diff options
Diffstat (limited to 'security/nss/cmd/shlibsign')
-rw-r--r-- | security/nss/cmd/shlibsign/Makefile | 110 | ||||
-rw-r--r-- | security/nss/cmd/shlibsign/mangle/Makefile | 75 | ||||
-rw-r--r-- | security/nss/cmd/shlibsign/mangle/mangle.c | 166 | ||||
-rw-r--r-- | security/nss/cmd/shlibsign/mangle/manifest.mn | 52 | ||||
-rw-r--r-- | security/nss/cmd/shlibsign/manifest.mn | 60 | ||||
-rw-r--r-- | security/nss/cmd/shlibsign/shlibsign.c | 427 | ||||
-rw-r--r-- | security/nss/cmd/shlibsign/sign.cmd | 19 | ||||
-rw-r--r-- | security/nss/cmd/shlibsign/sign.sh | 51 |
8 files changed, 960 insertions, 0 deletions
diff --git a/security/nss/cmd/shlibsign/Makefile b/security/nss/cmd/shlibsign/Makefile new file mode 100644 index 000000000..11b458de9 --- /dev/null +++ b/security/nss/cmd/shlibsign/Makefile @@ -0,0 +1,110 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include ../platlibs.mk + +# +# we really should have this driven from a list file made during the normal +# NSS build prodecure. +# +ifndef USE_64 +ifeq ($(OS_TARGET), HP-UX) + ifneq ($(OS_TEST), ia64) + LOADABLE_FREEBL= 1 + endif +endif +ifeq ($(OS_TARGET), SunOS) + ifeq ($(CPU_ARCH), sparc) + LOADABLE_FREEBL = 1 + endif +endif +endif + +ifdef LOADABLE_FREEBL + CHECKFILES += freebl_pure32_3.chk freebl_hybrid_3.chk +endif + +CHECKLOC=$(addprefix $(DIST)/lib/$(DLL_PREFIX), $(CHECKFILES)) + +MD_LIB_RELEASE_FILES = $(CHECKLOC) +ALL_TRASH += $(CHECKLOC) + + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + + +include ../platrules.mk + +%.chk: %.$(DLL_SUFFIX) +ifeq ($(OS_TARGET), OS2) + @cmd.exe /c sign.cmd $(DIST) $(OBJDIR) $(OS_TARGET) $< +else + @sh ./sign.sh $(DIST) $(OBJDIR) $(OS_TARGET) $< +endif + +libs install :: $(CHECKLOC) + diff --git a/security/nss/cmd/shlibsign/mangle/Makefile b/security/nss/cmd/shlibsign/mangle/Makefile new file mode 100644 index 000000000..7948a4328 --- /dev/null +++ b/security/nss/cmd/shlibsign/mangle/Makefile @@ -0,0 +1,75 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include ../../platlibs.mk + + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + + +include ../../platrules.mk + diff --git a/security/nss/cmd/shlibsign/mangle/mangle.c b/security/nss/cmd/shlibsign/mangle/mangle.c new file mode 100644 index 000000000..7ff34b5e6 --- /dev/null +++ b/security/nss/cmd/shlibsign/mangle/mangle.c @@ -0,0 +1,166 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2003 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +/* + * Test program to mangle 1 bit in a binary + * + * $Id$ + */ + +#include "nspr.h" +#include "plstr.h" +#include "plgetopt.h" +#include "prio.h" + +static PRFileDesc *pr_stderr; +static void +usage (char *program_name) +{ + + PR_fprintf (pr_stderr, "Usage:"); + PR_fprintf (pr_stderr, "%s -i shared_library_name -o byte_offset -b bit\n", program_name); +} + + +int +main (int argc, char **argv) +{ + /* buffers and locals */ + PLOptState *optstate; + char *programName; + char cbuf; + + /* parameter set variables */ + const char *libFile = NULL; + int offset = -1; + int bitOffset = -1; + + /* return values */ + int retval = 2; /* 0 - test succeeded. + * 1 - illegal args + * 2 - function failed */ + PRFileDesc *fd; + int bytesRead; + int bytesWritten; + int pos; + + programName = PL_strrchr(argv[0], '/'); + programName = programName ? (programName + 1) : argv[0]; + + pr_stderr = PR_STDERR; + + optstate = PL_CreateOptState (argc, argv, "i:o:b:"); + if (optstate == NULL) { + return 1; + } + + while (PL_GetNextOpt (optstate) == PL_OPT_OK) { + switch (optstate->option) { + case 'i': + libFile = optstate->value; + break; + + case 'o': + offset = atoi(optstate->value); + break; + + case 'b': + bitOffset = atoi(optstate->value); + break; + } + } + + if (libFile == NULL) { + usage(programName); + return 1; + } + if ((bitOffset >= 8) || (bitOffset < 0)) { + usage(programName); + return 1; + } + + if (offset < 0) { + usage(programName); + return 1; + } + + /* open the target signature file */ + fd = PR_OpenFile(libFile,PR_RDWR,0666); + if (fd == NULL ) { + /* lperror(libFile); */ + PR_fprintf(pr_stderr,"Couldn't Open %s\n",libFile); + goto loser; + } + + /* read the byte */ + pos = PR_Seek(fd, offset, PR_SEEK_SET); + if (pos != offset) { + PR_fprintf(pr_stderr,"Seek for read on %s (to %d) failed\n", libFile, offset); + goto loser; + } + bytesRead = PR_Read(fd, &cbuf, 1); + if (bytesRead != 1) { + PR_fprintf(pr_stderr,"Read on %s (to %d) failed\n", libFile, offset); + goto loser; + } + + PR_fprintf(pr_stderr,"Changing byte 0x%08x (%d): from %02x (%d) to ", + offset, offset, (unsigned char)cbuf, (unsigned char)cbuf); + /* change it */ + cbuf ^= 1 << bitOffset; + PR_fprintf(pr_stderr,"%02x (%d)\n", ( + unsigned char)cbuf, (unsigned char)cbuf); + + /* write it back out */ + pos = PR_Seek(fd, offset, PR_SEEK_SET); + if (pos != offset) { + PR_fprintf(pr_stderr,"Seek for write on %s (to %d) failed\n", libFile, offset); + goto loser; + } + bytesWritten = PR_Write(fd, &cbuf, 1); + if (bytesWritten != 1) { + PR_fprintf(pr_stderr,"Write on %s (to %d) failed\n", libFile, offset); + goto loser; + } + + PR_Close(fd); + retval = 0; + + +loser: + + PR_Cleanup (); + return retval; +} + +/*#DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" */ diff --git a/security/nss/cmd/shlibsign/mangle/manifest.mn b/security/nss/cmd/shlibsign/mangle/manifest.mn new file mode 100644 index 000000000..d850921f0 --- /dev/null +++ b/security/nss/cmd/shlibsign/mangle/manifest.mn @@ -0,0 +1,52 @@ +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +CORE_DEPTH = ../../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" + +CSRCS = \ + mangle.c \ + $(NULL) + + +# headers for the MODULE (defined above) are implicitly required. +REQUIRES = + +PROGRAM = mangle + +USE_STATIC_LIBS = 1 + diff --git a/security/nss/cmd/shlibsign/manifest.mn b/security/nss/cmd/shlibsign/manifest.mn new file mode 100644 index 000000000..40cdeeff1 --- /dev/null +++ b/security/nss/cmd/shlibsign/manifest.mn @@ -0,0 +1,60 @@ +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +CORE_DEPTH = ../../.. + +# MODULE public and private header directories are implicitly REQUIRED. +MODULE = nss + +DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" + +CSRCS = \ + shlibsign.c \ + $(NULL) + +CHECKFILES = softokn3.chk + +# headers for the MODULE (defined above) are implicitly required. +REQUIRES = dbm seccmd + +# WINNT uses EXTRA_LIBS as the list of libs to link in. +# Unix uses OS_LIBS for that purpose. +# We can solve this via conditional makefile code, but +# can't do this in manifest.mn because OS_ARCH isn't defined there. +# So, look in the local Makefile for the defines for the list of libs. + +PROGRAM = shlibsign + +DIRS = mangle + +#USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/shlibsign/shlibsign.c b/security/nss/cmd/shlibsign/shlibsign.c new file mode 100644 index 000000000..6d4af89b4 --- /dev/null +++ b/security/nss/cmd/shlibsign/shlibsign.c @@ -0,0 +1,427 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +/* + * Test program for SDR (Secret Decoder Ring) functions. + * + * $Id$ + */ + +#ifdef XP_UNIX +#define USES_LINKS 1 +#endif + +#include "nspr.h" +#include <stdio.h> +#include "nss.h" +#include "secutil.h" +#include "cert.h" +#include "pk11func.h" + +#include "plgetopt.h" +#include "pk11sdr.h" +#include "secrng.h" +#include "shsign.h" +#include "pk11pqg.h" + +#ifdef USES_LINKS +#include <unistd.h> +#include <sys/param.h> +#include <sys/types.h> +#include <sys/stat.h> +#endif + +static void +usage (char *program_name) +{ + PRFileDesc *pr_stderr; + + pr_stderr = PR_STDERR; + PR_fprintf (pr_stderr, "Usage:"); + PR_fprintf (pr_stderr, "%s [-v] -i shared_library_name\n", program_name); +} + +static char * +mkoutput(const char *input) +{ + int in_len = PORT_Strlen(input); + char *output = PORT_Alloc(in_len+sizeof(SGN_SUFFIX)); + int index = in_len + 1 - sizeof("."SHLIB_SUFFIX); + + if ((index > 0) && + (PORT_Strncmp(&input[index], + "."SHLIB_SUFFIX,sizeof("."SHLIB_SUFFIX)) == 0)) { + in_len = index; + } + PORT_Memcpy(output,input,in_len); + PORT_Memcpy(&output[in_len],SGN_SUFFIX,sizeof(SGN_SUFFIX)); + return output; +} + + +static void +lperror(const char *string) +{ + int errNum = PORT_GetError(); + const char *error = SECU_Strerror(errNum); + fprintf(stderr,"%s: %s\n",string, error); +} + +static void +encodeInt(unsigned char *buf, int val) +{ + buf[3] = (val >> 0) & 0xff; + buf[2] = (val >> 8) & 0xff; + buf[1] = (val >> 16) & 0xff; + buf[0] = (val >> 24) & 0xff; + return; +} + +static SECStatus +writeItem(PRFileDesc *fd, SECItem *item, char *file) +{ + unsigned char buf[4]; + int bytesWritten; + + encodeInt(buf,item->len); + bytesWritten = PR_Write(fd,buf, 4); + if (bytesWritten != 4) { + lperror(file); + return SECFailure; + } + bytesWritten = PR_Write(fd, item->data, item->len); + if (bytesWritten != item->len) { + lperror(file); + return SECFailure; + } + return SECSuccess; +} + + +int +main (int argc, char **argv) +{ + int retval = 1; /* 0 - test succeeded. 1 - test failed */ + SECStatus rv; + PLOptState *optstate; + char *program_name; + const char *input_file = NULL; /* read encrypted data from here (or create) */ + char *output_file = NULL; /* write new encrypted data here */ + PRBool verbose = PR_FALSE; + SECKEYPrivateKey *privk = NULL; + SECKEYPublicKey *pubk = NULL; + PK11SlotInfo *slot = NULL; + PRFileDesc *fd; + int bytesRead; + int bytesWritten; + unsigned char file_buf[512]; + unsigned char hash_buf[SHA1_LENGTH]; + unsigned char sign_buf[40]; /* DSA_LENGTH */ + SECItem hash,sign; + PK11Context *hashcx = NULL; + int ks, count=0; + int keySize = 1024; + PQGParams *pqgParams = NULL; + PQGVerify *pqgVerify = NULL; +#ifdef USES_LINKS + int ret; + struct stat stat_buf; + char link_buf[MAXPATHLEN+1]; + char *link_file = NULL; +#endif + + hash.len = sizeof(hash_buf); hash.data = hash_buf; + sign.len = sizeof(sign_buf); sign.data = sign_buf; + + program_name = PL_strrchr(argv[0], '/'); + program_name = program_name ? (program_name + 1) : argv[0]; + + optstate = PL_CreateOptState (argc, argv, "d:i:o:v"); + if (optstate == NULL) { + SECU_PrintError (program_name, "PL_CreateOptState failed"); + return 1; + } + + while (PL_GetNextOpt (optstate) == PL_OPT_OK) { + switch (optstate->option) { +#ifdef notdef + case '?': + short_usage (program_name); + return 0; + + case 'H': + long_usage (program_name); + return 0; +#endif + + case 'd': + SECU_ConfigDirectory(optstate->value); + break; + + case 'i': + input_file = optstate->value; + break; + + case 'o': + output_file = PORT_Strdup(optstate->value); + break; + + case 'v': + verbose = PR_TRUE; + break; + } + } + + if (input_file == NULL) { + usage(program_name); + return 1; + } + + /* + * Initialize the Security libraries. + */ + PK11_SetPasswordFunc(SECU_GetModulePassword); + + rv = NSS_Init(SECU_ConfigDirectory(NULL)); + if (rv != SECSuccess) { + rv = NSS_NoDB_Init(""); + } + if (rv != SECSuccess) { + lperror("NSS_Init failed"); + goto prdone; + } + + /* Generate a DSA Key pair */ + slot = PK11_GetBestSlot(CKM_DSA,NULL); + if (slot == NULL) { + lperror("CKM_DSA"); + goto loser; + + } + printf("Generating DSA Key Pair...."); fflush(stdout); + ks = PQG_PBITS_TO_INDEX(keySize); + rv = PK11_PQG_ParamGen(ks,&pqgParams, &pqgVerify); + if (rv != SECSuccess) { + lperror("Generating PQG Params"); + goto loser; + } + privk = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, &pubk, + PR_FALSE, PR_TRUE, NULL); + if (privk == NULL) { + lperror("Generating DSA Key"); + goto loser; + } + + printf("done\n"); + + /* open the shared library */ + fd = PR_OpenFile(input_file,PR_RDONLY,0); + if (fd == NULL ) { + lperror(input_file); + goto loser; + } +#ifdef USES_LINKS + ret = lstat(input_file, &stat_buf); + if (ret < 0) { + perror(input_file); + goto loser; + } + if (S_ISLNK(stat_buf.st_mode)) { + char *dirpath,*dirend; + ret = readlink(input_file, link_buf, sizeof(link_buf) - 1); + if (ret < 0) { + perror(input_file); + goto loser; + } + link_buf[ret] = 0; + link_file = mkoutput(input_file); + /* get the dirname of input_file */ + dirpath = PORT_Strdup(input_file); + dirend = PORT_Strrchr(dirpath, '/'); + if (dirend) { + *dirend = '\0'; + ret = chdir(dirpath); + if (ret < 0) { + perror(dirpath); + goto loser; + } + } + PORT_Free(dirpath); + input_file = link_buf; + /* get the basename of link_file */ + dirend = PORT_Strrchr(link_file, '/'); + if (dirend) { + link_file = dirend + 1; + } + } +#endif + if (output_file == NULL) { + output_file = mkoutput(input_file); + } + + hashcx = PK11_CreateDigestContext(SEC_OID_SHA1); + if (hashcx == NULL) { + lperror("SHA1 Digest Create"); + goto loser; + } + + /* hash the file */ + while ((bytesRead = PR_Read(fd,file_buf,sizeof(file_buf))) > 0) { + PK11_DigestOp(hashcx,file_buf,bytesRead); + count += bytesRead; + } + + PR_Close(fd); + fd = NULL; + if (bytesRead < 0) { + lperror(input_file); + goto loser; + } + + + PK11_DigestFinal(hashcx, hash.data, &hash.len, hash.len); + + if (hash.len != SHA1_LENGTH) { + fprintf(stderr, "Digest length was not correct\n"); + goto loser; + } + + /* signe the hash */ + rv = PK11_Sign(privk,&sign,&hash); + if (rv != SECSuccess) { + lperror("Signing"); + goto loser; + } + + if (verbose) { + int i,j; + fprintf(stderr,"Library File: %s %d bytes\n",input_file, count); + fprintf(stderr,"Check File: %s\n",output_file); +#ifdef USES_LINKS + if (link_file) { + fprintf(stderr,"Link: %s\n",link_file); + } +#endif + fprintf(stderr," hash: %d bytes\n", hash.len); +#define STEP 10 + for (i=0; i < hash.len; i += STEP) { + fprintf(stderr," "); + for (j=0; j < STEP && (i+j) < hash.len; j++) { + fprintf(stderr," %02x", hash.data[i+j]); + } + fprintf(stderr,"\n"); + } + fprintf(stderr," signature: %d bytes\n", sign.len); + for (i=0; i < sign.len; i += STEP) { + fprintf(stderr," "); + for (j=0; j < STEP && (i+j) < sign.len; j++) { + fprintf(stderr," %02x", sign.data[i+j]); + } + fprintf(stderr,"\n"); + } + } + + /* open the target signature file */ + fd = PR_OpenFile(output_file,PR_WRONLY|PR_CREATE_FILE|PR_TRUNCATE,0666); + if (fd == NULL ) { + lperror(output_file); + goto loser; + } + + /* + * we write the key out in a straight binary format because very + * low level libraries need to read an parse this file. Ideally we should + * just derEncode the public key (which would be pretty simple, and be + * more general), but then we'd need to link the ASN.1 decoder with the + * freebl libraries. + */ + + file_buf[0] = NSS_SIGN_CHK_MAGIC1; + file_buf[1] = NSS_SIGN_CHK_MAGIC2; + file_buf[2] = NSS_SIGN_CHK_MAJOR_VERSION; + file_buf[3] = NSS_SIGN_CHK_MINOR_VERSION; + encodeInt(&file_buf[4],12); /* offset to data start */ + encodeInt(&file_buf[8],CKK_DSA); + bytesWritten = PR_Write(fd,file_buf, 12); + if (bytesWritten != 12) { + lperror(output_file); + goto loser; + } + + rv = writeItem(fd,&pubk->u.dsa.params.prime,output_file); + if (rv != SECSuccess) goto loser; + rv = writeItem(fd,&pubk->u.dsa.params.subPrime,output_file); + if (rv != SECSuccess) goto loser; + rv = writeItem(fd,&pubk->u.dsa.params.base,output_file); + if (rv != SECSuccess) goto loser; + rv = writeItem(fd,&pubk->u.dsa.publicValue,output_file); + if (rv != SECSuccess) goto loser; + rv = writeItem(fd,&sign,output_file); + if (rv != SECSuccess) goto loser; + + PR_Close(fd); + +#ifdef USES_LINKS + if (link_file) { + (void)unlink(link_file); + ret = symlink(output_file, link_file); + if (ret < 0) { + perror(link_file); + goto loser; + } + } +#endif + + retval = 0; + +loser: + if (hashcx) { + PK11_DestroyContext(hashcx, PR_TRUE); + } + if (privk) { + SECKEY_DestroyPrivateKey(privk); + } + if (pubk) { + SECKEY_DestroyPublicKey(pubk); + } + if (slot) { + PK11_FreeSlot(slot); + } + if (NSS_Shutdown() != SECSuccess) { + exit(1); + } + +prdone: + PR_Cleanup (); + return retval; +} diff --git a/security/nss/cmd/shlibsign/sign.cmd b/security/nss/cmd/shlibsign/sign.cmd new file mode 100644 index 000000000..612609de9 --- /dev/null +++ b/security/nss/cmd/shlibsign/sign.cmd @@ -0,0 +1,19 @@ +/* Equivalent to sign.sh for OS/2 */ +PARSE ARG dist objdir os_target therest +dist=forwardtoback(dist); +objdir=forwardtoback(objdir); +'echo 'dist +'echo 'objdir +'set BEGINLIBPATH='dist'\lib;%BEGINLIBPATH%' +'set LIBPATHSTRICT=T' +objdir'\shlibsign -v -i 'therest +exit + +forwardtoback: procedure + arg pathname + parse var pathname pathname'/'rest + do while (rest <> "") + pathname = pathname'\'rest + parse var pathname pathname'/'rest + end + return pathname diff --git a/security/nss/cmd/shlibsign/sign.sh b/security/nss/cmd/shlibsign/sign.sh new file mode 100644 index 000000000..9a5d79fc9 --- /dev/null +++ b/security/nss/cmd/shlibsign/sign.sh @@ -0,0 +1,51 @@ +#!/bin/sh +case "${3}" in +WIN*) + if echo "${PATH}" | grep -c \; >/dev/null; then + PATH=${PATH}\;${1}/bin\;${1}/lib + else + # ARG1 is ${1} with the drive letter escaped. + if echo "${1}" | grep -c : >/dev/null; then + ARG1=`(cd ${1}; pwd)` + else + ARG1=${1} + fi + PATH=${PATH}:${ARG1}/bin:${ARG1}/lib + fi + export PATH + echo ${2}/shlibsign -v -i ${4} + ${2}/shlibsign -v -i ${4} + ;; +OpenVMS) + temp="tmp$$.tmp" + temp2="tmp$$.tmp2" + cd ${1}/lib + vmsdir=`dcl show default` + ls *.so > $temp + sed -e "s/\([^\.]*\)\.so/\$ define\/job \1 ${vmsdir}\1.so/" $temp > $temp2 + echo '$ define/job getipnodebyname xxx' >> $temp2 + echo '$ define/job vms_null_dl_name sys$share:decc$shr' >> $temp2 + dcl @$temp2 + echo ${2}/shlibsign -v -i ${4} + ${2}/shlibsign -v -i ${4} + sed -e "s/\([^\.]*\)\.so/\$ deass\/job \1/" $temp > $temp2 + echo '$ deass/job getipnodebyname' >> $temp2 + echo '$ deass/job vms_null_dl_name' >> $temp2 + dcl @$temp2 + rm $temp $temp2 + ;; +*) + LIBPATH=`(cd ${1}/lib; pwd)`:$LIBPATH + export LIBPATH + SHLIB_PATH=${1}/lib:$SHLIB_PATH + export SHLIB_PATH + LD_LIBRARY_PATH=${1}/lib:$LD_LIBRARY_PATH + export LD_LIBRARY_PATH + DYLD_LIBRARY_PATH=${1}/lib:$DYLD_LIBRARY_PATH + export DYLD_LIBRARY_PATH + LIBRARY_PATH=${1}/lib:$LIBRARY_PATH + export LIBRARY_PATH + echo ${2}/shlibsign -v -i ${4} + ${2}/shlibsign -v -i ${4} + ;; +esac |