diff options
Diffstat (limited to 'security/nss/lib/nss')
-rw-r--r-- | security/nss/lib/nss/Makefile | 78 | ||||
-rw-r--r-- | security/nss/lib/nss/config.mk | 160 | ||||
-rw-r--r-- | security/nss/lib/nss/manifest.mn | 63 | ||||
-rw-r--r-- | security/nss/lib/nss/nss.def | 966 | ||||
-rw-r--r-- | security/nss/lib/nss/nss.h | 265 | ||||
-rw-r--r-- | security/nss/lib/nss/nss.rc | 100 | ||||
-rw-r--r-- | security/nss/lib/nss/nssinit.c | 973 | ||||
-rw-r--r-- | security/nss/lib/nss/nssrenam.h | 47 | ||||
-rw-r--r-- | security/nss/lib/nss/nssver.c | 56 | ||||
-rw-r--r-- | security/nss/lib/nss/pkixpriv.def | 318 | ||||
-rw-r--r-- | security/nss/lib/nss/utilwrap.c | 826 |
11 files changed, 3852 insertions, 0 deletions
diff --git a/security/nss/lib/nss/Makefile b/security/nss/lib/nss/Makefile new file mode 100644 index 000000000..a84a73705 --- /dev/null +++ b/security/nss/lib/nss/Makefile @@ -0,0 +1,78 @@ +#! gmake +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### +include config.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +export:: private_export diff --git a/security/nss/lib/nss/config.mk b/security/nss/lib/nss/config.mk new file mode 100644 index 000000000..195448df1 --- /dev/null +++ b/security/nss/lib/nss/config.mk @@ -0,0 +1,160 @@ +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +# +# Override TARGETS variable so that only static libraries +# are specifed as dependencies within rules.mk. +# + +# can't do this in manifest.mn because OS_TARGET isn't defined there. +ifeq (,$(filter-out WIN%,$(OS_TARGET))) + +# don't want the 32 in the shared library name +SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX) +IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX) + +RES = $(OBJDIR)/$(LIBRARY_NAME).res +RESNAME = $(LIBRARY_NAME).rc + +ifdef NS_USE_GCC +EXTRA_SHARED_LIBS += \ + -L$(DIST)/lib \ + -lnssutil3 \ + -L$(NSPR_LIB_DIR) \ + -lplc4 \ + -lplds4 \ + -lnspr4\ + $(NULL) +else # ! NS_USE_GCC +EXTRA_SHARED_LIBS += \ + $(DIST)/lib/nssutil3.lib \ + $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \ + $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \ + $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \ + $(NULL) +endif # NS_USE_GCC + +else + +# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS) +# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX. +EXTRA_SHARED_LIBS += \ + -L$(DIST)/lib \ + -lnssutil3 \ + -L$(NSPR_LIB_DIR) \ + -lplc4 \ + -lplds4 \ + -lnspr4 \ + $(NULL) + +endif + + +# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS) +SHARED_LIBRARY_LIBS = \ + $(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)certsel.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)checker.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)params.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)results.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)top.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)util.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)crlsel.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)store.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)pki.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)system.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)module.$(LIB_SUFFIX) \ + $(NULL) + +SHARED_LIBRARY_DIRS = \ + ../certhigh \ + ../cryptohi \ + ../pk11wrap \ + ../certdb \ + ../pki \ + ../dev \ + ../base \ + ../libpkix/pkix/certsel \ + ../libpkix/pkix/checker \ + ../libpkix/pkix/params \ + ../libpkix/pkix/results \ + ../libpkix/pkix/top \ + ../libpkix/pkix/util \ + ../libpkix/pkix/crlsel \ + ../libpkix/pkix/store \ + ../libpkix/pkix_pl_nss/pki \ + ../libpkix/pkix_pl_nss/system \ + ../libpkix/pkix_pl_nss/module \ + $(NULL) + +ifeq ($(OS_TARGET),SunOS) +ifeq ($(BUILD_SUN_PKG), 1) +# The -R '$ORIGIN' linker option instructs this library to search for its +# dependencies in the same directory where it resides. +ifeq ($(USE_64), 1) +MKSHLIB += -R '$$ORIGIN:/usr/lib/mps/secv1/64:/usr/lib/mps/64' +else +MKSHLIB += -R '$$ORIGIN:/usr/lib/mps/secv1:/usr/lib/mps' +endif +else +MKSHLIB += -R '$$ORIGIN' +endif +endif + +ifeq ($(OS_ARCH), HP-UX) +ifneq ($(OS_TEST), ia64) +# pa-risc +ifeq ($(USE_64), 1) +MKSHLIB += +b '$$ORIGIN' +endif +endif +endif + +ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET))) +ifndef NS_USE_GCC +# Export 'mktemp' to be backward compatible with NSS 3.2.x and 3.3.x +# but do not put it in the import library. See bug 142575. +DEFINES += -DWIN32_NSS3_DLL_COMPAT +DLLFLAGS += -EXPORT:mktemp=nss_mktemp,PRIVATE +endif +endif diff --git a/security/nss/lib/nss/manifest.mn b/security/nss/lib/nss/manifest.mn new file mode 100644 index 000000000..b3bbd97a2 --- /dev/null +++ b/security/nss/lib/nss/manifest.mn @@ -0,0 +1,63 @@ +# +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 1994-2000 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** +CORE_DEPTH = ../../.. + +PRIVATE_EXPORTS = \ + nssrenam.h \ + $(NULL) + +EXPORTS = \ + nss.h \ + $(NULL) + +MODULE = nss + +CSRCS = \ + nssinit.c \ + nssver.c \ + utilwrap.c \ + $(NULL) + +REQUIRES = dbm + +MAPFILE = $(OBJDIR)/nss.def + +LIBRARY_NAME = nss +LIBRARY_VERSION = 3 + +# This part of the code, including all sub-dirs, can be optimized for size +export ALLOW_OPT_CODE_SIZE = 1 diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def new file mode 100644 index 000000000..44edf672e --- /dev/null +++ b/security/nss/lib/nss/nss.def @@ -0,0 +1,966 @@ +;+# +;+# ***** BEGIN LICENSE BLOCK ***** +;+# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +;+# +;+# The contents of this file are subject to the Mozilla Public License Version +;+# 1.1 (the "License"); you may not use this file except in compliance with +;+# the License. You may obtain a copy of the License at +;+# http://www.mozilla.org/MPL/ +;+# +;+# Software distributed under the License is distributed on an "AS IS" basis, +;+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +;+# for the specific language governing rights and limitations under the +;+# License. +;+# +;+# The Original Code is the Netscape security libraries. +;+# +;+# The Initial Developer of the Original Code is +;+# Netscape Communications Corporation. +;+# Portions created by the Initial Developer are Copyright (C) 2000 +;+# the Initial Developer. All Rights Reserved. +;+# +;+# Contributor(s): +;+# Dr Stephen Henson <stephen.henson@gemplus.com> +;+# Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories +;+# +;+# Alternatively, the contents of this file may be used under the terms of +;+# either the GNU General Public License Version 2 or later (the "GPL"), or +;+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +;+# in which case the provisions of the GPL or the LGPL are applicable instead +;+# of those above. If you wish to allow use of your version of this file only +;+# under the terms of either the GPL or the LGPL, and not to allow others to +;+# use your version of this file under the terms of the MPL, indicate your +;+# decision by deleting the provisions above and replace them with the notice +;+# and other provisions required by the GPL or the LGPL. If you do not delete +;+# the provisions above, a recipient may use your version of this file under +;+# the terms of any one of the MPL, the GPL or the LGPL. +;+# +;+# ***** END LICENSE BLOCK ***** +;+# +;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS +;+# 1. For all unix platforms, the string ";-" means "remove this line" +;+# 2. For all unix platforms, the string " DATA " will be removed from any +;+# line on which it occurs. +;+# 3. Lines containing ";+" will have ";+" removed on SUN and LINUX. +;+# On AIX, lines containing ";+" will be removed. +;+# 4. For all unix platforms, the string ";;" will thave the ";;" removed. +;+# 5. For all unix platforms, after the above processing has taken place, +;+# all characters after the first ";" on the line will be removed. +;+# And for AIX, the first ";" will also be removed. +;+# This file is passed directly to windows. Since ';' is a comment, all UNIX +;+# directives are hidden behind ";", ";+", and ";-" +;+NSS_3.2 { # NSS 3.2 release +;+ global: +LIBRARY nss3 ;- +EXPORTS ;- +ATOB_AsciiToData; +BTOA_ConvertItemToAscii; +BTOA_DataToAscii; +CERT_AsciiToName; +CERT_CertTimesValid; +CERT_CheckCertValidTimes; +CERT_CreateCertificateRequest; +CERT_ChangeCertTrust; +CERT_DecodeDERCrl; +CERT_DestroyCertificateRequest; +CERT_DestroyCertList; +CERT_DestroyName; +CERT_EnableOCSPChecking; +CERT_FormatName; +CERT_DestroyCertificate; +CERT_DupCertificate; +CERT_FreeDistNames; +CERT_FreeNicknames; +CERT_GetAVATag; +CERT_GetCertEmailAddress; +CERT_GetCertNicknames; +CERT_GetCertIssuerAndSN; +CERT_GetCertTrust; +CERT_GetCertUid; +CERT_GetCommonName; +CERT_GetCountryName; +CERT_GetDBContentVersion; +CERT_GetDefaultCertDB; +CERT_GetDomainComponentName; +CERT_GetLocalityName; +CERT_GetOrgName; +CERT_GetOrgUnitName; +CERT_GetSSLCACerts; +CERT_GetSlopTime; +CERT_GetStateName; +CERT_ImportCAChain; +CERT_NameToAscii; +CERT_RFC1485_EscapeAndQuote; +CERT_SetSlopTime; +CERT_VerifyCertName; +CERT_VerifyCertNow; +DER_UTCDayToAscii; +DER_UTCTimeToAscii; +DER_GeneralizedTimeToTime; +NSS_Init; +NSS_Initialize; +NSS_InitReadWrite; +NSS_NoDB_Init; +NSS_Shutdown; +NSS_VersionCheck; +PK11_Authenticate; +PK11_ChangePW; +PK11_CheckUserPassword; +PK11_CipherOp; +PK11_CloneContext; +PK11_ConfigurePKCS11; +PK11_CreateContextBySymKey; +PK11_CreateDigestContext; +PK11_DestroyContext; +PK11_DestroyTokenObject; +PK11_DigestBegin; +PK11_DigestOp; +PK11_DigestFinal; +PK11_DoesMechanism; +PK11_FindCertFromNickname; +PK11_FindCertFromDERCert; +PK11_FindCertByIssuerAndSN; +PK11_FindKeyByAnyCert; +PK11_FindKeyByDERCert; +PK11_FindSlotByName; +PK11_Finalize; +PK11_FortezzaHasKEA; +PK11_FreeSlot; +PK11_FreeSlotList; +PK11_FreeSymKey; +PK11_GenerateKeyPair; +PK11_GenerateRandom; +PK11_GenerateNewParam; +PK11_GetAllTokens; +PK11_GetBlockSize; +PK11_GetFirstSafe; +PK11_GetInternalKeySlot; +PK11_GetInternalSlot; +PK11_GetSlotName; +PK11_GetTokenName; +PK11_HashBuf; +PK11_IsFIPS; +PK11_IsFriendly; +PK11_IsInternal; +PK11_IsHW; +PK11_IsPresent; +PK11_IsReadOnly; +PK11_KeyGen; +PK11_ListCerts; +PK11_NeedLogin; +PK11_RandomUpdate; +PK11_SetPasswordFunc; +PK11_SetSlotPWValues; +PORT_Alloc; +PORT_Free; +PORT_GetError; +PORT_SetError; +PORT_SetUCS4_UTF8ConversionFunction; +PORT_SetUCS2_UTF8ConversionFunction; +PORT_SetUCS2_ASCIIConversionFunction; +SECITEM_CopyItem; +SECITEM_DupItem; +SECITEM_FreeItem; +SECITEM_ZfreeItem; +SECKEY_ConvertToPublicKey; +SECKEY_CopyPrivateKey; +SECKEY_CreateSubjectPublicKeyInfo; +SECKEY_DestroyPrivateKey; +SECKEY_DestroySubjectPublicKeyInfo; +SECMOD_IsModulePresent; +SECOID_FindOIDTagDescription; +SECOID_GetAlgorithmTag; +SEC_DeletePermCertificate; +SEC_DeletePermCRL; +SEC_DerSignData; +SEC_DestroyCrl; +SEC_FindCrlByDERCert; +SEC_FindCrlByName; +SEC_LookupCrls; +SEC_NewCrl; +;+# +;+# The following symbols are exported only to make libssl3.so work. +;+# These are still private!!! +;+# +__CERT_NewTempCertificate; +__PK11_CreateContextByRawKey; +__PK11_GetKeyData; +__nss_InitLock; +CERT_CertChainFromCert; +CERT_DestroyCertificateList; +CERT_DupCertList; +CERT_ExtractPublicKey; +CERT_FindCertByName; +DER_Lengths; +DSAU_DecodeDerSig; +DSAU_EncodeDerSig; +HASH_GetHashObject; +NSSRWLock_Destroy; +NSSRWLock_HaveWriteLock; +NSSRWLock_LockRead; +NSSRWLock_LockWrite; +NSSRWLock_New; +NSSRWLock_UnlockRead; +NSSRWLock_UnlockWrite; +NSS_PutEnv; +PK11_Derive; +PK11_DeriveWithFlags; +PK11_DigestKey; +PK11_FindBestKEAMatch; +PK11_FindFixedKey; +PK11_GenerateFortezzaIV; +PK11_GetBestKeyLength; +PK11_GetBestSlot; +PK11_GetBestSlotMultiple; +PK11_GetBestWrapMechanism; +PK11_GetCurrentWrapIndex; +PK11_GetMechanism; +PK11_GetModuleID; +PK11_GetPrivateModulusLen; +PK11_GetSlotFromKey; +PK11_GetSlotFromPrivateKey; +PK11_GetSlotID; +PK11_GetSlotSeries; +PK11_GetTokenInfo; +PK11_GetWindow; +PK11_GetWrapKey; +PK11_IVFromParam; +PK11_MakeKEAPubKey; +PK11_ParamFromIV; +PK11_PubDecryptRaw; +PK11_PubDerive; +PK11_PubEncryptRaw; +PK11_PubUnwrapSymKey; +PK11_PubWrapSymKey; +PK11_ReferenceSymKey; +PK11_RestoreContext; +PK11_SaveContext; +PK11_SetFortezzaHack; +PK11_SetWrapKey; +PK11_Sign; +PK11_SignatureLen; +PK11_SymKeyFromHandle; +PK11_TokenExists; +PK11_UnwrapSymKey; +PK11_UnwrapSymKeyWithFlags; +PK11_Verify; +PK11_VerifyKeyOK; +PK11_WrapSymKey; +PORT_ArenaAlloc; +PORT_ArenaZAlloc; +PORT_FreeArena; +PORT_NewArena; +PORT_Realloc; +PORT_ZAlloc; +PORT_ZFree; +RSA_FormatBlock; +SECITEM_CompareItem; +SECKEY_CreateRSAPrivateKey; +SECKEY_DestroyPublicKey; +SECKEY_PublicKeyStrength; +SECKEY_UpdateCertPQG; +SECMOD_LookupSlot; +SGN_Begin; +SGN_DestroyContext; +SGN_End; +SGN_NewContext; +SGN_Update; +VFY_Begin; +VFY_CreateContext; +VFY_DestroyContext; +VFY_End; +VFY_Update; +;+# +;+# The following symbols are exported only to make libsmime3.so work. +;+# These are still private!!! +;+# +__CERT_ClosePermCertDB; +__CERT_DecodeDERCertificate; +__CERT_TraversePermCertsForNickname; +__CERT_TraversePermCertsForSubject; +__PBE_CreateContext; +__PBE_DestroyContext; +__PBE_GenerateBits; +ATOB_ConvertAsciiToItem; +CERT_AddCertToListTail; +CERT_CertListFromCert; +CERT_DestroyCertArray; +CERT_FindCertByDERCert; +CERT_FindCertByIssuerAndSN; +CERT_FindSMimeProfile; +CERT_ImportCerts; +CERT_NewCertList; +CERT_OpenCertDBFilename; +CERT_SaveSMimeProfile; +CERT_VerifyCert; +DER_GetInteger; +DER_TimeToUTCTime; +DER_UTCTimeToTime; +PK11_AlgtagToMechanism; +PK11_BlockData; +PK11_CreatePBEAlgorithmID; +PK11_DestroyObject; +PK11_ExportEncryptedPrivateKeyInfo; +PK11_ExportPrivateKeyInfo; +PK11_FindCertAndKeyByRecipientList; +PK11_FindCertAndKeyByRecipientListNew; +PK11_FindCertInSlot; +PK11_FindPrivateKeyFromCert; +PK11_FortezzaMapSig; +PK11_GetKeyLength; +PK11_GetKeyStrength; +PK11_ImportCertForKeyToSlot; +PK11_ImportEncryptedPrivateKeyInfo; +PK11_ImportPrivateKeyInfo; +PK11_MapPBEMechanismToCryptoMechanism; +PK11_PBEKeyGen; +PK11_ParamFromAlgid; +PK11_ParamToAlgid; +PK11_TraverseCertsForNicknameInSlot; +PK11_TraverseCertsForSubjectInSlot; +PORT_ArenaGrow; +PORT_ArenaMark; +PORT_ArenaRelease; +PORT_ArenaStrdup; +PORT_ArenaUnmark; +PORT_UCS2_ASCIIConversion; +PORT_UCS2_UTF8Conversion; +SECITEM_AllocItem; +SECKEY_CopyEncryptedPrivateKeyInfo; +SECKEY_CopyPrivateKeyInfo; +SECKEY_DestroyEncryptedPrivateKeyInfo; +SECKEY_DestroyPrivateKeyInfo; +SECOID_CompareAlgorithmID; +SECOID_CopyAlgorithmID; +SECOID_DestroyAlgorithmID; +SECOID_FindOID; +SECOID_FindOIDByTag; +SECOID_FindOIDTag; +SECOID_SetAlgorithmID; +SEC_ASN1DecodeInteger; +SEC_ASN1DecodeItem; +SEC_ASN1DecoderClearFilterProc; +SEC_ASN1DecoderClearNotifyProc; +SEC_ASN1DecoderFinish; +SEC_ASN1DecoderSetFilterProc; +SEC_ASN1DecoderSetNotifyProc; +SEC_ASN1DecoderStart; +SEC_ASN1DecoderUpdate; +SEC_ASN1Encode; +SEC_ASN1EncodeInteger; +SEC_ASN1EncodeItem; +SEC_ASN1EncoderClearNotifyProc; +SEC_ASN1EncoderClearStreaming; +SEC_ASN1EncoderClearTakeFromBuf; +SEC_ASN1EncoderFinish; +SEC_ASN1EncoderSetNotifyProc; +SEC_ASN1EncoderSetStreaming; +SEC_ASN1EncoderSetTakeFromBuf; +SEC_ASN1EncoderStart; +SEC_ASN1EncoderUpdate; +SEC_ASN1LengthLength; +SEC_PKCS5GetCryptoAlgorithm; +SEC_PKCS5GetKeyLength; +SEC_PKCS5GetPBEAlgorithm; +SEC_PKCS5IsAlgorithmPBEAlg; +SEC_SignData; +SGN_CompareDigestInfo; +SGN_CopyDigestInfo; +SGN_CreateDigestInfo; +SGN_DestroyDigestInfo; +SGN_Digest; +VFY_VerifyData; +VFY_VerifyDigest; +;+# +;+# Data objects +;+# +;+# Don't export these DATA symbols on Windows because they don't work right. +;+# Use the SEC_ASN1_GET / SEC_ASN1_SUB / SEC_ASN1_XTRN macros to access them. +;;CERT_CrlTemplate DATA ; +;;CERT_SignedDataTemplate DATA ; +;;CERT_CertificateTemplate DATA ; +;;CERT_CertificateRequestTemplate DATA ; +;;CERT_IssuerAndSNTemplate DATA ; +;;CERT_SetOfSignedCrlTemplate DATA ; +;;SECKEY_DSAPublicKeyTemplate DATA ; +;;SECKEY_EncryptedPrivateKeyInfoTemplate DATA ; +;;SECKEY_PointerToEncryptedPrivateKeyInfoTemplate DATA ; +;;SECKEY_PointerToPrivateKeyInfoTemplate DATA ; +;;SECKEY_PrivateKeyInfoTemplate DATA ; +;;SECKEY_RSAPublicKeyTemplate DATA ; +;;SECOID_AlgorithmIDTemplate DATA ; +;;SEC_AnyTemplate DATA ; +;;SEC_BMPStringTemplate DATA ; +;;SEC_BitStringTemplate DATA ; +;;SEC_GeneralizedTimeTemplate DATA ; +;;SEC_IA5StringTemplate DATA ; +;;SEC_IntegerTemplate DATA ; +;;SEC_ObjectIDTemplate DATA ; +;;SEC_OctetStringTemplate DATA ; +;;SEC_PointerToAnyTemplate DATA ; +;;SEC_PointerToOctetStringTemplate DATA ; +;;SEC_SetOfAnyTemplate DATA ; +;;SEC_UTCTimeTemplate DATA ; +;;sgn_DigestInfoTemplate DATA ; +NSS_Get_CERT_CrlTemplate; +NSS_Get_CERT_SignedDataTemplate; +NSS_Get_CERT_CertificateTemplate; +NSS_Get_CERT_CertificateRequestTemplate; +NSS_Get_CERT_IssuerAndSNTemplate; +NSS_Get_CERT_SetOfSignedCrlTemplate; +NSS_Get_SECKEY_DSAPublicKeyTemplate; +NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate; +NSS_Get_SECKEY_PointerToEncryptedPrivateKeyInfoTemplate; +NSS_Get_SECKEY_PointerToPrivateKeyInfoTemplate; +NSS_Get_SECKEY_PrivateKeyInfoTemplate; +NSS_Get_SECKEY_RSAPublicKeyTemplate; +NSS_Get_SECOID_AlgorithmIDTemplate; +NSS_Get_SEC_AnyTemplate; +NSS_Get_SEC_BMPStringTemplate; +NSS_Get_SEC_BitStringTemplate; +NSS_Get_SEC_GeneralizedTimeTemplate; +NSS_Get_SEC_IA5StringTemplate; +NSS_Get_SEC_IntegerTemplate; +NSS_Get_SEC_ObjectIDTemplate; +NSS_Get_SEC_OctetStringTemplate; +NSS_Get_SEC_PointerToAnyTemplate; +NSS_Get_SEC_PointerToOctetStringTemplate; +NSS_Get_SEC_SetOfAnyTemplate; +NSS_Get_SEC_UTCTimeTemplate; +NSS_Get_sgn_DigestInfoTemplate; +;+# commands +CERT_DecodeBasicConstraintValue; +CERT_DecodeOidSequence; +CERT_DecodeUserNotice; +CERT_DecodeCertificatePoliciesExtension; +CERT_DestroyCertificatePoliciesExtension; +CERT_FindCertByNicknameOrEmailAddr; +CERT_FindCertByNickname; +CERT_GenTime2FormattedAscii; +CERT_Hexify; +CERT_CompareName; +PK11SDR_Encrypt; +PK11SDR_Decrypt; +NSSBase64Decoder_Create; +NSSBase64Decoder_Destroy; +NSSBase64Decoder_Update; +NSSBase64Encoder_Create; +NSSBase64Encoder_Destroy; +NSSBase64Encoder_Update; +;+#PK11_DoPassword; +;+#PK11_FindKeyByKeyID; +PK11_InitPin; +PK11_NeedUserInit; +;+ local: +;+ *; +;+}; +;+NSS_3.2.1 { # NSS 3.2.1 release +;+ global: +CERT_AddRDN; +CERT_CreateRDN; +CERT_CreateAVA; +CERT_CreateName; +;+ local: +;+ *; +;+}; +;+NSS_3.3 { # NSS 3.3. release +;+ global: +CERT_CheckCertUsage; +CERT_FindCertIssuer; +PK11_GetModule; +SECKEY_CreateDHPrivateKey; +SECKEY_GetPublicKeyType; +SECMOD_AddNewModule; +;+# +;+# The following symbols are exported only to make JSS work. +;+# These are still private!!! +;+# +CERT_DisableOCSPChecking; +CERT_DisableOCSPDefaultResponder; +CERT_EnableOCSPDefaultResponder; +CERT_GetCertTimes; +CERT_ImportCAChainTrusted; +CERT_ImportCRL; +CERT_IsCACert; +CERT_IsCADERCert; +CERT_SetOCSPDefaultResponder; +PBE_CreateContext; +PBE_DestroyContext; +PBE_GenerateBits; +PK11_CheckSSOPassword; +PK11_CopySymKeyForSigning; +PK11_DeleteTokenCertAndKey; +PK11_DEREncodePublicKey; +PK11_ExtractKeyValue; +PK11_FindCertsFromNickname; +PK11_FindKeyByKeyID; +PK11_GetIVLength; +PK11_GetKeyData; +PK11_GetKeyType; +PK11_GetLowLevelKeyIDForCert; +PK11_GetLowLevelKeyIDForPrivateKey; +PK11_GetSlotPWValues; +PK11_ImportCertForKey; +PK11_ImportDERCertForKey; +PK11_ImportDERPrivateKeyInfo; +PK11_ImportSymKey; +PK11_IsLoggedIn; +PK11_KeyForDERCertExists; +PK11_KeyForCertExists; +PK11_ListPrivateKeysInSlot; +PK11_ListCertsInSlot; +PK11_Logout; +PK11_NeedPWInit; +PK11_MakeIDFromPubKey; +PK11_PQG_DestroyParams; +PK11_PQG_DestroyVerify; +PK11_PQG_GetBaseFromParams; +PK11_PQG_GetCounterFromVerify; +PK11_PQG_GetHFromVerify; +PK11_PQG_GetPrimeFromParams; +PK11_PQG_GetSeedFromVerify; +PK11_PQG_GetSubPrimeFromParams; +PK11_PQG_NewParams; +PK11_PQG_NewVerify; +PK11_PQG_ParamGen; +PK11_PQG_ParamGenSeedLen; +PK11_PQG_VerifyParams; +PK11_ReferenceSlot; +PK11_SeedRandom; +PK11_UnwrapPrivKey; +PK11_VerifyRecover; +PK11_WrapPrivKey; +SEC_CertNicknameConflict; +SEC_PKCS5GetIV; +SECMOD_DeleteInternalModule; +SECMOD_DestroyModule; +SECMOD_GetDefaultModuleList; +SECMOD_GetDefaultModuleListLock; +SECMOD_GetInternalModule; +SECMOD_GetReadLock; +SECMOD_ReferenceModule; +SECMOD_ReleaseReadLock; +SECKEY_AddPrivateKeyToListTail; +SECKEY_EncodeDERSubjectPublicKeyInfo; +SECKEY_ExtractPublicKey; +SECKEY_DestroyPrivateKeyList; +SECKEY_GetPrivateKeyType; +SECKEY_HashPassword; +SECKEY_ImportDERPublicKey; +SECKEY_NewPrivateKeyList; +SECKEY_RemovePrivateKeyListNode; +VFY_EndWithSignature; +;+ local: +;+ *; +;+}; +;+NSS_3.3.1 { # NSS 3.3.1 release +;+ global: +;+# +;+# The following symbols are exported only to make libsmime3.so work. +;+# These are still private!!! +;+# +PK11_CreatePBEParams; +PK11_DestroyPBEParams; +;+ local: +;+ *; +;+}; +;+NSS_3.4 { # NSS 3.4 release +;+ global: +SECMOD_AddNewModuleEx; +SECMOD_DeleteModule; +SECMOD_FreeModuleSpecList; +SECMOD_GetModuleSpecList; +SECMOD_LoadModule; +SECMOD_LoadUserModule; +SECMOD_UnloadUserModule; +SECMOD_UpdateModule; +;+# for PKCS #12 +PK11_RawPBEKeyGen; +;+# for PSM +__CERT_AddTempCertToPerm; +CERT_AddOKDomainName; +CERT_CopyName; +CERT_CreateSubjectCertList; +CERT_DecodeAVAValue; +;+#CERT_DecodeCertFromPackage; +CERT_DecodeGeneralName; +CERT_DecodeTrustString; +CERT_DerNameToAscii; +CERT_EncodeGeneralName; +CERT_FilterCertListByCANames; +CERT_FilterCertListByUsage; +CERT_FindCertExtension; +CERT_FindKeyUsageExtension; +CERT_FindUserCertByUsage; +CERT_FindUserCertsByUsage; +CERT_GetCertChainFromCert; +CERT_GetOCSPAuthorityInfoAccessLocation; +CERT_KeyFromDERCrl; +CERT_MakeCANickname; +CERT_NicknameStringsFromCertList; +CERT_VerifySignedData; +DER_Encode; +HASH_Begin; +HASH_Create; +HASH_Destroy; +HASH_End; +HASH_ResultLen; +HASH_Update; +NSSBase64_DecodeBuffer; # from Stan +NSSBase64_EncodeItem; # from Stan +PK11_GetKeyGen; +PK11_GetMinimumPwdLength; +PK11_GetNextSafe; +PK11_GetPadMechanism; +PK11_GetSlotInfo; +PK11_HasRootCerts; +PK11_IsDisabled; +PK11_LoadPrivKey; +PK11_LogoutAll; +PK11_MechanismToAlgtag; +PK11_ResetToken; +PK11_TraverseSlotCerts; +SEC_ASN1Decode; +SECKEY_CopySubjectPublicKeyInfo; +SECMOD_CreateModule; +SECMOD_FindModule; +SECMOD_FindSlot; +SECMOD_PubCipherFlagstoInternal; +SECMOD_PubMechFlagstoInternal; +;;CERT_NameTemplate DATA ; +;;CERT_SubjectPublicKeyInfoTemplate DATA ; +;;SEC_BooleanTemplate DATA ; +;;SEC_NullTemplate DATA ; +;;SEC_SignedCertificateTemplate DATA ; +;;SEC_UTF8StringTemplate DATA ; +NSS_Get_CERT_NameTemplate; +NSS_Get_CERT_SubjectPublicKeyInfoTemplate; +NSS_Get_SEC_BooleanTemplate; +NSS_Get_SEC_NullTemplate; +NSS_Get_SEC_SignedCertificateTemplate; +NSS_Get_SEC_UTF8StringTemplate; +;+# for JSS +PK11_DeleteTokenPrivateKey; +PK11_DeleteTokenPublicKey; +PK11_DeleteTokenSymKey; +PK11_GetNextSymKey; +PK11_GetPQGParamsFromPrivateKey; +PK11_GetPrivateKeyNickname; +PK11_GetPublicKeyNickname; +PK11_GetSymKeyNickname; +PK11_ImportDERPrivateKeyInfoAndReturnKey; +PK11_ImportPrivateKeyInfoAndReturnKey; +PK11_ImportPublicKey; +PK11_ImportSymKeyWithFlags; +PK11_ListFixedKeysInSlot; +PK11_ListPrivKeysInSlot; +PK11_ListPublicKeysInSlot; +PK11_ProtectedAuthenticationPath; +PK11_SetPrivateKeyNickname; +PK11_SetPublicKeyNickname; +PK11_SetSymKeyNickname; +SECKEY_DecodeDERSubjectPublicKeyInfo; +SECKEY_DestroyPublicKeyList; +;+# for debugging +nss_DumpCertificateCacheInfo; +;+ local: +;+ *; +;+}; +;+NSS_3.5 { # cert creation APIs used by certutil +;+ global: +CERT_AddExtension; +CERT_CopyRDN; +CERT_CreateCertificate; +CERT_CreateValidity; +CERT_DestroyValidity; +CERT_EncodeAndAddBitStrExtension; +CERT_EncodeAuthKeyID; +CERT_EncodeBasicConstraintValue; +CERT_EncodeCRLDistributionPoints; +CERT_FinishExtensions; +CERT_StartCertExtensions; +DER_AsciiToTime; +PK11_ImportCert; +PORT_Strdup; +SECMOD_CanDeleteInternalModule; +;+ local: +;+ *; +;+}; +;+NSS_3.6 { # NSS 3.6 release +;+ global: +CERT_AddOCSPAcceptableResponses; +CERT_CompleteCRLDecodeEntries; +CERT_CreateOCSPCertID; +CERT_CreateOCSPRequest; +CERT_DecodeDERCrlWithFlags; +CERT_DecodeOCSPResponse; +CERT_DestroyOCSPCertID; +CERT_DestroyOCSPRequest; +CERT_EncodeOCSPRequest; +CERT_FilterCertListForUserCerts; +CERT_GetOCSPResponseStatus; +CERT_GetOCSPStatusForCertID; +CERT_IsUserCert; +CERT_RemoveCertListNode; +CERT_VerifyCACertForUsage; +CERT_VerifyCertificate; +CERT_VerifyCertificateNow; +CERT_VerifyOCSPResponseSignature; +PK11_ConvertSessionPrivKeyToTokenPrivKey; +PK11_ConvertSessionSymKeyToTokenSymKey; +PK11_GetModInfo; +PK11_GetPBEIV; +PK11_ImportCRL; +PK11_ImportDERCert; +PK11_PubUnwrapSymKeyWithFlags; +PK11_SaveContextAlloc; +PK11_TokenKeyGen; +SEC_QuickDERDecodeItem; +SECKEY_CopyPublicKey; +;+ local: +;+ *; +;+}; +;+NSS_3.7 { # NSS 3.7 release +;+ global: +CERT_CRLCacheRefreshIssuer; +CERT_DestroyOCSPResponse; +CERT_EncodeAltNameExtension; +CERT_FindCertBySubjectKeyID; +CERT_FindSubjectKeyIDExtension; +CERT_GetFirstEmailAddress; +CERT_GetNextEmailAddress; +CERT_VerifySignedDataWithPublicKey; +CERT_VerifySignedDataWithPublicKeyInfo; +PK11_WaitForTokenEvent; +;+ local: +;+ *; +;+}; +;+NSS_3.7.1 { # NSS 3.7.1 release +;+ global: +PK11_TokenRefresh; +;+ local: +;+ *; +;+}; +;+NSS_3.8 { # NSS 3.8 release +;+ global: +CERT_IsRootDERCert; +HASH_GetHashObjectByOidTag; +HASH_GetHashTypeByOidTag; +PK11_GetDefaultArray; +PK11_GetDefaultFlags; +PK11_GetDisabledReason; +PK11_UpdateSlotAttribute; +PK11_UserEnableSlot; +PK11_UserDisableSlot; +SECITEM_ItemsAreEqual; +SECKEY_CreateECPrivateKey; +SECKEY_PublicKeyStrengthInBits; +;+ local: +;+ *; +;+}; +;+NSS_3.9 { # NSS 3.9 release +;+ global: +CERT_DestroyOidSequence; +CERT_GetOidString; +;;CERT_TimeChoiceTemplate DATA ; +DER_DecodeTimeChoice; +DER_EncodeTimeChoice; +DSAU_DecodeDerSigToLen; +DSAU_EncodeDerSigWithLen; +NSS_Get_CERT_TimeChoiceTemplate; +PK11_DeriveWithFlagsPerm; +PK11_ExportEncryptedPrivKeyInfo; +PK11_FindSlotsByNames; +PK11_GetSymKeyType; +PK11_MoveSymKey; +PK11_PubDeriveWithKDF; +PK11_PubUnwrapSymKeyWithFlagsPerm; +PK11_UnwrapSymKeyWithFlagsPerm; +SECITEM_ArenaDupItem; +SECMOD_GetDBModuleList; +SECMOD_GetDeadModuleList; +SEC_ASN1DecoderAbort; +SEC_ASN1EncoderAbort; +SEC_DupCrl; +;+ local: +;+ *; +;+}; +;+NSS_3.9.2 { # NSS 3.9.2 release +;+ global: +NSS_IsInitialized; +PK11_DestroyGenericObject; +PK11_DestroyGenericObjects; +PK11_FindGenericObjects; +PK11_GetNextGenericObject; +PK11_GetPrevGenericObject; +PK11_LinkGenericObject; +PK11_ReadRawAttribute; +PK11_UnlinkGenericObject; +;+ local: +;+ *; +;+}; +;+NSS_3.9.3 { # NSS 3.9.3 release +;+ global: +PK11_GetCertFromPrivateKey; +PK11_PrivDecryptPKCS1; +PK11_PubEncryptPKCS1; +SECMOD_CancelWait; +SECMOD_HasRemovableSlots; +SECMOD_UpdateSlotList; +SECMOD_WaitForAnyTokenEvent; +;+ local: +;+ *; +;+}; +;+NSS_3.10 { # NSS 3.10 release +;+ global: +CERT_CacheCRL; +CERT_DecodeAltNameExtension; +CERT_DecodeAuthInfoAccessExtension; +CERT_DecodeAuthKeyID; +CERT_DecodeCRLDistributionPoints; +CERT_DecodeNameConstraintsExtension; +CERT_DecodePrivKeyUsagePeriodExtension; +CERT_DestroyUserNotice; +CERT_FinishCertificateRequestAttributes; +CERT_GetCertificateNames; +CERT_GetCertificateRequestExtensions; +CERT_GetNextGeneralName; +CERT_GetNextNameConstraint; +CERT_GetPrevGeneralName; +CERT_GetPrevNameConstraint; +CERT_MergeExtensions; +CERT_StartCertificateRequestAttributes; +CERT_StartCRLEntryExtensions; +CERT_StartCRLExtensions; +CERT_UncacheCRL; +HASH_Clone; +HASH_HashBuf; +HASH_ResultLenByOidTag; +HASH_ResultLenContext; +SEC_GetSignatureAlgorithmOidTag; +SECKEY_CacheStaticFlags; +SECOID_AddEntry; +;+# +;+# Data objects +;+# +;+# Don't export these DATA symbols on Windows because they don't work right. +;+# Use the SEC_ASN1_GET / SEC_ASN1_SUB / SEC_ASN1_XTRN macros to access them. +;;CERT_SequenceOfCertExtensionTemplate DATA ; +;;CERT_SignedCrlTemplate DATA ; +NSS_Get_CERT_SequenceOfCertExtensionTemplate; +NSS_Get_CERT_SignedCrlTemplate; +;+ local: +;+ *; +;+}; +;+NSS_3.10.2 { # NSS 3.10.2 release +;+ global: +PK11_TokenKeyGenWithFlags; +PK11_GenerateKeyPairWithFlags; +;+ local: +;+ *; +;+}; +;+NSS_3.11 { # NSS 3.11 release +;+ global: +CERT_CompareValidityTimes; +PK11_CopyTokenPrivKeyToSessionPrivKey; +PK11_FreeSlotListElement; +PK11_GenerateRandomOnSlot; +PK11_GetSymKeyUserData; +PK11_MapSignKeyType; +PK11_SetSymKeyUserData; +SECMOD_CloseUserDB; +SECMOD_HasRootCerts; +SECMOD_OpenUserDB; +;+ local: +;+ *; +;+}; +;+NSS_3.11.1 { +;+ global: +NSS_RegisterShutdown; +NSS_UnregisterShutdown; +SEC_ASN1EncodeUnsignedInteger; +SEC_RegisterDefaultHttpClient; +;+ local: +;+ *; +;+}; +;+NSS_3.11.2 { +;+ global: +SECKEY_SignatureLen; +;+ local: +;+ *; +;+}; +;+NSS_3.11.7 { +;+ global: +CERT_SetOCSPFailureMode; +CERT_OCSPCacheSettings; +CERT_ClearOCSPCache; +DER_GeneralizedDayToAscii; +DER_TimeChoiceDayToAscii; +DER_TimeToGeneralizedTime; +DER_TimeToGeneralizedTimeArena; +;+ local: +;+ *; +;+}; +;+NSS_3.11.9 { +;+ global: +PK11_UnconfigurePKCS11; +;+ local: +;+ *; +;+}; +;+NSS_3.12 { # NSS 3.12 release +;+ global: +CERT_CheckNameSpace; +CERT_EncodeCertPoliciesExtension; +CERT_EncodeInfoAccessExtension; +CERT_EncodeInhibitAnyExtension; +CERT_EncodeNoticeReference; +CERT_EncodePolicyConstraintsExtension; +CERT_EncodePolicyMappingExtension; +CERT_EncodeSubjectKeyID; +CERT_EncodeUserNotice; +CERT_FindCRLEntryReasonExten; +CERT_FindCRLNumberExten; +CERT_FindNameConstraintsExten; +CERT_GetClassicOCSPDisabledPolicy; +CERT_GetClassicOCSPEnabledHardFailurePolicy; +CERT_GetClassicOCSPEnabledSoftFailurePolicy; +CERT_GetPKIXVerifyNistRevocationPolicy; +CERT_GetUsePKIXForValidation; +CERT_GetValidDNSPatternsFromCert; +CERT_NewTempCertificate; +CERT_SetOCSPTimeout; +CERT_SetUsePKIXForValidation; +CERT_PKIXVerifyCert; +HASH_GetType; +NSS_InitWithMerge; +PK11_CreateMergeLog; +PK11_CreateGenericObject; +PK11_CreatePBEV2AlgorithmID; +PK11_DestroyMergeLog; +PK11_GenerateKeyPairWithOpFlags; +PK11_GetAllSlotsForCert; +PK11_GetPBECryptoMechanism; +PK11_IsRemovable; +PK11_MergeTokens; +PK11_WriteRawAttribute; +SECKEY_ECParamsToBasePointOrderLen; +SECKEY_ECParamsToKeySize; +SECMOD_DeleteModuleEx; +SEC_GetRegisteredHttpClient; +SEC_PKCS5IsAlgorithmPBEAlgTag; +VFY_CreateContextDirect; +VFY_CreateContextWithAlgorithmID; +VFY_VerifyDataDirect; +VFY_VerifyDataWithAlgorithmID; +VFY_VerifyDigestDirect; +VFY_VerifyDigestWithAlgorithmID; +;+ local: +;+ *; +;+}; +;+NSS_3.12.1 { # NSS 3.12.1 release +;+ global: +CERT_NameToAsciiInvertible; +PK11_FindCertFromDERCertItem; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h new file mode 100644 index 000000000..2c594a021 --- /dev/null +++ b/security/nss/lib/nss/nss.h @@ -0,0 +1,265 @@ +/* + * NSS utility functions + * + * ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +/* $Id$ */ + +#ifndef __nss_h_ +#define __nss_h_ + +#include "seccomon.h" + +SEC_BEGIN_PROTOS + +/* The private macro _NSS_ECC_STRING is for NSS internal use only. */ +#ifdef NSS_ENABLE_ECC +#ifdef NSS_ECC_MORE_THAN_SUITE_B +#define _NSS_ECC_STRING " Extended ECC" +#else +#define _NSS_ECC_STRING " Basic ECC" +#endif +#else +#define _NSS_ECC_STRING "" +#endif + +/* The private macro _NSS_CUSTOMIZED is for NSS internal use only. */ +#if defined(NSS_ALLOW_UNSUPPORTED_CRITICAL) +#define _NSS_CUSTOMIZED " (Customized build)" +#else +#define _NSS_CUSTOMIZED +#endif + +/* + * NSS's major version, minor version, patch level, and whether + * this is a beta release. + * + * The format of the version string should be + * "<major version>.<minor version>[.<patch level>][ <ECC>][ <Beta>]" + */ +#define NSS_VERSION "3.12.2" _NSS_ECC_STRING " Beta" _NSS_CUSTOMIZED +#define NSS_VMAJOR 3 +#define NSS_VMINOR 12 +#define NSS_VPATCH 2 +#define NSS_BETA PR_TRUE + +/* + * Return a boolean that indicates whether the underlying library + * will perform as the caller expects. + * + * The only argument is a string, which should be the verson + * identifier of the NSS library. That string will be compared + * against a string that represents the actual build version of + * the NSS library. It also invokes the version checking functions + * of the dependent libraries such as NSPR. + */ +extern PRBool NSS_VersionCheck(const char *importedVersion); + +/* + * Open the Cert, Key, and Security Module databases, read only. + * Initialize the Random Number Generator. + * Does not initialize the cipher policies or enables. + * Default policy settings disallow all ciphers. + */ +extern SECStatus NSS_Init(const char *configdir); + +/* + * Returns whether NSS has already been initialized or not. + */ +extern PRBool NSS_IsInitialized(void); + +/* + * Open the Cert, Key, and Security Module databases, read/write. + * Initialize the Random Number Generator. + * Does not initialize the cipher policies or enables. + * Default policy settings disallow all ciphers. + */ +extern SECStatus NSS_InitReadWrite(const char *configdir); + +/* + * Open the Cert, Key, and Security Module databases, read/write. + * Initialize the Random Number Generator. + * Does not initialize the cipher policies or enables. + * Default policy settings disallow all ciphers. + * + * This allows using application defined prefixes for the cert and key db's + * and an alternate name for the secmod database. NOTE: In future releases, + * the database prefixes my not necessarily map to database names. + * + * configdir - base directory where all the cert, key, and module datbases live. + * certPrefix - prefix added to the beginning of the cert database example: " + * "https-server1-" + * keyPrefix - prefix added to the beginning of the key database example: " + * "https-server1-" + * secmodName - name of the security module database (usually "secmod.db"). + * flags - change the open options of NSS_Initialize as follows: + * NSS_INIT_READONLY - Open the databases read only. + * NSS_INIT_NOCERTDB - Don't open the cert DB and key DB's, just + * initialize the volatile certdb. + * NSS_INIT_NOMODDB - Don't open the security module DB, just + * initialize the PKCS #11 module. + * NSS_INIT_FORCEOPEN - Continue to force initializations even if the + * databases cannot be opened. + * NSS_INIT_NOROOTINIT - Don't try to look for the root certs module + * automatically. + * NSS_INIT_OPTIMIZESPACE - Use smaller tables and caches. + * NSS_INIT_PK11THREADSAFE - only load PKCS#11 modules that are + * thread-safe, ie. that support locking - either OS + * locking or NSS-provided locks . If a PKCS#11 + * module isn't thread-safe, don't serialize its + * calls; just don't load it instead. This is necessary + * if another piece of code is using the same PKCS#11 + * modules that NSS is accessing without going through + * NSS, for example the Java SunPKCS11 provider. + * NSS_INIT_PK11RELOAD - ignore the CKR_CRYPTOKI_ALREADY_INITIALIZED + * error when loading PKCS#11 modules. This is necessary + * if another piece of code is using the same PKCS#11 + * modules that NSS is accessing without going through + * NSS, for example Java SunPKCS11 provider. + * NSS_INIT_NOPK11FINALIZE - never call C_Finalize on any + * PKCS#11 module. This may be necessary in order to + * ensure continuous operation and proper shutdown + * sequence if another piece of code is using the same + * PKCS#11 modules that NSS is accessing without going + * through NSS, for example Java SunPKCS11 provider. + * The following limitation applies when this is set : + * SECMOD_WaitForAnyTokenEvent will not use + * C_WaitForSlotEvent, in order to prevent the need for + * C_Finalize. This call will be emulated instead. + * NSS_INIT_RESERVED - Currently has no effect, but may be used in the + * future to trigger better cooperation between PKCS#11 + * modules used by both NSS and the Java SunPKCS11 + * provider. This should occur after a new flag is defined + * for C_Initialize by the PKCS#11 working group. + * NSS_INIT_COOPERATE - Sets 4 recommended options for applications that + * use both NSS and the Java SunPKCS11 provider. + * + * Also NOTE: This is not the recommended method for initializing NSS. + * The prefered method is NSS_init(). + */ +#define NSS_INIT_READONLY 0x1 +#define NSS_INIT_NOCERTDB 0x2 +#define NSS_INIT_NOMODDB 0x4 +#define NSS_INIT_FORCEOPEN 0x8 +#define NSS_INIT_NOROOTINIT 0x10 +#define NSS_INIT_OPTIMIZESPACE 0x20 +#define NSS_INIT_PK11THREADSAFE 0x40 +#define NSS_INIT_PK11RELOAD 0x80 +#define NSS_INIT_NOPK11FINALIZE 0x100 +#define NSS_INIT_RESERVED 0x200 + +#define NSS_INIT_COOPERATE NSS_INIT_PK11THREADSAFE | \ + NSS_INIT_PK11RELOAD | \ + NSS_INIT_NOPK11FINALIZE | \ + NSS_INIT_RESERVED + +#ifdef macintosh +#define SECMOD_DB "Security Modules" +#else +#define SECMOD_DB "secmod.db" +#endif + +extern SECStatus NSS_Initialize(const char *configdir, + const char *certPrefix, const char *keyPrefix, + const char *secmodName, PRUint32 flags); + +/* + * same as NSS_Init, but checks to see if we need to merge an + * old database in. + * updatedir is the directory where the old database lives. + * updCertPrefix is the certPrefix for the old database. + * updKeyPrefix is the keyPrefix for the old database. + * updateID is a unique identifier chosen by the application for + * the specific database. + * updatName is the name the user will be prompted for when + * asking to authenticate to the old database */ +extern SECStatus NSS_InitWithMerge(const char *configdir, + const char *certPrefix, const char *keyPrefix, const char *secmodName, + const char *updatedir, const char *updCertPrefix, + const char *updKeyPrefix, const char *updateID, + const char *updateName, PRUint32 flags); +/* + * initialize NSS without a creating cert db's, key db's, or secmod db's. + */ +SECStatus NSS_NoDB_Init(const char *configdir); + +/* + * Allow applications and libraries to register with NSS so that they are called + * when NSS shuts down. + * + * void *appData application specific data passed in by the application at + * NSS_RegisterShutdown() time. + * void *nssData is NULL in this release, but is reserved for future versions of + * NSS to pass some future status information * back to the shutdown function. + * + * If the shutdown function returns SECFailure, + * Shutdown will still complete, but NSS_Shutdown() will return SECFailure. + */ +typedef SECStatus (*NSS_ShutdownFunc)(void *appData, void *nssData); + +/* + * Register a shutdown function. + */ +SECStatus NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData); + +/* + * Remove an existing shutdown function (you may do this if your library is + * complete and going away, but NSS is still running). + */ +SECStatus NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData); + +/* + * Close the Cert, Key databases. + */ +extern SECStatus NSS_Shutdown(void); + +/* + * set the PKCS #11 strings for the internal token. + */ +void PK11_ConfigurePKCS11(const char *man, const char *libdes, + const char *tokdes, const char *ptokdes, const char *slotdes, + const char *pslotdes, const char *fslotdes, const char *fpslotdes, + int minPwd, int pwRequired); + +/* + * Dump the contents of the certificate cache and the temporary cert store. + * Use to detect leaked references of certs at shutdown time. + */ +void nss_DumpCertificateCacheInfo(void); + +SEC_END_PROTOS + +#endif /* __nss_h_ */ diff --git a/security/nss/lib/nss/nss.rc b/security/nss/lib/nss/nss.rc new file mode 100644 index 000000000..156309e6a --- /dev/null +++ b/security/nss/lib/nss/nss.rc @@ -0,0 +1,100 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 2001 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#include "nss.h" +#include <winver.h> + +#define MY_LIBNAME "nss" +#define MY_FILEDESCRIPTION "NSS Base Library" + +#define STRINGIZE(x) #x +#define STRINGIZE2(x) STRINGIZE(x) +#define NSS_VMAJOR_STR STRINGIZE2(NSS_VMAJOR) + +#ifdef _DEBUG +#define MY_DEBUG_STR " (debug)" +#define MY_FILEFLAGS_1 VS_FF_DEBUG +#else +#define MY_DEBUG_STR "" +#define MY_FILEFLAGS_1 0x0L +#endif +#if NSS_BETA +#define MY_FILEFLAGS_2 MY_FILEFLAGS_1|VS_FF_PRERELEASE +#else +#define MY_FILEFLAGS_2 MY_FILEFLAGS_1 +#endif + +#ifdef WINNT +#define MY_FILEOS VOS_NT_WINDOWS32 +#else +#define MY_FILEOS VOS__WINDOWS32 +#endif + +#define MY_INTERNAL_NAME MY_LIBNAME NSS_VMAJOR_STR + +///////////////////////////////////////////////////////////////////////////// +// +// Version-information resource +// + +VS_VERSION_INFO VERSIONINFO + FILEVERSION NSS_VMAJOR,NSS_VMINOR,NSS_VPATCH,0 + PRODUCTVERSION NSS_VMAJOR,NSS_VMINOR,NSS_VPATCH,0 + FILEFLAGSMASK VS_FFI_FILEFLAGSMASK + FILEFLAGS MY_FILEFLAGS_2 + FILEOS MY_FILEOS + FILETYPE VFT_DLL + FILESUBTYPE 0x0L // not used + +BEGIN + BLOCK "StringFileInfo" + BEGIN + BLOCK "040904B0" // Lang=US English, CharSet=Unicode + BEGIN + VALUE "CompanyName", "Mozilla Foundation\0" + VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0" + VALUE "FileVersion", NSS_VERSION "\0" + VALUE "InternalName", MY_INTERNAL_NAME "\0" + VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0" + VALUE "ProductName", "Network Security Services\0" + VALUE "ProductVersion", NSS_VERSION "\0" + END + END + BLOCK "VarFileInfo" + BEGIN + VALUE "Translation", 0x409, 1200 + END +END diff --git a/security/nss/lib/nss/nssinit.c b/security/nss/lib/nss/nssinit.c new file mode 100644 index 000000000..2e4760b2d --- /dev/null +++ b/security/nss/lib/nss/nssinit.c @@ -0,0 +1,973 @@ +/* + * NSS utility functions + * + * ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +/* $Id$ */ + +#include <ctype.h> +#include "seccomon.h" +#include "prinit.h" +#include "prprf.h" +#include "prmem.h" +#include "cert.h" +#include "key.h" +#include "ssl.h" +#include "sslproto.h" +#include "secmod.h" +#include "secoid.h" +#include "nss.h" +#include "pk11func.h" +#include "secerr.h" +#include "nssbase.h" +#include "pkixt.h" +#include "pkix.h" +#include "pkix_tools.h" + +#include "pki3hack.h" +#include "certi.h" +#include "secmodi.h" +#include "ocspti.h" +#include "ocspi.h" + +/* + * On Windows nss3.dll needs to export the symbol 'mktemp' to be + * fully backward compatible with the nss3.dll in NSS 3.2.x and + * 3.3.x. This symbol was unintentionally exported and its + * definition (in DBM) was moved from nss3.dll to softokn3.dll + * in NSS 3.4. See bug 142575. + */ +#ifdef WIN32_NSS3_DLL_COMPAT +#include <io.h> + +/* exported as 'mktemp' */ +char * +nss_mktemp(char *path) +{ + return _mktemp(path); +} +#endif + +#define NSS_MAX_FLAG_SIZE sizeof("readOnly")+sizeof("noCertDB")+ \ + sizeof("noModDB")+sizeof("forceOpen")+sizeof("passwordRequired")+ \ + sizeof ("optimizeSpace") +#define NSS_DEFAULT_MOD_NAME "NSS Internal Module" + +static char * +nss_makeFlags(PRBool readOnly, PRBool noCertDB, + PRBool noModDB, PRBool forceOpen, + PRBool passwordRequired, PRBool optimizeSpace) +{ + char *flags = (char *)PORT_Alloc(NSS_MAX_FLAG_SIZE); + PRBool first = PR_TRUE; + + PORT_Memset(flags,0,NSS_MAX_FLAG_SIZE); + if (readOnly) { + PORT_Strcat(flags,"readOnly"); + first = PR_FALSE; + } + if (noCertDB) { + if (!first) PORT_Strcat(flags,","); + PORT_Strcat(flags,"noCertDB"); + first = PR_FALSE; + } + if (noModDB) { + if (!first) PORT_Strcat(flags,","); + PORT_Strcat(flags,"noModDB"); + first = PR_FALSE; + } + if (forceOpen) { + if (!first) PORT_Strcat(flags,","); + PORT_Strcat(flags,"forceOpen"); + first = PR_FALSE; + } + if (passwordRequired) { + if (!first) PORT_Strcat(flags,","); + PORT_Strcat(flags,"passwordRequired"); + first = PR_FALSE; + } + if (optimizeSpace) { + if (!first) PORT_Strcat(flags,","); + PORT_Strcat(flags,"optimizeSpace"); + first = PR_FALSE; + } + return flags; +} + +/* + * statics to remember the PK11_ConfigurePKCS11() + * info. + */ +static char * pk11_config_strings = NULL; +static char * pk11_config_name = NULL; +static PRBool pk11_password_required = PR_FALSE; + +/* + * this is a legacy configuration function which used to be part of + * the PKCS #11 internal token. + */ +void +PK11_ConfigurePKCS11(const char *man, const char *libdes, const char *tokdes, + const char *ptokdes, const char *slotdes, const char *pslotdes, + const char *fslotdes, const char *fpslotdes, int minPwd, int pwRequired) +{ + char *strings = NULL; + char *newStrings; + + /* make sure the internationalization was done correctly... */ + strings = PR_smprintf(""); + if (strings == NULL) return; + + if (man) { + newStrings = PR_smprintf("%s manufacturerID='%s'",strings,man); + PR_smprintf_free(strings); + strings = newStrings; + } + if (strings == NULL) return; + + if (libdes) { + newStrings = PR_smprintf("%s libraryDescription='%s'",strings,libdes); + PR_smprintf_free(strings); + strings = newStrings; + if (pk11_config_name != NULL) { + PORT_Free(pk11_config_name); + } + pk11_config_name = PORT_Strdup(libdes); + } + if (strings == NULL) return; + + if (tokdes) { + newStrings = PR_smprintf("%s cryptoTokenDescription='%s'",strings, + tokdes); + PR_smprintf_free(strings); + strings = newStrings; + } + if (strings == NULL) return; + + if (ptokdes) { + newStrings = PR_smprintf("%s dbTokenDescription='%s'",strings,ptokdes); + PR_smprintf_free(strings); + strings = newStrings; + } + if (strings == NULL) return; + + if (slotdes) { + newStrings = PR_smprintf("%s cryptoSlotDescription='%s'",strings, + slotdes); + PR_smprintf_free(strings); + strings = newStrings; + } + if (strings == NULL) return; + + if (pslotdes) { + newStrings = PR_smprintf("%s dbSlotDescription='%s'",strings,pslotdes); + PR_smprintf_free(strings); + strings = newStrings; + } + if (strings == NULL) return; + + if (fslotdes) { + newStrings = PR_smprintf("%s FIPSSlotDescription='%s'", + strings,fslotdes); + PR_smprintf_free(strings); + strings = newStrings; + } + if (strings == NULL) return; + + if (fpslotdes) { + newStrings = PR_smprintf("%s FIPSTokenDescription='%s'", + strings,fpslotdes); + PR_smprintf_free(strings); + strings = newStrings; + } + if (strings == NULL) return; + + newStrings = PR_smprintf("%s minPS=%d", strings, minPwd); + PR_smprintf_free(strings); + strings = newStrings; + if (strings == NULL) return; + + if (pk11_config_strings != NULL) { + PR_smprintf_free(pk11_config_strings); + } + pk11_config_strings = strings; + pk11_password_required = pwRequired; + + return; +} + +void PK11_UnconfigurePKCS11(void) +{ + if (pk11_config_strings != NULL) { + PR_smprintf_free(pk11_config_strings); + pk11_config_strings = NULL; + } + if (pk11_config_name) { + PORT_Free(pk11_config_name); + pk11_config_name = NULL; + } +} + +static char * +nss_addEscape(const char *string, char quote) +{ + char *newString = 0; + int escapes = 0, size = 0; + const char *src; + char *dest; + + for (src=string; *src ; src++) { + if ((*src == quote) || (*src == '\\')) escapes++; + size++; + } + + newString = PORT_ZAlloc(escapes+size+1); + if (newString == NULL) { + return NULL; + } + + for (src=string, dest=newString; *src; src++,dest++) { + if ((*src == '\\') || (*src == quote)) { + *dest++ = '\\'; + } + *dest = *src; + } + + return newString; +} + +static char * +nss_doubleEscape(const char *string) +{ + char *round1 = NULL; + char *retValue = NULL; + if (string == NULL) { + goto done; + } + round1 = nss_addEscape(string,'\''); + if (round1) { + retValue = nss_addEscape(round1,'"'); + PORT_Free(round1); + } + +done: + if (retValue == NULL) { + retValue = PORT_Strdup(""); + } + return retValue; +} + + +/* + * The following code is an attempt to automagically find the external root + * module. + * Note: Keep the #if-defined chunks in order. HPUX must select before UNIX. + */ + +static const char *dllname = +#if defined(XP_WIN32) || defined(XP_OS2) + "nssckbi.dll"; +#elif defined(HPUX) && !defined(__ia64) /* HP-UX PA-RISC */ + "libnssckbi.sl"; +#elif defined(DARWIN) + "libnssckbi.dylib"; +#elif defined(XP_UNIX) || defined(XP_BEOS) + "libnssckbi.so"; +#else + #error "Uh! Oh! I don't know about this platform." +#endif + +/* Should we have platform ifdefs here??? */ +#define FILE_SEP '/' + +static void nss_FindExternalRootPaths(const char *dbpath, + const char* secmodprefix, + char** retoldpath, char** retnewpath) +{ + char *path, *oldpath = NULL, *lastsep; + int len, path_len, secmod_len, dll_len; + + path_len = PORT_Strlen(dbpath); + secmod_len = secmodprefix ? PORT_Strlen(secmodprefix) : 0; + dll_len = PORT_Strlen(dllname); + len = path_len + secmod_len + dll_len + 2; /* FILE_SEP + NULL */ + + path = PORT_Alloc(len); + if (path == NULL) return; + + /* back up to the top of the directory */ + PORT_Memcpy(path,dbpath,path_len); + if (path[path_len-1] != FILE_SEP) { + path[path_len++] = FILE_SEP; + } + PORT_Strcpy(&path[path_len],dllname); + if (secmod_len > 0) { + lastsep = PORT_Strrchr(secmodprefix, FILE_SEP); + if (lastsep) { + int secmoddir_len = lastsep-secmodprefix+1; /* FILE_SEP */ + oldpath = PORT_Alloc(len); + if (oldpath == NULL) { + PORT_Free(path); + return; + } + PORT_Memcpy(oldpath,path,path_len); + PORT_Memcpy(&oldpath[path_len],secmodprefix,secmoddir_len); + PORT_Strcpy(&oldpath[path_len+secmoddir_len],dllname); + } + } + *retoldpath = oldpath; + *retnewpath = path; + return; +} + +static void nss_FreeExternalRootPaths(char* oldpath, char* path) +{ + if (path) { + PORT_Free(path); + } + if (oldpath) { + PORT_Free(oldpath); + } +} + +static void +nss_FindExternalRoot(const char *dbpath, const char* secmodprefix) +{ + char *path = NULL; + char *oldpath = NULL; + PRBool hasrootcerts = PR_FALSE; + + /* + * 'oldpath' is the external root path in NSS 3.3.x or older. + * For backward compatibility we try to load the root certs + * module with the old path first. + */ + nss_FindExternalRootPaths(dbpath, secmodprefix, &oldpath, &path); + if (oldpath) { + (void) SECMOD_AddNewModule("Root Certs",oldpath, 0, 0); + hasrootcerts = SECMOD_HasRootCerts(); + } + if (path && !hasrootcerts) { + (void) SECMOD_AddNewModule("Root Certs",path, 0, 0); + } + nss_FreeExternalRootPaths(oldpath, path); + return; +} + +/* + * OK there are now lots of options here, lets go through them all: + * + * configdir - base directory where all the cert, key, and module datbases live. + * certPrefix - prefix added to the beginning of the cert database example: " + * "https-server1-" + * keyPrefix - prefix added to the beginning of the key database example: " + * "https-server1-" + * secmodName - name of the security module database (usually "secmod.db"). + * readOnly - Boolean: true if the databases are to be opened read only. + * nocertdb - Don't open the cert DB and key DB's, just initialize the + * Volatile certdb. + * nomoddb - Don't open the security module DB, just initialize the + * PKCS #11 module. + * forceOpen - Continue to force initializations even if the databases cannot + * be opened. + */ + +static PRBool nss_IsInitted = PR_FALSE; +static void* plContext = NULL; + +static SECStatus nss_InitShutdownList(void); + +#ifdef DEBUG +static CERTCertificate dummyCert; +#endif + +static SECStatus +nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix, + const char *secmodName, const char *updateDir, + const char *updCertPrefix, const char *updKeyPrefix, + const char *updateID, const char *updateName, + PRBool readOnly, PRBool noCertDB, + PRBool noModDB, PRBool forceOpen, PRBool noRootInit, + PRBool optimizeSpace, PRBool noSingleThreadedModules, + PRBool allowAlreadyInitializedModules, + PRBool dontFinalizeModules) +{ + char *moduleSpec = NULL; + char *flags = NULL; + SECStatus rv = SECFailure; + char *lconfigdir = NULL; + char *lcertPrefix = NULL; + char *lkeyPrefix = NULL; + char *lsecmodName = NULL; + char *lupdateDir = NULL; + char *lupdCertPrefix = NULL; + char *lupdKeyPrefix = NULL; + char *lupdateID = NULL; + char *lupdateName = NULL; + PKIX_UInt32 actualMinorVersion = 0; + PKIX_Error *pkixError = NULL;; + + if (nss_IsInitted) { + return SECSuccess; + } + + /* New option bits must not change the size of CERTCertificate. */ + PORT_Assert(sizeof(dummyCert.options) == sizeof(void *)); + + if (SECSuccess != cert_InitLocks()) { + return SECFailure; + } + + if (SECSuccess != InitCRLCache()) { + return SECFailure; + } + + if (SECSuccess != OCSP_InitGlobal()) { + return SECFailure; + } + + flags = nss_makeFlags(readOnly,noCertDB,noModDB,forceOpen, + pk11_password_required, optimizeSpace); + if (flags == NULL) return rv; + + /* + * configdir is double nested, and Windows uses the same character + * for file seps as we use for escapes! (sigh). + */ + lconfigdir = nss_doubleEscape(configdir); + if (lconfigdir == NULL) { + goto loser; + } + lcertPrefix = nss_doubleEscape(certPrefix); + if (lcertPrefix == NULL) { + goto loser; + } + lkeyPrefix = nss_doubleEscape(keyPrefix); + if (lkeyPrefix == NULL) { + goto loser; + } + lsecmodName = nss_doubleEscape(secmodName); + if (lsecmodName == NULL) { + goto loser; + } + lupdateDir = nss_doubleEscape(updateDir); + if (lupdateDir == NULL) { + goto loser; + } + lupdCertPrefix = nss_doubleEscape(updCertPrefix); + if (lupdCertPrefix == NULL) { + goto loser; + } + lupdKeyPrefix = nss_doubleEscape(updKeyPrefix); + if (lupdKeyPrefix == NULL) { + goto loser; + } + lupdateID = nss_doubleEscape(updateID); + if (lupdateID == NULL) { + goto loser; + } + lupdateName = nss_doubleEscape(updateName); + if (lupdateName == NULL) { + goto loser; + } + if (noSingleThreadedModules || allowAlreadyInitializedModules || + dontFinalizeModules) { + pk11_setGlobalOptions(noSingleThreadedModules, + allowAlreadyInitializedModules, + dontFinalizeModules); + } + + moduleSpec = PR_smprintf( + "name=\"%s\" parameters=\"configdir='%s' certPrefix='%s' keyPrefix='%s' " + "secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' " + "updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s\" " + "NSS=\"flags=internal,moduleDB,moduleDBOnly,critical\"", + pk11_config_name ? pk11_config_name : NSS_DEFAULT_MOD_NAME, + lconfigdir,lcertPrefix,lkeyPrefix,lsecmodName,flags, + lupdateDir, lupdCertPrefix, lupdKeyPrefix, lupdateID, + lupdateName, pk11_config_strings ? pk11_config_strings : ""); + +loser: + PORT_Free(flags); + if (lconfigdir) PORT_Free(lconfigdir); + if (lcertPrefix) PORT_Free(lcertPrefix); + if (lkeyPrefix) PORT_Free(lkeyPrefix); + if (lsecmodName) PORT_Free(lsecmodName); + if (lupdateDir) PORT_Free(lupdateDir); + if (lupdCertPrefix) PORT_Free(lupdCertPrefix); + if (lupdKeyPrefix) PORT_Free(lupdKeyPrefix); + if (lupdateID) PORT_Free(lupdateID); + if (lupdateName) PORT_Free(lupdateName); + + if (moduleSpec) { + SECMODModule *module = SECMOD_LoadModule(moduleSpec,NULL,PR_TRUE); + PR_smprintf_free(moduleSpec); + if (module) { + if (module->loaded) rv=SECSuccess; + SECMOD_DestroyModule(module); + } + } + + if (rv == SECSuccess) { + if (SECOID_Init() != SECSuccess) { + return SECFailure; + } + if (STAN_LoadDefaultNSS3TrustDomain() != PR_SUCCESS) { + return SECFailure; + } + if (nss_InitShutdownList() != SECSuccess) { + return SECFailure; + } + CERT_SetDefaultCertDB((CERTCertDBHandle *) + STAN_GetDefaultTrustDomain()); + if ((!noModDB) && (!noCertDB) && (!noRootInit)) { + if (!SECMOD_HasRootCerts()) { + nss_FindExternalRoot(configdir, secmodName); + } + } + pk11sdr_Init(); + cert_CreateSubjectKeyIDHashTable(); + nss_IsInitted = PR_TRUE; + } + + if (SECSuccess == rv) { + pkixError = PKIX_Initialize + (PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION, + PKIX_MINOR_VERSION, &actualMinorVersion, &plContext); + + if (pkixError != NULL) { + rv = SECFailure; + } else { + char *ev = getenv("NSS_ENABLE_PKIX_VERIFY"); + if (ev && ev[0]) { + CERT_SetUsePKIXForValidation(PR_TRUE); + } + } + } + + return rv; +} + + +SECStatus +NSS_Init(const char *configdir) +{ + return nss_Init(configdir, "", "", SECMOD_DB, "", "", "", "", "", + PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, + PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE); +} + +SECStatus +NSS_InitReadWrite(const char *configdir) +{ + return nss_Init(configdir, "", "", SECMOD_DB, "", "", "", "", "", + PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, + PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE); +} + +/* + * OK there are now lots of options here, lets go through them all: + * + * configdir - base directory where all the cert, key, and module datbases live. + * certPrefix - prefix added to the beginning of the cert database example: " + * "https-server1-" + * keyPrefix - prefix added to the beginning of the key database example: " + * "https-server1-" + * secmodName - name of the security module database (usually "secmod.db"). + * flags - change the open options of NSS_Initialize as follows: + * NSS_INIT_READONLY - Open the databases read only. + * NSS_INIT_NOCERTDB - Don't open the cert DB and key DB's, just + * initialize the volatile certdb. + * NSS_INIT_NOMODDB - Don't open the security module DB, just + * initialize the PKCS #11 module. + * NSS_INIT_FORCEOPEN - Continue to force initializations even if the + * databases cannot be opened. + * NSS_INIT_PK11THREADSAFE - only load PKCS#11 modules that are + * thread-safe, ie. that support locking - either OS + * locking or NSS-provided locks . If a PKCS#11 + * module isn't thread-safe, don't serialize its + * calls; just don't load it instead. This is necessary + * if another piece of code is using the same PKCS#11 + * modules that NSS is accessing without going through + * NSS, for example the Java SunPKCS11 provider. + * NSS_INIT_PK11RELOAD - ignore the CKR_CRYPTOKI_ALREADY_INITIALIZED + * error when loading PKCS#11 modules. This is necessary + * if another piece of code is using the same PKCS#11 + * modules that NSS is accessing without going through + * NSS, for example Java SunPKCS11 provider. + * NSS_INIT_NOPK11FINALIZE - never call C_Finalize on any + * PKCS#11 module. This may be necessary in order to + * ensure continuous operation and proper shutdown + * sequence if another piece of code is using the same + * PKCS#11 modules that NSS is accessing without going + * through NSS, for example Java SunPKCS11 provider. + * The following limitation applies when this is set : + * SECMOD_WaitForAnyTokenEvent will not use + * C_WaitForSlotEvent, in order to prevent the need for + * C_Finalize. This call will be emulated instead. + * NSS_INIT_RESERVED - Currently has no effect, but may be used in the + * future to trigger better cooperation between PKCS#11 + * modules used by both NSS and the Java SunPKCS11 + * provider. This should occur after a new flag is defined + * for C_Initialize by the PKCS#11 working group. + * NSS_INIT_COOPERATE - Sets 4 recommended options for applications that + * use both NSS and the Java SunPKCS11 provider. + */ +SECStatus +NSS_Initialize(const char *configdir, const char *certPrefix, + const char *keyPrefix, const char *secmodName, PRUint32 flags) +{ + return nss_Init(configdir, certPrefix, keyPrefix, secmodName, + "", "", "", "", "", + ((flags & NSS_INIT_READONLY) == NSS_INIT_READONLY), + ((flags & NSS_INIT_NOCERTDB) == NSS_INIT_NOCERTDB), + ((flags & NSS_INIT_NOMODDB) == NSS_INIT_NOMODDB), + ((flags & NSS_INIT_FORCEOPEN) == NSS_INIT_FORCEOPEN), + ((flags & NSS_INIT_NOROOTINIT) == NSS_INIT_NOROOTINIT), + ((flags & NSS_INIT_OPTIMIZESPACE) == NSS_INIT_OPTIMIZESPACE), + ((flags & NSS_INIT_PK11THREADSAFE) == NSS_INIT_PK11THREADSAFE), + ((flags & NSS_INIT_PK11RELOAD) == NSS_INIT_PK11RELOAD), + ((flags & NSS_INIT_NOPK11FINALIZE) == NSS_INIT_NOPK11FINALIZE)); +} + +SECStatus +NSS_InitWithMerge(const char *configdir, const char *certPrefix, + const char *keyPrefix, const char *secmodName, + const char *updateDir, const char *updCertPrefix, + const char *updKeyPrefix, const char *updateID, + const char *updateName, PRUint32 flags) +{ + return nss_Init(configdir, certPrefix, keyPrefix, secmodName, + updateDir, updCertPrefix, updKeyPrefix, updateID, updateName, + ((flags & NSS_INIT_READONLY) == NSS_INIT_READONLY), + ((flags & NSS_INIT_NOCERTDB) == NSS_INIT_NOCERTDB), + ((flags & NSS_INIT_NOMODDB) == NSS_INIT_NOMODDB), + ((flags & NSS_INIT_FORCEOPEN) == NSS_INIT_FORCEOPEN), + ((flags & NSS_INIT_NOROOTINIT) == NSS_INIT_NOROOTINIT), + ((flags & NSS_INIT_OPTIMIZESPACE) == NSS_INIT_OPTIMIZESPACE), + ((flags & NSS_INIT_PK11THREADSAFE) == NSS_INIT_PK11THREADSAFE), + ((flags & NSS_INIT_PK11RELOAD) == NSS_INIT_PK11RELOAD), + ((flags & NSS_INIT_NOPK11FINALIZE) == NSS_INIT_NOPK11FINALIZE)); +} + +/* + * initialize NSS without a creating cert db's, key db's, or secmod db's. + */ +SECStatus +NSS_NoDB_Init(const char * configdir) +{ + return nss_Init("","","","", "", "", "", "", "", + PR_TRUE,PR_TRUE,PR_TRUE,PR_TRUE,PR_TRUE,PR_TRUE, + PR_FALSE,PR_FALSE,PR_FALSE); +} + + +#define NSS_SHUTDOWN_STEP 10 + +struct NSSShutdownFuncPair { + NSS_ShutdownFunc func; + void *appData; +}; + +static struct NSSShutdownListStr { + PZLock *lock; + int allocatedFuncs; + int peakFuncs; + struct NSSShutdownFuncPair *funcs; +} nssShutdownList = { 0 }; + +/* + * find and existing shutdown function + */ +static int +nss_GetShutdownEntry(NSS_ShutdownFunc sFunc, void *appData) +{ + int count, i; + count = nssShutdownList.peakFuncs; + /* expect the list to be short, just do a linear search */ + for (i=0; i < count; i++) { + if ((nssShutdownList.funcs[i].func == sFunc) && + (nssShutdownList.funcs[i].appData == appData)){ + return i; + } + } + return -1; +} + +/* + * register a callback to be called when NSS shuts down + */ +SECStatus +NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData) +{ + int i; + + if (!nss_IsInitted) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + if (sFunc == NULL) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + PORT_Assert(nssShutdownList.lock); + PZ_Lock(nssShutdownList.lock); + + /* make sure we don't have a duplicate */ + i = nss_GetShutdownEntry(sFunc, appData); + if (i >= 0) { + PZ_Unlock(nssShutdownList.lock); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + /* find an empty slot */ + i = nss_GetShutdownEntry(NULL, NULL); + if (i >= 0) { + nssShutdownList.funcs[i].func = sFunc; + nssShutdownList.funcs[i].appData = appData; + PZ_Unlock(nssShutdownList.lock); + return SECSuccess; + } + if (nssShutdownList.allocatedFuncs == nssShutdownList.peakFuncs) { + struct NSSShutdownFuncPair *funcs = + (struct NSSShutdownFuncPair *)PORT_Realloc + (nssShutdownList.funcs, + (nssShutdownList.allocatedFuncs + NSS_SHUTDOWN_STEP) + *sizeof(struct NSSShutdownFuncPair)); + if (!funcs) { + return SECFailure; + } + nssShutdownList.funcs = funcs; + nssShutdownList.allocatedFuncs += NSS_SHUTDOWN_STEP; + } + nssShutdownList.funcs[nssShutdownList.peakFuncs].func = sFunc; + nssShutdownList.funcs[nssShutdownList.peakFuncs].appData = appData; + nssShutdownList.peakFuncs++; + PZ_Unlock(nssShutdownList.lock); + return SECSuccess; +} + +/* + * unregister a callback so it won't get called on shutdown. + */ +SECStatus +NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData) +{ + int i; + if (!nss_IsInitted) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + + PORT_Assert(nssShutdownList.lock); + PZ_Lock(nssShutdownList.lock); + i = nss_GetShutdownEntry(sFunc, appData); + if (i >= 0) { + nssShutdownList.funcs[i].func = NULL; + nssShutdownList.funcs[i].appData = NULL; + } + PZ_Unlock(nssShutdownList.lock); + + if (i < 0) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + return SECSuccess; +} + +/* + * bring up and shutdown the shutdown list + */ +static SECStatus +nss_InitShutdownList(void) +{ + nssShutdownList.lock = PZ_NewLock(nssILockOther); + if (nssShutdownList.lock == NULL) { + return SECFailure; + } + nssShutdownList.funcs = PORT_ZNewArray(struct NSSShutdownFuncPair, + NSS_SHUTDOWN_STEP); + if (nssShutdownList.funcs == NULL) { + PZ_DestroyLock(nssShutdownList.lock); + nssShutdownList.lock = NULL; + return SECFailure; + } + nssShutdownList.allocatedFuncs = NSS_SHUTDOWN_STEP; + nssShutdownList.peakFuncs = 0; + + return SECSuccess; +} + +static SECStatus +nss_ShutdownShutdownList(void) +{ + SECStatus rv = SECSuccess; + int i; + + /* call all the registerd functions first */ + for (i=0; i < nssShutdownList.peakFuncs; i++) { + struct NSSShutdownFuncPair *funcPair = &nssShutdownList.funcs[i]; + if (funcPair->func) { + if ((*funcPair->func)(funcPair->appData,NULL) != SECSuccess) { + rv = SECFailure; + } + } + } + + nssShutdownList.peakFuncs = 0; + nssShutdownList.allocatedFuncs = 0; + PORT_Free(nssShutdownList.funcs); + nssShutdownList.funcs = NULL; + if (nssShutdownList.lock) { + PZ_DestroyLock(nssShutdownList.lock); + } + nssShutdownList.lock = NULL; + return rv; +} + + +extern const NSSError NSS_ERROR_BUSY; + +SECStatus +NSS_Shutdown(void) +{ + SECStatus shutdownRV = SECSuccess; + SECStatus rv; + PRStatus status; + + if (!nss_IsInitted) { + PORT_SetError(SEC_ERROR_NOT_INITIALIZED); + return SECFailure; + } + + rv = nss_ShutdownShutdownList(); + if (rv != SECSuccess) { + shutdownRV = SECFailure; + } + cert_DestroyLocks(); + ShutdownCRLCache(); + OCSP_ShutdownGlobal(); + PKIX_Shutdown(plContext); + SECOID_Shutdown(); + status = STAN_Shutdown(); + cert_DestroySubjectKeyIDHashTable(); + rv = SECMOD_Shutdown(); + if (rv != SECSuccess) { + shutdownRV = SECFailure; + } + pk11sdr_Shutdown(); + /* + * A thread's error stack is automatically destroyed when the thread + * terminates, except for the primordial thread, whose error stack is + * destroyed by PR_Cleanup. Since NSS is usually shut down by the + * primordial thread and many NSS-based apps don't call PR_Cleanup, + * we destroy the calling thread's error stack here. + */ + nss_DestroyErrorStack(); + nssArena_Shutdown(); + if (status == PR_FAILURE) { + if (NSS_GetError() == NSS_ERROR_BUSY) { + PORT_SetError(SEC_ERROR_BUSY); + } + shutdownRV = SECFailure; + } + nss_IsInitted = PR_FALSE; + return shutdownRV; +} + +PRBool +NSS_IsInitialized(void) +{ + return nss_IsInitted; +} + + +extern const char __nss_base_rcsid[]; +extern const char __nss_base_sccsid[]; + +PRBool +NSS_VersionCheck(const char *importedVersion) +{ + /* + * This is the secret handshake algorithm. + * + * This release has a simple version compatibility + * check algorithm. This release is not backward + * compatible with previous major releases. It is + * not compatible with future major, minor, or + * patch releases. + */ + int vmajor = 0, vminor = 0, vpatch = 0; + const char *ptr = importedVersion; + volatile char c; /* force a reference that won't get optimized away */ + + c = __nss_base_rcsid[0] + __nss_base_sccsid[0]; + + while (isdigit(*ptr)) { + vmajor = 10 * vmajor + *ptr - '0'; + ptr++; + } + if (*ptr == '.') { + ptr++; + while (isdigit(*ptr)) { + vminor = 10 * vminor + *ptr - '0'; + ptr++; + } + if (*ptr == '.') { + ptr++; + while (isdigit(*ptr)) { + vpatch = 10 * vpatch + *ptr - '0'; + ptr++; + } + } + } + + if (vmajor != NSS_VMAJOR) { + return PR_FALSE; + } + if (vmajor == NSS_VMAJOR && vminor > NSS_VMINOR) { + return PR_FALSE; + } + if (vmajor == NSS_VMAJOR && vminor == NSS_VMINOR && vpatch > NSS_VPATCH) { + return PR_FALSE; + } + /* Check dependent libraries */ + if (PR_VersionCheck(PR_VERSION) == PR_FALSE) { + return PR_FALSE; + } + return PR_TRUE; +} diff --git a/security/nss/lib/nss/nssrenam.h b/security/nss/lib/nss/nssrenam.h new file mode 100644 index 000000000..156646cdd --- /dev/null +++ b/security/nss/lib/nss/nssrenam.h @@ -0,0 +1,47 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 2001 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifndef __nssrenam_h_ +#define __nssrenam_h_ + +#define CERT_AddTempCertToPerm __CERT_AddTempCertToPerm +#define PK11_CreateContextByRawKey __PK11_CreateContextByRawKey +#define CERT_ClosePermCertDB __CERT_ClosePermCertDB +#define CERT_DecodeDERCertificate __CERT_DecodeDERCertificate +#define CERT_TraversePermCertsForNickname __CERT_TraversePermCertsForNickname +#define CERT_TraversePermCertsForSubject __CERT_TraversePermCertsForSubject + +#endif /* __nssrenam_h_ */ diff --git a/security/nss/lib/nss/nssver.c b/security/nss/lib/nss/nssver.c new file mode 100644 index 000000000..9d7f8136e --- /dev/null +++ b/security/nss/lib/nss/nssver.c @@ -0,0 +1,56 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 2001 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +/* Library identity and versioning */ + +#include "nss.h" + +#if defined(DEBUG) +#define _DEBUG_STRING " (debug)" +#else +#define _DEBUG_STRING "" +#endif + +/* + * Version information for the 'ident' and 'what commands + * + * NOTE: the first component of the concatenated rcsid string + * must not end in a '$' to prevent rcs keyword substitution. + */ +const char __nss_base_rcsid[] = "$Header: NSS " NSS_VERSION _DEBUG_STRING + " " __DATE__ " " __TIME__ " $"; +const char __nss_base_sccsid[] = "@(#)NSS " NSS_VERSION _DEBUG_STRING + " " __DATE__ " " __TIME__; diff --git a/security/nss/lib/nss/pkixpriv.def b/security/nss/lib/nss/pkixpriv.def new file mode 100644 index 000000000..165ebf393 --- /dev/null +++ b/security/nss/lib/nss/pkixpriv.def @@ -0,0 +1,318 @@ +;+LIBPKIXprivate { +;+ global: +;+# libpkix functions +;+# May not become part of the NSS public API. Needed for unit testing for now. +NSS_Get_PKIX_PL_LDAPMessageTemplate; +PKIX_PL_LDAPMessageTemplate; +PKIX_ALLOC_ERROR; +PKIX_BuildChain; +pkix_BuildResult_Create; +PKIX_BuildResult_GetCertChain; +PKIX_BuildResult_GetValidateResult; +PKIX_CertChainChecker_Create; +PKIX_CertChainChecker_GetCertChainCheckerState; +PKIX_CertChainChecker_GetCheckCallback; +PKIX_CertChainChecker_GetSupportedExtensions; +PKIX_CertChainChecker_IsForwardCheckingSupported; +PKIX_CertChainChecker_IsForwardDirectionExpected; +PKIX_CertChainChecker_SetCertChainCheckerState; +PKIX_CertSelector_Create; +PKIX_CertSelector_GetCertSelectorContext; +PKIX_CertSelector_GetCommonCertSelectorParams; +PKIX_CertSelector_GetMatchCallback; +PKIX_CertSelector_SetCommonCertSelectorParams; +PKIX_CertStore_CertContinue; +PKIX_CertStore_Create; +PKIX_CertStore_CrlContinue; +PKIX_CertStore_GetCertCallback; +PKIX_CertStore_GetCertStoreContext; +PKIX_CertStore_GetCRLCallback; +PKIX_CertStore_GetTrustCallback; +pkix_CheckType; +PKIX_ComCertSelParams_AddPathToName; +PKIX_ComCertSelParams_AddSubjAltName; +PKIX_ComCertSelParams_Create; +PKIX_ComCertSelParams_GetAuthorityKeyIdentifier; +PKIX_ComCertSelParams_GetBasicConstraints; +PKIX_ComCertSelParams_GetCertificate; +PKIX_ComCertSelParams_GetCertificateValid; +PKIX_ComCertSelParams_GetExtendedKeyUsage; +PKIX_ComCertSelParams_GetIssuer; +PKIX_ComCertSelParams_GetKeyUsage; +PKIX_ComCertSelParams_GetMatchAllSubjAltNames; +PKIX_ComCertSelParams_GetNameConstraints; +PKIX_ComCertSelParams_GetPathToNames; +PKIX_ComCertSelParams_GetPolicy; +PKIX_ComCertSelParams_GetSerialNumber; +PKIX_ComCertSelParams_GetSubjAltNames; +PKIX_ComCertSelParams_GetSubject; +PKIX_ComCertSelParams_GetSubjKeyIdentifier; +PKIX_ComCertSelParams_GetSubjPKAlgId; +PKIX_ComCertSelParams_GetSubjPubKey; +PKIX_ComCertSelParams_GetVersion; +PKIX_ComCertSelParams_SetAuthorityKeyIdentifier; +PKIX_ComCertSelParams_SetBasicConstraints; +PKIX_ComCertSelParams_SetCertificate; +PKIX_ComCertSelParams_SetCertificateValid; +PKIX_ComCertSelParams_SetExtendedKeyUsage; +PKIX_ComCertSelParams_SetIssuer; +PKIX_ComCertSelParams_SetKeyUsage; +PKIX_ComCertSelParams_SetMatchAllSubjAltNames; +PKIX_ComCertSelParams_SetNameConstraints; +PKIX_ComCertSelParams_SetPathToNames; +PKIX_ComCertSelParams_SetPolicy; +PKIX_ComCertSelParams_SetSerialNumber; +PKIX_ComCertSelParams_SetSubjAltNames; +PKIX_ComCertSelParams_SetSubject; +PKIX_ComCertSelParams_SetSubjKeyIdentifier; +PKIX_ComCertSelParams_SetSubjPKAlgId; +PKIX_ComCertSelParams_SetSubjPubKey; +PKIX_ComCertSelParams_SetVersion; +PKIX_ComCRLSelParams_AddIssuerName; +PKIX_ComCRLSelParams_Create; +PKIX_ComCRLSelParams_GetCertificateChecking; +PKIX_ComCRLSelParams_GetDateAndTime; +PKIX_ComCRLSelParams_GetIssuerNames; +PKIX_ComCRLSelParams_GetMaxCRLNumber; +PKIX_ComCRLSelParams_GetMinCRLNumber; +PKIX_ComCRLSelParams_SetCertificateChecking; +PKIX_ComCRLSelParams_SetDateAndTime; +PKIX_ComCRLSelParams_SetIssuerNames; +PKIX_ComCRLSelParams_SetMaxCRLNumber; +PKIX_ComCRLSelParams_SetMinCRLNumber; +PKIX_CRLSelector_Create; +PKIX_CRLSelector_GetCommonCRLSelectorParams; +PKIX_CRLSelector_GetCRLSelectorContext; +PKIX_CRLSelector_GetMatchCallback; +PKIX_CRLSelector_SetCommonCRLSelectorParams; +pkix_DefaultRevChecker_Initialize; +PKIX_Error_Create; +PKIX_Error_GetCause; +PKIX_Error_GetDescription; +PKIX_Error_GetErrorClass; +PKIX_Error_GetSupplementaryInfo; +PKIX_ERRORCLASSNAMES DATA ; +PKIX_Initialize; +PKIX_Initialize_SetConfigDir; +PKIX_List_AppendItem; +PKIX_List_Create; +PKIX_List_DeleteItem; +PKIX_List_GetItem; +PKIX_List_GetLength; +PKIX_List_InsertItem; +PKIX_List_IsEmpty; +PKIX_List_IsImmutable; +PKIX_List_ReverseList; +PKIX_List_SetImmutable; +PKIX_List_SetItem; +PKIX_AddLogger; +PKIX_GetLoggers; +PKIX_SetLoggers; +PKIX_Logger_Create; +PKIX_Logger_GetLoggerContext; +PKIX_Logger_GetLoggingComponent; +PKIX_Logger_GetLogCallback; +PKIX_Logger_GetMaxLoggingLevel; +PKIX_Logger_SetLoggingComponent; +PKIX_Logger_SetMaxLoggingLevel; +PKIX_OcspChecker_Initialize; +PKIX_OcspChecker_SetOCSPResponder; +PKIX_OcspChecker_SetPasswordInfo; +PKIX_OcspChecker_SetVerifyFcn; +PKIX_PL_AcquireReaderLock; +PKIX_PL_AcquireWriterLock; +PKIX_PL_BasicConstraints_GetCAFlag; +PKIX_PL_BasicConstraints_GetPathLenConstraint; +PKIX_PL_BigInt_Create; +PKIX_PL_ByteArray_Create; +PKIX_PL_ByteArray_GetLength; +PKIX_PL_ByteArray_GetPointer; +PKIX_PL_Cert_AreCertPoliciesCritical; +PKIX_PL_Cert_CheckNameConstraints; +PKIX_PL_Cert_CheckValidity; +PKIX_PL_Cert_Create; +pkix_pl_Cert_CreateToList; +pkix_pl_Cert_CreateWithNSSCert; +PKIX_PL_Cert_GetAuthorityInfoAccess; +PKIX_PL_Cert_GetAuthorityKeyIdentifier; +PKIX_PL_Cert_GetBasicConstraints; +PKIX_PL_Cert_GetCriticalExtensionOIDs; +PKIX_PL_Cert_GetExtendedKeyUsage; +PKIX_PL_Cert_GetInhibitAnyPolicy; +PKIX_PL_Cert_GetIssuer; +PKIX_PL_Cert_GetNameConstraints; +PKIX_PL_Cert_GetPolicyInformation; +PKIX_PL_Cert_GetPolicyMappingInhibited; +PKIX_PL_Cert_GetPolicyMappings; +PKIX_PL_Cert_GetRequireExplicitPolicy; +PKIX_PL_Cert_GetSerialNumber; +PKIX_PL_Cert_GetSubject; +PKIX_PL_Cert_GetSubjectAltNames; +PKIX_PL_Cert_GetSubjectInfoAccess; +PKIX_PL_Cert_GetSubjectKeyIdentifier; +PKIX_PL_Cert_GetSubjectPublicKey; +PKIX_PL_Cert_GetSubjectPublicKeyAlgId; +PKIX_PL_Cert_GetVersion; +PKIX_PL_Cert_IsCertTrusted; +PKIX_PL_Cert_MergeNameConstraints; +PKIX_PL_Cert_VerifyKeyUsage; +PKIX_PL_Cert_VerifySignature; +PKIX_PL_CertPolicyInfo_GetPolicyId; +PKIX_PL_CertPolicyInfo_GetPolQualifiers; +PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy; +PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy; +PKIX_PL_CollectionCertStore_Create; +PKIX_PL_CRL_Create; +pkix_pl_CRL_CreateToList; +PKIX_PL_CRL_GetCriticalExtensionOIDs; +PKIX_PL_CRL_GetCRLEntryForSerialNumber; +PKIX_PL_CRL_GetIssuer; +PKIX_PL_CRL_VerifySignature; +PKIX_PL_CRLEntry_GetCriticalExtensionOIDs; +PKIX_PL_CRLEntry_GetCRLEntryReasonCode; +PKIX_PL_Date_Create_UTCTime; +pkix_pl_Date_CreateFromPRTime; +pkix_pl_Date_GetPRTime; +PKIX_PL_EkuChecker_Initialize; +PKIX_PL_Free; +PKIX_PL_GeneralName_Create; +PKIX_PL_GetString; +PKIX_PL_HashTable_Add; +PKIX_PL_HashTable_Create; +PKIX_PL_HashTable_Lookup; +PKIX_PL_HashTable_Remove; +PKIX_PL_HttpCertStore_Create; +pkix_pl_HttpCertStore_CreateWithAsciiName; +PKIX_PL_Initialize; +PKIX_PL_InfoAccess_GetMethod; +PKIX_PL_InfoAccess_GetLocation; +PKIX_PL_InfoAccess_GetLocationType; +PKIX_PL_LdapCertStore_Create; +PKIX_PL_LdapClient_InitiateRequest; +PKIX_PL_LdapClient_ResumeRequest; +PKIX_PL_LdapDefaultClient_AbandonRequest; +PKIX_PL_LdapDefaultClient_Create; +PKIX_PL_LdapDefaultClient_CreateByName; +pkix_pl_LdapResponse_Create; +PKIX_PL_Malloc; +PKIX_PL_Memcpy; +PKIX_PL_MonitorLock_Create; +PKIX_PL_MonitorLock_Enter; +PKIX_PL_MonitorLock_Exit; +PKIX_PL_Mutex_Create; +PKIX_PL_Mutex_Lock; +PKIX_PL_Mutex_Unlock; +PKIX_PL_NssContext_Create; +PKIX_PL_Object_Alloc; +PKIX_PL_Object_Compare; +PKIX_PL_Object_DecRef; +PKIX_PL_Object_Duplicate; +PKIX_PL_Object_Equals; +PKIX_PL_Object_GetType; +PKIX_PL_Object_Hashcode; +PKIX_PL_Object_IncRef; +PKIX_PL_Object_IsTypeRegistered; +PKIX_PL_Object_Lock; +PKIX_PL_Object_RegisterType; +PKIX_PL_Object_ToString; +PKIX_PL_Object_Unlock; +PKIX_PL_OID_Create; +pkix_pl_OcspRequest_Create; +pkix_pl_OcspResponse_Create; +pkix_pl_OcspResponse_Decode; +pkix_pl_OcspResponse_GetStatus; +pkix_pl_OcspResponse_GetStatusForCert; +PKIX_PL_OcspResponse_UseBuildChain; +pkix_pl_OcspResponse_VerifySignature; +PKIX_PL_Pk11CertStore_Create; +PKIX_PL_PolicyQualifier_GetPolicyQualifierId; +PKIX_PL_PolicyQualifier_GetQualifier; +PKIX_PL_PublicKey_MakeInheritedDSAPublicKey; +PKIX_PL_PublicKey_NeedsDSAParameters; +PKIX_PL_Realloc; +PKIX_PL_ReleaseReaderLock; +PKIX_PL_ReleaseWriterLock; +PKIX_PL_RWLock_Create; +PKIX_PL_Shutdown; +pkix_pl_Socket_Create; +pkix_pl_Socket_CreateByName; +pkix_pl_Socket_GetCallbackList; +PKIX_PL_Sprintf; +PKIX_PL_String_Create; +PKIX_PL_String_GetEncoded; +PKIX_PL_X500Name_Create; +pkix_pl_X500Name_GetCommonName; +pkix_pl_X500Name_GetCountryName; +pkix_pl_X500Name_GetOrgName; +PKIX_PL_X500Name_Match; +pkix_PolicyNode_AddToParent; +pkix_PolicyNode_Create; +PKIX_PolicyNode_GetChildren; +PKIX_PolicyNode_GetDepth; +PKIX_PolicyNode_GetExpectedPolicies; +PKIX_PolicyNode_GetParent; +PKIX_PolicyNode_GetPolicyQualifiers; +PKIX_PolicyNode_GetValidPolicy; +PKIX_PolicyNode_IsCritical; +pkix_PolicyNode_Prune; +PKIX_ProcessingParams_AddCertChainChecker; +PKIX_ProcessingParams_AddCertStore; +PKIX_ProcessingParams_AddRevocationChecker; +PKIX_ProcessingParams_Create; +PKIX_ProcessingParams_GetCertChainCheckers; +PKIX_ProcessingParams_GetCertStores; +PKIX_ProcessingParams_GetDate; +PKIX_ProcessingParams_GetHintCerts; +PKIX_ProcessingParams_GetInitialPolicies; +PKIX_ProcessingParams_GetPolicyQualifiersRejected; +PKIX_ProcessingParams_GetResourceLimits; +PKIX_ProcessingParams_GetRevocationCheckers; +PKIX_ProcessingParams_GetTargetCertConstraints; +PKIX_ProcessingParams_GetTrustAnchors; +PKIX_ProcessingParams_IsAnyPolicyInhibited; +PKIX_ProcessingParams_IsCRLRevocationCheckingEnabled; +PKIX_ProcessingParams_IsExplicitPolicyRequired; +PKIX_ProcessingParams_IsPolicyMappingInhibited; +PKIX_ProcessingParams_SetAnyPolicyInhibited; +PKIX_ProcessingParams_SetCertChainCheckers; +PKIX_ProcessingParams_SetCertStores; +PKIX_ProcessingParams_SetDate; +PKIX_ProcessingParams_SetExplicitPolicyRequired; +PKIX_ProcessingParams_SetHintCerts; +PKIX_ProcessingParams_SetInitialPolicies; +PKIX_ProcessingParams_SetPolicyMappingInhibited; +PKIX_ProcessingParams_SetPolicyQualifiersRejected; +PKIX_ProcessingParams_SetResourceLimits; +PKIX_ProcessingParams_SetRevocationCheckers; +PKIX_ProcessingParams_SetRevocationEnabled; +PKIX_ProcessingParams_SetTargetCertConstraints; +PKIX_RevocationChecker_Create; +PKIX_RevocationChecker_GetRevCallback; +PKIX_RevocationChecker_GetRevCheckerContext; +PKIX_Shutdown; +pkix_Throw; +PKIX_TrustAnchor_CreateWithCert; +PKIX_TrustAnchor_CreateWithNameKeyPair; +PKIX_TrustAnchor_GetCAName; +PKIX_TrustAnchor_GetCAPublicKey; +PKIX_TrustAnchor_GetNameConstraints; +PKIX_TrustAnchor_GetTrustedCert; +PKIX_ValidateChain; +PKIX_ValidateChain_NB; +PKIX_ValidateParams_Create; +PKIX_ValidateParams_GetCertChain; +PKIX_ValidateParams_GetProcessingParams; +pkix_ValidateResult_Create; +PKIX_ValidateResult_GetPolicyTree; +PKIX_ValidateResult_GetPublicKey; +PKIX_ValidateResult_GetTrustAnchor; +pkix_VerifyNode_AddToChain; +pkix_VerifyNode_Create; +PKIX_ResourceLimits_Create; +PKIX_ResourceLimits_GetMaxDepth; +PKIX_ResourceLimits_GetMaxFanout; +PKIX_ResourceLimits_GetMaxTime; +PKIX_ResourceLimits_SetMaxDepth; +PKIX_ResourceLimits_SetMaxFanout; +PKIX_ResourceLimits_SetMaxTime; +;+}; diff --git a/security/nss/lib/nss/utilwrap.c b/security/nss/lib/nss/utilwrap.c new file mode 100644 index 000000000..900ab325a --- /dev/null +++ b/security/nss/lib/nss/utilwrap.c @@ -0,0 +1,826 @@ +/* + * NSS utility functions + * + * ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Network Security Services libraries. + * + * The Initial Developer of the Original Code is + * Sun Microsystems, Inc. + * Portions created by the Initial Developer are Copyright (C) 2007 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#include "secport.h" +#include "secoid.h" +#include "secitem.h" +#include "secdig.h" +#include "secder.h" +#include "secasn1.h" +#include "base64.h" +#include "nssb64.h" +#include "nssrwlk.h" +#include "cert.h" +#include "prerror.h" + +/* wrappers for implementation in libnssutil3 */ +#undef ATOB_AsciiToData +#undef ATOB_ConvertAsciiToItem +#undef BTOA_ConvertItemToAscii +#undef BTOA_DataToAscii +#undef CERT_GenTime2FormattedAscii +#undef DER_AsciiToTime +#undef DER_DecodeTimeChoice +#undef DER_Encode +#undef DER_EncodeTimeChoice +#undef DER_GeneralizedDayToAscii +#undef DER_GeneralizedTimeToTime +#undef DER_GetInteger +#undef DER_Lengths +#undef DER_TimeChoiceDayToAscii +#undef DER_TimeToGeneralizedTime +#undef DER_TimeToGeneralizedTimeArena +#undef DER_TimeToUTCTime +#undef DER_UTCDayToAscii +#undef DER_UTCTimeToAscii +#undef DER_UTCTimeToTime +#undef NSS_PutEnv +#undef NSSBase64_DecodeBuffer +#undef NSSBase64_EncodeItem +#undef NSSBase64Decoder_Create +#undef NSSBase64Decoder_Destroy +#undef NSSBase64Decoder_Update +#undef NSSBase64Encoder_Create +#undef NSSBase64Encoder_Destroy +#undef NSSBase64Encoder_Update +#undef NSSRWLock_Destroy +#undef NSSRWLock_HaveWriteLock +#undef NSSRWLock_LockRead +#undef NSSRWLock_LockWrite +#undef NSSRWLock_New +#undef NSSRWLock_UnlockRead +#undef NSSRWLock_UnlockWrite +#undef PORT_Alloc +#undef PORT_ArenaAlloc +#undef PORT_ArenaGrow +#undef PORT_ArenaMark +#undef PORT_ArenaRelease +#undef PORT_ArenaStrdup +#undef PORT_ArenaUnmark +#undef PORT_ArenaZAlloc +#undef PORT_Free +#undef PORT_FreeArena +#undef PORT_GetError +#undef PORT_NewArena +#undef PORT_Realloc +#undef PORT_SetError +#undef PORT_SetUCS2_ASCIIConversionFunction +#undef PORT_SetUCS2_UTF8ConversionFunction +#undef PORT_SetUCS4_UTF8ConversionFunction +#undef PORT_Strdup +#undef PORT_UCS2_ASCIIConversion +#undef PORT_UCS2_UTF8Conversion +#undef PORT_ZAlloc +#undef PORT_ZFree +#undef SEC_ASN1Decode +#undef SEC_ASN1DecodeInteger +#undef SEC_ASN1DecodeItem +#undef SEC_ASN1DecoderAbort +#undef SEC_ASN1DecoderClearFilterProc +#undef SEC_ASN1DecoderClearNotifyProc +#undef SEC_ASN1DecoderFinish +#undef SEC_ASN1DecoderSetFilterProc +#undef SEC_ASN1DecoderSetNotifyProc +#undef SEC_ASN1DecoderStart +#undef SEC_ASN1DecoderUpdate +#undef SEC_ASN1Encode +#undef SEC_ASN1EncodeInteger +#undef SEC_ASN1EncodeItem +#undef SEC_ASN1EncoderAbort +#undef SEC_ASN1EncoderClearNotifyProc +#undef SEC_ASN1EncoderClearStreaming +#undef SEC_ASN1EncoderClearTakeFromBuf +#undef SEC_ASN1EncoderFinish +#undef SEC_ASN1EncoderSetNotifyProc +#undef SEC_ASN1EncoderSetStreaming +#undef SEC_ASN1EncoderSetTakeFromBuf +#undef SEC_ASN1EncoderStart +#undef SEC_ASN1EncoderUpdate +#undef SEC_ASN1EncodeUnsignedInteger +#undef SEC_ASN1LengthLength +#undef SEC_QuickDERDecodeItem +#undef SECITEM_AllocItem +#undef SECITEM_ArenaDupItem +#undef SECITEM_CompareItem +#undef SECITEM_CopyItem +#undef SECITEM_DupItem +#undef SECITEM_FreeItem +#undef SECITEM_ItemsAreEqual +#undef SECITEM_ZfreeItem +#undef SECOID_AddEntry +#undef SECOID_CompareAlgorithmID +#undef SECOID_CopyAlgorithmID +#undef SECOID_DestroyAlgorithmID +#undef SECOID_FindOID +#undef SECOID_FindOIDByTag +#undef SECOID_FindOIDTag +#undef SECOID_FindOIDTagDescription +#undef SECOID_GetAlgorithmTag +#undef SECOID_SetAlgorithmID +#undef SGN_CompareDigestInfo +#undef SGN_CopyDigestInfo +#undef SGN_CreateDigestInfo +#undef SGN_DestroyDigestInfo + +void * +PORT_Alloc(size_t bytes) +{ + return PORT_Alloc_Util(bytes); +} + +void * +PORT_Realloc(void *oldptr, size_t bytes) +{ + return PORT_Realloc_Util(oldptr, bytes); +} + +void * +PORT_ZAlloc(size_t bytes) +{ + return PORT_ZAlloc_Util(bytes); +} + +void +PORT_Free(void *ptr) +{ + PORT_Free_Util(ptr); +} + +void +PORT_ZFree(void *ptr, size_t len) +{ + PORT_ZFree_Util(ptr, len); +} + +char * +PORT_Strdup(const char *str) +{ + return PORT_Strdup_Util(str); +} + +void +PORT_SetError(int value) +{ + PORT_SetError_Util(value); +} + +int +PORT_GetError(void) +{ + return PORT_GetError_Util(); +} + +PLArenaPool * +PORT_NewArena(unsigned long chunksize) +{ + return PORT_NewArena_Util(chunksize); +} + +void * +PORT_ArenaAlloc(PLArenaPool *arena, size_t size) +{ + return PORT_ArenaAlloc_Util(arena, size); +} + +void * +PORT_ArenaZAlloc(PLArenaPool *arena, size_t size) +{ + return PORT_ArenaZAlloc_Util(arena, size); +} + +void +PORT_FreeArena(PLArenaPool *arena, PRBool zero) +{ + PORT_FreeArena_Util(arena, zero); +} + +void * +PORT_ArenaGrow(PLArenaPool *arena, void *ptr, size_t oldsize, size_t newsize) +{ + return PORT_ArenaGrow_Util(arena, ptr, oldsize, newsize); +} + +void * +PORT_ArenaMark(PLArenaPool *arena) +{ + return PORT_ArenaMark_Util(arena); +} + +void +PORT_ArenaRelease(PLArenaPool *arena, void *mark) +{ + PORT_ArenaRelease_Util(arena, mark); +} + +void +PORT_ArenaUnmark(PLArenaPool *arena, void *mark) +{ + PORT_ArenaUnmark_Util(arena, mark); +} + +char * +PORT_ArenaStrdup(PLArenaPool *arena, const char *str) +{ + return PORT_ArenaStrdup_Util(arena, str); +} + +void +PORT_SetUCS4_UTF8ConversionFunction(PORTCharConversionFunc convFunc) +{ + PORT_SetUCS4_UTF8ConversionFunction_Util(convFunc); +} + +void +PORT_SetUCS2_ASCIIConversionFunction(PORTCharConversionWSwapFunc convFunc) +{ + PORT_SetUCS2_ASCIIConversionFunction_Util(convFunc); +} + +void +PORT_SetUCS2_UTF8ConversionFunction(PORTCharConversionFunc convFunc) +{ + PORT_SetUCS2_UTF8ConversionFunction_Util(convFunc); +} + +PRBool +PORT_UCS2_UTF8Conversion(PRBool toUnicode, unsigned char *inBuf, + unsigned int inBufLen, unsigned char *outBuf, + unsigned int maxOutBufLen, unsigned int *outBufLen) +{ + return PORT_UCS2_UTF8Conversion_Util(toUnicode, inBuf, inBufLen, outBuf, + maxOutBufLen, outBufLen); +} + +PRBool +PORT_UCS2_ASCIIConversion(PRBool toUnicode, unsigned char *inBuf, + unsigned int inBufLen, unsigned char *outBuf, + unsigned int maxOutBufLen, unsigned int *outBufLen, + PRBool swapBytes) +{ + return PORT_UCS2_ASCIIConversion_Util(toUnicode, inBuf, inBufLen, outBuf, + maxOutBufLen, outBufLen, swapBytes); +} + +int +NSS_PutEnv(const char * envVarName, const char * envValue) +{ + return NSS_PutEnv_Util(envVarName, envValue); +} + +SECOidData *SECOID_FindOID( const SECItem *oid) +{ + return SECOID_FindOID_Util(oid); +} + +SECOidTag SECOID_FindOIDTag(const SECItem *oid) +{ + return SECOID_FindOIDTag_Util(oid); +} + +SECOidData *SECOID_FindOIDByTag(SECOidTag tagnum) +{ + return SECOID_FindOIDByTag_Util(tagnum); +} + +SECStatus SECOID_SetAlgorithmID(PRArenaPool *arena, SECAlgorithmID *aid, + SECOidTag tag, SECItem *params) +{ + return SECOID_SetAlgorithmID_Util(arena, aid, tag, params); +} + +SECStatus SECOID_CopyAlgorithmID(PRArenaPool *arena, SECAlgorithmID *dest, + SECAlgorithmID *src) +{ + return SECOID_CopyAlgorithmID_Util(arena, dest, src); +} + +SECOidTag SECOID_GetAlgorithmTag(SECAlgorithmID *aid) +{ + return SECOID_GetAlgorithmTag_Util(aid); +} + +void SECOID_DestroyAlgorithmID(SECAlgorithmID *aid, PRBool freeit) +{ + SECOID_DestroyAlgorithmID_Util(aid, freeit); +} + +SECComparison SECOID_CompareAlgorithmID(SECAlgorithmID *a, + SECAlgorithmID *b) +{ + return SECOID_CompareAlgorithmID_Util(a, b); +} + +const char *SECOID_FindOIDTagDescription(SECOidTag tagnum) +{ + return SECOID_FindOIDTagDescription_Util(tagnum); +} + +SECOidTag SECOID_AddEntry(const SECOidData * src) +{ + return SECOID_AddEntry_Util(src); +} + +SECItem *SECITEM_AllocItem(PRArenaPool *arena, SECItem *item, + unsigned int len) +{ + return SECITEM_AllocItem_Util(arena, item, len); +} + +SECComparison SECITEM_CompareItem(const SECItem *a, const SECItem *b) +{ + return SECITEM_CompareItem_Util(a, b); +} + +PRBool SECITEM_ItemsAreEqual(const SECItem *a, const SECItem *b) +{ + return SECITEM_ItemsAreEqual_Util(a, b); +} + +SECStatus SECITEM_CopyItem(PRArenaPool *arena, SECItem *to, + const SECItem *from) +{ + return SECITEM_CopyItem_Util(arena, to, from); +} + +SECItem *SECITEM_DupItem(const SECItem *from) +{ + return SECITEM_DupItem_Util(from); +} + +SECItem *SECITEM_ArenaDupItem(PRArenaPool *arena, const SECItem *from) +{ + return SECITEM_ArenaDupItem_Util(arena, from); +} + +void SECITEM_FreeItem(SECItem *zap, PRBool freeit) +{ + SECITEM_FreeItem_Util(zap, freeit); +} + +void SECITEM_ZfreeItem(SECItem *zap, PRBool freeit) +{ + SECITEM_ZfreeItem_Util(zap, freeit); +} + +SGNDigestInfo *SGN_CreateDigestInfo(SECOidTag algorithm, + unsigned char *sig, + unsigned int sigLen) +{ + return SGN_CreateDigestInfo_Util(algorithm, sig, sigLen); +} + +void SGN_DestroyDigestInfo(SGNDigestInfo *info) +{ + SGN_DestroyDigestInfo_Util(info); +} + +SECStatus SGN_CopyDigestInfo(PRArenaPool *poolp, + SGNDigestInfo *a, + SGNDigestInfo *b) +{ + return SGN_CopyDigestInfo_Util(poolp, a, b); +} + +SECComparison SGN_CompareDigestInfo(SGNDigestInfo *a, SGNDigestInfo *b) +{ + return SGN_CompareDigestInfo_Util(a, b); +} + +SECStatus DER_Encode(PRArenaPool *arena, SECItem *dest, DERTemplate *t, + void *src) +{ + return DER_Encode_Util(arena, dest, t, src); +} + +SECStatus DER_Lengths(SECItem *item, int *header_len_p, + PRUint32 *contents_len_p) +{ + return DER_Lengths_Util(item, header_len_p, contents_len_p); +} + +long DER_GetInteger(SECItem *src) +{ + return DER_GetInteger_Util(src); +} + +SECStatus DER_TimeToUTCTime(SECItem *result, int64 time) +{ + return DER_TimeToUTCTime_Util(result, time); +} + +SECStatus DER_AsciiToTime(int64 *result, const char *string) +{ + return DER_AsciiToTime_Util(result, string); +} + +SECStatus DER_UTCTimeToTime(int64 *result, const SECItem *time) +{ + return DER_UTCTimeToTime_Util(result, time); +} + +char *DER_UTCTimeToAscii(SECItem *utcTime) +{ + return DER_UTCTimeToAscii_Util(utcTime); +} + +char *DER_UTCDayToAscii(SECItem *utctime) +{ + return DER_UTCDayToAscii_Util(utctime); +} + +char *DER_GeneralizedDayToAscii(SECItem *gentime) +{ + return DER_GeneralizedDayToAscii_Util(gentime); +} + +char *DER_TimeChoiceDayToAscii(SECItem *timechoice) +{ + return DER_TimeChoiceDayToAscii_Util(timechoice); +} + +SECStatus DER_TimeToGeneralizedTime(SECItem *dst, int64 gmttime) +{ + return DER_TimeToGeneralizedTime_Util(dst, gmttime); +} + +SECStatus DER_TimeToGeneralizedTimeArena(PRArenaPool* arenaOpt, + SECItem *dst, int64 gmttime) +{ + return DER_TimeToGeneralizedTimeArena_Util(arenaOpt, dst, gmttime); +} + +SECStatus DER_GeneralizedTimeToTime(int64 *dst, const SECItem *time) +{ + return DER_GeneralizedTimeToTime_Util(dst, time); +} + +char *CERT_GenTime2FormattedAscii (int64 genTime, char *format) +{ + return CERT_GenTime2FormattedAscii_Util(genTime, format); +} + +SECStatus DER_DecodeTimeChoice(PRTime* output, const SECItem* input) +{ + return DER_DecodeTimeChoice_Util(output, input); +} + +SECStatus DER_EncodeTimeChoice(PRArenaPool* arena, SECItem* output, + PRTime input) +{ + return DER_EncodeTimeChoice_Util(arena, output, input); +} + +SEC_ASN1DecoderContext *SEC_ASN1DecoderStart(PRArenaPool *pool, + void *dest, + const SEC_ASN1Template *t) +{ + return SEC_ASN1DecoderStart_Util(pool, dest, t); +} + +SECStatus SEC_ASN1DecoderUpdate(SEC_ASN1DecoderContext *cx, + const char *buf, + unsigned long len) +{ + return SEC_ASN1DecoderUpdate_Util(cx, buf, len); +} + +SECStatus SEC_ASN1DecoderFinish(SEC_ASN1DecoderContext *cx) +{ + return SEC_ASN1DecoderFinish_Util(cx); +} + +void SEC_ASN1DecoderAbort(SEC_ASN1DecoderContext *cx, int error) +{ + SEC_ASN1DecoderAbort_Util(cx, error); +} + +void SEC_ASN1DecoderSetFilterProc(SEC_ASN1DecoderContext *cx, + SEC_ASN1WriteProc fn, + void *arg, PRBool no_store) +{ + SEC_ASN1DecoderSetFilterProc_Util(cx, fn, arg, no_store); +} + +void SEC_ASN1DecoderClearFilterProc(SEC_ASN1DecoderContext *cx) +{ + SEC_ASN1DecoderClearFilterProc_Util(cx); +} + +void SEC_ASN1DecoderSetNotifyProc(SEC_ASN1DecoderContext *cx, + SEC_ASN1NotifyProc fn, + void *arg) +{ + SEC_ASN1DecoderSetNotifyProc_Util(cx, fn, arg); +} + +void SEC_ASN1DecoderClearNotifyProc(SEC_ASN1DecoderContext *cx) +{ + SEC_ASN1DecoderClearNotifyProc_Util(cx); +} + +SECStatus SEC_ASN1Decode(PRArenaPool *pool, void *dest, + const SEC_ASN1Template *t, + const char *buf, long len) +{ + return SEC_ASN1Decode_Util(pool, dest, t, buf, len); +} + +SECStatus SEC_ASN1DecodeItem(PRArenaPool *pool, void *dest, + const SEC_ASN1Template *t, + const SECItem *src) +{ + return SEC_ASN1DecodeItem_Util(pool, dest, t, src); +} + +SECStatus SEC_QuickDERDecodeItem(PRArenaPool* arena, void* dest, + const SEC_ASN1Template* templateEntry, + const SECItem* src) +{ + return SEC_QuickDERDecodeItem_Util(arena, dest, templateEntry, src); +} + +SEC_ASN1EncoderContext *SEC_ASN1EncoderStart(const void *src, + const SEC_ASN1Template *t, + SEC_ASN1WriteProc fn, + void *output_arg) +{ + return SEC_ASN1EncoderStart_Util(src, t, fn, output_arg); +} + +SECStatus SEC_ASN1EncoderUpdate(SEC_ASN1EncoderContext *cx, + const char *buf, + unsigned long len) +{ + return SEC_ASN1EncoderUpdate_Util(cx, buf, len); +} + +void SEC_ASN1EncoderFinish(SEC_ASN1EncoderContext *cx) +{ + SEC_ASN1EncoderFinish_Util(cx); +} + +void SEC_ASN1EncoderAbort(SEC_ASN1EncoderContext *cx, int error) +{ + SEC_ASN1EncoderAbort_Util(cx, error); +} + +void SEC_ASN1EncoderSetNotifyProc(SEC_ASN1EncoderContext *cx, + SEC_ASN1NotifyProc fn, + void *arg) +{ + SEC_ASN1EncoderSetNotifyProc_Util(cx, fn, arg); +} + +void SEC_ASN1EncoderClearNotifyProc(SEC_ASN1EncoderContext *cx) +{ + SEC_ASN1EncoderClearNotifyProc_Util(cx); +} + +void SEC_ASN1EncoderSetStreaming(SEC_ASN1EncoderContext *cx) +{ + SEC_ASN1EncoderSetStreaming_Util(cx); +} + +void SEC_ASN1EncoderClearStreaming(SEC_ASN1EncoderContext *cx) +{ + SEC_ASN1EncoderClearStreaming_Util(cx); +} + +void SEC_ASN1EncoderSetTakeFromBuf(SEC_ASN1EncoderContext *cx) +{ + SEC_ASN1EncoderSetTakeFromBuf_Util(cx); +} + +void SEC_ASN1EncoderClearTakeFromBuf(SEC_ASN1EncoderContext *cx) +{ + SEC_ASN1EncoderClearTakeFromBuf_Util(cx); +} + +SECStatus SEC_ASN1Encode(const void *src, const SEC_ASN1Template *t, + SEC_ASN1WriteProc output_proc, + void *output_arg) +{ + return SEC_ASN1Encode_Util(src, t, output_proc, output_arg); +} + +SECItem * SEC_ASN1EncodeItem(PRArenaPool *pool, SECItem *dest, + const void *src, const SEC_ASN1Template *t) +{ + return SEC_ASN1EncodeItem_Util(pool, dest, src, t); +} + +SECItem * SEC_ASN1EncodeInteger(PRArenaPool *pool, + SECItem *dest, long value) +{ + return SEC_ASN1EncodeInteger_Util(pool, dest, value); +} + +SECItem * SEC_ASN1EncodeUnsignedInteger(PRArenaPool *pool, + SECItem *dest, + unsigned long value) +{ + return SEC_ASN1EncodeUnsignedInteger_Util(pool, dest, value); +} + +SECStatus SEC_ASN1DecodeInteger(SECItem *src, + unsigned long *value) +{ + return SEC_ASN1DecodeInteger_Util(src, value); +} + +int SEC_ASN1LengthLength (unsigned long len) +{ + return SEC_ASN1LengthLength_Util(len); +} + +char *BTOA_DataToAscii(const unsigned char *data, unsigned int len) +{ + return BTOA_DataToAscii_Util(data, len); +} + +unsigned char *ATOB_AsciiToData(const char *string, unsigned int *lenp) +{ + return ATOB_AsciiToData_Util(string, lenp); +} + +SECStatus ATOB_ConvertAsciiToItem(SECItem *binary_item, char *ascii) +{ + return ATOB_ConvertAsciiToItem_Util(binary_item, ascii); +} + +char *BTOA_ConvertItemToAscii(SECItem *binary_item) +{ + return BTOA_ConvertItemToAscii_Util(binary_item); +} + +NSSBase64Decoder * +NSSBase64Decoder_Create (PRInt32 (*output_fn) (void *, const unsigned char *, + PRInt32), + void *output_arg) +{ + return NSSBase64Decoder_Create_Util(output_fn, output_arg); +} + +NSSBase64Encoder * +NSSBase64Encoder_Create (PRInt32 (*output_fn) (void *, const char *, PRInt32), + void *output_arg) +{ + return NSSBase64Encoder_Create_Util(output_fn, output_arg); +} + +SECStatus +NSSBase64Decoder_Update (NSSBase64Decoder *data, const char *buffer, + PRUint32 size) +{ + return NSSBase64Decoder_Update_Util(data, buffer, size); +} + +SECStatus +NSSBase64Encoder_Update (NSSBase64Encoder *data, const unsigned char *buffer, + PRUint32 size) +{ + return NSSBase64Encoder_Update_Util(data, buffer, size); +} + +SECStatus +NSSBase64Decoder_Destroy (NSSBase64Decoder *data, PRBool abort_p) +{ + return NSSBase64Decoder_Destroy_Util(data, abort_p); +} + +SECStatus +NSSBase64Encoder_Destroy (NSSBase64Encoder *data, PRBool abort_p) +{ + return NSSBase64Encoder_Destroy_Util(data, abort_p); +} + +SECItem * +NSSBase64_DecodeBuffer (PRArenaPool *arenaOpt, SECItem *outItemOpt, + const char *inStr, unsigned int inLen) +{ + return NSSBase64_DecodeBuffer_Util(arenaOpt, outItemOpt, inStr, inLen); +} + +char * +NSSBase64_EncodeItem (PRArenaPool *arenaOpt, char *outStrOpt, + unsigned int maxOutLen, SECItem *inItem) +{ + return NSSBase64_EncodeItem_Util(arenaOpt, outStrOpt, maxOutLen, inItem); +} + +NSSRWLock* NSSRWLock_New(PRUint32 lock_rank, const char *lock_name) +{ + return NSSRWLock_New_Util(lock_rank, lock_name); +} + +void NSSRWLock_Destroy(NSSRWLock *lock) +{ + NSSRWLock_Destroy_Util(lock); +} + +void NSSRWLock_LockRead(NSSRWLock *lock) +{ + NSSRWLock_LockRead_Util(lock); +} + +void NSSRWLock_LockWrite(NSSRWLock *lock) +{ + NSSRWLock_LockWrite_Util(lock); +} + +void NSSRWLock_UnlockRead(NSSRWLock *lock) +{ + NSSRWLock_UnlockRead_Util(lock); +} + +void NSSRWLock_UnlockWrite(NSSRWLock *lock) +{ + NSSRWLock_UnlockWrite_Util(lock); +} + +PRBool NSSRWLock_HaveWriteLock(NSSRWLock *rwlock) +{ + return NSSRWLock_HaveWriteLock_Util(rwlock); +} + +SECStatus __nss_InitLock( PZLock **ppLock, nssILockType ltype ) +{ + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); + return SECFailure; +} + +/* templates duplicated in libnss3 and libnssutil3 */ + +#undef NSS_Get_SEC_AnyTemplate +#undef NSS_Get_SEC_BitStringTemplate +#undef NSS_Get_SEC_BMPStringTemplate +#undef NSS_Get_SEC_BooleanTemplate +#undef NSS_Get_SEC_GeneralizedTimeTemplate +#undef NSS_Get_SEC_IA5StringTemplate +#undef NSS_Get_SEC_IntegerTemplate +#undef NSS_Get_SEC_NullTemplate +#undef NSS_Get_SEC_ObjectIDTemplate +#undef NSS_Get_SEC_OctetStringTemplate +#undef NSS_Get_SEC_PointerToAnyTemplate +#undef NSS_Get_SEC_PointerToOctetStringTemplate +#undef NSS_Get_SEC_SetOfAnyTemplate +#undef NSS_Get_SEC_UTCTimeTemplate +#undef NSS_Get_SEC_UTF8StringTemplate +#undef NSS_Get_SECOID_AlgorithmIDTemplate +#undef NSS_Get_sgn_DigestInfoTemplate +#undef SEC_AnyTemplate +#undef SEC_BitStringTemplate +#undef SEC_BMPStringTemplate +#undef SEC_BooleanTemplate +#undef SEC_GeneralizedTimeTemplate +#undef SEC_IA5StringTemplate +#undef SEC_IntegerTemplate +#undef SEC_NullTemplate +#undef SEC_ObjectIDTemplate +#undef SEC_OctetStringTemplate +#undef SEC_PointerToAnyTemplate +#undef SEC_PointerToOctetStringTemplate +#undef SEC_SetOfAnyTemplate +#undef SEC_UTCTimeTemplate +#undef SEC_UTF8StringTemplate +#undef SECOID_AlgorithmIDTemplate +#undef sgn_DigestInfoTemplate + +#include "templates.c" + |