "(empty)";
- } else {
- str = nameStr = CERT_NameToAscii(name);
- }
- if (!str) {
- str = "!Invalid AVA!";
- }
- my.data = (unsigned char *)str;
- my.len = PORT_Strlen(str);
-#if 1
- secu_PrintRawString(out, &my, msg, level);
-#else
- SECU_Indent(out, level); fprintf(out, "%s: ", msg);
- fprintf(out, str);
- secu_Newline(out);
-#endif
- PORT_Free(nameStr);
-}
-
-void
-printflags(char *trusts, unsigned int flags)
-{
- if (flags & CERTDB_VALID_CA)
- if (!(flags & CERTDB_TRUSTED_CA) &&
- !(flags & CERTDB_TRUSTED_CLIENT_CA))
- PORT_Strcat(trusts, "c");
- if (flags & CERTDB_VALID_PEER)
- if (!(flags & CERTDB_TRUSTED))
- PORT_Strcat(trusts, "p");
- if (flags & CERTDB_TRUSTED_CA)
- PORT_Strcat(trusts, "C");
- if (flags & CERTDB_TRUSTED_CLIENT_CA)
- PORT_Strcat(trusts, "T");
- if (flags & CERTDB_TRUSTED)
- PORT_Strcat(trusts, "P");
- if (flags & CERTDB_USER)
- PORT_Strcat(trusts, "u");
- if (flags & CERTDB_SEND_WARN)
- PORT_Strcat(trusts, "w");
- if (flags & CERTDB_INVISIBLE_CA)
- PORT_Strcat(trusts, "I");
- if (flags & CERTDB_GOVT_APPROVED_CA)
- PORT_Strcat(trusts, "G");
- return;
-}
-
-/* callback for listing certs through pkcs11 */
-SECStatus
-SECU_PrintCertNickname(CERTCertListNode *node, void *data)
-{
- CERTCertTrust *trust;
- CERTCertificate* cert;
- FILE *out;
- char trusts[30];
- char *name;
-
- cert = node->cert;
-
- PORT_Memset (trusts, 0, sizeof (trusts));
- out = (FILE *)data;
-
- name = node->appData;
- if (!name || !name[0]) {
- name = cert->nickname;
- }
- if (!name || !name[0]) {
- name = cert->emailAddr;
- }
- if (!name || !name[0]) {
- name = "(NULL)";
- }
-
- trust = cert->trust;
- if (trust) {
- printflags(trusts, trust->sslFlags);
- PORT_Strcat(trusts, ",");
- printflags(trusts, trust->emailFlags);
- PORT_Strcat(trusts, ",");
- printflags(trusts, trust->objectSigningFlags);
- } else {
- PORT_Memcpy(trusts,",,",3);
- }
- fprintf(out, "%-60s %-5s\n", name, trusts);
-
- return (SECSuccess);
-}
-
-int
-SECU_DecodeAndPrintExtensions(FILE *out, SECItem *any, char *m, int level)
-{
- CERTCertExtension **extensions = NULL;
- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- int rv = 0;
-
- if (!arena)
- return SEC_ERROR_NO_MEMORY;
-
- rv = SEC_QuickDERDecodeItem(arena, &extensions,
- SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate), any);
- if (!rv)
- SECU_PrintExtensions(out, extensions, m, level);
- else
- SECU_PrintAny(out, any, m, level);
- PORT_FreeArena(arena, PR_FALSE);
- return rv;
-}
-
-/* print a decoded SET OF or SEQUENCE OF Extensions */
-int
-SECU_PrintSetOfExtensions(FILE *out, SECItem **any, char *m, int level)
-{
- int rv = 0;
- if (m && *m) {
- SECU_Indent(out, level++); fprintf(out, "%s:\n", m);
- }
- while (any && any[0]) {
- rv |= SECU_DecodeAndPrintExtensions(out, any[0], "", level);
- any++;
- }
- return rv;
-}
-
-/* print a decoded SET OF or SEQUENCE OF "ANY" */
-int
-SECU_PrintSetOfAny(FILE *out, SECItem **any, char *m, int level)
-{
- int rv = 0;
- if (m && *m) {
- SECU_Indent(out, level++); fprintf(out, "%s:\n", m);
- }
- while (any && any[0]) {
- SECU_PrintAny(out, any[0], "", level);
- any++;
- }
- return rv;
-}
-
-int
-SECU_PrintCertAttribute(FILE *out, CERTAttribute *attr, char *m, int level)
-{
- int rv = 0;
- SECOidTag tag;
- tag = SECU_PrintObjectID(out, &attr->attrType, "Attribute Type", level);
- if (tag == SEC_OID_PKCS9_EXTENSION_REQUEST) {
- rv = SECU_PrintSetOfExtensions(out, attr->attrValue, "Extensions", level);
- } else {
- rv = SECU_PrintSetOfAny(out, attr->attrValue, "Attribute Values", level);
- }
- return rv;
-}
-
-int
-SECU_PrintCertAttributes(FILE *out, CERTAttribute **attrs, char *m, int level)
-{
- int rv = 0;
- while (attrs[0]) {
- rv |= SECU_PrintCertAttribute(out, attrs[0], m, level+1);
- attrs++;
- }
- return rv;
-}
-
-int /* sometimes a PRErrorCode, other times a SECStatus. Sigh. */
-SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level)
-{
- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- CERTCertificateRequest *cr;
- int rv = SEC_ERROR_NO_MEMORY;
-
- if (!arena)
- return rv;
-
- /* Decode certificate request */
- cr = PORT_ArenaZNew(arena, CERTCertificateRequest);
- if (!cr)
- goto loser;
- cr->arena = arena;
- rv = SEC_QuickDERDecodeItem(arena, cr,
- SEC_ASN1_GET(CERT_CertificateRequestTemplate), der);
- if (rv)
- goto loser;
-
- /* Pretty print it out */
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &cr->version, "Version", level+1);
- SECU_PrintName(out, &cr->subject, "Subject", level+1);
- secu_PrintSubjectPublicKeyInfo(out, arena, &cr->subjectPublicKeyInfo,
- "Subject Public Key Info", level+1);
- if (cr->attributes)
- SECU_PrintCertAttributes(out, cr->attributes, "Attributes", level+1);
- rv = 0;
-loser:
- PORT_FreeArena(arena, PR_FALSE);
- return rv;
-}
-
-int
-SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level)
-{
- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- CERTCertificate *c;
- int rv = SEC_ERROR_NO_MEMORY;
- int iv;
-
- if (!arena)
- return rv;
-
- /* Decode certificate */
- c = PORT_ArenaZNew(arena, CERTCertificate);
- if (!c)
- goto loser;
- c->arena = arena;
- rv = SEC_ASN1DecodeItem(arena, c,
- SEC_ASN1_GET(CERT_CertificateTemplate), der);
- if (rv) {
- SECU_Indent(out, level);
- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
- SECU_PrintAny(out, der, "Raw", level);
- goto loser;
- }
- /* Pretty print it out */
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- iv = c->version.len ? DER_GetInteger(&c->version) : 0; /* version is optional */
- SECU_Indent(out, level+1); fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv);
-
- SECU_PrintInteger(out, &c->serialNumber, "Serial Number", level+1);
- SECU_PrintAlgorithmID(out, &c->signature, "Signature Algorithm", level+1);
- SECU_PrintName(out, &c->issuer, "Issuer", level+1);
- secu_PrintValidity(out, &c->validity, "Validity", level+1);
- SECU_PrintName(out, &c->subject, "Subject", level+1);
- secu_PrintSubjectPublicKeyInfo(out, arena, &c->subjectPublicKeyInfo,
- "Subject Public Key Info", level+1);
- if (c->issuerID.data)
- secu_PrintDecodedBitString(out, &c->issuerID, "Issuer Unique ID", level+1);
- if (c->subjectID.data)
- secu_PrintDecodedBitString(out, &c->subjectID, "Subject Unique ID", level+1);
- SECU_PrintExtensions(out, c->extensions, "Signed Extensions", level+1);
-loser:
- PORT_FreeArena(arena, PR_FALSE);
- return rv;
-}
-
-int
-SECU_PrintRSAPublicKey(FILE *out, SECItem *der, char *m, int level)
-{
- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- SECKEYPublicKey key;
- int rv = SEC_ERROR_NO_MEMORY;
-
- if (!arena)
- return rv;
-
- PORT_Memset(&key, 0, sizeof(key));
- rv = SEC_ASN1DecodeItem(arena, &key,
- SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), der);
- if (!rv) {
- /* Pretty print it out */
- secu_PrintRSAPublicKey(out, &key, m, level);
- }
-
- PORT_FreeArena(arena, PR_FALSE);
- return rv;
-}
-
-int
-SECU_PrintSubjectPublicKeyInfo(FILE *out, SECItem *der, char *m, int level)
-{
- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- int rv = SEC_ERROR_NO_MEMORY;
- CERTSubjectPublicKeyInfo spki;
-
- if (!arena)
- return rv;
-
- PORT_Memset(&spki, 0, sizeof spki);
- rv = SEC_ASN1DecodeItem(arena, &spki,
- SEC_ASN1_GET(CERT_SubjectPublicKeyInfoTemplate),
- der);
- if (!rv) {
- if (m && *m) {
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- }
- secu_PrintSubjectPublicKeyInfo(out, arena, &spki,
- "Subject Public Key Info", level+1);
- }
-
- PORT_FreeArena(arena, PR_FALSE);
- return rv;
-}
-
-#ifdef HAVE_EPV_TEMPLATE
-int
-SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level)
-{
- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- SECKEYEncryptedPrivateKeyInfo key;
- int rv = SEC_ERROR_NO_MEMORY;
-
- if (!arena)
- return rv;
-
- PORT_Memset(&key, 0, sizeof(key));
- rv = SEC_ASN1DecodeItem(arena, &key,
- SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate), der);
- if (rv)
- goto loser;
-
- /* Pretty print it out */
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintAlgorithmID(out, &key.algorithm, "Encryption Algorithm",
- level+1);
- SECU_PrintAsHex(out, &key.encryptedData, "Encrypted Data", level+1);
-loser:
- PORT_FreeArena(arena, PR_TRUE);
- return rv;
-}
-#endif
-
-int
-SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, int level)
-{
- unsigned char fingerprint[20];
- char *fpStr = NULL;
- int err = PORT_GetError();
- SECStatus rv;
- SECItem fpItem;
-
- /* print MD5 fingerprint */
- memset(fingerprint, 0, sizeof fingerprint);
- rv = PK11_HashBuf(SEC_OID_MD5,fingerprint, derCert->data, derCert->len);
- fpItem.data = fingerprint;
- fpItem.len = MD5_LENGTH;
- fpStr = CERT_Hexify(&fpItem, 1);
- SECU_Indent(out, level); fprintf(out, "%s (MD5):\n", m);
- SECU_Indent(out, level+1); fprintf(out, "%s\n", fpStr);
- PORT_Free(fpStr);
- fpStr = NULL;
- if (rv != SECSuccess && !err)
- err = PORT_GetError();
-
- /* print SHA1 fingerprint */
- memset(fingerprint, 0, sizeof fingerprint);
- rv = PK11_HashBuf(SEC_OID_SHA1,fingerprint, derCert->data, derCert->len);
- fpItem.data = fingerprint;
- fpItem.len = SHA1_LENGTH;
- fpStr = CERT_Hexify(&fpItem, 1);
- SECU_Indent(out, level); fprintf(out, "%s (SHA1):\n", m);
- SECU_Indent(out, level+1); fprintf(out, "%s\n", fpStr);
- PORT_Free(fpStr);
- fprintf(out, "\n");
-
- if (err)
- PORT_SetError(err);
- if (err || rv != SECSuccess)
- return SECFailure;
-
- return 0;
-}
-
-/*
-** PKCS7 Support
-*/
-
-/* forward declaration */
-static int
-secu_PrintPKCS7ContentInfo(FILE *, SEC_PKCS7ContentInfo *, char *, int);
-
-/*
-** secu_PrintPKCS7EncContent
-** Prints a SEC_PKCS7EncryptedContentInfo (without decrypting it)
-*/
-static void
-secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src,
- char *m, int level)
-{
- if (src->contentTypeTag == NULL)
- src->contentTypeTag = SECOID_FindOID(&(src->contentType));
-
- SECU_Indent(out, level);
- fprintf(out, "%s:\n", m);
- SECU_Indent(out, level + 1);
- fprintf(out, "Content Type: %s\n",
- (src->contentTypeTag != NULL) ? src->contentTypeTag->desc
- : "Unknown");
- SECU_PrintAlgorithmID(out, &(src->contentEncAlg),
- "Content Encryption Algorithm", level+1);
- SECU_PrintAsHex(out, &(src->encContent),
- "Encrypted Content", level+1);
-}
-
-/*
-** secu_PrintRecipientInfo
-** Prints a PKCS7RecipientInfo type
-*/
-static void
-secu_PrintRecipientInfo(FILE *out, SEC_PKCS7RecipientInfo *info, char *m,
- int level)
-{
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &(info->version), "Version", level + 1);
-
- SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer",
- level + 1);
- SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber),
- "Serial Number", level + 1);
-
- /* Parse and display encrypted key */
- SECU_PrintAlgorithmID(out, &(info->keyEncAlg),
- "Key Encryption Algorithm", level + 1);
- SECU_PrintAsHex(out, &(info->encKey), "Encrypted Key", level + 1);
-}
-
-/*
-** secu_PrintSignerInfo
-** Prints a PKCS7SingerInfo type
-*/
-static void
-secu_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, char *m, int level)
-{
- SEC_PKCS7Attribute *attr;
- int iv;
- char om[100];
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &(info->version), "Version", level + 1);
-
- SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer",
- level + 1);
- SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber),
- "Serial Number", level + 1);
-
- SECU_PrintAlgorithmID(out, &(info->digestAlg), "Digest Algorithm",
- level + 1);
-
- if (info->authAttr != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Authenticated Attributes:\n");
- iv = 0;
- while ((attr = info->authAttr[iv++]) != NULL) {
- sprintf(om, "Attribute (%d)", iv);
- secu_PrintAttribute(out, attr, om, level + 2);
- }
- }
-
- /* Parse and display signature */
- SECU_PrintAlgorithmID(out, &(info->digestEncAlg),
- "Digest Encryption Algorithm", level + 1);
- SECU_PrintAsHex(out, &(info->encDigest), "Encrypted Digest", level + 1);
-
- if (info->unAuthAttr != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Unauthenticated Attributes:\n");
- iv = 0;
- while ((attr = info->unAuthAttr[iv++]) != NULL) {
- sprintf(om, "Attribute (%x)", iv);
- secu_PrintAttribute(out, attr, om, level + 2);
- }
- }
-}
-
-/* callers of this function must make sure that the CERTSignedCrl
- from which they are extracting the CERTCrl has been fully-decoded.
- Otherwise it will not have the entries even though the CRL may have
- some */
-
-void
-SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level)
-{
- CERTCrlEntry *entry;
- int iv;
- char om[100];
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- /* version is optional */
- iv = crl->version.len ? DER_GetInteger(&crl->version) : 0;
- SECU_Indent(out, level+1);
- fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv);
- SECU_PrintAlgorithmID(out, &(crl->signatureAlg), "Signature Algorithm",
- level + 1);
- SECU_PrintName(out, &(crl->name), "Issuer", level + 1);
- SECU_PrintTimeChoice(out, &(crl->lastUpdate), "This Update", level + 1);
- if (crl->nextUpdate.data && crl->nextUpdate.len) /* is optional */
- SECU_PrintTimeChoice(out, &(crl->nextUpdate), "Next Update", level + 1);
-
- if (crl->entries != NULL) {
- iv = 0;
- while ((entry = crl->entries[iv++]) != NULL) {
- sprintf(om, "Entry (%x):\n", iv);
- SECU_Indent(out, level + 1); fprintf(out, om);
- SECU_PrintInteger(out, &(entry->serialNumber), "Serial Number",
- level + 2);
- SECU_PrintTimeChoice(out, &(entry->revocationDate),
- "Revocation Date", level + 2);
- SECU_PrintExtensions(out, entry->extensions,
- "Entry Extensions", level + 2);
- }
- }
- SECU_PrintExtensions(out, crl->extensions, "CRL Extensions", level + 1);
-}
-
-/*
-** secu_PrintPKCS7Signed
-** Pretty print a PKCS7 signed data type (up to version 1).
-*/
-static int
-secu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src,
- const char *m, int level)
-{
- SECAlgorithmID *digAlg; /* digest algorithms */
- SECItem *aCert; /* certificate */
- CERTSignedCrl *aCrl; /* certificate revocation list */
- SEC_PKCS7SignerInfo *sigInfo; /* signer information */
- int rv, iv;
- char om[100];
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
-
- /* Parse and list digest algorithms (if any) */
- if (src->digestAlgorithms != NULL) {
- SECU_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n");
- iv = 0;
- while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {
- sprintf(om, "Digest Algorithm (%x)", iv);
- SECU_PrintAlgorithmID(out, digAlg, om, level + 2);
- }
- }
-
- /* Now for the content */
- rv = secu_PrintPKCS7ContentInfo(out, &(src->contentInfo),
- "Content Information", level + 1);
- if (rv != 0)
- return rv;
-
- /* Parse and list certificates (if any) */
- if (src->rawCerts != NULL) {
- SECU_Indent(out, level + 1); fprintf(out, "Certificate List:\n");
- iv = 0;
- while ((aCert = src->rawCerts[iv++]) != NULL) {
- sprintf(om, "Certificate (%x)", iv);
- rv = SECU_PrintSignedData(out, aCert, om, level + 2,
- SECU_PrintCertificate);
- if (rv)
- return rv;
- }
- }
-
- /* Parse and list CRL's (if any) */
- if (src->crls != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Signed Revocation Lists:\n");
- iv = 0;
- while ((aCrl = src->crls[iv++]) != NULL) {
- sprintf(om, "Signed Revocation List (%x)", iv);
- SECU_Indent(out, level + 2); fprintf(out, "%s:\n", om);
- SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
- "Signature Algorithm", level+3);
- DER_ConvertBitString(&aCrl->signatureWrap.signature);
- SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",
- level+3);
- SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List",
- level + 3);
- }
- }
-
- /* Parse and list signatures (if any) */
- if (src->signerInfos != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Signer Information List:\n");
- iv = 0;
- while ((sigInfo = src->signerInfos[iv++]) != NULL) {
- sprintf(om, "Signer Information (%x)", iv);
- secu_PrintSignerInfo(out, sigInfo, om, level + 2);
- }
- }
-
- return 0;
-}
-
-/*
-** secu_PrintPKCS7Enveloped
-** Pretty print a PKCS7 enveloped data type (up to version 1).
-*/
-static void
-secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src,
- const char *m, int level)
-{
- SEC_PKCS7RecipientInfo *recInfo; /* pointer for signer information */
- int iv;
- char om[100];
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
-
- /* Parse and list recipients (this is not optional) */
- if (src->recipientInfos != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Recipient Information List:\n");
- iv = 0;
- while ((recInfo = src->recipientInfos[iv++]) != NULL) {
- sprintf(om, "Recipient Information (%x)", iv);
- secu_PrintRecipientInfo(out, recInfo, om, level + 2);
- }
- }
-
- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
- "Encrypted Content Information", level + 1);
-}
-
-/*
-** secu_PrintPKCS7SignedEnveloped
-** Pretty print a PKCS7 singed and enveloped data type (up to version 1).
-*/
-static int
-secu_PrintPKCS7SignedAndEnveloped(FILE *out,
- SEC_PKCS7SignedAndEnvelopedData *src,
- const char *m, int level)
-{
- SECAlgorithmID *digAlg; /* pointer for digest algorithms */
- SECItem *aCert; /* pointer for certificate */
- CERTSignedCrl *aCrl; /* pointer for certificate revocation list */
- SEC_PKCS7SignerInfo *sigInfo; /* pointer for signer information */
- SEC_PKCS7RecipientInfo *recInfo; /* pointer for recipient information */
- int rv, iv;
- char om[100];
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
-
- /* Parse and list recipients (this is not optional) */
- if (src->recipientInfos != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Recipient Information List:\n");
- iv = 0;
- while ((recInfo = src->recipientInfos[iv++]) != NULL) {
- sprintf(om, "Recipient Information (%x)", iv);
- secu_PrintRecipientInfo(out, recInfo, om, level + 2);
- }
- }
-
- /* Parse and list digest algorithms (if any) */
- if (src->digestAlgorithms != NULL) {
- SECU_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n");
- iv = 0;
- while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {
- sprintf(om, "Digest Algorithm (%x)", iv);
- SECU_PrintAlgorithmID(out, digAlg, om, level + 2);
- }
- }
-
- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
- "Encrypted Content Information", level + 1);
-
- /* Parse and list certificates (if any) */
- if (src->rawCerts != NULL) {
- SECU_Indent(out, level + 1); fprintf(out, "Certificate List:\n");
- iv = 0;
- while ((aCert = src->rawCerts[iv++]) != NULL) {
- sprintf(om, "Certificate (%x)", iv);
- rv = SECU_PrintSignedData(out, aCert, om, level + 2,
- SECU_PrintCertificate);
- if (rv)
- return rv;
- }
- }
-
- /* Parse and list CRL's (if any) */
- if (src->crls != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Signed Revocation Lists:\n");
- iv = 0;
- while ((aCrl = src->crls[iv++]) != NULL) {
- sprintf(om, "Signed Revocation List (%x)", iv);
- SECU_Indent(out, level + 2); fprintf(out, "%s:\n", om);
- SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
- "Signature Algorithm", level+3);
- DER_ConvertBitString(&aCrl->signatureWrap.signature);
- SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",
- level+3);
- SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List",
- level + 3);
- }
- }
-
- /* Parse and list signatures (if any) */
- if (src->signerInfos != NULL) {
- SECU_Indent(out, level + 1);
- fprintf(out, "Signer Information List:\n");
- iv = 0;
- while ((sigInfo = src->signerInfos[iv++]) != NULL) {
- sprintf(om, "Signer Information (%x)", iv);
- secu_PrintSignerInfo(out, sigInfo, om, level + 2);
- }
- }
-
- return 0;
-}
-
-int
-SECU_PrintCrl (FILE *out, SECItem *der, char *m, int level)
-{
- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- CERTCrl *c = NULL;
- int rv = SEC_ERROR_NO_MEMORY;
-
- if (!arena)
- return rv;
- do {
- /* Decode CRL */
- c = PORT_ArenaZNew(arena, CERTCrl);
- if (!c)
- break;
-
- rv = SEC_QuickDERDecodeItem(arena, c, SEC_ASN1_GET(CERT_CrlTemplate), der);
- if (rv != SECSuccess)
- break;
- SECU_PrintCRLInfo (out, c, m, level);
- } while (0);
- PORT_FreeArena (arena, PR_FALSE);
- return rv;
-}
-
-
-/*
-** secu_PrintPKCS7Encrypted
-** Pretty print a PKCS7 encrypted data type (up to version 1).
-*/
-static void
-secu_PrintPKCS7Encrypted(FILE *out, SEC_PKCS7EncryptedData *src,
- const char *m, int level)
-{
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
-
- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
- "Encrypted Content Information", level + 1);
-}
-
-/*
-** secu_PrintPKCS7Digested
-** Pretty print a PKCS7 digested data type (up to version 1).
-*/
-static void
-secu_PrintPKCS7Digested(FILE *out, SEC_PKCS7DigestedData *src,
- const char *m, int level)
-{
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
-
- SECU_PrintAlgorithmID(out, &src->digestAlg, "Digest Algorithm",
- level + 1);
- secu_PrintPKCS7ContentInfo(out, &src->contentInfo, "Content Information",
- level + 1);
- SECU_PrintAsHex(out, &src->digest, "Digest", level + 1);
-}
-
-/*
-** secu_PrintPKCS7ContentInfo
-** Takes a SEC_PKCS7ContentInfo type and sends the contents to the
-** appropriate function
-*/
-static int
-secu_PrintPKCS7ContentInfo(FILE *out, SEC_PKCS7ContentInfo *src,
- char *m, int level)
-{
- const char *desc;
- SECOidTag kind;
- int rv;
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- level++;
-
- if (src->contentTypeTag == NULL)
- src->contentTypeTag = SECOID_FindOID(&(src->contentType));
-
- if (src->contentTypeTag == NULL) {
- desc = "Unknown";
- kind = SEC_OID_PKCS7_DATA;
- } else {
- desc = src->contentTypeTag->desc;
- kind = src->contentTypeTag->offset;
- }
-
- if (src->content.data == NULL) {
- SECU_Indent(out, level); fprintf(out, "%s:\n", desc);
- level++;
- SECU_Indent(out, level); fprintf(out, "<no content>\n");
- return 0;
- }
-
- rv = 0;
- switch (kind) {
- case SEC_OID_PKCS7_SIGNED_DATA: /* Signed Data */
- rv = secu_PrintPKCS7Signed(out, src->content.signedData, desc, level);
- break;
-
- case SEC_OID_PKCS7_ENVELOPED_DATA: /* Enveloped Data */
- secu_PrintPKCS7Enveloped(out, src->content.envelopedData, desc, level);
- break;
-
- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: /* Signed and Enveloped */
- rv = secu_PrintPKCS7SignedAndEnveloped(out,
- src->content.signedAndEnvelopedData,
- desc, level);
- break;
-
- case SEC_OID_PKCS7_DIGESTED_DATA: /* Digested Data */
- secu_PrintPKCS7Digested(out, src->content.digestedData, desc, level);
- break;
-
- case SEC_OID_PKCS7_ENCRYPTED_DATA: /* Encrypted Data */
- secu_PrintPKCS7Encrypted(out, src->content.encryptedData, desc, level);
- break;
-
- default:
- SECU_PrintAsHex(out, src->content.data, desc, level);
- break;
- }
-
- return rv;
-}
-
-/*
-** SECU_PrintPKCS7ContentInfo
-** Decode and print any major PKCS7 data type (up to version 1).
-*/
-int
-SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m, int level)
-{
- SEC_PKCS7ContentInfo *cinfo;
- int rv;
-
- cinfo = SEC_PKCS7DecodeItem(der, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
- if (cinfo != NULL) {
- /* Send it to recursive parsing and printing module */
- rv = secu_PrintPKCS7ContentInfo(out, cinfo, m, level);
- SEC_PKCS7DestroyContentInfo(cinfo);
- } else {
- rv = -1;
- }
-
- return rv;
-}
-
-/*
-** End of PKCS7 functions
-*/
-
-void
-printFlags(FILE *out, unsigned int flags, int level)
-{
- if ( flags & CERTDB_VALID_PEER ) {
- SECU_Indent(out, level); fprintf(out, "Valid Peer\n");
- }
- if ( flags & CERTDB_TRUSTED ) {
- SECU_Indent(out, level); fprintf(out, "Trusted\n");
- }
- if ( flags & CERTDB_SEND_WARN ) {
- SECU_Indent(out, level); fprintf(out, "Warn When Sending\n");
- }
- if ( flags & CERTDB_VALID_CA ) {
- SECU_Indent(out, level); fprintf(out, "Valid CA\n");
- }
- if ( flags & CERTDB_TRUSTED_CA ) {
- SECU_Indent(out, level); fprintf(out, "Trusted CA\n");
- }
- if ( flags & CERTDB_NS_TRUSTED_CA ) {
- SECU_Indent(out, level); fprintf(out, "Netscape Trusted CA\n");
- }
- if ( flags & CERTDB_USER ) {
- SECU_Indent(out, level); fprintf(out, "User\n");
- }
- if ( flags & CERTDB_TRUSTED_CLIENT_CA ) {
- SECU_Indent(out, level); fprintf(out, "Trusted Client CA\n");
- }
- if ( flags & CERTDB_GOVT_APPROVED_CA ) {
- SECU_Indent(out, level); fprintf(out, "Step-up\n");
- }
-}
-
-void
-SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m, int level)
-{
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- SECU_Indent(out, level+1); fprintf(out, "SSL Flags:\n");
- printFlags(out, trust->sslFlags, level+2);
- SECU_Indent(out, level+1); fprintf(out, "Email Flags:\n");
- printFlags(out, trust->emailFlags, level+2);
- SECU_Indent(out, level+1); fprintf(out, "Object Signing Flags:\n");
- printFlags(out, trust->objectSigningFlags, level+2);
-}
-
-int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m,
- int level, SECU_PPFunc inner)
-{
- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- CERTSignedData *sd;
- int rv = SEC_ERROR_NO_MEMORY;
-
- if (!arena)
- return rv;
-
- /* Strip off the signature */
- sd = PORT_ArenaZNew(arena, CERTSignedData);
- if (!sd)
- goto loser;
-
- rv = SEC_ASN1DecodeItem(arena, sd, SEC_ASN1_GET(CERT_SignedDataTemplate),
- der);
- if (rv)
- goto loser;
-
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- rv = (*inner)(out, &sd->data, "Data", level+1);
-
- SECU_PrintAlgorithmID(out, &sd->signatureAlgorithm, "Signature Algorithm",
- level+1);
- DER_ConvertBitString(&sd->signature);
- SECU_PrintAsHex(out, &sd->signature, "Signature", level+1);
- SECU_PrintFingerprints(out, der, "Fingerprint", level+1);
-loser:
- PORT_FreeArena(arena, PR_FALSE);
- return rv;
-
-}
-
-SECStatus
-SEC_PrintCertificateAndTrust(CERTCertificate *cert,
- const char *label,
- CERTCertTrust *trust)
-{
- SECStatus rv;
- SECItem data;
-
- data.data = cert->derCert.data;
- data.len = cert->derCert.len;
-
- rv = SECU_PrintSignedData(stdout, &data, label, 0,
- SECU_PrintCertificate);
- if (rv) {
- return(SECFailure);
- }
- if (trust) {
- SECU_PrintTrustFlags(stdout, trust,
- "Certificate Trust Flags", 1);
- } else if (cert->trust) {
- SECU_PrintTrustFlags(stdout, cert->trust,
- "Certificate Trust Flags", 1);
- }
-
- printf("\n");
-
- return(SECSuccess);
-}
-
-
-SECStatus
-SECU_ParseCommandLine(int argc, char **argv, char *progName,
- const secuCommand *cmd)
-{
- PRBool found;
- PLOptState *optstate;
- PLOptStatus status;
- char *optstring;
- PLLongOpt *longopts = NULL;
- int i, j;
- int lcmd = 0, lopt = 0;
-
- optstring = (char *)PORT_Alloc(cmd->numCommands + 2*cmd->numOptions+1);
- if (optstring == NULL)
- return SECFailure;
-
- j = 0;
- for (i=0; i<cmd->numCommands; i++) {
- if (cmd->commands[i].flag) /* single character option ? */
- optstring[j++] = cmd->commands[i].flag;
- if (cmd->commands[i].longform)
- lcmd++;
- }
- for (i=0; i<cmd->numOptions; i++) {
- if (cmd->options[i].flag) {
- optstring[j++] = cmd->options[i].flag;
- if (cmd->options[i].needsArg)
- optstring[j++] = ':';
- }
- if (cmd->options[i].longform)
- lopt++;
- }
-
- optstring[j] = '\0';
-
- if (lcmd + lopt > 0) {
- longopts = PORT_NewArray(PLLongOpt, lcmd+lopt+1);
- if (!longopts) {
- PORT_Free(optstring);
- return SECFailure;
- }
-
- j = 0;
- for (i=0; j<lcmd && i<cmd->numCommands; i++) {
- if (cmd->commands[i].longform) {
- longopts[j].longOptName = cmd->commands[i].longform;
- longopts[j].longOption = 0;
- longopts[j++].valueRequired = cmd->commands[i].needsArg;
- }
- }
- lopt += lcmd;
- for (i=0; j<lopt && i<cmd->numOptions; i++) {
- if (cmd->options[i].longform) {
- longopts[j].longOptName = cmd->options[i].longform;
- longopts[j].longOption = 0;
- longopts[j++].valueRequired = cmd->options[i].needsArg;
- }
- }
- longopts[j].longOptName = NULL;
- }
-
- optstate = PL_CreateLongOptState(argc, argv, optstring, longopts);
- if (!optstate) {
- PORT_Free(optstring);
- PORT_Free(longopts);
- return SECFailure;
- }
- /* Parse command line arguments */
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- const char *optstatelong;
- char option = optstate->option;
-
- /* positional parameter, single-char option or long opt? */
- if (optstate->longOptIndex == -1) {
- /* not a long opt */
- if (option == '\0')
- continue; /* it's a positional parameter */
- optstatelong = "";
- } else {
- /* long opt */
- if (option == '\0')
- option = '\377'; /* force unequal with all flags */
- optstatelong = longopts[optstate->longOptIndex].longOptName;
- }
-
- found = PR_FALSE;
-
- for (i=0; i<cmd->numCommands; i++) {
- if (cmd->commands[i].flag == option ||
- cmd->commands[i].longform == optstatelong) {
- cmd->commands[i].activated = PR_TRUE;
- if (optstate->value) {
- cmd->commands[i].arg = (char *)optstate->value;
- }
- found = PR_TRUE;
- break;
- }
- }
-
- if (found)
- continue;
-
- for (i=0; i<cmd->numOptions; i++) {
- if (cmd->options[i].flag == option ||
- cmd->options[i].longform == optstatelong) {
- cmd->options[i].activated = PR_TRUE;
- if (optstate->value) {
- cmd->options[i].arg = (char *)optstate->value;
- } else if (cmd->options[i].needsArg) {
- status = PL_OPT_BAD;
- goto loser;
- }
- found = PR_TRUE;
- break;
- }
- }
-
- if (!found) {
- status = PL_OPT_BAD;
- break;
- }
- }
-
-loser:
- PL_DestroyOptState(optstate);
- PORT_Free(optstring);
- if (longopts)
- PORT_Free(longopts);
- if (status == PL_OPT_BAD)
- return SECFailure;
- return SECSuccess;
-}
-
-char *
-SECU_GetOptionArg(const secuCommand *cmd, int optionNum)
-{
- if (optionNum < 0 || optionNum >= cmd->numOptions)
- return NULL;
- if (cmd->options[optionNum].activated)
- return PL_strdup(cmd->options[optionNum].arg);
- else
- return NULL;
-}
-
-static char SECUErrorBuf[64];
-
-char *
-SECU_ErrorStringRaw(int16 err)
-{
- if (err == 0)
- SECUErrorBuf[0] = '\0';
- else if (err == SEC_ERROR_BAD_DATA)
- sprintf(SECUErrorBuf, "Bad data");
- else if (err == SEC_ERROR_BAD_DATABASE)
- sprintf(SECUErrorBuf, "Problem with database");
- else if (err == SEC_ERROR_BAD_DER)
- sprintf(SECUErrorBuf, "Problem with DER");
- else if (err == SEC_ERROR_BAD_KEY)
- sprintf(SECUErrorBuf, "Problem with key");
- else if (err == SEC_ERROR_BAD_PASSWORD)
- sprintf(SECUErrorBuf, "Incorrect password");
- else if (err == SEC_ERROR_BAD_SIGNATURE)
- sprintf(SECUErrorBuf, "Bad signature");
- else if (err == SEC_ERROR_EXPIRED_CERTIFICATE)
- sprintf(SECUErrorBuf, "Expired certificate");
- else if (err == SEC_ERROR_EXTENSION_VALUE_INVALID)
- sprintf(SECUErrorBuf, "Invalid extension value");
- else if (err == SEC_ERROR_INPUT_LEN)
- sprintf(SECUErrorBuf, "Problem with input length");
- else if (err == SEC_ERROR_INVALID_ALGORITHM)
- sprintf(SECUErrorBuf, "Invalid algorithm");
- else if (err == SEC_ERROR_INVALID_ARGS)
- sprintf(SECUErrorBuf, "Invalid arguments");
- else if (err == SEC_ERROR_INVALID_AVA)
- sprintf(SECUErrorBuf, "Invalid AVA");
- else if (err == SEC_ERROR_INVALID_TIME)
- sprintf(SECUErrorBuf, "Invalid time");
- else if (err == SEC_ERROR_IO)
- sprintf(SECUErrorBuf, "Security I/O error");
- else if (err == SEC_ERROR_LIBRARY_FAILURE)
- sprintf(SECUErrorBuf, "Library failure");
- else if (err == SEC_ERROR_NO_MEMORY)
- sprintf(SECUErrorBuf, "Out of memory");
- else if (err == SEC_ERROR_OLD_CRL)
- sprintf(SECUErrorBuf, "CRL is older than the current one");
- else if (err == SEC_ERROR_OUTPUT_LEN)
- sprintf(SECUErrorBuf, "Problem with output length");
- else if (err == SEC_ERROR_UNKNOWN_ISSUER)
- sprintf(SECUErrorBuf, "Unknown issuer");
- else if (err == SEC_ERROR_UNTRUSTED_CERT)
- sprintf(SECUErrorBuf, "Untrusted certificate");
- else if (err == SEC_ERROR_UNTRUSTED_ISSUER)
- sprintf(SECUErrorBuf, "Untrusted issuer");
- else if (err == SSL_ERROR_BAD_CERTIFICATE)
- sprintf(SECUErrorBuf, "Bad certificate");
- else if (err == SSL_ERROR_BAD_CLIENT)
- sprintf(SECUErrorBuf, "Bad client");
- else if (err == SSL_ERROR_BAD_SERVER)
- sprintf(SECUErrorBuf, "Bad server");
- else if (err == SSL_ERROR_EXPORT_ONLY_SERVER)
- sprintf(SECUErrorBuf, "Export only server");
- else if (err == SSL_ERROR_NO_CERTIFICATE)
- sprintf(SECUErrorBuf, "No certificate");
- else if (err == SSL_ERROR_NO_CYPHER_OVERLAP)
- sprintf(SECUErrorBuf, "No cypher overlap");
- else if (err == SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE)
- sprintf(SECUErrorBuf, "Unsupported certificate type");
- else if (err == SSL_ERROR_UNSUPPORTED_VERSION)
- sprintf(SECUErrorBuf, "Unsupported version");
- else if (err == SSL_ERROR_US_ONLY_SERVER)
- sprintf(SECUErrorBuf, "U.S. only server");
- else if (err == PR_IO_ERROR)
- sprintf(SECUErrorBuf, "I/O error");
-
- else if (err == SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE)
- sprintf (SECUErrorBuf, "Expired Issuer Certificate");
- else if (err == SEC_ERROR_REVOKED_CERTIFICATE)
- sprintf (SECUErrorBuf, "Revoked certificate");
- else if (err == SEC_ERROR_NO_KEY)
- sprintf (SECUErrorBuf, "No private key in database for this cert");
- else if (err == SEC_ERROR_CERT_NOT_VALID)
- sprintf (SECUErrorBuf, "Certificate is not valid");
- else if (err == SEC_ERROR_EXTENSION_NOT_FOUND)
- sprintf (SECUErrorBuf, "Certificate extension was not found");
- else if (err == SEC_ERROR_EXTENSION_VALUE_INVALID)
- sprintf (SECUErrorBuf, "Certificate extension value invalid");
- else if (err == SEC_ERROR_CA_CERT_INVALID)
- sprintf (SECUErrorBuf, "Issuer certificate is invalid");
- else if (err == SEC_ERROR_CERT_USAGES_INVALID)
- sprintf (SECUErrorBuf, "Certificate usages is invalid");
- else if (err == SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION)
- sprintf (SECUErrorBuf, "Certificate has unknown critical extension");
- else if (err == SEC_ERROR_PKCS7_BAD_SIGNATURE)
- sprintf (SECUErrorBuf, "Bad PKCS7 signature");
- else if (err == SEC_ERROR_INADEQUATE_KEY_USAGE)
- sprintf (SECUErrorBuf, "Certificate not approved for this operation");
- else if (err == SEC_ERROR_INADEQUATE_CERT_TYPE)
- sprintf (SECUErrorBuf, "Certificate not approved for this operation");
-
- return SECUErrorBuf;
-}
-
-char *
-SECU_ErrorString(int16 err)
-{
- char *error_string;
-
- *SECUErrorBuf = 0;
- SECU_ErrorStringRaw (err);
-
- if (*SECUErrorBuf == 0) {
- error_string = SECU_GetString(err);
- if (error_string == NULL || *error_string == '\0')
- sprintf(SECUErrorBuf, "No error string found for %d.", err);
- else
- return error_string;
- }
-
- return SECUErrorBuf;
-}
-
-
-void
-SECU_PrintPRandOSError(char *progName)
-{
- char buffer[513];
- PRInt32 errLen = PR_GetErrorTextLength();
- if (errLen > 0 && errLen < sizeof buffer) {
- PR_GetErrorText(buffer);
- }
- SECU_PrintError(progName, "function failed");
- if (errLen > 0 && errLen < sizeof buffer) {
- PR_fprintf(PR_STDERR, "\t%s\n", buffer);
- }
-}
-
-
-static char *
-bestCertName(CERTCertificate *cert) {
- if (cert->nickname) {
- return cert->nickname;
- }
- if (cert->emailAddr && cert->emailAddr[0]) {
- return cert->emailAddr;
- }
- return cert->subjectName;
-}
-
-void
-SECU_printCertProblemsOnDate(FILE *outfile, CERTCertDBHandle *handle,
- CERTCertificate *cert, PRBool checksig,
- SECCertificateUsage certUsage, void *pinArg, PRBool verbose,
- PRTime datetime)
-{
- CERTVerifyLog log;
- CERTVerifyLogNode *node;
-
- PRErrorCode err = PORT_GetError();
-
- log.arena = PORT_NewArena(512);
- log.head = log.tail = NULL;
- log.count = 0;
- CERT_VerifyCertificate(handle, cert, checksig, certUsage, datetime, pinArg, &log, NULL);
-
- SECU_displayVerifyLog(outfile, &log, verbose);
-
- for (node = log.head; node; node = node->next) {
- if (node->cert)
- CERT_DestroyCertificate(node->cert);
- }
- PORT_FreeArena(log.arena, PR_FALSE);
-
- PORT_SetError(err); /* restore original error code */
-}
-
-void
-SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log,
- PRBool verbose)
-{
- CERTVerifyLogNode *node = NULL;
- unsigned int depth = (unsigned int)-1;
- unsigned int flags = 0;
- char * errstr = NULL;
-
- if (log->count > 0) {
- fprintf(outfile,"PROBLEM WITH THE CERT CHAIN:\n");
- for (node = log->head; node; node = node->next) {
- if (depth != node->depth) {
- depth = node->depth;
- fprintf(outfile,"CERT %d. %s %s:\n", depth,
- bestCertName(node->cert),
- depth ? "[Certificate Authority]": "");
- if (verbose) {
- const char * emailAddr;
- emailAddr = CERT_GetFirstEmailAddress(node->cert);
- if (emailAddr) {
- fprintf(outfile,"Email Address(es): ");
- do {
- fprintf(outfile, "%s\n", emailAddr);
- emailAddr = CERT_GetNextEmailAddress(node->cert,
- emailAddr);
- } while (emailAddr);
- }
- }
- }
- fprintf(outfile," ERROR %ld: %s\n", node->error,
- SECU_Strerror(node->error));
- errstr = NULL;
- switch (node->error) {
- case SEC_ERROR_INADEQUATE_KEY_USAGE:
- flags = (unsigned int)node->arg;
- switch (flags) {
- case KU_DIGITAL_SIGNATURE:
- errstr = "Cert cannot sign.";
- break;
- case KU_KEY_ENCIPHERMENT:
- errstr = "Cert cannot encrypt.";
- break;
- case KU_KEY_CERT_SIGN:
- errstr = "Cert cannot sign other certs.";
- break;
- default:
- errstr = "[unknown usage].";
- break;
- }
- case SEC_ERROR_INADEQUATE_CERT_TYPE:
- flags = (unsigned int)node->arg;
- switch (flags) {
- case NS_CERT_TYPE_SSL_CLIENT:
- case NS_CERT_TYPE_SSL_SERVER:
- errstr = "Cert cannot be used for SSL.";
- break;
- case NS_CERT_TYPE_SSL_CA:
- errstr = "Cert cannot be used as an SSL CA.";
- break;
- case NS_CERT_TYPE_EMAIL:
- errstr = "Cert cannot be used for SMIME.";
- break;
- case NS_CERT_TYPE_EMAIL_CA:
- errstr = "Cert cannot be used as an SMIME CA.";
- break;
- case NS_CERT_TYPE_OBJECT_SIGNING:
- errstr = "Cert cannot be used for object signing.";
- break;
- case NS_CERT_TYPE_OBJECT_SIGNING_CA:
- errstr = "Cert cannot be used as an object signing CA.";
- break;
- default:
- errstr = "[unknown usage].";
- break;
- }
- case SEC_ERROR_UNKNOWN_ISSUER:
- case SEC_ERROR_UNTRUSTED_ISSUER:
- case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
- errstr = node->cert->issuerName;
- break;
- default:
- break;
- }
- if (errstr) {
- fprintf(stderr," %s\n",errstr);
- }
- }
- }
-}
-
-void
-SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle,
- CERTCertificate *cert, PRBool checksig,
- SECCertificateUsage certUsage, void *pinArg, PRBool verbose)
-{
- SECU_printCertProblemsOnDate(outfile, handle, cert, checksig,
- certUsage, pinArg, verbose, PR_Now());
-}
-
-SECOidTag
-SECU_StringToSignatureAlgTag(const char *alg)
-{
- SECOidTag hashAlgTag = SEC_OID_UNKNOWN;
-
- if (alg) {
- if (!PL_strcmp(alg, "MD2")) {
- hashAlgTag = SEC_OID_MD2;
- } else if (!PL_strcmp(alg, "MD4")) {
- hashAlgTag = SEC_OID_MD4;
- } else if (!PL_strcmp(alg, "MD5")) {
- hashAlgTag = SEC_OID_MD5;
- } else if (!PL_strcmp(alg, "SHA1")) {
- hashAlgTag = SEC_OID_SHA1;
- } else if (!PL_strcmp(alg, "SHA256")) {
- hashAlgTag = SEC_OID_SHA256;
- } else if (!PL_strcmp(alg, "SHA384")) {
- hashAlgTag = SEC_OID_SHA384;
- } else if (!PL_strcmp(alg, "SHA512")) {
- hashAlgTag = SEC_OID_SHA512;
- }
- }
- return hashAlgTag;
-}
-
-
-SECStatus
-SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl, PRFileDesc *outFile,
- PRBool ascii, char *url)
-{
- PORT_Assert(derCrl != NULL);
- if (!derCrl) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- if (outFile != NULL) {
- if (ascii) {
- PR_fprintf(outFile, "%s\n%s\n%s\n", NS_CRL_HEADER,
- BTOA_DataToAscii(derCrl->data, derCrl->len),
- NS_CRL_TRAILER);
- } else {
- if (PR_Write(outFile, derCrl->data, derCrl->len) != derCrl->len) {
- return SECFailure;
- }
- }
- }
- if (slot) {
- CERTSignedCrl *newCrl = PK11_ImportCRL(slot, derCrl, url,
- SEC_CRL_TYPE, NULL, 0, NULL, 0);
- if (newCrl != NULL) {
- SEC_DestroyCrl(newCrl);
- return SECSuccess;
- }
- return SECFailure;
- }
- if (!outFile && !slot) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- return SECSuccess;
-}
-
-SECStatus
-SECU_SignAndEncodeCRL(CERTCertificate *issuer, CERTSignedCrl *signCrl,
- SECOidTag hashAlgTag, SignAndEncodeFuncExitStat *resCode)
-{
- SECItem der;
- SECKEYPrivateKey *caPrivateKey = NULL;
- SECStatus rv;
- PRArenaPool *arena;
- SECOidTag algID;
- void *dummy;
-
- PORT_Assert(issuer != NULL && signCrl != NULL);
- if (!issuer || !signCrl) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- arena = signCrl->arena;
-
- caPrivateKey = PK11_FindKeyByAnyCert(issuer, NULL);
- if (caPrivateKey == NULL) {
- *resCode = noKeyFound;
- return SECFailure;
- }
-
- algID = SEC_GetSignatureAlgorithmOidTag(caPrivateKey->keyType, hashAlgTag);
- if (algID == SEC_OID_UNKNOWN) {
- *resCode = noSignatureMatch;
- rv = SECFailure;
- goto done;
- }
-
- if (!signCrl->crl.signatureAlg.parameters.data) {
- rv = SECOID_SetAlgorithmID(arena, &signCrl->crl.signatureAlg, algID, 0);
- if (rv != SECSuccess) {
- *resCode = failToEncode;
- goto done;
- }
- }
-
- der.len = 0;
- der.data = NULL;
- dummy = SEC_ASN1EncodeItem(arena, &der, &signCrl->crl,
- SEC_ASN1_GET(CERT_CrlTemplate));
- if (!dummy) {
- *resCode = failToEncode;
- rv = SECFailure;
- goto done;
- }
-
- rv = SECU_DerSignDataCRL(arena, &signCrl->signatureWrap,
- der.data, der.len, caPrivateKey, algID);
- if (rv != SECSuccess) {
- *resCode = failToSign;
- goto done;
- }
-
- signCrl->derCrl = PORT_ArenaZNew(arena, SECItem);
- if (signCrl->derCrl == NULL) {
- *resCode = noMem;
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- rv = SECFailure;
- goto done;
- }
-
- signCrl->derCrl->len = 0;
- signCrl->derCrl->data = NULL;
- dummy = SEC_ASN1EncodeItem (arena, signCrl->derCrl, signCrl,
- SEC_ASN1_GET(CERT_SignedCrlTemplate));
- if (!dummy) {
- *resCode = failToEncode;
- rv = SECFailure;
- goto done;
- }
-
-done:
- if (caPrivateKey) {
- SECKEY_DestroyPrivateKey(caPrivateKey);
- }
- return rv;
-}
-
-
-
-SECStatus
-SECU_CopyCRL(PRArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl)
-{
- void *dummy;
- SECStatus rv = SECSuccess;
- SECItem der;
-
- PORT_Assert(destArena && srcCrl && destCrl);
- if (!destArena || !srcCrl || !destCrl) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
-
- der.len = 0;
- der.data = NULL;
- dummy = SEC_ASN1EncodeItem (destArena, &der, srcCrl,
- SEC_ASN1_GET(CERT_CrlTemplate));
- if (!dummy) {
- return SECFailure;
- }
-
- rv = SEC_QuickDERDecodeItem(destArena, destCrl,
- SEC_ASN1_GET(CERT_CrlTemplate), &der);
- if (rv != SECSuccess) {
- return SECFailure;
- }
-
- destCrl->arena = destArena;
-
- return rv;
-}
-
-SECStatus
-SECU_DerSignDataCRL(PRArenaPool *arena, CERTSignedData *sd,
- unsigned char *buf, int len, SECKEYPrivateKey *pk,
- SECOidTag algID)
-{
- SECItem it;
- SECStatus rv;
-
- it.data = 0;
-
- /* XXX We should probably have some asserts here to make sure the key type
- * and algID match
- */
-
- /* Sign input buffer */
- rv = SEC_SignData(&it, buf, len, pk, algID);
- if (rv) goto loser;
-
- /* Fill out SignedData object */
- PORT_Memset(sd, 0, sizeof(sd));
- sd->data.data = buf;
- sd->data.len = len;
- sd->signature.data = it.data;
- sd->signature.len = it.len << 3; /* convert to bit string */
- if (!sd->signatureAlgorithm.parameters.data) {
- rv = SECOID_SetAlgorithmID(arena, &sd->signatureAlgorithm, algID, 0);
- if (rv) goto loser;
- }
-
- return rv;
-
- loser:
- PORT_Free(it.data);
- return rv;
-}
-
-#if 0
-
-/* we need access to the private function cert_FindExtension for this code to work */
-
-CERTAuthKeyID *
-SECU_FindCRLAuthKeyIDExten (PRArenaPool *arena, CERTSignedCrl *scrl)
-{
- SECItem encodedExtenValue;
- SECStatus rv;
- CERTAuthKeyID *ret;
- CERTCrl* crl;
-
- if (!scrl) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
- }
-
- crl = &scrl->crl;
-
- encodedExtenValue.data = NULL;
- encodedExtenValue.len = 0;
-
- rv = cert_FindExtension(crl->extensions, SEC_OID_X509_AUTH_KEY_ID,
- &encodedExtenValue);
- if ( rv != SECSuccess ) {
- return (NULL);
- }
-
- ret = CERT_DecodeAuthKeyID (arena, &encodedExtenValue);
-
- PORT_Free(encodedExtenValue.data);
- encodedExtenValue.data = NULL;
-
- return(ret);
-}
-
-#endif
-
-/*
- * Find the issuer of a Crl. Use the authorityKeyID if it exists.
- */
-CERTCertificate *
-SECU_FindCrlIssuer(CERTCertDBHandle *dbhandle, SECItem* subject,
- CERTAuthKeyID* authorityKeyID, PRTime validTime)
-{
- CERTCertificate *issuerCert = NULL;
- CERTCertList *certList = NULL;
-
- if (!subject) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
- }
-
- certList =
- CERT_CreateSubjectCertList(NULL, dbhandle, subject,
- validTime, PR_TRUE);
- if (certList) {
- CERTCertListNode *node = CERT_LIST_HEAD(certList);
-
- /* XXX and authoritykeyid in the future */
- while ( ! CERT_LIST_END(node, certList) ) {
- CERTCertificate *cert = node->cert;
- /* check cert CERTCertTrust data is allocated, check cert
- usage extension, check that cert has pkey in db. Select
- the first (newest) user cert */
- if (cert->trust &&
- CERT_CheckCertUsage(cert, KU_CRL_SIGN) == SECSuccess &&
- CERT_IsUserCert(cert)) {
-
- issuerCert = CERT_DupCertificate(cert);
- break;
- }
- node = CERT_LIST_NEXT(node);
- }
- CERT_DestroyCertList(certList);
- }
- return(issuerCert);
-}
-
-
-/* Encodes and adds extensions to the CRL or CRL entries. */
-SECStatus
-SECU_EncodeAndAddExtensionValue(PRArenaPool *arena, void *extHandle,
- void *value, PRBool criticality, int extenType,
- EXTEN_EXT_VALUE_ENCODER EncodeValueFn)
-{
- SECItem encodedValue;
- SECStatus rv;
-
- encodedValue.data = NULL;
- encodedValue.len = 0;
- do {
- rv = (*EncodeValueFn)(arena, value, &encodedValue);
- if (rv != SECSuccess)
- break;
-
- rv = CERT_AddExtension(extHandle, extenType, &encodedValue,
- criticality, PR_TRUE);
- if (rv != SECSuccess)
- break;
- } while (0);
-
- return (rv);
-}
-
-/* Caller ensures that dst is at least item->len*2+1 bytes long */
-void
-SECU_SECItemToHex(const SECItem * item, char * dst)
-{
- if (dst && item && item->data) {
- unsigned char * src = item->data;
- unsigned int len = item->len;
- for (; len > 0; --len, dst += 2) {
- sprintf(dst, "%02x", *src++);
- }
- *dst = '\0';
- }
-}
-
-static unsigned char nibble(char c) {
- c = PORT_Tolower(c);
- return ( c >= '0' && c <= '9') ? c - '0' :
- ( c >= 'a' && c <= 'f') ? c - 'a' +10 : -1;
-}
-
-SECStatus
-SECU_SECItemHexStringToBinary(SECItem* srcdest)
-{
- int i;
-
- if (!srcdest) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- if (srcdest->len < 4 || (srcdest->len % 2) ) {
- /* too short to convert, or even number of characters */
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- if (PORT_Strncasecmp((const char*)srcdest->data, "0x", 2)) {
- /* wrong prefix */
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
-
- /* 1st pass to check for hex characters */
- for (i=2; i<srcdest->len; i++) {
- char c = PORT_Tolower(srcdest->data[i]);
- if (! ( ( c >= '0' && c <= '9') ||
- ( c >= 'a' && c <= 'f')
- ) ) {
- PORT_SetError(SEC_ERROR_BAD_DATA);
- return SECFailure;
- }
- }
-
- /* 2nd pass to convert */
- for (i=2; i<srcdest->len; i+=2) {
- srcdest->data[(i-2)/2] = (nibble(srcdest->data[i]) << 4) +
- nibble(srcdest->data[i+1]);
- }
-
- /* adjust length */
- srcdest->len -= 2;
- srcdest->len /= 2;
- return SECSuccess;
-}
-
diff --git a/security/nss/cmd/lib/secutil.h b/security/nss/cmd/lib/secutil.h
deleted file mode 100644
index 116f66a69..000000000
--- a/security/nss/cmd/lib/secutil.h
+++ /dev/null
@@ -1,460 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-#ifndef _SEC_UTIL_H_
-#define _SEC_UTIL_H_
-
-#include "seccomon.h"
-#include "secitem.h"
-#include "prerror.h"
-#include "base64.h"
-#include "key.h"
-#include "secpkcs7.h"
-#include "secasn1.h"
-#include "secder.h"
-#include <stdio.h>
-
-#define SEC_CT_PRIVATE_KEY "private-key"
-#define SEC_CT_PUBLIC_KEY "public-key"
-#define SEC_CT_CERTIFICATE "certificate"
-#define SEC_CT_CERTIFICATE_REQUEST "certificate-request"
-#define SEC_CT_PKCS7 "pkcs7"
-#define SEC_CT_CRL "crl"
-
-#define NS_CERTREQ_HEADER "-----BEGIN NEW CERTIFICATE REQUEST-----"
-#define NS_CERTREQ_TRAILER "-----END NEW CERTIFICATE REQUEST-----"
-
-#define NS_CERT_HEADER "-----BEGIN CERTIFICATE-----"
-#define NS_CERT_TRAILER "-----END CERTIFICATE-----"
-
-#define NS_CRL_HEADER "-----BEGIN CRL-----"
-#define NS_CRL_TRAILER "-----END CRL-----"
-
-#ifdef SECUTIL_NEW
-typedef int (*SECU_PPFunc)(PRFileDesc *out, SECItem *item,
- char *msg, int level);
-#else
-typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level);
-#endif
-
-typedef struct {
- enum {
- PW_NONE = 0,
- PW_FROMFILE = 1,
- PW_PLAINTEXT = 2,
- PW_EXTERNAL = 3
- } source;
- char *data;
-} secuPWData;
-
-/*
-** Change a password on a token, or initialize a token with a password
-** if it does not already have one.
-** Use passwd to send the password in plaintext, pwFile to specify a
-** file containing the password, or NULL for both to prompt the user.
-*/
-SECStatus SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile);
-
-/*
-** Change a password on a token, or initialize a token with a password
-** if it does not already have one.
-** In this function, you can specify both the old and new passwords
-** as either a string or file. NOTE: any you don't specify will
-** be prompted for
-*/
-SECStatus SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass,
- char *oldPwFile, char *newPwFile);
-
-/* These were stolen from the old sec.h... */
-/*
-** Check a password for legitimacy. Passwords must be at least 8
-** characters long and contain one non-alphabetic. Return DSTrue if the
-** password is ok, DSFalse otherwise.
-*/
-extern PRBool SEC_CheckPassword(char *password);
-
-/*
-** Blind check of a password. Complement to SEC_CheckPassword which
-** ignores length and content type, just retuning DSTrue is the password
-** exists, DSFalse if NULL
-*/
-extern PRBool SEC_BlindCheckPassword(char *password);
-
-/*
-** Get a password.
-** First prompt with "msg" on "out", then read the password from "in".
-** The password is then checked using "chkpw".
-*/
-extern char *SEC_GetPassword(FILE *in, FILE *out, char *msg,
- PRBool (*chkpw)(char *));
-
-char *SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg);
-
-char *SECU_GetPasswordString(void *arg, char *prompt);
-
-/*
-** Write a dongle password.
-** Uses MD5 to hash constant system data (hostname, etc.), and then
-** creates RC4 key to encrypt a password "pw" into a file "fd".
-*/
-extern SECStatus SEC_WriteDongleFile(int fd, char *pw);
-
-/*
-** Get a dongle password.
-** Uses MD5 to hash constant system data (hostname, etc.), and then
-** creates RC4 key to decrypt and return a password from file "fd".
-*/
-extern char *SEC_ReadDongleFile(int fd);
-
-
-/* End stolen headers */
-
-/* Just sticks the two strings together with a / if needed */
-char *SECU_AppendFilenameToDir(char *dir, char *filename);
-
-/* Returns result of getenv("SSL_DIR") or NULL */
-extern char *SECU_DefaultSSLDir(void);
-
-/*
-** Should be called once during initialization to set the default
-** directory for looking for cert.db, key.db, and cert-nameidx.db files
-** Removes trailing '/' in 'base'
-** If 'base' is NULL, defaults to set to .netscape in home directory.
-*/
-extern char *SECU_ConfigDirectory(const char* base);
-
-/*
-** Basic callback function for SSL_GetClientAuthDataHook
-*/
-extern int
-SECU_GetClientAuthData(void *arg, PRFileDesc *fd,
- struct CERTDistNamesStr *caNames,
- struct CERTCertificateStr **pRetCert,
- struct SECKEYPrivateKeyStr **pRetKey);
-
-/* print out an error message */
-extern void SECU_PrintError(char *progName, char *msg, ...);
-
-/* print out a system error message */
-extern void SECU_PrintSystemError(char *progName, char *msg, ...);
-
-/* Return informative error string */
-extern const char * SECU_Strerror(PRErrorCode errNum);
-
-/* revalidate the cert and print information about cert verification
- * failure at time == now */
-extern void
-SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle,
- CERTCertificate *cert, PRBool checksig,
- SECCertificateUsage certUsage, void *pinArg, PRBool verbose);
-
-/* revalidate the cert and print information about cert verification
- * failure at specified time */
-extern void
-SECU_printCertProblemsOnDate(FILE *outfile, CERTCertDBHandle *handle,
- CERTCertificate *cert, PRBool checksig, SECCertificateUsage certUsage,
- void *pinArg, PRBool verbose, PRTime datetime);
-
-/* print out CERTVerifyLog info. */
-extern void
-SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log,
- PRBool verbose);
-
-/* Read the contents of a file into a SECItem */
-extern SECStatus SECU_FileToItem(SECItem *dst, PRFileDesc *src);
-extern SECStatus SECU_TextFileToItem(SECItem *dst, PRFileDesc *src);
-
-/* Read in a DER from a file, may be ascii */
-extern SECStatus
-SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii);
-
-/* Indent based on "level" */
-extern void SECU_Indent(FILE *out, int level);
-
-/* Print integer value and hex */
-extern void SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level);
-
-/* Print ObjectIdentifier symbolically */
-extern SECOidTag SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level);
-
-/* Print AlgorithmIdentifier symbolically */
-extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m,
- int level);
-
-/* Print SECItem as hex */
-extern void SECU_PrintAsHex(FILE *out, SECItem *i, const char *m, int level);
-
-/* dump a buffer in hex and ASCII */
-extern void SECU_PrintBuf(FILE *out, const char *msg, const void *vp, int len);
-
-/*
- * Format and print the UTC Time "t". If the tag message "m" is not NULL,
- * do indent formatting based on "level" and add a newline afterward;
- * otherwise just print the formatted time string only.
- */
-extern void SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level);
-
-/*
- * Format and print the Generalized Time "t". If the tag message "m"
- * is not NULL, * do indent formatting based on "level" and add a newline
- * afterward; otherwise just print the formatted time string only.
- */
-extern void SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m,
- int level);
-
-/*
- * Format and print the UTC or Generalized Time "t". If the tag message
- * "m" is not NULL, do indent formatting based on "level" and add a newline
- * afterward; otherwise just print the formatted time string only.
- */
-extern void SECU_PrintTimeChoice(FILE *out, SECItem *t, char *m, int level);
-
-/* callback for listing certs through pkcs11 */
-extern SECStatus SECU_PrintCertNickname(CERTCertListNode* cert, void *data);
-
-/* Dump all certificate nicknames in a database */
-extern SECStatus
-SECU_PrintCertificateNames(CERTCertDBHandle *handle, PRFileDesc* out,
- PRBool sortByName, PRBool sortByTrust);
-
-/* See if nickname already in database. Return 1 true, 0 false, -1 error */
-int SECU_CheckCertNameExists(CERTCertDBHandle *handle, char *nickname);
-
-/* Dump contents of cert req */
-extern int SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m,
- int level);
-
-/* Dump contents of certificate */
-extern int SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level);
-
-/* print trust flags on a cert */
-extern void SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m,
- int level);
-
-/* Dump contents of an RSA public key */
-extern int SECU_PrintRSAPublicKey(FILE *out, SECItem *der, char *m, int level);
-
-extern int SECU_PrintSubjectPublicKeyInfo(FILE *out, SECItem *der, char *m,
- int level);
-
-#ifdef HAVE_EPV_TEMPLATE
-/* Dump contents of private key */
-extern int SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level);
-#endif
-
-/* Print the MD5 and SHA1 fingerprints of a cert */
-extern int SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m,
- int level);
-
-/* Pretty-print any PKCS7 thing */
-extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m,
- int level);
-
-/* Init PKCS11 stuff */
-extern SECStatus SECU_PKCS11Init(PRBool readOnly);
-
-/* Dump contents of signed data */
-extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m,
- int level, SECU_PPFunc inner);
-
-/* Print cert data and its trust flags */
-extern SECStatus SEC_PrintCertificateAndTrust(CERTCertificate *cert,
- const char *label,
- CERTCertTrust *trust);
-
-extern int SECU_PrintCrl(FILE *out, SECItem *der, char *m, int level);
-
-extern void
-SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level);
-
-extern void SECU_PrintString(FILE *out, SECItem *si, char *m, int level);
-extern void SECU_PrintAny(FILE *out, SECItem *i, char *m, int level);
-
-extern void SECU_PrintPolicy(FILE *out, SECItem *value, char *msg, int level);
-extern void SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value,
- char *msg, int level);
-
-extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
- char *msg, int level);
-
-extern void SECU_PrintName(FILE *out, CERTName *name, char *msg, int level);
-extern void SECU_PrintRDN(FILE *out, CERTRDN *rdn, char *msg, int level);
-
-#ifdef SECU_GetPassword
-/* Convert a High public Key to a Low public Key */
-extern SECKEYLowPublicKey *SECU_ConvHighToLow(SECKEYPublicKey *pubHighKey);
-#endif
-
-extern char *SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg);
-
-extern SECStatus DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw);
-extern void SEC_Init(void);
-
-extern char *SECU_SECModDBName(void);
-
-extern void SECU_PrintPRandOSError(char *progName);
-
-extern SECStatus SECU_RegisterDynamicOids(void);
-
-/* Identifies hash algorithm tag by its string representation. */
-extern SECOidTag SECU_StringToSignatureAlgTag(const char *alg);
-
-/* Store CRL in output file or pk11 db. Also
- * encodes with base64 and exports to file if ascii flag is set
- * and file is not NULL. */
-extern SECStatus SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl,
- PRFileDesc *outFile, PRBool ascii, char *url);
-
-
-/*
-** DER sign a single block of data using private key encryption and the
-** MD5 hashing algorithm. This routine first computes a digital signature
-** using SEC_SignData, then wraps it with an CERTSignedData and then der
-** encodes the result.
-** "arena" is the memory arena to use to allocate data from
-** "sd" returned CERTSignedData
-** "result" the final der encoded data (memory is allocated)
-** "buf" the input data to sign
-** "len" the amount of data to sign
-** "pk" the private key to encrypt with
-*/
-extern SECStatus SECU_DerSignDataCRL(PRArenaPool *arena, CERTSignedData *sd,
- unsigned char *buf, int len,
- SECKEYPrivateKey *pk, SECOidTag algID);
-
-typedef enum {
- noKeyFound = 1,
- noSignatureMatch = 2,
- failToEncode = 3,
- failToSign = 4,
- noMem = 5
-} SignAndEncodeFuncExitStat;
-
-extern SECStatus
-SECU_SignAndEncodeCRL(CERTCertificate *issuer, CERTSignedCrl *signCrl,
- SECOidTag hashAlgTag, SignAndEncodeFuncExitStat *resCode);
-
-extern SECStatus
-SECU_CopyCRL(PRArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl);
-
-/*
-** Finds the crl Authority Key Id extension. Returns NULL if no such extension
-** was found.
-*/
-CERTAuthKeyID *
-SECU_FindCRLAuthKeyIDExten (PRArenaPool *arena, CERTSignedCrl *crl);
-
-/*
- * Find the issuer of a crl. Cert usage should be checked before signing a crl.
- */
-CERTCertificate *
-SECU_FindCrlIssuer(CERTCertDBHandle *dbHandle, SECItem* subject,
- CERTAuthKeyID* id, PRTime validTime);
-
-
-/* call back function used in encoding of an extension. Called from
- * SECU_EncodeAndAddExtensionValue */
-typedef SECStatus (* EXTEN_EXT_VALUE_ENCODER) (PRArenaPool *extHandleArena,
- void *value, SECItem *encodedValue);
-
-/* Encodes and adds extensions to the CRL or CRL entries. */
-SECStatus
-SECU_EncodeAndAddExtensionValue(PRArenaPool *arena, void *extHandle,
- void *value, PRBool criticality, int extenType,
- EXTEN_EXT_VALUE_ENCODER EncodeValueFn);
-
-/* Caller ensures that dst is at least item->len*2+1 bytes long */
-void
-SECU_SECItemToHex(const SECItem * item, char * dst);
-
-/* Requires 0x prefix. Case-insensitive. Will do in-place replacement if
- * successful */
-SECStatus
-SECU_SECItemHexStringToBinary(SECItem* srcdest);
-
-/*
- *
- * Utilities for parsing security tools command lines
- *
- */
-
-/* A single command flag */
-typedef struct {
- char flag;
- PRBool needsArg;
- char *arg;
- PRBool activated;
- char *longform;
-} secuCommandFlag;
-
-/* A full array of command/option flags */
-typedef struct
-{
- int numCommands;
- int numOptions;
-
- secuCommandFlag *commands;
- secuCommandFlag *options;
-} secuCommand;
-
-/* fill the "arg" and "activated" fields for each flag */
-SECStatus
-SECU_ParseCommandLine(int argc, char **argv, char *progName,
- const secuCommand *cmd);
-char *
-SECU_GetOptionArg(const secuCommand *cmd, int optionNum);
-
-/*
- *
- * Error messaging
- *
- */
-
-/* Return informative error string */
-char *SECU_ErrorString(int16 err);
-
-/* Return informative error string. Does not call XP_GetString */
-char *SECU_ErrorStringRaw(int16 err);
-
-void printflags(char *trusts, unsigned int flags);
-
-#if !defined(XP_UNIX) && !defined(XP_OS2)
-extern int ffs(unsigned int i);
-#endif
-
-#include "secerr.h"
-#include "sslerr.h"
-
-#endif /* _SEC_UTIL_H_ */