Bug 473837, land NSS_3_12_3_BETA2

r=wtc
This commit is contained in:
Kai Engert 2009-01-21 04:43:31 +01:00
parent 361067676a
commit 2da188f9a8
246 changed files with 12986 additions and 5735 deletions

View File

@ -1,53 +0,0 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is mozilla.org code.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1998
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
DEPTH = ..
topsrcdir = @top_srcdir@
srcdir = @srcdir@
VPATH = @srcdir@
include $(DEPTH)/config/autoconf.mk
MODULE = dbm
DIRS = include src
ifdef ENABLE_TESTS
DIRS += tests
endif
include $(topsrcdir)/config/rules.mk

View File

@ -156,7 +156,7 @@
#define LITTLE_ENDIAN 1234
#endif
#if defined(_WINDOWS) || defined(XP_OS2_VACPP)
#ifdef _WINDOWS
#ifdef BYTE_ORDER
#undef BYTE_ORDER
#endif
@ -188,14 +188,6 @@
#define MAXPATHLEN 1024
#endif
#ifdef XP_OS2_VACPP
#include <os2.h>
#define MAXPATHLEN CCHMAXPATH
#define EPERM EINVAL
#define ENOTDIR EBADPOS
#define S_ISDIR(s) ((s) & S_IFDIR)
#endif
#define EFTYPE EINVAL /* POSIX 1003.1 format errno. */
#ifndef STDERR_FILENO

View File

@ -56,7 +56,7 @@ static char sccsid[] = "@(#)hash_bigkey.c 8.3 (Berkeley) 5/31/94";
* collect_data
*/
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
#include <sys/param.h>
#endif

View File

@ -78,7 +78,7 @@ static char sccsid[] = "@(#)hash_page.c 8.7 (Berkeley) 8/16/94";
#include <stdlib.h>
#include <string.h>
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
#include <unistd.h>
#endif

View File

@ -38,12 +38,12 @@ static char sccsid[] = "@(#)hash.c 8.9 (Berkeley) 6/16/94";
#include "watcomfx.h"
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
#include <sys/param.h>
#endif
#if !defined(macintosh)
#ifdef XP_OS2_EMX
#ifdef XP_OS2
#include <sys/types.h>
#endif
#include <sys/stat.h>
@ -60,7 +60,7 @@ static char sccsid[] = "@(#)hash.c 8.9 (Berkeley) 6/16/94";
#include <stdlib.h>
#include <string.h>
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
#include <unistd.h>
#endif
#if defined(_WIN32) || defined(_WINDOWS)

View File

@ -53,7 +53,7 @@ static char sccsid[] = "@(#)hash_buf.c 8.5 (Berkeley) 7/15/94";
* Internal
* newbuf
*/
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
#include <sys/param.h>
#endif

View File

@ -47,14 +47,10 @@ static char sccsid[] = "@(#)mktemp.c 8.1 (Berkeley) 6/4/93";
#include <ctype.h>
#include "mcom_db.h"
#if !defined(_WINDOWS) && !defined(XP_OS2_VACPP)
#ifndef _WINDOWS
#include <unistd.h>
#endif
#ifdef XP_OS2_VACPP
#include <process.h>
#endif
#ifdef _WINDOWS
#include <process.h>
#include "winfile.h"

View File

@ -15,15 +15,14 @@
#include <ncompat.h>
/* The OS/2 VAC compiler doesn't appear to define __STDC__ and won't let us define it either */
#if defined(__STDC__) || defined(XP_OS2_VACPP)
#ifdef __STDC__
#include <stdarg.h>
#else
#include <varargs.h>
#endif
int
#if defined(__STDC__) || defined(XP_OS2_VACPP)
#ifdef __STDC__
snprintf(char *str, size_t n, const char *fmt, ...)
#else
snprintf(str, n, fmt, va_alist)
@ -39,7 +38,7 @@ snprintf(str, n, fmt, va_alist)
#else
int rval;
#endif
#if defined(__STDC__) || defined(XP_OS2_VACPP)
#ifdef __STDC__
va_start(ap, fmt);
#else
va_start(ap);

View File

@ -44,6 +44,8 @@ include $(DEPTH)/config/autoconf.mk
MODULE = dbm
PACKAGE_FILE = dbmtest.pkg
PROGRAM = lots$(BIN_SUFFIX)
CSRCS = lots.c

2
dbm/tests/dbmtest.pkg Normal file
View File

@ -0,0 +1,2 @@
[gecko-tests]
dist/bin/lots@BINS@

View File

@ -81,6 +81,7 @@ GARBAGE += $(OBJDIR)/vc20.pdb $(OBJDIR)/vc40.pdb
XP_DEFINE += -DXP_PC
LIB_SUFFIX = lib
DLL_SUFFIX = dll
OS_DLLFLAGS += -DLL
ifdef BUILD_OPT
# OS_CFLAGS += -MD

View File

@ -1,107 +0,0 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#
# Config stuff for WINCE 3.0 (MS Pocket PC 2002)
#
# CPU_ARCH must already be defined to one of:
# x86, ARM
#
# This makefile defines the following variables:
# OS_CFLAGS, and OS_DLLFLAGS.
include $(CORE_DEPTH)/coreconf/WINCE.mk
CEVersion = 300
CePlatform = WIN32_PLATFORM_PSPC=310
ifeq ($(CPU_ARCH), x86)
DEFINES += -D_X86_ -D_i386_ -Di_386_ -Dx86
OS_CFLAGS += -Gs8192 -GF
OS_DLLFLAGS += -machine:IX86
else
ifeq ($(CPU_ARCH), ARM)
DEFINES += -DARM -D_ARM_
OS_DLLFLAGS += -machine:ARM
else
include CPU_ARCH_is_undefined
endif
endif
DEFINES += -D_WIN32_WCE=300 -DUNDER_CE=300
DEFINES += -DWIN32_PLATFORM_PSPC=310
DEFINES += -DUNICODE -D_UNICODE
OS_CFLAGS += -W3 -nologo
OS_DLLFLAGS += -DLL
LINKFLAGS = -nologo -subsystem:windowsce,3.00 \
-nodefaultlib:libc.lib \
-nodefaultlib:libcd.lib \
-nodefaultlib:libcmt.lib \
-nodefaultlib:libcmtd.lib \
-nodefaultlib:msvcrt.lib \
-nodefaultlib:msvcrtd.lib \
-nodefaultlib:oldnames.lib \
$(NULL)
ifndef MOZ_DEBUG_SYMBOLS
LINKFLAGS += -PDB:NONE
endif
LINK += $(LINKFLAGS)
LDFLAGS += $(LINKFLAGS)
OS_LIBS= coredll.lib corelibc.lib
#DLLBASE = -base:"0x00100000" -stack:0x10000,0x1000 -entry:"_DllMainCRTStartup"
DLLBASE += -align:"4096"
#SUB_SHLOBJS =
#EXTRA_LIBS =
#EXTRA_SHARED_LIBS =
#OS_LIBS=
#LD_LIBS=
#
# Win NT needs -GT so that fibers can work
#
#OS_CFLAGS += -GT
#DEFINES += -DWINNT
# WINNT uses the lib prefix, Win95 and WinCE don't
NSPR31_LIB_PREFIX = $(NULL)

View File

@ -63,7 +63,7 @@ endif
#######################################################################
TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS OpenBSD \
OpenVMS AIX RISCOS
OpenVMS AIX RISCOS WINCE
ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET)))
include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk
@ -190,6 +190,10 @@ ifdef BUILD_LIBPKIX_TESTS
DEFINES += -DBUILD_LIBPKIX_TESTS
endif
ifdef NSS_DISABLE_DBM
DEFINES += -DNSS_DISABLE_DBM
endif
# Avoid building object leak test code for optimized library
ifndef BUILD_OPT
ifdef PKIX_OBJECT_LEAK_TEST

View File

@ -1,3 +1,4 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
@ -11,15 +12,14 @@
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the PKIX-C library.
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Sun Microsystems, Inc.
* Portions created by the Initial Developer are
* Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 2009
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems, Inc.
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
@ -34,34 +34,11 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_pl_ekuchecker.h
*
* User Defined Object Type Extended Key Usage Definition
*
* A dummy header file that is a dependency for all the object files.
* Used to force a full recompilation of NSS in Mozilla's Tinderbox
* depend builds. See comments in rules.mk.
*/
#ifndef _PKIX_PL_EKUCHECKER_H
#define _PKIX_PL_EKUCHECKER_H
#include "pkix_pl_common.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef struct pkix_pl_EkuChecker pkix_pl_EkuChecker;
struct pkix_pl_EkuChecker {
PKIX_UInt32 requiredExtKeyUsage;
PKIX_PL_OID *ekuOID;
};
/* see source file for function documentation */
PKIX_Error *pkix_pl_EkuChecker_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_PL_EKUCHECKER_H */
#error "Do not include this header file."

View File

@ -950,6 +950,29 @@ else
depend::
endif
#
# HACK ALERT
#
# The only purpose of this rule is to pass Mozilla's Tinderbox depend
# builds (http://tinderbox.mozilla.org/showbuilds.cgi). Mozilla's
# Tinderbox builds NSS continuously as part of the Mozilla client.
# Because NSS's make depend is not implemented, whenever we change
# an NSS header file, the depend build does not recompile the NSS
# files that depend on the header.
#
# This rule makes all the objects depend on a dummy header file.
# Check in a change to this dummy header file to force the depend
# build to recompile everything.
#
# This rule should be removed when make depend is implemented.
#
DUMMY_DEPEND = $(CORE_DEPTH)/coreconf/coreconf.dep
$(filter $(OBJDIR)/%$(OBJ_SUFFIX),$(OBJS)): $(OBJDIR)/%$(OBJ_SUFFIX): $(DUMMY_DEPEND)
# END OF HACK
################################################################################
# Special gmake rules.
################################################################################
@ -959,7 +982,7 @@ endif
# hundreds of built-in suffix rules for stuff we don't need.
#
.SUFFIXES:
.SUFFIXES: .out .a .ln .o .obj .c .cc .C .cpp .y .l .s .S .h .sh .i .pl .class .java .html .asm
.SUFFIXES: .out .a .ln .o .obj .c .cc .C .cpp .y .l .s .S .h .sh .i .pl .class .java .html .asm .dep
#
# Don't delete these files if we get killed.

View File

@ -42,6 +42,10 @@
include manifest.mn
ifdef NSS_DISABLE_DBM
DIRS = dummy
endif
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################

View File

@ -147,7 +147,11 @@ clobber_nspr: $(NSPR_CONFIG_STATUS)
cd $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) ; $(MAKE) clobber
build_dbm:
ifndef NSS_DISABLE_DBM
cd $(CORE_DEPTH)/dbm ; $(MAKE) export libs
else
echo "skipping the build of DBM"
endif
clobber_dbm:
cd $(CORE_DEPTH)/dbm ; $(MAKE) clobber

View File

@ -673,6 +673,8 @@ typedef enum {
bltestAES_CBC, /* . */
bltestCAMELLIA_ECB, /* . */
bltestCAMELLIA_CBC, /* . */
bltestSEED_ECB, /* SEED algorithm */
bltestSEED_CBC, /* SEED algorithm */
bltestRSA, /* Public Key Ciphers */
#ifdef NSS_ENABLE_ECC
bltestECDSA, /* . (Public Key Sig.) */
@ -702,6 +704,8 @@ static char *mode_strings[] =
"aes_cbc",
"camellia_ecb",
"camellia_cbc",
"seed_ecb",
"seed_cbc",
"rsa",
#ifdef NSS_ENABLE_ECC
"ecdsa",
@ -817,7 +821,7 @@ PRBool
is_symmkeyCipher(bltestCipherMode mode)
{
/* change as needed! */
if (mode >= bltestDES_ECB && mode <= bltestCAMELLIA_CBC)
if (mode >= bltestDES_ECB && mode <= bltestSEED_CBC)
return PR_TRUE;
return PR_FALSE;
}
@ -859,7 +863,8 @@ cipher_requires_IV(bltestCipherMode mode)
/* change as needed! */
if (mode == bltestDES_CBC || mode == bltestDES_EDE_CBC ||
mode == bltestRC2_CBC || mode == bltestRC5_CBC ||
mode == bltestAES_CBC || mode == bltestCAMELLIA_CBC)
mode == bltestAES_CBC || mode == bltestCAMELLIA_CBC||
mode == bltestSEED_CBC)
return PR_TRUE;
return PR_FALSE;
}
@ -1113,6 +1118,24 @@ camellia_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
input, inputLen);
}
SECStatus
seed_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen,
unsigned int maxOutputLen, const unsigned char *input,
unsigned int inputLen)
{
return SEED_Encrypt((SEEDContext *)cx, output, outputLen, maxOutputLen,
input, inputLen);
}
SECStatus
seed_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
unsigned int maxOutputLen, const unsigned char *input,
unsigned int inputLen)
{
return SEED_Decrypt((SEEDContext *)cx, output, outputLen, maxOutputLen,
input, inputLen);
}
SECStatus
rsa_PublicKeyOp(void *key, SECItem *output, const SECItem *input)
{
@ -1376,6 +1399,46 @@ bltest_camellia_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
return SECSuccess;
}
SECStatus
bltest_seed_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
{
PRIntervalTime time1, time2;
bltestSymmKeyParams *seedp = &cipherInfo->params.sk;
int minorMode;
int i;
switch (cipherInfo->mode) {
case bltestSEED_ECB: minorMode = NSS_SEED; break;
case bltestSEED_CBC: minorMode = NSS_SEED_CBC; break;
default:
return SECFailure;
}
cipherInfo->cx = (void*)SEED_CreateContext(seedp->key.buf.data,
seedp->iv.buf.data,
minorMode, encrypt);
if (cipherInfo->cxreps > 0) {
SEEDContext **dummycx;
dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(SEEDContext *));
TIMESTART();
for (i=0; i<cipherInfo->cxreps; i++) {
dummycx[i] = (void*)SEED_CreateContext(seedp->key.buf.data,
seedp->iv.buf.data,
minorMode, encrypt);
}
TIMEFINISH(cipherInfo->cxtime, 1.0);
for (i=0; i<cipherInfo->cxreps; i++) {
SEED_DestroyContext(dummycx[i], PR_TRUE);
}
PORT_Free(dummycx);
}
if (encrypt)
cipherInfo->cipher.symmkeyCipher = seed_Encrypt;
else
cipherInfo->cipher.symmkeyCipher = seed_Decrypt;
return SECSuccess;
}
SECStatus
bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
{
@ -1936,6 +1999,12 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt)
cipherInfo->input.pBuf.len);
return bltest_camellia_init(cipherInfo, encrypt);
break;
case bltestSEED_ECB:
case bltestSEED_CBC:
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
cipherInfo->input.pBuf.len);
return bltest_seed_init(cipherInfo, encrypt);
break;
case bltestRSA:
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
cipherInfo->input.pBuf.len);
@ -2390,6 +2459,10 @@ cipherFinish(bltestCipherInfo *cipherInfo)
case bltestCAMELLIA_CBC:
Camellia_DestroyContext((CamelliaContext *)cipherInfo->cx, PR_TRUE);
break;
case bltestSEED_ECB:
case bltestSEED_CBC:
SEED_DestroyContext((SEEDContext *)cipherInfo->cx, PR_TRUE);
break;
case bltestRC2_ECB:
case bltestRC2_CBC:
RC2_DestroyContext((RC2Context *)cipherInfo->cx, PR_TRUE);
@ -2540,6 +2613,8 @@ print_td:
case bltestAES_CBC:
case bltestCAMELLIA_ECB:
case bltestCAMELLIA_CBC:
case bltestSEED_ECB:
case bltestSEED_CBC:
case bltestRC2_ECB:
case bltestRC2_CBC:
case bltestRC4:
@ -2683,6 +2758,7 @@ get_params(PRArenaPool *arena, bltestParams *params,
case bltestRC2_CBC:
case bltestAES_CBC:
case bltestCAMELLIA_CBC:
case bltestSEED_CBC:
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j);
load_file_data(arena, &params->sk.iv, filename, bltestBinary);
case bltestDES_ECB:
@ -2691,6 +2767,7 @@ get_params(PRArenaPool *arena, bltestParams *params,
case bltestRC4:
case bltestAES_ECB:
case bltestCAMELLIA_ECB:
case bltestSEED_ECB:
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
load_file_data(arena, &params->sk.key, filename, bltestBinary);
break;

View File

@ -0,0 +1 @@
JVdzim3if1YIcpGABasoCQ==

View File

@ -0,0 +1 @@
1234567890123456

View File

@ -0,0 +1 @@
fedcba9876543210

View File

@ -0,0 +1 @@
1

View File

@ -0,0 +1 @@
0123456789abcdef

View File

@ -0,0 +1 @@
GX8KY3uUhAQnL6XbQhXjEw==

View File

@ -0,0 +1 @@
1234567890123456

View File

@ -0,0 +1 @@
fedcba9876543210

View File

@ -0,0 +1 @@
1

View File

@ -0,0 +1 @@
0123456789abcdef

View File

@ -803,7 +803,7 @@ ListKeysInSlot(PK11SlotInfo *slot, const char *nickName, KeyType keyType,
keyName = NULL;
cert = PK11_GetCertFromPrivateKey(node->key);
if (cert) {
if (cert->nickname && !cert->nickname[0]) {
if (cert->nickname && cert->nickname[0]) {
keyName = PORT_Strdup(cert->nickname);
} else if (cert->emailAddr && cert->emailAddr[0]) {
keyName = PORT_Strdup(cert->emailAddr);

View File

@ -49,6 +49,15 @@
#include <string.h>
#include <stdarg.h>
#if defined(XP_UNIX) && !defined(NO_FORK_CHECK)
#include <unistd.h>
#include <sys/wait.h>
#else
#ifndef NO_FORK_CHECK
#define NO_FORK_CHECK
#endif
#endif
#ifdef _WIN32
#include <windows.h>
#define LIB_NAME "softokn3.dll"
@ -544,6 +553,9 @@ CK_RV PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
CK_MECHANISM *signMech, const CK_BYTE * pData,
CK_ULONG pDataLen);
CK_RV PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList,
PRBool forkAssert, CK_C_INITIALIZE_ARGS_NSS *initArgs);
void PKM_Help();
void PKM_CheckPath(char *string);
char *PKM_FilePasswd(char *pwFile);
@ -565,14 +577,18 @@ int main(int argc, char **argv)
char *configDir = NULL;
char *dbPrefix = NULL;
char *disableUnload = NULL;
PRBool doForkTests = PR_TRUE;
PLOptStatus os;
PLOptState *opt = PL_CreateOptState(argc, argv, "nvhf:d:p:");
PLOptState *opt = PL_CreateOptState(argc, argv, "nvhf:Fd:p:");
while (PL_OPT_EOL != (os = PL_GetNextOpt(opt)))
{
if (PL_OPT_BAD == os) continue;
if (PL_OPT_BAD == os) continue;
switch (opt->option)
{
case 'F': /* disable fork tests */
doForkTests = PR_FALSE;
break;
case 'n': /* non fips mode */
MODE = NONFIPSMODE;
slotID = 1;
@ -612,6 +628,16 @@ int main(int argc, char **argv)
dbPrefix = strdup("");
}
if (doForkTests)
{
/* first, try to fork without softoken loaded to make sure
* everything is OK */
crv = PKM_ForkCheck(123, NULL, PR_FALSE, NULL);
if (crv != CKR_OK)
goto cleanup;
}
#ifdef _WIN32
hModule = LoadLibrary(LIB_NAME);
if (hModule == NULL) {
@ -665,6 +691,16 @@ int main(int argc, char **argv)
crv = (*pC_GetFunctionList)(&pFunctionList);
assert(crv == CKR_OK);
if (doForkTests)
{
/* now, try to fork with softoken loaded, but not initialized */
crv = PKM_ForkCheck(CKR_CRYPTOKI_NOT_INITIALIZED, pFunctionList,
PR_TRUE, NULL);
if (crv != CKR_OK)
goto cleanup;
}
initArgs.CreateMutex = NULL;
initArgs.DestroyMutex = NULL;
initArgs.LockMutex = NULL;
@ -690,6 +726,21 @@ int main(int argc, char **argv)
PKM_CK_RVtoStr(crv));
goto cleanup;
}
if (doForkTests)
{
/* Disable core on fork for this test, since we are testing the
* pathological case, and if enabled, the child process would dump
* core in C_GetTokenInfo .
* We can still differentiate the correct from incorrect behavior
* by the PKCS#11 return code.
*/
/* try to fork with softoken both loaded and initialized */
crv = PKM_ForkCheck(CKR_DEVICE_ERROR, pFunctionList, PR_FALSE, NULL);
if (crv != CKR_OK)
goto cleanup;
}
crv = PKM_ShowInfo(pFunctionList, slotID);
if (crv == CKR_OK) {
PKM_LogIt("PKM_ShowInfo succeeded\n");
@ -868,9 +919,18 @@ int main(int argc, char **argv)
goto cleanup;
}
if (doForkTests)
{
/* try to fork with softoken still loaded, but de-initialized */
crv = PKM_ForkCheck(CKR_CRYPTOKI_NOT_INITIALIZED, pFunctionList,
PR_TRUE, NULL);
if (crv != CKR_OK)
goto cleanup;
}
if (pSlotList) free(pSlotList);
/* demostrate how an application can be in Hybrid mode */
/* demonstrate how an application can be in Hybrid mode */
/* PKM_HybridMode shows how to switch between NONFIPS */
/* mode to FIPS mode */
@ -884,9 +944,29 @@ int main(int argc, char **argv)
goto cleanup;
}
printf("**** Total number of TESTS ran in %s is %d. ****\n",
((MODE == FIPSMODE) ? "FIPS MODE" : "NON FIPS MODE"), (int) NUMTESTS);
printf("**** ALL TESTS PASSED ****\n");
if (doForkTests) {
/* testing one more C_Initialize / C_Finalize to exercise getpid()
* fork check code */
crv = pFunctionList->C_Initialize(&initArgs);
if (crv == CKR_OK) {
PKM_LogIt("C_Initialize succeeded\n");
} else {
PKM_Error( "C_Initialize failed with 0x%08X, %-26s\n", crv,
PKM_CK_RVtoStr(crv));
goto cleanup;
}
crv = pFunctionList->C_Finalize(NULL);
if (crv == CKR_OK) {
PKM_LogIt("C_Finalize succeeded\n");
} else {
PKM_Error( "C_Finalize failed with 0x%08X, %-26s\n", crv,
PKM_CK_RVtoStr(crv));
goto cleanup;
}
/* try to C_Initialize / C_Finalize in child. This should succeed */
crv = PKM_ForkCheck(CKR_OK, pFunctionList, PR_TRUE, &initArgs);
}
PKM_LogIt("unloading NSS PKCS # 11 softoken and exiting\n");
cleanup:
@ -912,6 +992,16 @@ cleanup:
PR_UnloadLibrary(lib);
}
#endif
if (CKR_OK == crv && doForkTests && !disableUnload) {
/* try to fork with softoken both de-initialized and unloaded */
crv = PKM_ForkCheck(123, NULL, PR_TRUE, NULL);
}
printf("**** Total number of TESTS ran in %s is %d. ****\n",
((MODE == FIPSMODE) ? "FIPS MODE" : "NON FIPS MODE"), (int) NUMTESTS);
if (CKR_OK == crv) {
printf("**** ALL TESTS PASSED ****\n");
}
return crv;
}
@ -5315,9 +5405,11 @@ void PKM_Help()
PRFileDesc *debug_out = PR_GetSpecialFD(PR_StandardError);
PR_fprintf(debug_out, "pk11mode test program usage:\n");
PR_fprintf(debug_out, "\t-f <file> Password File : echo pw > file \n");
PR_fprintf(debug_out, "\t-F Disable Unix fork tests\n");
PR_fprintf(debug_out, "\t-n Non Fips Mode \n");
PR_fprintf(debug_out, "\t-d <path> Database path location\n");
PR_fprintf(debug_out, "\t-p <prefix> DataBase prefix\n");
PR_fprintf(debug_out, "\t-v verbose\n");
PR_fprintf(debug_out, "\t-h this help message\n");
exit(1);
}
@ -5342,3 +5434,69 @@ void PKM_CheckPath(char *string)
*dest = 0;
}
CK_RV PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList,
PRBool forkAssert, CK_C_INITIALIZE_ARGS_NSS *initArgs)
{
CK_RV crv = CKR_OK;
#ifndef NO_FORK_CHECK
int rc = -1;
int retStatus = 0;
NUMTESTS++; /* increment NUMTESTS */
if (forkAssert) {
putenv("NSS_STRICT_NOFORK=1");
} else {
putenv("NSS_STRICT_NOFORK=0");
}
pid_t child = fork();
switch (child) {
case -1:
PKM_Error("Fork failed.\n");
crv = CKR_DEVICE_ERROR;
break;
case 0:
if (fList) {
if (!initArgs) {
/* If softoken is loaded, make a PKCS#11 call to C_GetTokenInfo
* in the child. This call should always fail.
* If softoken is uninitialized,
* it fails with CKR_CRYPTOKI_NOT_INITIALIZED.
* If it was initialized in the parent, the fork check should
* kick in, and make it return CKR_DEVICE_ERROR.
*/
CK_RV child_crv = fList->C_GetTokenInfo(NULL, NULL);
exit(child_crv & 255);
} else {
/* If softoken is loaded, make a PKCS#11 call to C_Initialize
* in the child. This call should always fail.
* If softoken is uninitialized, this should succeed.
* If it was initialized in the parent, the fork check should
* kick in, and make it return CKR_DEVICE_ERROR.
*/
CK_RV child_crv = fList->C_Initialize(initArgs);
if (CKR_OK == child_crv) {
child_crv = fList->C_Finalize(NULL);
}
exit(child_crv & 255);
}
}
exit(expected & 255);
default:
PKM_LogIt("Fork succeeded.\n");
pid_t ret = wait(&rc);
if (ret != child || (!WIFEXITED(rc)) ||
( (expected & 255) != (WEXITSTATUS(rc) & 255)) ) {
int retstatus = -1;
if (WIFEXITED(rc)) {
retStatus = WEXITSTATUS(rc);
}
PKM_Error("Child misbehaved.\n");
printf("Child return status : %d.\n", retStatus & 255);
crv = CKR_DEVICE_ERROR;
}
break;
}
#endif
return crv;
}

View File

@ -74,6 +74,12 @@ endif
SQLITE=-lsqlite3
ifdef NSS_DISABLE_DBM
DBMLIB = $(NULL)
else
DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX)
endif
ifdef USE_STATIC_LIBS
# can't do this in manifest.mn because OS_ARCH isn't defined there.
@ -117,13 +123,13 @@ EXTRA_LIBS += \
$(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX) \
$(CRYPTOLIB) \
$(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
$(PKIXLIB) \
$(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \
$(DBMLIB) \
$(DIST)/lib/$(LIB_PREFIX)sqlite3.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssutil3.$(LIB_SUFFIX) \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \
@ -180,8 +186,7 @@ EXTRA_LIBS += \
$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
$(CRYPTOLIB) \
$(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \
$(DBMLIB) \
$(PKIXLIB) \
$(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
@ -197,6 +202,7 @@ endif
EXTRA_SHARED_LIBS += \
-L$(DIST)/lib \
$(SQLITE) \
-lnssutil3 \
-L$(NSPR_LIB_DIR) \
-lplc4 \
-lplds4 \

View File

@ -56,7 +56,25 @@ include $(CORE_DEPTH)/coreconf/config.mk
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include ../platlibs.mk
ifeq ($(OS_ARCH), WINNT)
EXTRA_LIBS += \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \
$(NULL)
else
EXTRA_SHARED_LIBS += \
-L$(NSPR_LIB_DIR) \
-lplc4 \
-lplds4 \
-lnspr4 \
$(NULL)
endif
# sign any and all shared libraries that contain the word freebl

View File

@ -56,7 +56,25 @@ include $(CORE_DEPTH)/coreconf/config.mk
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include ../../platlibs.mk
ifeq ($(OS_ARCH), WINNT)
EXTRA_LIBS += \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \
$(NULL)
else
EXTRA_SHARED_LIBS += \
-L$(NSPR_LIB_DIR) \
-lplc4 \
-lplds4 \
-lnspr4 \
$(NULL)
endif
#######################################################################

File diff suppressed because it is too large Load Diff

View File

@ -85,12 +85,12 @@ ListCerts(char *key, int list_certs)
num_trav_certs = 0;
/* Traverse non-internal DBs */
/* Traverse ALL tokens in all slots, authenticating to them all */
rv = PK11_TraverseSlotCerts(cert_trav_callback, (void * )&list_certs,
&pwdata);
if (rv) {
PR_fprintf(outputFD, "**Traverse of non-internal DBs failed**\n");
PR_fprintf(outputFD, "**Traverse of ALL slots & tokens failed**\n");
return - 1;
}
@ -180,96 +180,67 @@ ListCerts(char *key, int list_certs)
static SECStatus
cert_trav_callback(CERTCertificate *cert, SECItem *k, void *data)
{
int isSigningCert;
int list_certs = 1;
char *name, *issuerCN, *expires;
CERTCertificate * issuerCert = NULL;
char *name;
if (data) {
list_certs = *((int * )data);
}
if (cert->nickname) {
name = cert->nickname;
#define LISTING_USER_SIGNING_CERTS (list_certs == 1)
#define LISTING_ALL_CERTS (list_certs == 2)
name = cert->nickname;
if (name) {
int isSigningCert;
isSigningCert = cert->nsCertType & NS_CERT_TYPE_OBJECT_SIGNING;
issuerCert = CERT_FindCertIssuer (cert, PR_Now(), certUsageObjectSigner);
issuerCN = CERT_GetCommonName (&cert->issuer);
if (!isSigningCert && list_certs == 1)
if (!isSigningCert && LISTING_USER_SIGNING_CERTS)
return (SECSuccess);
/* Add this name or email to list */
/* Display this name or email address */
num_trav_certs++;
if (name) {
int rv;
if (LISTING_ALL_CERTS) {
PR_fprintf(outputFD, "%s ", isSigningCert ? "*" : " ");
}
PR_fprintf(outputFD, "%s\n", name);
num_trav_certs++;
if (list_certs == 2) {
PR_fprintf(outputFD, "%s ", isSigningCert ? "*" : " ");
if (LISTING_USER_SIGNING_CERTS) {
int rv = SECFailure;
if (rv) {
CERTCertificate * issuerCert;
issuerCert = CERT_FindCertIssuer(cert, PR_Now(),
certUsageObjectSigner);
if (issuerCert) {
if (issuerCert->nickname && issuerCert->nickname[0]) {
PR_fprintf(outputFD, " Issued by: %s\n",
issuerCert->nickname);
rv = SECSuccess;
}
CERT_DestroyCertificate(issuerCert);
}
}
PR_fprintf(outputFD, "%s\n", name);
if (list_certs == 1) {
if (issuerCert == NULL) {
PR_fprintf(outputFD,
"\t++ Error ++ Unable to find issuer certificate\n");
return SECSuccess;
/*function was a success even if cert is bogus*/
}
if (issuerCN == NULL)
PR_fprintf(outputFD, " Issued by: %s\n",
issuerCert->nickname);
else
PR_fprintf(outputFD,
" Issued by: %s (%s)\n", issuerCert->nickname,
issuerCN);
if (rv && cert->issuerName && cert->issuerName[0]) {
PR_fprintf(outputFD, " Issued by: %s \n", cert->issuerName);
}
{
char *expires;
expires = DER_TimeChoiceDayToAscii(&cert->validity.notAfter);
if (expires)
if (expires) {
PR_fprintf(outputFD, " Expires: %s\n", expires);
rv = CERT_CertTimesValid (cert);
if (rv != SECSuccess)
PR_fprintf(outputFD,
" ++ Error ++ THIS CERTIFICATE IS EXPIRED\n");
if (rv == SECSuccess) {
rv = CERT_VerifyCertNow (cert->dbhandle, cert,
PR_TRUE, certUsageObjectSigner, &pwdata);
if (rv != SECSuccess) {
rv = PORT_GetError();
PR_fprintf(outputFD,
" ++ Error ++ THIS CERTIFICATE IS NOT VALID (%s)\n",
secErrorString(rv));
}
PORT_Free(expires);
}
}
expires = DER_TimeChoiceDayToAscii(&issuerCert->validity.notAfter);
if (expires == NULL)
expires = "(unknown)";
rv = CERT_VerifyCertNow (cert->dbhandle, cert,
PR_TRUE, certUsageObjectSigner, &pwdata);
rv = CERT_CertTimesValid (issuerCert);
if (rv != SECSuccess)
PR_fprintf(outputFD,
" ++ Error ++ ISSUER CERT \"%s\" EXPIRED ON %s\n",
issuerCert->nickname, expires);
if (rv == SECSuccess) {
rv = CERT_VerifyCertNow (issuerCert->dbhandle, issuerCert,
PR_TRUE, certUsageVerifyCA, &pwdata);
if (rv != SECSuccess) {
rv = PORT_GetError();
PR_fprintf(outputFD,
" ++ Error ++ ISSUER CERT \"%s\" IS NOT VALID (%s)\n",
issuerCert->nickname, secErrorString(rv));
}
}
if (rv != SECSuccess) {
rv = PORT_GetError();
PR_fprintf(outputFD,
" ++ Error ++ THIS CERTIFICATE IS NOT VALID (%s)\n",
secErrorString(rv));
}
}
}

View File

@ -1035,18 +1035,23 @@ main(int argc, char **argv)
/* loop over all the slots */
PK11SlotList *slotList = PK11_GetAllTokens(CKM_INVALID_MECHANISM,
PR_FALSE, PR_FALSE, &pwdata);
PK11SlotListElement *se;
if (slotList == NULL) {
PR_fprintf(PR_STDERR, "%s: No tokens found\n",progName);
}
for (se = PK11_GetFirstSafe(slotList); se;
se=PK11_GetNextSafe(slotList,se, PR_FALSE)) {
rv = ListKeys(se->slot,&printLabel,&pwdata);
if (rv !=SECSuccess) {
break;
}
}
} else {
PK11SlotListElement *se;
for (se = PK11_GetFirstSafe(slotList); se;
se=PK11_GetNextSafe(slotList,se, PR_FALSE)) {
rv = ListKeys(se->slot,&printLabel,&pwdata);
if (rv !=SECSuccess) {
break;
}
}
if (se) {
SECStatus rv2 = PK11_FreeSlotListElement(slotList, se);
PORT_Assert(SECSuccess == rv2);
}
PK11_FreeSlotList(slotList);
}
}
}

View File

@ -81,7 +81,8 @@ static void
Usage(const char *progName)
{
fprintf(stderr,
"Usage: %s [options] certfile [[options] certfile] ...\n"
"Usage: %s [options] [revocation options] certfile "
"[[options] certfile] ...\n"
"\tWhere options are:\n"
"\t-a\t\t Following certfile is base64 encoded\n"
"\t-b YYMMDDHHMMZ\t Validate date (default: now)\n"
@ -92,19 +93,29 @@ Usage(const char *progName)
"\t\t\t * CERT_VerifyCertificate if specified once,\n"
"\t\t\t * CERT_PKIXVerifyCert if specified twice and more.\n"
"\t-r\t\t Following certfile is raw binary DER (default)\n"
"\t-s\t\t Status checking, following a configuration description.\n"
"\t\t\t Implemented as of today are:\n"
"\t\t\t * allow-crl (default)\n"
"\t\t\t * allow-crl-and-ocsp\n"
"\t-t\t\t Following cert is explicitly trusted (overrides db trust).\n"
"\t-u usage \t 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA,\n"
"\t\t\t 4=Email signer, 5=Email recipient, 6=Object signer,\n"
"\t\t\t 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA\n"
"\t-v\t\t Verbose mode. Prints root cert subject(double the\n"
"\t\t\t argument for whole root cert info)\n"
"\t-w password\t Database password.\n",
"\t-W pwfile\t Password file.\n",
progName);
"\t-w password\t Database password.\n"
"\t-W pwfile\t Password file.\n\n"
"\tRevocation options for PKIX API(invoked with -pp options) is a\n"
"\tcollection of the following flags:\n"
"\t\t[-g type [-h flags] [-m type [-s flags]] ...] ...\n"
"\tWhere:\n"
"\t-g test type\t Sets status checking test type. Possible values\n"
"\t\t\tare \"leaf\" or \"chain\"\n"
"\t-h test flags\t Sets revocation flags for the test type it\n"
"\t\t\tfollows. Possible flags: \"testLocalInfoFirst\" and\n"
"\t\t\t\"requireFreshInfo\".\n"
"\t-m method type\t Sets method type for the test type it follows.\n"
"\t\t\tPossible types are \"crl\" and \"ocsp\".\n"
"\t-s method flags\t Sets revocation flags for the method it follows.\n"
"\t\t\tPossible types are \"doNotUse\", \"forbidFetching\",\n"
"\t\t\t\"ignoreDefaultSrc\", \"requireInfo\" and \"failInNoInfo\".\n",
progName);
exit(1);
}
@ -229,18 +240,194 @@ getCert(const char *name, PRBool isAscii, const char * progName)
return cert;
}
#define REVCONFIG_ALLOW_CRL "allow-crl"
#define REVCONFIG_ALLOW_CRL_OCSP "allow-crl-and-ocsp"
#define REVCONFIG_TEST_UNDEFINED 0
#define REVCONFIG_TEST_LEAF 1
#define REVCONFIG_TEST_CHAIN 2
#define REVCONFIG_METHOD_CRL 1
#define REVCONFIG_METHOD_OCSP 2
#define REVCONFIG_TEST_LEAF_STR "leaf"
#define REVCONFIG_TEST_CHAIN_STR "chain"
#define REVCONFIG_METHOD_CRL_STR "crl"
#define REVCONFIG_METHOD_OCSP_STR "ocsp"
#define REVCONFIG_TEST_TESTLOCALINFOFIRST_STR "testLocalInfoFirst"
#define REVCONFIG_TEST_REQUIREFRESHINFO_STR "requireFreshInfo"
#define REVCONFIG_METHOD_DONOTUSEMETHOD_STR "doNotUse"
#define REVCONFIG_METHOD_FORBIDNETWORKFETCHIN_STR "forbidFetching"
#define REVCONFIG_METHOD_IGNOREDEFAULTSRC_STR "ignoreDefaultSrc"
#define REVCONFIG_METHOD_REQUIREINFO_STR "requireInfo"
#define REVCONFIG_METHOD_FAILIFNOINFO_STR "failInNoInfo"
#define REV_METHOD_INDEX_MAX 4
typedef struct RevMethodsStruct {
uint testType;
char *testTypeStr;
uint testFlags;
char *testFlagsStr;
uint methodType;
char *methodTypeStr;
uint methodFlags;
char *methodFlagsStr;
} RevMethods;
RevMethods revMethodsData[REV_METHOD_INDEX_MAX];
SECStatus
parseRevMethodsAndFlags()
{
int i;
uint testType = 0;
for(i = 0;i < REV_METHOD_INDEX_MAX;i++) {
/* testType */
if (revMethodsData[i].testTypeStr) {
char *typeStr = revMethodsData[i].testTypeStr;
testType = 0;
if (!PORT_Strcmp(typeStr, REVCONFIG_TEST_LEAF_STR)) {
testType = REVCONFIG_TEST_LEAF;
} else if (!PORT_Strcmp(typeStr, REVCONFIG_TEST_CHAIN_STR)) {
testType = REVCONFIG_TEST_CHAIN;
}
}
if (!testType) {
return SECFailure;
}
revMethodsData[i].testType = testType;
/* testFlags */
if (revMethodsData[i].testFlagsStr) {
char *flagStr = revMethodsData[i].testFlagsStr;
uint testFlags = 0;
if (PORT_Strstr(flagStr, REVCONFIG_TEST_TESTLOCALINFOFIRST_STR)) {
testFlags |= CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST;
}
if (PORT_Strstr(flagStr, REVCONFIG_TEST_REQUIREFRESHINFO_STR)) {
testFlags |= CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE;
}
revMethodsData[i].testFlags = testFlags;
}
/* method type */
if (revMethodsData[i].methodTypeStr) {
char *methodStr = revMethodsData[i].methodTypeStr;
uint methodType = 0;
if (!PORT_Strcmp(methodStr, REVCONFIG_METHOD_CRL_STR)) {
methodType = REVCONFIG_METHOD_CRL;
} else if (!PORT_Strcmp(methodStr, REVCONFIG_METHOD_OCSP_STR)) {
methodType = REVCONFIG_METHOD_OCSP;
}
if (!methodType) {
return SECFailure;
}
revMethodsData[i].methodType = methodType;
}
if (!revMethodsData[i].methodType) {
revMethodsData[i].testType = REVCONFIG_TEST_UNDEFINED;
continue;
}
/* method flags */
if (revMethodsData[i].methodFlagsStr) {
char *flagStr = revMethodsData[i].methodFlagsStr;
uint methodFlags = 0;
if (!PORT_Strstr(flagStr, REVCONFIG_METHOD_DONOTUSEMETHOD_STR)) {
methodFlags |= CERT_REV_M_TEST_USING_THIS_METHOD;
}
if (PORT_Strstr(flagStr,
REVCONFIG_METHOD_FORBIDNETWORKFETCHIN_STR)) {
methodFlags |= CERT_REV_M_FORBID_NETWORK_FETCHING;
}
if (PORT_Strstr(flagStr, REVCONFIG_METHOD_IGNOREDEFAULTSRC_STR)) {
methodFlags |= CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE;
}
if (PORT_Strstr(flagStr, REVCONFIG_METHOD_REQUIREINFO_STR)) {
methodFlags |= CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE;
}
if (PORT_Strstr(flagStr, REVCONFIG_METHOD_FAILIFNOINFO_STR)) {
methodFlags |= CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO;
}
revMethodsData[i].methodFlags = methodFlags;
} else {
revMethodsData[i].methodFlags |= CERT_REV_M_TEST_USING_THIS_METHOD;
}
}
return SECSuccess;
}
SECStatus
configureRevocationParams(CERTRevocationFlags *flags)
{
int i;
uint testType = REVCONFIG_TEST_UNDEFINED;
static CERTRevocationTests *revTests = NULL;
PRUint64 *revFlags;
for(i = 0;i < REV_METHOD_INDEX_MAX;i++) {
if (revMethodsData[i].testType == REVCONFIG_TEST_UNDEFINED) {
continue;
}
if (revMethodsData[i].testType != testType) {
testType = revMethodsData[i].testType;
if (testType == REVCONFIG_TEST_CHAIN) {
revTests = &flags->chainTests;
} else {
revTests = &flags->leafTests;
}
revTests->number_of_preferred_methods = 0;
revTests->preferred_methods = 0;
revFlags = revTests->cert_rev_flags_per_method;
}
/* Set the number of the methods independently to the max number of
* methods. If method flags are not set it will be ignored due to
* default DO_NOT_USE flag. */
revTests->number_of_defined_methods = cert_revocation_method_count;
revTests->cert_rev_method_independent_flags |=
revMethodsData[i].testFlags;
if (revMethodsData[i].methodType == REVCONFIG_METHOD_CRL) {
revFlags[cert_revocation_method_crl] =
revMethodsData[i].methodFlags;
} else if (revMethodsData[i].methodType == REVCONFIG_METHOD_OCSP) {
revFlags[cert_revocation_method_ocsp] =
revMethodsData[i].methodFlags;
}
}
return SECSuccess;
}
void
freeRevocationMethodData()
{
int i = 0;
for(;i < REV_METHOD_INDEX_MAX;i++) {
if (revMethodsData[i].testTypeStr) {
PORT_Free(revMethodsData[i].testTypeStr);
}
if (revMethodsData[i].testFlagsStr) {
PORT_Free(revMethodsData[i].testFlagsStr);
}
if (revMethodsData[i].methodTypeStr) {
PORT_Free(revMethodsData[i].methodTypeStr);
}
if (revMethodsData[i].methodFlagsStr) {
PORT_Free(revMethodsData[i].methodFlagsStr);
}
}
}
PRBool
isAllowedRevConfig(const char *name)
isOCSPEnabled()
{
if (strcmp(REVCONFIG_ALLOW_CRL, name) == 0)
return PR_TRUE;
if (strcmp(REVCONFIG_ALLOW_CRL_OCSP, name) == 0)
return PR_TRUE;
int i;
for(i = 0;i < REV_METHOD_INDEX_MAX;i++) {
if (revMethodsData[i].methodType == REVCONFIG_METHOD_OCSP) {
return PR_TRUE;
}
}
return PR_FALSE;
}
@ -266,14 +453,16 @@ main(int argc, char *argv[], char *envp[])
int usage;
CERTVerifyLog log;
CERTCertList *builtChain = NULL;
char * revConfig = NULL;
PRBool certFetching = PR_FALSE;
int revDataIndex = 0;
PRBool ocsp_fetchingFailureIsAFailure = PR_TRUE;
PRBool useDefaultRevFlags = PR_TRUE;
PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
progName = PL_strdup(argv[0]);
optstate = PL_CreateOptState(argc, argv, "ab:d:fo:prs:tu:vw:W:");
optstate = PL_CreateOptState(argc, argv, "ab:c:d:efg:h:m:o:prs:tu:vw:W:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch(optstate->option) {
case 0 : /* positional parameter */ goto breakout;
@ -281,11 +470,44 @@ main(int argc, char *argv[], char *envp[])
case 'b' : secStatus = DER_AsciiToTime(&time, optstate->value);
if (secStatus != SECSuccess) Usage(progName); break;
case 'd' : certDir = PL_strdup(optstate->value); break;
case 'e' : ocsp_fetchingFailureIsAFailure = PR_FALSE; break;
case 'f' : certFetching = PR_TRUE; break;
case 'g' :
if (revMethodsData[revDataIndex].testTypeStr ||
revMethodsData[revDataIndex].methodTypeStr) {
revDataIndex += 1;
if (revDataIndex == REV_METHOD_INDEX_MAX) {
fprintf(stderr, "Invalid revocation configuration"
"specified.\n");
secStatus = SECFailure;
break;
}
}
useDefaultRevFlags = PR_FALSE;
revMethodsData[revDataIndex].
testTypeStr = PL_strdup(optstate->value); break;
case 'h' :
revMethodsData[revDataIndex].
testFlagsStr = PL_strdup(optstate->value);break;
case 'm' :
if (revMethodsData[revDataIndex].methodTypeStr) {
revDataIndex += 1;
if (revDataIndex == REV_METHOD_INDEX_MAX) {
fprintf(stderr, "Invalid revocation configuration"
"specified.\n");
secStatus = SECFailure;
break;
}
}
useDefaultRevFlags = PR_FALSE;
revMethodsData[revDataIndex].
methodTypeStr = PL_strdup(optstate->value); break;
case 'o' : oidStr = PL_strdup(optstate->value); break;
case 'p' : usePkix += 1; break;
case 'r' : isAscii = PR_FALSE; break;
case 's' : revConfig = PL_strdup(optstate->value); break;
case 's' :
revMethodsData[revDataIndex].
methodFlagsStr = PL_strdup(optstate->value); break;
case 't' : trusted = PR_TRUE; break;
case 'u' : usage = PORT_Atoi(optstate->value);
if (usage < 0 || usage > 62) Usage(progName);
@ -322,7 +544,7 @@ breakout:
}
}
if (revConfig && !isAllowedRevConfig(revConfig)) {
if (!useDefaultRevFlags && parseRevMethodsAndFlags()) {
fprintf(stderr, "Invalid revocation configuration specified.\n");
goto punt;
}
@ -343,9 +565,12 @@ breakout:
exitErr("NSS_Init");
}
SECU_RegisterDynamicOids();
if (revConfig && strcmp(REVCONFIG_ALLOW_CRL_OCSP, revConfig) == 0) {
if (isOCSPEnabled()) {
CERT_EnableOCSPChecking(CERT_GetDefaultCertDB());
CERT_DisableOCSPDefaultResponder(CERT_GetDefaultCertDB());
if (!ocsp_fetchingFailureIsAFailure) {
CERT_SetOCSPFailureMode(ocspMode_FailureIsNotAVerificationFailure);
}
}
while (status == PL_OPT_OK) {
@ -401,8 +626,9 @@ breakout:
static CERTValInParam cvin[6];
SECOidTag oidTag;
int inParamIndex = 0;
static PRUint64 revFlagsLeaf[2];
static PRUint64 revFlagsChain[2];
static CERTRevocationFlags rev;
static PRUint64 revFlags[2];
if (oidStr) {
PRArenaPool *arena;
@ -458,32 +684,14 @@ breakout:
cvin[inParamIndex].value.scalar.time = time;
inParamIndex++;
revFlags[cert_revocation_method_crl] =
CERT_REV_M_TEST_USING_THIS_METHOD;
rev.leafTests.number_of_defined_methods =
cert_revocation_method_crl +1;
rev.chainTests.number_of_defined_methods =
cert_revocation_method_crl +1;
if (revConfig && strcmp(REVCONFIG_ALLOW_CRL_OCSP, revConfig) == 0) {
revFlags[cert_revocation_method_ocsp] =
CERT_REV_M_TEST_USING_THIS_METHOD;
rev.leafTests.number_of_defined_methods =
cert_revocation_method_ocsp +1;
rev.chainTests.number_of_defined_methods =
cert_revocation_method_ocsp +1;
rev.leafTests.cert_rev_flags_per_method = revFlagsLeaf;
rev.chainTests.cert_rev_flags_per_method = revFlagsChain;
secStatus = configureRevocationParams(&rev);
if (secStatus) {
fprintf(stderr, "Can not config revocation parameters ");
break;
}
rev.leafTests.cert_rev_flags_per_method = revFlags;
rev.leafTests.number_of_preferred_methods = 0;
rev.leafTests.preferred_methods = 0;
rev.leafTests.cert_rev_method_independent_flags = 0;
rev.chainTests.cert_rev_flags_per_method = revFlags;
rev.chainTests.number_of_preferred_methods = 0;
rev.chainTests.preferred_methods = 0;
rev.chainTests.cert_rev_method_independent_flags = 0;
cvin[inParamIndex].type = cert_pi_revocationFlags;
cvin[inParamIndex].value.pointer.revocation = &rev;
inParamIndex++;
@ -569,7 +777,7 @@ punt:
PORT_Free(progName);
PORT_Free(certDir);
PORT_Free(oidStr);
PORT_Free(revConfig);
freeRevocationMethodData();
if (pwdata.data) {
PORT_Free(pwdata.data);
}

View File

@ -37,7 +37,7 @@
/*
* cert.h - public data structures and prototypes for the certificate library
*
* $Id: cert.h,v 1.74 2008/08/04 22:31:54 nelson%bolyard.com Exp $
* $Id: cert.h,v 1.75 2008/11/21 21:02:38 wtc%google.com Exp $
*/
#ifndef _CERT_H_
@ -1108,7 +1108,7 @@ char *CERT_FixupEmailAddr(const char *emailAddr);
/* decode string representation of trust flags into trust struct */
SECStatus
CERT_DecodeTrustString(CERTCertTrust *trust, char *trusts);
CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts);
/* encode trust struct into string representation of trust flags */
char *

View File

@ -38,7 +38,7 @@
/*
* Certificate handling code
*
* $Id: certdb.c,v 1.92 2008/05/16 03:38:39 nelson%bolyard.com Exp $
* $Id: certdb.c,v 1.95 2008/12/02 23:24:48 nelson%bolyard.com Exp $
*/
#include "nssilock.h"
@ -52,7 +52,6 @@
#include "genname.h"
#include "keyhi.h"
#include "secitem.h"
#include "mcom_db.h"
#include "certdb.h"
#include "prprf.h"
#include "sechash.h"
@ -2107,7 +2106,56 @@ CERT_DestroyCrl (CERTSignedCrl *crl)
SEC_DestroyCrl (crl);
}
static int
cert_Version(CERTCertificate *cert)
{
int version = 0;
if (cert && cert->version.data && cert->version.len) {
version = DER_GetInteger(&cert->version);
if (version < 0)
version = 0;
}
return version;
}
static unsigned int
cert_ComputeTrustOverrides(CERTCertificate *cert, unsigned int cType)
{
CERTCertTrust *trust = cert->trust;
if (trust && (trust->sslFlags |
trust->emailFlags |
trust->objectSigningFlags)) {
if (trust->sslFlags & (CERTDB_VALID_PEER|CERTDB_TRUSTED))
cType |= NS_CERT_TYPE_SSL_SERVER|NS_CERT_TYPE_SSL_CLIENT;
if (trust->sslFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA))
cType |= NS_CERT_TYPE_SSL_CA;
#if defined(CERTDB_NOT_TRUSTED)
if (trust->sslFlags & CERTDB_NOT_TRUSTED)
cType &= ~(NS_CERT_TYPE_SSL_SERVER|NS_CERT_TYPE_SSL_CLIENT|
NS_CERT_TYPE_SSL_CA);
#endif
if (trust->emailFlags & (CERTDB_VALID_PEER|CERTDB_TRUSTED))
cType |= NS_CERT_TYPE_EMAIL;
if (trust->emailFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA))
cType |= NS_CERT_TYPE_EMAIL_CA;
#if defined(CERTDB_NOT_TRUSTED)
if (trust->emailFlags & CERTDB_NOT_TRUSTED)
cType &= ~(NS_CERT_TYPE_EMAIL|NS_CERT_TYPE_EMAIL_CA);
#endif
if (trust->objectSigningFlags & (CERTDB_VALID_PEER|CERTDB_TRUSTED))
cType |= NS_CERT_TYPE_OBJECT_SIGNING;
if (trust->objectSigningFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA))
cType |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
#if defined(CERTDB_NOT_TRUSTED)
if (trust->objectSigningFlags & CERTDB_NOT_TRUSTED)
cType &= ~(NS_CERT_TYPE_OBJECT_SIGNING|
NS_CERT_TYPE_OBJECT_SIGNING_CA);
#endif
}
return cType;
}
/*
* Does a cert belong to a CA? We decide based on perm database trust
@ -2116,74 +2164,39 @@ CERT_DestroyCrl (CERTSignedCrl *crl)
PRBool
CERT_IsCACert(CERTCertificate *cert, unsigned int *rettype)
{
CERTCertTrust *trust;
SECStatus rv;
unsigned int type;
PRBool ret;
unsigned int cType = cert->nsCertType;
PRBool ret = PR_FALSE;
ret = PR_FALSE;
type = 0;
if ( cert->trust && (cert->trust->sslFlags|cert->trust->emailFlags|
cert->trust->objectSigningFlags)) {
trust = cert->trust;
if ( ( ( trust->sslFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA ) ||
( ( trust->sslFlags & CERTDB_TRUSTED_CA ) == CERTDB_TRUSTED_CA ) ) {
ret = PR_TRUE;
type |= NS_CERT_TYPE_SSL_CA;
}
if ( ( ( trust->emailFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA ) ||
( ( trust->emailFlags & CERTDB_TRUSTED_CA ) == CERTDB_TRUSTED_CA ) ) {
ret = PR_TRUE;
type |= NS_CERT_TYPE_EMAIL_CA;
}
if ( ( ( trust->objectSigningFlags & CERTDB_VALID_CA )
== CERTDB_VALID_CA ) ||
( ( trust->objectSigningFlags & CERTDB_TRUSTED_CA )
== CERTDB_TRUSTED_CA ) ) {
ret = PR_TRUE;
type |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
}
if (cType & (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA |
NS_CERT_TYPE_OBJECT_SIGNING_CA)) {
ret = PR_TRUE;
} else {
if ( cert->nsCertType &
( NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA |
NS_CERT_TYPE_OBJECT_SIGNING_CA ) ) {
SECStatus rv;
CERTBasicConstraints constraints;
rv = CERT_FindBasicConstraintExten(cert, &constraints);
if (rv == SECSuccess && constraints.isCA) {
ret = PR_TRUE;
type = (cert->nsCertType & NS_CERT_TYPE_CA);
} else {
CERTBasicConstraints constraints;
rv = CERT_FindBasicConstraintExten(cert, &constraints);
if ( rv == SECSuccess ) {
if ( constraints.isCA ) {
ret = PR_TRUE;
type = (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA);
}
}
cType |= (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA);
}
/* finally check if it's a FORTEZZA V1 CA */
if (ret == PR_FALSE) {
if (fortezzaIsCA(cert)) {
ret = PR_TRUE;
type = (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA);
}
}
}
/* the isRoot flag trumps all */
if (cert->isRoot) {
/* finally check if it's an X.509 v1 root or FORTEZZA V1 CA */
if (!ret &&
((cert->isRoot && cert_Version(cert) < SEC_CERTIFICATE_VERSION_3) ||
fortezzaIsCA(cert) )) {
ret = PR_TRUE;
/* set only these by default, same as above */
type = (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA);
cType |= (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA);
}
/* Now apply trust overrides, if any */
cType = cert_ComputeTrustOverrides(cert, cType);
ret = (cType & (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA |
NS_CERT_TYPE_OBJECT_SIGNING_CA)) ? PR_TRUE : PR_FALSE;
if ( rettype != NULL ) {
*rettype = type;
if (rettype != NULL) {
*rettype = cType;
}
return(ret);
return ret;
}
PRBool
@ -2360,7 +2373,7 @@ CERT_FixupEmailAddr(const char *emailAddr)
* NOTE - don't allow encode of govt-approved or invisible bits
*/
SECStatus
CERT_DecodeTrustString(CERTCertTrust *trust, char *trusts)
CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts)
{
unsigned int i;
unsigned int *pflags;

View File

@ -36,7 +36,7 @@
/*
* certi.h - private data structures for the certificate library
*
* $Id: certi.h,v 1.26 2008/06/18 01:00:40 wtc%google.com Exp $
* $Id: certi.h,v 1.27 2008/10/31 23:02:36 alexei.volkov.bugs%sun.com Exp $
*/
#ifndef _CERTI_H_
#define _CERTI_H_
@ -257,6 +257,10 @@ SECStatus AcquireDPCache(CERTCertificate* issuer, SECItem* subject,
SECItem* dp, int64 t, void* wincx,
CRLDPCache** dpcache, PRBool* writeLocked);
/* check if a particular SN is in the CRL cache and return its entry */
SECStatus DPCache_Lookup(CRLDPCache* cache, SECItem* sn,
CERTCrlEntry** returned);
/* release a DPCache object that was previously acquired */
void ReleaseDPCache(CRLDPCache* dpcache, PRBool writeLocked);

View File

@ -36,7 +36,7 @@
/*
* certt.h - public data structures for the certificate library
*
* $Id: certt.h,v 1.47 2008/06/20 16:57:03 nelson%bolyard.com Exp $
* $Id: certt.h,v 1.48 2008/10/31 23:02:36 alexei.volkov.bugs%sun.com Exp $
*/
#ifndef _CERTT_H_
#define _CERTT_H_
@ -1059,7 +1059,7 @@ typedef enum {
/*
* Defines the behavior if we are unable to obtain fresh information.
* INGORE means:
* Return "test succeded, not revoked"
* Return "cert status unknown"
* FAIL means:
* Return "cert revoked".
*/

View File

@ -37,7 +37,7 @@
/*
* Moved from secpkcs7.c
*
* $Id: crl.c,v 1.59 2008/03/25 05:02:22 julien.pierre.boogz%sun.com Exp $
* $Id: crl.c,v 1.60 2008/10/31 23:02:36 alexei.volkov.bugs%sun.com Exp $
*/
#include "cert.h"
@ -946,10 +946,6 @@ static SECStatus DPCache_AddCRL(CRLDPCache* cache, CachedCrl* crl,
static SECStatus DPCache_FetchFromTokens(CRLDPCache* cache, PRTime vfdate,
void* wincx);
/* check if a particular SN is in the CRL cache and return its entry */
static SECStatus DPCache_Lookup(CRLDPCache* cache, SECItem* sn,
CERTCrlEntry** returned);
/* update the content of the CRL cache, including fetching of CRLs, and
reprocessing with specified issuer and date */
static SECStatus DPCache_GetUpToDate(CRLDPCache* cache, CERTCertificate* issuer,
@ -1713,7 +1709,7 @@ static SECStatus CachedCrl_GetEntry(CachedCrl* crl, SECItem* sn,
}
/* check if a particular SN is in the CRL cache and return its entry */
static SECStatus DPCache_Lookup(CRLDPCache* cache, SECItem* sn,
SECStatus DPCache_Lookup(CRLDPCache* cache, SECItem* sn,
CERTCrlEntry** returned)
{
if (!cache || !sn || !returned)

View File

@ -38,7 +38,6 @@
#include "seccomon.h"
#include "secitem.h"
#include "secoidt.h"
#include "mcom_db.h"
#include "secasn1.h"
#include "secder.h"
#include "certt.h"

View File

@ -37,7 +37,6 @@
#include "prtime.h"
#include "cert.h"
#include "mcom_db.h"
#include "certdb.h"
#include "secitem.h"
#include "secder.h"

View File

@ -40,7 +40,6 @@
*/
#include "prtypes.h"
#include "mcom_db.h"
#include "seccomon.h"
#include "secdert.h"
#include "secoidt.h"

View File

@ -39,7 +39,7 @@
*/
#include "prtypes.h"
#include "mcom_db.h"
#include <limits.h> /* for LONG_MAX */
#include "seccomon.h"
#include "secdert.h"
#include "secoidt.h"

View File

@ -39,7 +39,6 @@
*/
#include "prtypes.h"
#include "mcom_db.h"
#include "seccomon.h"
#include "secdert.h"
#include "secoidt.h"

View File

@ -57,7 +57,6 @@
#include "pkit.h"
#include "pkix_pl_common.h"
#include "pkix_pl_ekuchecker.h"
extern PRLogModuleInfo *pkixLog;
@ -418,10 +417,6 @@ cert_ProcessingParamsSetKuAndEku(
plContext),
PKIX_COMCERTSELPARAMSSETEXTKEYUSAGEFAILED);
PKIX_CHECK(
PKIX_PL_EkuChecker_Create(procParams, plContext),
PKIX_EKUCHECKERINITIALIZEFAILED);
cleanup:
PKIX_DECREF(extKeyUsage);
PKIX_DECREF(certSelector);
@ -479,9 +474,7 @@ cert_CreatePkixProcessingParams(
PRTime time,
void *wincx,
PRBool useArena,
#ifdef DEBUG_volkov
PRBool checkAllCertsOCSP,
#endif
PRBool disableOCSPRemoteFetching,
PKIX_ProcessingParams **pprocParams,
void **pplContext)
{
@ -493,9 +486,8 @@ cert_CreatePkixProcessingParams(
PKIX_ComCertSelParams *certSelParams = NULL;
PKIX_CertStore *certStore = NULL;
PKIX_List *certStores = NULL;
#ifdef DEBUG_volkov
PKIX_RevocationChecker *ocspChecker = NULL;
#endif
PKIX_RevocationChecker *revChecker = NULL;
PKIX_UInt32 methodFlags = 0;
void *plContext = NULL;
PKIX_ENTER(CERTVFYPKIX, "cert_CreatePkixProcessingParams");
@ -572,28 +564,71 @@ cert_CreatePkixProcessingParams(
PKIX_CHECK(
PKIX_ProcessingParams_SetDate(procParams, date, plContext),
PKIX_PROCESSINGPARAMSSETDATEFAILED);
PKIX_CHECK(
PKIX_ProcessingParams_SetNISTRevocationPolicyEnabled(procParams,
PKIX_FALSE,
plContext),
PKIX_PROCESSINGPARAMSSETNISTREVOCATIONENABLEDFAILED);
#ifdef DEBUG_volkov1
/* Enables ocsp rev checking of the chain cert through pkix OCSP
* implementation. */
if (checkAllCertsOCSP) {
PKIX_CHECK(
PKIX_OcspChecker_Initialize(date, NULL, NULL,
&ocspChecker, plContext),
PKIX_PROCESSINGPARAMSSETDATEFAILED);
PKIX_CHECK(
PKIX_ProcessingParams_AddRevocationChecker(procParams,
ocspChecker, plContext),
PKIX_PROCESSINGPARAMSSETDATEFAILED);
PKIX_CHECK(
PKIX_RevocationChecker_Create(date,
PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
PKIX_REV_MI_NO_OVERALL_INFO_REQUIREMENT,
PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
PKIX_REV_MI_NO_OVERALL_INFO_REQUIREMENT,
&revChecker, plContext),
PKIX_REVOCATIONCHECKERCREATEFAILED);
PKIX_CHECK(
PKIX_ProcessingParams_SetRevocationChecker(procParams, revChecker,
plContext),
PKIX_PROCESSINGPARAMSSETREVOCATIONCHECKERFAILED);
/* CRL method flags */
methodFlags =
PKIX_REV_M_TEST_USING_THIS_METHOD |
PKIX_REV_M_FORBID_NETWORK_FETCHING |
PKIX_REV_M_SKIP_TEST_ON_MISSING_SOURCE | /* 0 */
PKIX_REV_M_IGNORE_MISSING_FRESH_INFO | /* 0 */
PKIX_REV_M_CONTINUE_TESTING_ON_FRESH_INFO;
/* add CRL revocation method to check the leaf certificate */
PKIX_CHECK(
PKIX_RevocationChecker_CreateAndAddMethod(revChecker, procParams,
PKIX_RevocationMethod_CRL, methodFlags,
0, NULL, PKIX_TRUE, plContext),
PKIX_REVOCATIONCHECKERADDMETHODFAILED);
/* add CRL revocation method for other certs in the chain. */
PKIX_CHECK(
PKIX_RevocationChecker_CreateAndAddMethod(revChecker, procParams,
PKIX_RevocationMethod_CRL, methodFlags,
0, NULL, PKIX_FALSE, plContext),
PKIX_REVOCATIONCHECKERADDMETHODFAILED);
/* OCSP method flags */
methodFlags =
PKIX_REV_M_TEST_USING_THIS_METHOD |
PKIX_REV_M_ALLOW_NETWORK_FETCHING | /* 0 */
PKIX_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE | /* 0 */
PKIX_REV_M_SKIP_TEST_ON_MISSING_SOURCE | /* 0 */
PKIX_REV_M_IGNORE_MISSING_FRESH_INFO | /* 0 */
PKIX_REV_M_CONTINUE_TESTING_ON_FRESH_INFO;
/* Disabling ocsp fetching when checking the status
* of ocsp response signer. Here and in the next if,
* adjust flags for ocsp signer cert validation case. */
if (disableOCSPRemoteFetching) {
methodFlags |= PKIX_REV_M_FORBID_NETWORK_FETCHING;
}
#endif
if (ocsp_FetchingFailureIsVerificationFailure()
&& !disableOCSPRemoteFetching) {
methodFlags |=
PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO;
}
/* add OCSP revocation method to check only the leaf certificate.*/
PKIX_CHECK(
PKIX_RevocationChecker_CreateAndAddMethod(revChecker, procParams,
PKIX_RevocationMethod_OCSP, methodFlags,
1, NULL, PKIX_TRUE, plContext),
PKIX_REVOCATIONCHECKERADDMETHODFAILED);
PKIX_CHECK(
PKIX_ProcessingParams_SetAnyPolicyInhibited(procParams, PR_FALSE,
@ -622,9 +657,7 @@ cleanup:
PKIX_DECREF(certStore);
PKIX_DECREF(certStores);
PKIX_DECREF(procParams);
#ifdef DEBUG_volkov
PKIX_DECREF(ocspChecker);
#endif
PKIX_DECREF(revChecker);
PKIX_RETURN(CERTVFYPKIX);
}
@ -845,8 +878,13 @@ cert_PkixErrorToNssCode(
if (!pkixLog) break;
}
if (pkixLog) {
#ifdef PKIX_ERROR_DESCRIPTION
PR_LOG(pkixLog, 2, ("Error at level %d: %s\n", errLevel,
PKIX_ErrorText[errPtr->errCode]));
#else
PR_LOG(pkixLog, 2, ("Error at level %d: Error code %d\n", errLevel,
errPtr->errCode));
#endif /* PKIX_ERROR_DESCRIPTION */
}
errPtr = errPtr->cause;
errLevel += 1;
@ -1198,21 +1236,14 @@ do {
if (leakedObjNum) {
pkix_pl_lifecycle_ObjectTableUpdate(objCountTable);
}
PR_LOG(pkixLog, 1, ("Memory leak test: Loop %d\n", memLeakLoopCount++));
memLeakLoopCount += 1;
#endif /* PKIX_OBJECT_LEAK_TEST */
error =
cert_CreatePkixProcessingParams(cert, checkSig, time, wincx,
PR_FALSE/*use arena*/,
#ifdef DEBUG_volkov
/* If in DEBUG_volkov, then enable OCSP
* check for all certs in the chain
* using libpkix ocsp code.
* (except for certUsageStatusResponder). */
requiredUsage != certUsageStatusResponder,
#endif
&procParams, &plContext);
PR_FALSE/*use arena*/,
requiredUsage == certUsageStatusResponder,
&procParams, &plContext);
if (error) {
goto cleanup;
}
@ -1276,8 +1307,8 @@ cleanup:
pkix_pl_lifecycle_ObjectLeakCheck(leakedObjNum ? objCountTable : NULL);
if (pkixLog && leakedObjNum) {
PR_LOG(pkixLog, 1, ("The generated error caused an object leaks. "
"Stack %s\n", errorFnStackString));
PR_LOG(pkixLog, 1, ("The generated error caused an object leaks. Loop %d."
"Stack %s\n", memLeakLoopCount, errorFnStackString));
}
PR_Free(errorFnStackString);
errorFnStackString = NULL;
@ -1495,6 +1526,46 @@ cert_pkix_FindOutputParam(CERTValOutParam *params, const CERTValParamOutType t)
return NULL;
}
static PKIX_Error*
setRevocationMethod(PKIX_RevocationChecker *revChecker,
PKIX_ProcessingParams *procParams,
const CERTRevocationTests *revTest,
CERTRevocationMethodIndex certRevMethod,
PKIX_RevocationMethodType pkixRevMethod,
PKIX_Boolean verifyResponderUsages,
PKIX_Boolean isLeafTest,
void *plContext)
{
PKIX_UInt32 methodFlags = 0;
PKIX_Error *error = NULL;
int priority = 0;
if (revTest->number_of_defined_methods < certRevMethod) {
return NULL;
}
if (revTest->preferred_methods) {
int i = 0;
for (;i < revTest->number_of_preferred_methods;i++) {
if (revTest->preferred_methods[i] == certRevMethod)
break;
}
priority = i;
}
methodFlags = revTest->cert_rev_flags_per_method[certRevMethod];
if (verifyResponderUsages &&
pkixRevMethod == PKIX_RevocationMethod_OCSP) {
methodFlags |= PKIX_REV_M_FORBID_NETWORK_FETCHING;
}
error =
PKIX_RevocationChecker_CreateAndAddMethod(revChecker, procParams,
pkixRevMethod, methodFlags,
priority, NULL,
isLeafTest, plContext);
return error;
}
SECStatus
cert_pkixSetParam(PKIX_ProcessingParams *procParams,
const CERTValInParam *param, void *plContext)
@ -1503,7 +1574,6 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
SECStatus r=SECSuccess;
PKIX_PL_Date *date = NULL;
PKIX_List *policyOIDList = NULL;
PKIX_RevocationChecker *ocspChecker = NULL;
PKIX_List *certListPkix = NULL;
const CERTRevocationFlags *flags;
SECErrorCodes errCode = SEC_ERROR_INVALID_ARGS;
@ -1511,6 +1581,8 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
CERTCertListNode *node;
PKIX_PL_Cert *certPkix = NULL;
PKIX_TrustAnchor *trustAnchor = NULL;
PKIX_PL_Date *revDate = NULL;
PKIX_RevocationChecker *revChecker = NULL;
/* XXX we need a way to map generic PKIX error to generic NSS errors */
@ -1562,11 +1634,9 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
case cert_pi_revocationFlags:
{
PRBool ocspTurnedOnForLeaf = PR_FALSE;
PRBool ocspTurnedOnForChain = PR_FALSE;
PRBool crlTurnedOnForLeaf = PR_FALSE;
PRBool crlTurnedOnForChain = PR_FALSE;
PRBool crlHardFailure = PR_FALSE;
PKIX_UInt32 leafIMFlags = 0;
PKIX_UInt32 chainIMFlags = 0;
PKIX_Boolean validatingResponderCert = PKIX_FALSE;
flags = param->value.pointer.revocation;
if (!flags) {
@ -1575,138 +1645,75 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
break;
}
if (
/* caller did define OCSP leaf behavior */
(flags->leafTests.number_of_defined_methods >
cert_revocation_method_ocsp)
&&
/* caller allows OCSP testing for the leaf */
(flags->leafTests.cert_rev_flags_per_method
[cert_revocation_method_ocsp]
& CERT_REV_M_TEST_USING_THIS_METHOD)) {
ocspTurnedOnForLeaf = PR_TRUE;
}
leafIMFlags =
flags->leafTests.cert_rev_method_independent_flags;
chainIMFlags =
flags->chainTests.cert_rev_method_independent_flags;
if (
/* caller did define OCSP chain behavior */
(flags->chainTests.number_of_defined_methods >
cert_revocation_method_ocsp)
&&
/* caller allows OCSP testing for the chain */
(flags->chainTests.cert_rev_flags_per_method
[cert_revocation_method_ocsp]
& CERT_REV_M_TEST_USING_THIS_METHOD)) {
ocspTurnedOnForChain = PR_TRUE;
}
if (
/* caller did define CRL leaf behavior */
(flags->leafTests.number_of_defined_methods >
cert_revocation_method_crl)
&&
/* caller allows CRL testing for the chain */
(flags->leafTests.cert_rev_flags_per_method
[cert_revocation_method_crl]
& CERT_REV_M_TEST_USING_THIS_METHOD)) {
crlTurnedOnForLeaf = PR_TRUE;
}
if (
/* caller did define CRL chain behavior */
(flags->chainTests.number_of_defined_methods >
cert_revocation_method_crl)
&&
/* caller allows CRL testing for the chain */
(flags->chainTests.cert_rev_flags_per_method
[cert_revocation_method_crl]
& CERT_REV_M_TEST_USING_THIS_METHOD)) {
crlTurnedOnForChain = PR_TRUE;
}
if (
/* caller did define CRL chain behavior */
(flags->chainTests.number_of_defined_methods >
cert_revocation_method_crl)
&&
/* caller requests hard failure on missing (fresh) CRL */
(flags->chainTests.cert_rev_flags_per_method
[cert_revocation_method_crl]
& CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO)) {
/* FIXME: should also consider flag
* CERT_REV_M_SKIP_TEST_ON_MISSING_SOURCE
*/
crlHardFailure = PR_TRUE;
}
if (!ocspTurnedOnForChain) {
/* OCSP off either because:
* 1) we didn't turn ocsp on, or
* 2) we are only checking ocsp on the leaf cert only.
* The caller needs to handle the leaf case once we add leaf
* checking there */
/* currently OCSP is the only external revocation checker */
error = PKIX_ProcessingParams_SetRevocationCheckers(procParams,
NULL, plContext);
} else {
/* FIXME: What should be done if !ocspTurnedOnForLeaf ? */
/* OCSP is on for the whole chain */
if (date == NULL) {
error = PKIX_ProcessingParams_GetDate
(procParams, &date, plContext );
if (error != NULL) {
errCode = SEC_ERROR_INVALID_TIME;
break;
}
}
error = PKIX_OcspChecker_Initialize(date, NULL, NULL,
&ocspChecker, plContext);
if (error != NULL) {
break;
}
error = PKIX_ProcessingParams_AddRevocationChecker(procParams,
ocspChecker, plContext);
PKIX_PL_Object_DecRef((PKIX_PL_Object *)ocspChecker, plContext);
ocspChecker=NULL;
/* FIXME: add support for other revocation flags when underlying
* pkix supports it */
}
error = PKIX_ProcessingParams_GetDate(procParams, &date, plContext);
if (error != NULL) {
errCode = SEC_ERROR_INVALID_TIME;
}
error =
PKIX_RevocationChecker_Create(date, leafIMFlags, chainIMFlags,
&revChecker, plContext);
if (error) {
break;
}
if (!crlTurnedOnForChain) {
/* CRL checking is off either because:
* 1) we didn't turn crl checking on, or
* 2) we are only checking crls on the leaf cert only.
* The caller needs to handle the leaf case once we add leaf
* checking there */
/* this function only affects the built-in CRL checker */
error = PKIX_ProcessingParams_SetRevocationEnabled(procParams,
PKIX_FALSE, plContext);
if (error != NULL) {
break;
}
/* make sure NIST Revocation Policy is off as well */
error = PKIX_ProcessingParams_SetNISTRevocationPolicyEnabled
(procParams, PKIX_FALSE, plContext);
} else {
/* FIXME: What should be done if !crlTurnedOnForLeaf ? */
/* CRL checking is on for the whole chain */
error = PKIX_ProcessingParams_SetRevocationEnabled(procParams,
PKIX_TRUE, plContext);
if (error != NULL) {
break;
}
error = PKIX_ProcessingParams_SetNISTRevocationPolicyEnabled
(procParams,
crlHardFailure ? PKIX_TRUE : PKIX_FALSE,
plContext);
error =
PKIX_ProcessingParams_SetRevocationChecker(procParams,
revChecker, plContext);
if (error) {
break;
}
if (((PKIX_PL_NssContext*)plContext)->certificateUsage &
certificateUsageStatusResponder) {
validatingResponderCert = PKIX_TRUE;
}
error = setRevocationMethod(revChecker,
procParams, &flags->leafTests,
cert_revocation_method_crl,
PKIX_RevocationMethod_CRL,
validatingResponderCert,
PKIX_TRUE, plContext);
if (error) {
break;
}
error = setRevocationMethod(revChecker,
procParams, &flags->leafTests,
cert_revocation_method_ocsp,
PKIX_RevocationMethod_OCSP,
validatingResponderCert,
PKIX_TRUE, plContext);
if (error) {
break;
}
error = setRevocationMethod(revChecker,
procParams, &flags->chainTests,
cert_revocation_method_crl,
PKIX_RevocationMethod_CRL,
validatingResponderCert,
PKIX_FALSE, plContext);
if (error) {
break;
}
error = setRevocationMethod(revChecker,
procParams, &flags->chainTests,
cert_revocation_method_ocsp,
PKIX_RevocationMethod_OCSP,
validatingResponderCert,
PKIX_FALSE, plContext);
if (error) {
break;
}
}
break;
@ -1762,8 +1769,11 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
if (date != NULL)
PKIX_PL_Object_DecRef((PKIX_PL_Object *)date, plContext);
if (ocspChecker != NULL)
PKIX_PL_Object_DecRef((PKIX_PL_Object *)ocspChecker, plContext);
if (revDate != NULL)
PKIX_PL_Object_DecRef((PKIX_PL_Object *)revDate, plContext);
if (revChecker != NULL)
PKIX_PL_Object_DecRef((PKIX_PL_Object *)revChecker, plContext);
if (certListPkix)
PKIX_PL_Object_DecRef((PKIX_PL_Object *)certListPkix, plContext);
@ -2090,8 +2100,7 @@ do {
if (leakedObjNum) {
pkix_pl_lifecycle_ObjectTableUpdate(objCountTable);
}
PR_LOG(pkixLog, 1, ("Memory leak test: Loop %d\n", memLeakLoopCount++));
memLeakLoopCount += 1;
#endif /* PKIX_OBJECT_LEAK_TEST */
error = PKIX_PL_NssContext_Create(
@ -2113,6 +2122,17 @@ do {
goto cleanup;
}
/* local cert store should be set into procParams before
* filling in revocation settings. */
certStores = cert_GetCertStores(plContext);
if (certStores == NULL) {
goto cleanup;
}
error = PKIX_ProcessingParams_SetCertStores
(procParams, certStores, plContext);
if (error != NULL) {
goto cleanup;
}
/* now process the extensible input parameters structure */
if (paramsIn != NULL) {
@ -2131,7 +2151,6 @@ do {
}
}
certSelector = cert_GetTargetCertConstraints(cert, plContext);
if (certSelector == NULL) {
goto cleanup;
@ -2142,16 +2161,6 @@ do {
goto cleanup;
}
certStores = cert_GetCertStores(plContext);
if (certStores == NULL) {
goto cleanup;
}
error = PKIX_ProcessingParams_SetCertStores
(procParams, certStores, plContext);
if (error != NULL) {
goto cleanup;
}
error = PKIX_BuildChain( procParams, &nbioContext,
&buildState, &buildResult, &verifyNode,
plContext);
@ -2178,7 +2187,9 @@ do {
}
#ifdef PKIX_OBJECT_LEAK_TEST
PORT_Assert(!errorGenerated);
/* Can not continue if error was generated but not returned.
* Jumping to cleanup. */
if (errorGenerated) goto cleanup;
#endif /* PKIX_OBJECT_LEAK_TEST */
oparam = cert_pkix_FindOutputParam(paramsOut, cert_po_trustAnchor);
@ -2261,8 +2272,8 @@ cleanup:
pkix_pl_lifecycle_ObjectLeakCheck(leakedObjNum ? objCountTable : NULL);
if (pkixLog && leakedObjNum) {
PR_LOG(pkixLog, 1, ("The generated error caused an object leaks. "
"Stack %s\n", errorFnStackString));
PR_LOG(pkixLog, 1, ("The generated error caused an object leaks. Loop %d."
"Stack %s\n", memLeakLoopCount, errorFnStackString));
}
PR_Free(errorFnStackString);
errorFnStackString = NULL;

View File

@ -147,10 +147,10 @@ pkix_Cert2ASCII(PKIX_PL_Cert *cert)
PR_snprintf
(asciiString,
200,
"Ref: %d Issuer=%s\nSubject=%s\n",
"Ref: %d Subject=%s\nIssuer=%s\n",
refCount,
issuerAscii,
subjectAscii);
subjectAscii,
issuerAscii);
if (!numChars) goto cleanup;

View File

@ -39,7 +39,7 @@
* Implementation of OCSP services, for both client and server.
* (XXX, really, mostly just for client right now, but intended to do both.)
*
* $Id: ocsp.c,v 1.55 2008/10/06 23:37:55 julien.pierre.boogz%sun.com Exp $
* $Id: ocsp.c,v 1.56 2008/10/31 23:02:37 alexei.volkov.bugs%sun.com Exp $
*/
#include "prerror.h"
@ -4473,7 +4473,8 @@ loser:
/*
* Figure out where we should go to find out the status of the given cert
* via OCSP. If a default responder is set up, that is our answer.
* via OCSP. If allowed to use a default responder uri and a default
* responder is set up, then that is our answer.
* If not, see if the certificate has an Authority Information Access (AIA)
* extension for OCSP, and return the value of that. Otherwise return NULL.
* We also let our caller know whether or not the responder chosen was
@ -4485,11 +4486,13 @@ loser:
*/
char *
ocsp_GetResponderLocation(CERTCertDBHandle *handle, CERTCertificate *cert,
PRBool *isDefault)
PRBool canUseDefault, PRBool *isDefault)
{
ocspCheckingContext *ocspcx;
ocspCheckingContext *ocspcx = NULL;
ocspcx = ocsp_GetCheckingContext(handle);
if (canUseDefault) {
ocspcx = ocsp_GetCheckingContext(handle);
}
if (ocspcx != NULL && ocspcx->useDefaultResponder) {
/*
* A default responder wins out, if specified.
@ -4624,6 +4627,18 @@ ocsp_GetCachedOCSPResponseStatusIfFresh(CERTOCSPCertID *certID,
return rv;
}
PRBool
ocsp_FetchingFailureIsVerificationFailure()
{
PRBool isFailure;
PR_EnterMonitor(OCSP_Global.monitor);
isFailure =
OCSP_Global.ocspFailureMode == ocspMode_FailureIsVerificationFailure;
PR_ExitMonitor(OCSP_Global.monitor);
return isFailure;
}
/*
* FUNCTION: CERT_CheckOCSPStatus
* Checks the status of a certificate via OCSP. Will only check status for
@ -4701,12 +4716,10 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
&certIDWasConsumed,
&rvOcsp);
if (rv != SECSuccess) {
/* we were unable to obtain ocsp status */
PR_EnterMonitor(OCSP_Global.monitor);
rvOcsp = (OCSP_Global.ocspFailureMode
== ocspMode_FailureIsVerificationFailure)
? SECFailure : SECSuccess;
PR_ExitMonitor(OCSP_Global.monitor);
/* we were unable to obtain ocsp status. Check if we should
* return cert status revoked. */
rvOcsp = ocsp_FetchingFailureIsVerificationFailure() ?
SECFailure : SECSuccess;
}
if (!certIDWasConsumed) {
CERT_DestroyOCSPCertID(certID);
@ -4755,7 +4768,8 @@ ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle,
* a true failure that we unfortunately have to treat as an overall
* failure here.
*/
location = ocsp_GetResponderLocation(handle, cert, &locationIsDefault);
location = ocsp_GetResponderLocation(handle, cert, PR_TRUE,
&locationIsDefault);
if (location == NULL) {
int err = PORT_GetError();
if (err == SEC_ERROR_EXTENSION_NOT_FOUND ||

View File

@ -36,7 +36,7 @@
/*
* ocspi.h - NSS internal interfaces to OCSP code
*
* $Id: ocspi.h,v 1.10 2008/07/08 21:34:32 alexei.volkov.bugs%sun.com Exp $
* $Id: ocspi.h,v 1.11 2008/10/31 23:02:37 alexei.volkov.bugs%sun.com Exp $
*/
#ifndef _OCSPI_H_
@ -156,7 +156,17 @@ cert_RememberOCSPProcessingFailure(CERTOCSPCertID *certID,
char *
ocsp_GetResponderLocation(CERTCertDBHandle *handle,
CERTCertificate *cert,
PRBool canUseDefaultLocation,
PRBool *isDefault);
/* FUNCTION: ocsp_FetchingFailureIsVerificationFailure
* The function checks the global ocsp settings and
* tells how to treat an ocsp response fetching failure.
* RETURNS:
* if PR_TRUE is returned, then treat fetching as a
* revoked cert status.
*/
PRBool
ocsp_FetchingFailureIsVerificationFailure();
#endif /* _OCSPI_H_ */

View File

@ -34,7 +34,7 @@
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
MAKEFILE_CVS_ID = "@(#) $RCSfile: Makefile,v $ $Revision: 1.14 $ $Date: 2007/06/19 08:03:45 $"
MAKEFILE_CVS_ID = "@(#) $RCSfile: Makefile,v $ $Revision: 1.16 $ $Date: 2008/12/03 18:44:24 $"
include manifest.mn
include $(CORE_DEPTH)/coreconf/config.mk
@ -61,7 +61,7 @@ endif
export:: private_export
# can't do this in manifest.mn because OS_TARGET isn't defined there.
ifeq (,$(filter-out WIN%,$(OS_TARGET)))
ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET))) # list omits WINCE
ifdef NSS_BUILD_CAPI
DIRS += capi
endif

View File

@ -35,7 +35,7 @@
*
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $";
static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.52 $ $Date: 2009/01/15 22:35:15 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.52 $ $Date: 2009/01/15 22:35:15 $";
#endif /* DEBUG */
#ifndef BUILTINS_H
@ -51,6 +51,7 @@ static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILT
static const CK_OBJECT_CLASS cko_netscape_trust = CKO_NETSCAPE_TRUST;
static const CK_TRUST ckt_netscape_trust_unknown = CKT_NETSCAPE_TRUST_UNKNOWN;
static const CK_TRUST ckt_netscape_trusted_delegator = CKT_NETSCAPE_TRUSTED_DELEGATOR;
static const CK_TRUST ckt_netscape_untrusted = CKT_NETSCAPE_UNTRUSTED;
#ifdef DEBUG
static const CK_ATTRIBUTE_TYPE nss_builtins_types_0 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_APPLICATION, CKA_VALUE
@ -809,6 +810,12 @@ static const CK_ATTRIBUTE_TYPE nss_builtins_types_250 [] = {
static const CK_ATTRIBUTE_TYPE nss_builtins_types_251 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_252 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_253 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
#ifdef DEBUG
static const NSSItem nss_builtins_items_0 [] = {
{ (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
@ -817,7 +824,7 @@ static const NSSItem nss_builtins_items_0 [] = {
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)"CVS ID", (PRUint32)7 },
{ (void *)"NSS", (PRUint32)4 },
{ (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $", (PRUint32)160 }
{ (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.52 $ $Date: 2009/01/15 22:35:15 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.52 $ $Date: 2009/01/15 22:35:15 $", (PRUint32)160 }
};
#endif /* DEBUG */
static const NSSItem nss_builtins_items_1 [] = {
@ -16977,6 +16984,123 @@ static const NSSItem nss_builtins_items_251 [] = {
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
static const NSSItem nss_builtins_items_252 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)"MD5 Collisions Forged Rogue CA 25c3", (PRUint32)36 },
{ (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
{ (void *)"\060\074\061\072\060\070\006\003\125\004\003\023\061\115\104\065"
"\040\103\157\154\154\151\163\151\157\156\163\040\111\156\143\056"
"\040\050\150\164\164\160\072\057\057\167\167\167\056\160\150\162"
"\145\145\144\157\155\056\157\162\147\057\155\144\065\051"
, (PRUint32)62 },
{ (void *)"0", (PRUint32)2 },
{ (void *)"\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
"\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141"
"\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060"
"\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040"
"\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102"
"\165\163\151\156\145\163\163\040\103\101\055\061"
, (PRUint32)92 },
{ (void *)"\002\001\102"
, (PRUint32)3 },
{ (void *)"\060\202\004\062\060\202\003\233\240\003\002\001\002\002\001\102"
"\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060"
"\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061\034"
"\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141\170"
"\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060\053"
"\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040\123"
"\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102\165"
"\163\151\156\145\163\163\040\103\101\055\061\060\036\027\015\060"
"\064\060\067\063\061\060\060\060\060\060\061\132\027\015\060\064"
"\060\071\060\062\060\060\060\060\060\061\132\060\074\061\072\060"
"\070\006\003\125\004\003\023\061\115\104\065\040\103\157\154\154"
"\151\163\151\157\156\163\040\111\156\143\056\040\050\150\164\164"
"\160\072\057\057\167\167\167\056\160\150\162\145\145\144\157\155"
"\056\157\162\147\057\155\144\065\051\060\201\237\060\015\006\011"
"\052\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060"
"\201\211\002\201\201\000\272\246\131\311\054\050\326\052\260\370"
"\355\237\106\244\244\067\356\016\031\150\131\321\263\003\231\121"
"\326\026\232\136\067\153\025\340\016\113\365\204\144\370\243\333"
"\101\157\065\325\233\025\037\333\304\070\122\160\201\227\136\217"
"\240\265\367\176\071\360\062\254\036\255\104\322\263\372\110\303"
"\316\221\233\354\364\234\174\341\132\365\310\067\153\232\203\336"
"\347\312\040\227\061\102\163\025\221\150\364\210\257\371\050\050"
"\305\351\017\163\260\027\113\023\114\231\165\320\104\346\176\010"
"\154\032\362\117\033\101\002\003\001\000\001\243\202\002\044\060"
"\202\002\040\060\013\006\003\125\035\017\004\004\003\002\001\306"
"\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001"
"\377\060\035\006\003\125\035\016\004\026\004\024\247\004\140\037"
"\253\162\103\010\305\177\010\220\125\126\034\326\316\346\070\353"
"\060\037\006\003\125\035\043\004\030\060\026\200\024\276\250\240"
"\164\162\120\153\104\267\311\043\330\373\250\377\263\127\153\150"
"\154\060\202\001\276\006\011\140\206\110\001\206\370\102\001\015"
"\004\202\001\257\026\202\001\253\063\000\000\000\047\136\071\340"
"\211\141\017\116\243\305\105\013\066\273\001\321\123\252\303\010"
"\217\157\370\117\076\207\207\104\021\334\140\340\337\222\125\371"
"\270\163\033\124\223\305\237\320\106\304\140\266\065\142\315\271"
"\257\034\250\151\032\311\133\074\226\067\300\355\147\357\273\376"
"\300\213\234\120\057\051\275\203\042\236\216\010\372\254\023\160"
"\242\130\177\142\142\212\021\367\211\366\337\266\147\131\163\026"
"\373\143\026\212\264\221\070\316\056\365\266\276\114\244\224\111"
"\344\145\021\012\102\025\311\301\060\342\151\325\105\175\245\046"
"\273\271\141\354\142\144\360\071\341\347\274\150\330\120\121\236"
"\035\140\323\321\243\247\012\370\003\040\241\160\001\027\221\066"
"\117\002\160\061\206\203\335\367\017\330\007\035\021\263\023\004"
"\245\334\360\256\120\261\050\016\143\151\052\014\202\157\217\107"
"\063\337\154\242\006\222\361\117\105\276\331\060\066\243\053\214"
"\326\167\256\065\143\177\116\114\232\223\110\066\331\237\002\003"
"\001\000\001\243\201\275\060\201\272\060\016\006\003\125\035\017"
"\001\001\377\004\004\003\002\004\360\060\035\006\003\125\035\016"
"\004\026\004\024\315\246\203\372\245\140\067\367\226\067\027\051"
"\336\101\170\361\207\211\125\347\060\073\006\003\125\035\037\004"
"\064\060\062\060\060\240\056\240\054\206\052\150\164\164\160\072"
"\057\057\143\162\154\056\147\145\157\164\162\165\163\164\056\143"
"\157\155\057\143\162\154\163\057\147\154\157\142\141\154\143\141"
"\061\056\143\162\154\060\037\006\003\125\035\043\004\030\060\026"
"\200\024\276\250\240\164\162\120\153\104\267\311\043\330\373\250"
"\377\263\127\153\150\154\060\035\006\003\125\035\045\004\026\060"
"\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001"
"\005\005\007\003\002\060\014\006\003\125\035\023\001\001\377\004"
"\002\060\000\060\015\006\011\052\206\110\206\367\015\001\001\004"
"\005\000\003\201\201\000\247\041\002\215\321\016\242\200\167\045"
"\375\103\140\025\217\354\357\220\107\324\204\102\025\046\021\034"
"\315\302\074\020\051\251\266\337\253\127\165\221\332\345\053\263"
"\220\105\034\060\143\126\077\212\331\120\372\355\130\154\300\145"
"\254\146\127\336\034\306\166\073\365\000\016\216\105\316\177\114"
"\220\354\053\306\315\263\264\217\142\320\376\267\305\046\162\104"
"\355\366\230\133\256\313\321\225\365\332\010\276\150\106\261\165"
"\310\354\035\217\036\172\224\361\252\123\170\242\105\256\124\352"
"\321\236\164\310\166\147"
, (PRUint32)1078 }
};
static const NSSItem nss_builtins_items_253 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)"MD5 Collisions Forged Rogue CA 25c3", (PRUint32)36 },
{ (void *)"\144\043\023\176\134\123\326\112\246\144\205\355\066\124\365\253"
"\005\132\213\212"
, (PRUint32)20 },
{ (void *)"\026\172\023\025\271\027\071\243\361\005\152\346\076\331\072\070"
, (PRUint32)16 },
{ (void *)"\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
"\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141"
"\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060"
"\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040"
"\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102"
"\165\163\151\156\145\163\163\040\103\101\055\061"
, (PRUint32)92 },
{ (void *)"\002\001\102"
, (PRUint32)3 },
{ (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
builtinsInternalObject
nss_builtins_data[] = {
@ -17233,11 +17357,13 @@ nss_builtins_data[] = {
{ 11, nss_builtins_types_248, nss_builtins_items_248, {NULL} },
{ 13, nss_builtins_types_249, nss_builtins_items_249, {NULL} },
{ 11, nss_builtins_types_250, nss_builtins_items_250, {NULL} },
{ 13, nss_builtins_types_251, nss_builtins_items_251, {NULL} }
{ 13, nss_builtins_types_251, nss_builtins_items_251, {NULL} },
{ 11, nss_builtins_types_252, nss_builtins_items_252, {NULL} },
{ 13, nss_builtins_types_253, nss_builtins_items_253, {NULL} }
};
const PRUint32
#ifdef DEBUG
nss_builtins_nObjects = 251+1;
nss_builtins_nObjects = 253+1;
#else
nss_builtins_nObjects = 251;
nss_builtins_nObjects = 253;
#endif /* DEBUG */

View File

@ -34,7 +34,7 @@
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.50 $ $Date: 2008/10/17 23:06:48 $"
CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.51 $ $Date: 2009/01/15 22:35:15 $"
#
# certdata.txt
@ -17501,3 +17501,130 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "MD5 Collisions Forged Rogue CA 25c3"
#
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3"
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
CKA_SUBJECT MULTILINE_OCTAL
\060\074\061\072\060\070\006\003\125\004\003\023\061\115\104\065
\040\103\157\154\154\151\163\151\157\156\163\040\111\156\143\056
\040\050\150\164\164\160\072\057\057\167\167\167\056\160\150\162
\145\145\144\157\155\056\157\162\147\057\155\144\065\051
END
CKA_ID UTF8 "0"
CKA_ISSUER MULTILINE_OCTAL
\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141
\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060
\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040
\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102
\165\163\151\156\145\163\163\040\103\101\055\061
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\001\102
END
CKA_VALUE MULTILINE_OCTAL
\060\202\004\062\060\202\003\233\240\003\002\001\002\002\001\102
\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060
\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061\034
\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141\170
\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060\053
\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040\123
\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102\165
\163\151\156\145\163\163\040\103\101\055\061\060\036\027\015\060
\064\060\067\063\061\060\060\060\060\060\061\132\027\015\060\064
\060\071\060\062\060\060\060\060\060\061\132\060\074\061\072\060
\070\006\003\125\004\003\023\061\115\104\065\040\103\157\154\154
\151\163\151\157\156\163\040\111\156\143\056\040\050\150\164\164
\160\072\057\057\167\167\167\056\160\150\162\145\145\144\157\155
\056\157\162\147\057\155\144\065\051\060\201\237\060\015\006\011
\052\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060
\201\211\002\201\201\000\272\246\131\311\054\050\326\052\260\370
\355\237\106\244\244\067\356\016\031\150\131\321\263\003\231\121
\326\026\232\136\067\153\025\340\016\113\365\204\144\370\243\333
\101\157\065\325\233\025\037\333\304\070\122\160\201\227\136\217
\240\265\367\176\071\360\062\254\036\255\104\322\263\372\110\303
\316\221\233\354\364\234\174\341\132\365\310\067\153\232\203\336
\347\312\040\227\061\102\163\025\221\150\364\210\257\371\050\050
\305\351\017\163\260\027\113\023\114\231\165\320\104\346\176\010
\154\032\362\117\033\101\002\003\001\000\001\243\202\002\044\060
\202\002\040\060\013\006\003\125\035\017\004\004\003\002\001\306
\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
\377\060\035\006\003\125\035\016\004\026\004\024\247\004\140\037
\253\162\103\010\305\177\010\220\125\126\034\326\316\346\070\353
\060\037\006\003\125\035\043\004\030\060\026\200\024\276\250\240
\164\162\120\153\104\267\311\043\330\373\250\377\263\127\153\150
\154\060\202\001\276\006\011\140\206\110\001\206\370\102\001\015
\004\202\001\257\026\202\001\253\063\000\000\000\047\136\071\340
\211\141\017\116\243\305\105\013\066\273\001\321\123\252\303\010
\217\157\370\117\076\207\207\104\021\334\140\340\337\222\125\371
\270\163\033\124\223\305\237\320\106\304\140\266\065\142\315\271
\257\034\250\151\032\311\133\074\226\067\300\355\147\357\273\376
\300\213\234\120\057\051\275\203\042\236\216\010\372\254\023\160
\242\130\177\142\142\212\021\367\211\366\337\266\147\131\163\026
\373\143\026\212\264\221\070\316\056\365\266\276\114\244\224\111
\344\145\021\012\102\025\311\301\060\342\151\325\105\175\245\046
\273\271\141\354\142\144\360\071\341\347\274\150\330\120\121\236
\035\140\323\321\243\247\012\370\003\040\241\160\001\027\221\066
\117\002\160\061\206\203\335\367\017\330\007\035\021\263\023\004
\245\334\360\256\120\261\050\016\143\151\052\014\202\157\217\107
\063\337\154\242\006\222\361\117\105\276\331\060\066\243\053\214
\326\167\256\065\143\177\116\114\232\223\110\066\331\237\002\003
\001\000\001\243\201\275\060\201\272\060\016\006\003\125\035\017
\001\001\377\004\004\003\002\004\360\060\035\006\003\125\035\016
\004\026\004\024\315\246\203\372\245\140\067\367\226\067\027\051
\336\101\170\361\207\211\125\347\060\073\006\003\125\035\037\004
\064\060\062\060\060\240\056\240\054\206\052\150\164\164\160\072
\057\057\143\162\154\056\147\145\157\164\162\165\163\164\056\143
\157\155\057\143\162\154\163\057\147\154\157\142\141\154\143\141
\061\056\143\162\154\060\037\006\003\125\035\043\004\030\060\026
\200\024\276\250\240\164\162\120\153\104\267\311\043\330\373\250
\377\263\127\153\150\154\060\035\006\003\125\035\045\004\026\060
\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
\005\005\007\003\002\060\014\006\003\125\035\023\001\001\377\004
\002\060\000\060\015\006\011\052\206\110\206\367\015\001\001\004
\005\000\003\201\201\000\247\041\002\215\321\016\242\200\167\045
\375\103\140\025\217\354\357\220\107\324\204\102\025\046\021\034
\315\302\074\020\051\251\266\337\253\127\165\221\332\345\053\263
\220\105\034\060\143\126\077\212\331\120\372\355\130\154\300\145
\254\146\127\336\034\306\166\073\365\000\016\216\105\316\177\114
\220\354\053\306\315\263\264\217\142\320\376\267\305\046\162\104
\355\366\230\133\256\313\321\225\365\332\010\276\150\106\261\165
\310\354\035\217\036\172\224\361\252\123\170\242\105\256\124\352
\321\236\164\310\166\147
END
# Trust for Certificate "MD5 Collisions Forged Rogue CA 25c3"
CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3"
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
\144\043\023\176\134\123\326\112\246\144\205\355\066\124\365\253
\005\132\213\212
END
CKA_CERT_MD5_HASH MULTILINE_OCTAL
\026\172\023\025\271\027\071\243\361\005\152\346\076\331\072\070
END
CKA_ISSUER MULTILINE_OCTAL
\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141
\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060
\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040
\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102
\165\163\151\156\145\163\163\040\103\101\055\061
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\001\102
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_UNTRUSTED
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_UNTRUSTED
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_UNTRUSTED
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE

View File

@ -34,7 +34,7 @@
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CONFIG_CVS_ID = "@(#) $RCSfile: config.mk,v $ $Revision: 1.11 $ $Date: 2005/01/20 02:25:46 $"
CONFIG_CVS_ID = "@(#) $RCSfile: config.mk,v $ $Revision: 1.12 $ $Date: 2008/11/19 20:09:37 $"
#
# Override TARGETS variable so that only shared libraries
@ -69,3 +69,11 @@ ifeq ($(OS_TARGET),SunOS)
MKSHLIB += -R '$$ORIGIN'
endif
ifeq ($(OS_ARCH), HP-UX)
ifneq ($(OS_TEST), ia64)
# pa-risc
ifeq ($(USE_64), 1)
MKSHLIB += +b '$$ORIGIN'
endif
endif
endif

View File

@ -75,8 +75,8 @@
* of the comment in the CK_VERSION type definition.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 72
#define NSS_BUILTINS_LIBRARY_VERSION "1.72"
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 73
#define NSS_BUILTINS_LIBRARY_VERSION "1.73"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1

View File

@ -40,7 +40,7 @@
*/
/*
* Use this functionto create the CRMFSinglePubInfo* variables that will
* Use this function to create the CRMFSinglePubInfo* variables that will
* populate the inPubInfoArray paramter for the funciton
* CRMF_CreatePKIPublicationInfo.
*

View File

@ -202,13 +202,10 @@ struct SECKEYPublicKeyStr {
};
typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
#define CachedAttribute(attribute,setbit) \
static const PRUint32 SECKEY_##attribute = 1 << setbit;
/* bit flag definitions for staticflags */
#define SECKEY_Attributes_Cached 0x1 /* bit 0 states
whether attributes are cached */
CachedAttribute(CKA_PRIVATE,1) /* bit 1 is the value of CKA_PRIVATE */
#define SECKEY_CKA_PRIVATE (1U << 1) /* bit 1 is the value of CKA_PRIVATE */
#define SECKEY_ATTRIBUTES_CACHED(key) \
(0 != (key->staticflags & SECKEY_Attributes_Cached))

View File

@ -45,12 +45,10 @@ LIBRARY_NAME = cryptohi
EXPORTS = \
cryptohi.h \
cryptoht.h \
hasht.h \
key.h \
keyhi.h \
keyt.h \
keythi.h \
sechash.h \
$(NULL)
PRIVATE_EXPORTS = \

View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: devslot.c,v $ $Revision: 1.24 $ $Date: 2008/08/09 01:25:58 $";
static const char CVS_ID[] = "@(#) $RCSfile: devslot.c,v $ $Revision: 1.25 $ $Date: 2008/11/20 04:53:44 $";
#endif /* DEBUG */
#ifndef NSSCKEPV_H
@ -219,6 +219,7 @@ nssSlot_IsTokenPresent (
*/
session = nssToken_GetDefaultSession(slot->token);
if (session) {
PRBool isPresent = PR_FALSE;
nssSession_EnterMonitor(session);
if (session->handle != CK_INVALID_SESSION) {
CK_SESSION_INFO sessionInfo;
@ -229,9 +230,10 @@ nssSlot_IsTokenPresent (
session->handle = CK_INVALID_SESSION;
}
}
isPresent = session->handle != CK_INVALID_SESSION;
nssSession_ExitMonitor(session);
/* token not removed, finished */
if (session->handle != CK_INVALID_SESSION)
if (isPresent)
return PR_TRUE;
}
/* the token has been removed, and reinserted, or the slot contains

View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: devutil.c,v $ $Revision: 1.32 $ $Date: 2008/09/30 04:09:02 $";
static const char CVS_ID[] = "@(#) $RCSfile: devutil.c,v $ $Revision: 1.33 $ $Date: 2008/11/19 20:44:35 $";
#endif /* DEBUG */
#ifndef DEVM_H
@ -148,9 +148,7 @@ nssSlotArray_Clone (
if (count > 0) {
rvSlots = nss_ZNEWARRAY(NULL, NSSSlot *, count + 1);
if (rvSlots) {
sp = slots;
count = 0;
for (sp = slots; *sp; sp++) {
for (sp = slots, count = 0; *sp; sp++) {
rvSlots[count++] = nssSlot_AddRef(*sp);
}
}
@ -376,7 +374,7 @@ create_object (
)
{
PRUint32 j;
NSSArena *arena;
NSSArena *arena = NULL;
NSSSlot *slot = NULL;
nssSession *session = NULL;
nssCryptokiObjectAndAttributes *rvCachedObject = NULL;

View File

@ -74,9 +74,12 @@ ifdef USE_ABI32_FPU
DEFINES += -DNSS_USE_ABI32_FPU
endif
# des.c wants _X86_ defined for intel CPUs.
ifdef FREEBL_NO_DEPEND
DEFINES += -DFREEBL_NO_DEPEND
endif
# some codes want _X86_ defined for intel CPUs.
# coreconf does this for windows, but not for Linux, FreeBSD, etc.
ifeq ($(CPU_ARCH),x86)
ifeq (,$(filter-out x86 x86_64,$(CPU_ARCH)))
ifneq (,$(filter-out WIN%,$(OS_TARGET)))
OS_REL_CFLAGS += -D_X86_
endif
@ -135,6 +138,9 @@ ifeq ($(CPU_ARCH),x86_64)
DEFINES += -DNSS_USE_COMBA
DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
# DEFINES += -DMPI_AMD64_ADD
# comment the next two lines to turn off intel HW accelleration
DEFINES += -DUSE_HW_AES
ASFILES += intel-aes.s
MPI_SRCS += mpi_amd64.c mp_comba.c
endif
ifeq ($(CPU_ARCH),x86)
@ -382,6 +388,9 @@ else
endif
DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
DEFINES += -DNSS_USE_COMBA -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
# comment the next two lines to turn off intel HW accelleration
DEFINES += -DUSE_HW_AES
ASFILES += intel-aes.s
MPI_SRCS += mpi_amd64.c
else
# Solaris x86

View File

@ -36,9 +36,13 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: aeskeywrap.c,v 1.4 2005/08/06 07:24:21 nelsonb%netscape.com Exp $ */
/* $Id: aeskeywrap.c,v 1.5 2008/11/18 19:48:21 rrelyea%redhat.com Exp $ */
/* $Id: aeskeywrap.c,v 1.4 2005/08/06 07:24:21 nelsonb%netscape.com Exp $ */
/* $Id: aeskeywrap.c,v 1.5 2008/11/18 19:48:21 rrelyea%redhat.com Exp $ */
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
#include "prcpucfg.h"
#if defined(IS_LITTLE_ENDIAN) || defined(SHA_NO_LONG_LONG)

View File

@ -37,7 +37,11 @@
*
* ***** END LICENSE BLOCK ***** */
/* $Id: alg2268.c,v 1.7 2005/08/06 07:24:21 nelsonb%netscape.com Exp $ */
/* $Id: alg2268.c,v 1.8 2008/11/18 19:48:21 rrelyea%redhat.com Exp $ */
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
#include "blapi.h"
#include "secerr.h"

View File

@ -34,6 +34,10 @@
*
* ***** END LICENSE BLOCK ***** */
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
#include "secport.h"
#include "hasht.h"
#include "blapit.h"

View File

@ -36,7 +36,11 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: arcfive.c,v 1.5 2004/04/27 23:04:36 gerv%gerv.net Exp $ */
/* $Id: arcfive.c,v 1.6 2008/11/18 19:48:21 rrelyea%redhat.com Exp $ */
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
#include "blapi.h"
#include "prerror.h"

View File

@ -38,6 +38,10 @@
/* See NOTES ON UMRs, Unititialized Memory Reads, below. */
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
#include "prerr.h"
#include "secerr.h"

View File

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: blapi.h,v 1.27 2007/11/09 18:49:32 wtc%google.com Exp $ */
/* $Id: blapi.h,v 1.28 2008/12/17 06:09:12 nelson%bolyard.com Exp $ */
#ifndef _BLAPI_H_
#define _BLAPI_H_
@ -516,6 +516,30 @@ extern SECStatus DES_Decrypt(DESContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);
/******************************************/
/*
** SEED symmetric block cypher
*/
extern SEEDContext *
SEED_CreateContext(const unsigned char *key, const unsigned char *iv,
int mode, PRBool encrypt);
extern SEEDContext *SEED_AllocateContext(void);
extern SECStatus SEED_InitContext(SEEDContext *cx,
const unsigned char *key,
unsigned int keylen,
const unsigned char *iv,
int mode, unsigned int encrypt,
unsigned int );
extern void SEED_DestroyContext(SEEDContext *cx, PRBool freeit);
extern SECStatus
SEED_Encrypt(SEEDContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);
extern SECStatus
SEED_Decrypt(SEEDContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);
/******************************************/
/*
** AES symmetric block cypher (Rijndael)

View File

@ -38,7 +38,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: blapit.h,v 1.21 2008/06/14 14:20:07 wtc%google.com Exp $ */
/* $Id: blapit.h,v 1.22 2008/12/17 06:09:12 nelson%bolyard.com Exp $ */
#ifndef _BLAPIT_H_
#define _BLAPIT_H_
@ -73,6 +73,10 @@
#define NSS_CAMELLIA 0
#define NSS_CAMELLIA_CBC 1
/* SEED operation modes */
#define NSS_SEED 0
#define NSS_SEED_CBC 1
#define DSA_SIGNATURE_LEN 40 /* Bytes */
#define DSA_SUBPRIME_LEN 20 /* Bytes */
@ -113,6 +117,9 @@
#define CAMELLIA_BLOCK_SIZE 16 /* bytes */
#define SEED_BLOCK_SIZE 16 /* bytes */
#define SEED_KEY_LENGTH 16 /* bytes */
#define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048
/*
@ -183,6 +190,7 @@ struct SHA1ContextStr ;
struct SHA256ContextStr ;
struct SHA512ContextStr ;
struct AESKeyWrapContextStr ;
struct SEEDContextStr ;
typedef struct DESContextStr DESContext;
typedef struct RC2ContextStr RC2Context;
@ -198,6 +206,7 @@ typedef struct SHA512ContextStr SHA512Context;
/* SHA384Context is really a SHA512ContextStr. This is not a mistake. */
typedef struct SHA512ContextStr SHA384Context;
typedef struct AESKeyWrapContextStr AESKeyWrapContext;
typedef struct SEEDContextStr SEEDContext;
/***************************************************************************
** RSA Public and Private Key structures

View File

@ -36,9 +36,13 @@
* ***** END LICENSE BLOCK ***** */
/*
* $Id: camellia.c,v 1.1 2007/02/28 19:47:37 rrelyea%redhat.com Exp $
* $Id: camellia.c,v 1.2 2008/11/18 19:48:22 rrelyea%redhat.com Exp $
*/
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
#include "prinit.h"
#include "prerr.h"
#include "secerr.h"

View File

@ -101,13 +101,17 @@ endif # NS_USE_GCC
else
ifndef FREEBL_NO_DEPEND
EXTRA_SHARED_LIBS += \
-L$(DIST)/lib \
-lnssutil3 \
-L$(NSPR_LIB_DIR) \
-lnspr4 \
$(NULL)
else
#drop pthreads as well
OS_PTHREAD=
endif
endif
ifeq ($(OS_ARCH), Darwin)

View File

@ -400,10 +400,15 @@ static const HALF PC2[8][64] = {
temp = (word ^ (word >> 9)) & 0x00550055; \
word ^= temp | (temp << 9);
#if defined(__GNUC__) && defined(_X86_)
#define BYTESWAP(word, temp) \
__asm("bswap %0" : "+r" (word));
#else
#define BYTESWAP(word, temp) \
word = (word >> 16) | (word << 16); \
temp = 0x00ff00ff; \
word = ((word & temp) << 8) | ((word >> 8) & temp);
#endif
#define PC1(left, right, c0, d0, temp) \
right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \

View File

@ -41,6 +41,10 @@
*
* ***** END LICENSE BLOCK ***** */
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
#include "des.h"
#include <stddef.h>
#include "secerr.h"

View File

@ -38,8 +38,11 @@
* Diffie-Hellman parameter generation, key generation, and secret derivation.
* KEA secret generation and verification.
*
* $Id: dh.c,v 1.7 2004/04/25 15:03:08 gerv%gerv.net Exp $
* $Id: dh.c,v 1.8 2008/11/18 19:48:22 rrelyea%redhat.com Exp $
*/
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
#include "prerr.h"
#include "secerr.h"

View File

@ -35,7 +35,11 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: dsa.c,v 1.18 2005/10/12 00:48:25 wtchang%redhat.com Exp $ */
/* $Id: dsa.c,v 1.19 2008/11/18 19:48:23 rrelyea%redhat.com Exp $ */
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
#include "secerr.h"

View File

@ -37,6 +37,11 @@
*
* ***** END LICENSE BLOCK ***** */
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
#include "blapi.h"
#include "prerr.h"
#include "secerr.h"
@ -117,6 +122,7 @@ ec_points_mul(const ECParams *params, const mp_int *k1, const mp_int *k2,
if (pointP != NULL) {
if ((pointP->data[0] != EC_POINT_FORM_UNCOMPRESSED) ||
(pointP->len != (2 * len + 1))) {
PORT_SetError(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM);
return SECFailure;
};
}
@ -591,9 +597,12 @@ ECDH_Derive(SECItem *publicValue,
}
/* Multiply our private key and peer's public point */
if ((ec_points_mul(ecParams, NULL, &k, publicValue, &pointQ) != SECSuccess) ||
ec_point_at_infinity(&pointQ))
if (ec_points_mul(ecParams, NULL, &k, publicValue, &pointQ) != SECSuccess)
goto cleanup;
if (ec_point_at_infinity(&pointQ)) {
PORT_SetError(SEC_ERROR_BAD_KEY); /* XXX better error code? */
goto cleanup;
}
/* Allocate memory for the derived secret and copy
* the x co-ordinate of pointQ into it.
@ -613,6 +622,10 @@ ECDH_Derive(SECItem *publicValue,
cleanup:
mp_clear(&k);
if (err) {
MP_TO_SEC_ERROR(err);
}
if (pointQ.data) {
PORT_ZFree(pointQ.data, 2*len + 1);
}

View File

@ -0,0 +1,71 @@
;+#
;+# ***** BEGIN LICENSE BLOCK *****
;+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
;+#
;+# The contents of this file are subject to the Mozilla Public License Version
;+# 1.1 (the "License"); you may not use this file except in compliance with
;+# the License. You may obtain a copy of the License at
;+# http://www.mozilla.org/MPL/
;+#
;+# Software distributed under the License is distributed on an "AS IS" basis,
;+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
;+# for the specific language governing rights and limitations under the
;+# License.
;+#
;+# The Original Code is the Netscape security libraries.
;+#
;+# The Initial Developer of the Original Code is
;+# Netscape Communications Corporation.
;+# Portions created by the Initial Developer are Copyright (C) 2000
;+# the Initial Developer. All Rights Reserved.
;+#
;+# Contributor(s):
;+#
;+# Alternatively, the contents of this file may be used under the terms of
;+# either the GNU General Public License Version 2 or later (the "GPL"), or
;+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
;+# in which case the provisions of the GPL or the LGPL are applicable instead
;+# of those above. If you wish to allow use of your version of this file only
;+# under the terms of either the GPL or the LGPL, and not to allow others to
;+# use your version of this file under the terms of the MPL, indicate your
;+# decision by deleting the provisions above and replace them with the notice
;+# and other provisions required by the GPL or the LGPL. If you do not delete
;+# the provisions above, a recipient may use your version of this file under
;+# the terms of any one of the MPL, the GPL or the LGPL.
;+#
;+# ***** END LICENSE BLOCK *****
;+#
;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
;+# 1. For all unix platforms, the string ";-" means "remove this line"
;+# 2. For all unix platforms, the string " DATA " will be removed from any
;+# line on which it occurs.
;+# 3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
;+# On AIX, lines containing ";+" will be removed.
;+# 4. For all unix platforms, the string ";;" will thave the ";;" removed.
;+# 5. For all unix platforms, after the above processing has taken place,
;+# all characters after the first ";" on the line will be removed.
;+# And for AIX, the first ";" will also be removed.
;+# This file is passed directly to windows. Since ';' is a comment, all UNIX
;+# directives are hidden behind ";", ";+", and ";-"
;+
;+NSSprivate_3.11 { # NSS 3.11 release
;+ global:
LIBRARY freebl3 ;-
EXPORTS ;-
FREEBL_GetVector;
;+ local:
;+ *;
;+};
;+NSSRAWHASH_3.12.3 { # NSS 3.12.3 release
;+ global:
NSSLOW_Init;
NSSLOW_Shutdown;
NSSLOWHASH_Length;
NSSLOWHASH_Begin;
NSSLOWHASH_Destroy;
NSSLOWHASH_End;
NSSLOWHASH_NewContext;
NSSLOWHASH_Update;
;+ local:
;+ *;
;+};

View File

@ -33,7 +33,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: hasht.h,v 1.7 2005/11/07 18:44:20 wtchang%redhat.com Exp $ */
/* $Id: hasht.h,v 1.7 2008/12/10 22:48:03 wtchang%redhat.com Exp $ */
#ifndef _HASHT_H_
#define _HASHT_H_

View File

@ -0,0 +1,151 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Initial Developer of the Original Code is Red Hat, Inc, 2008.
*
* Contributor(s):
* Ulrich Drepper <drepper@redhat.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* Prototypes of the functions defined in the assembler file. */
void intel_aes_encrypt_init_128(const unsigned char *key, PRUint32 *expanded);
void intel_aes_encrypt_init_192(const unsigned char *key, PRUint32 *expanded);
void intel_aes_encrypt_init_256(const unsigned char *key, PRUint32 *expanded);
void intel_aes_decrypt_init_128(const unsigned char *key, PRUint32 *expanded);
void intel_aes_decrypt_init_192(const unsigned char *key, PRUint32 *expanded);
void intel_aes_decrypt_init_256(const unsigned char *key, PRUint32 *expanded);
SECStatus intel_aes_encrypt_ecb_128(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus intel_aes_decrypt_ecb_128(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus intel_aes_encrypt_cbc_128(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus intel_aes_decrypt_cbc_128(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus intel_aes_encrypt_ecb_192(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus intel_aes_decrypt_ecb_192(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus intel_aes_encrypt_cbc_192(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus intel_aes_decrypt_cbc_192(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus intel_aes_encrypt_ecb_256(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus intel_aes_decrypt_ecb_256(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus intel_aes_encrypt_cbc_256(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
SECStatus intel_aes_decrypt_cbc_256(AESContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen,
unsigned int blocksize);
#define intel_aes_ecb_worker(encrypt, keysize) \
((encrypt) \
? ((keysize) == 16 ? intel_aes_encrypt_ecb_128 : \
(keysize) == 24 ? intel_aes_encrypt_ecb_192 : \
intel_aes_encrypt_ecb_256) \
: ((keysize) == 16 ? intel_aes_decrypt_ecb_128 : \
(keysize) == 24 ? intel_aes_decrypt_ecb_192 : \
intel_aes_decrypt_ecb_256))
#define intel_aes_cbc_worker(encrypt, keysize) \
((encrypt) \
? ((keysize) == 16 ? intel_aes_encrypt_cbc_128 : \
(keysize) == 24 ? intel_aes_encrypt_cbc_192 : \
intel_aes_encrypt_cbc_256) \
: ((keysize) == 16 ? intel_aes_decrypt_cbc_128 : \
(keysize) == 24 ? intel_aes_decrypt_cbc_192 : \
intel_aes_decrypt_cbc_256))
#define intel_aes_init(encrypt, keysize) \
do { \
if (encrypt) { \
if (keysize == 16) \
intel_aes_encrypt_init_128(key, cx->expandedKey); \
else if (keysize == 24) \
intel_aes_encrypt_init_192(key, cx->expandedKey); \
else \
intel_aes_encrypt_init_256(key, cx->expandedKey); \
} else { \
if (keysize == 16) \
intel_aes_decrypt_init_128(key, cx->expandedKey); \
else if (keysize == 24) \
intel_aes_decrypt_init_192(key, cx->expandedKey); \
else \
intel_aes_decrypt_init_256(key, cx->expandedKey); \
} \
} while (0)

File diff suppressed because it is too large Load Diff

View File

@ -37,11 +37,16 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: ldvector.c,v 1.17 2008/05/13 01:19:59 wtc%google.com Exp $ */
/* $Id: ldvector.c,v 1.19 2008/12/17 06:09:12 nelson%bolyard.com Exp $ */
#ifdef FREEBL_NO_DEPEND
extern int FREEBL_InitStubs(void);
#endif
#include "loader.h"
#include "alghmac.h"
static const struct FREEBLVectorStr vector =
{
@ -234,10 +239,20 @@ static const struct FREEBLVectorStr vector =
Camellia_Encrypt,
Camellia_Decrypt,
/* End of Version 3.010. */
PQG_DestroyParams,
PQG_DestroyVerify,
/* End of Version 3.010. */
SEED_InitContext,
SEED_AllocateContext,
SEED_CreateContext,
SEED_DestroyContext,
SEED_Encrypt,
SEED_Decrypt
/* End of Version 3.011. */
};
const FREEBLVector *
@ -250,6 +265,9 @@ FREEBL_GetVector(void)
volatile char c;
c = __nss_freebl_rcsid[0] + __nss_freebl_sccsid[0];
#ifdef FREEBL_NO_DEPEND
FREEBL_InitStubs();
#endif
return &vector;
}

View File

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: loader.c,v 1.39 2008/01/22 02:24:03 nelson%bolyard.com Exp $ */
/* $Id: loader.c,v 1.40 2008/12/17 06:09:12 nelson%bolyard.com Exp $ */
#include "loader.h"
#include "prmem.h"
@ -486,6 +486,44 @@ DES_Decrypt(DESContext *cx, unsigned char *output, unsigned int *outputLen,
return (vector->p_DES_Decrypt)(cx, output, outputLen, maxOutputLen, input,
inputLen);
}
SEEDContext *
SEED_CreateContext(const unsigned char *key, const unsigned char *iv,
int mode, PRBool encrypt)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return NULL;
return (vector->p_SEED_CreateContext)(key, iv, mode, encrypt);
}
void
SEED_DestroyContext(SEEDContext *cx, PRBool freeit)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return;
(vector->p_SEED_DestroyContext)(cx, freeit);
}
SECStatus
SEED_Encrypt(SEEDContext *cx, unsigned char *output, unsigned int *outputLen,
unsigned int maxOutputLen, const unsigned char *input,
unsigned int inputLen)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return SECFailure;
return (vector->p_SEED_Encrypt)(cx, output, outputLen, maxOutputLen, input,
inputLen);
}
SECStatus
SEED_Decrypt(SEEDContext *cx, unsigned char *output, unsigned int *outputLen,
unsigned int maxOutputLen, const unsigned char *input,
unsigned int inputLen)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return SECFailure;
return (vector->p_SEED_Decrypt)(cx, output, outputLen, maxOutputLen, input,
inputLen);
}
AESContext *
AES_CreateContext(const unsigned char *key, const unsigned char *iv,
@ -1359,6 +1397,16 @@ DES_InitContext(DESContext *cx, const unsigned char *key,
return (vector->p_DES_InitContext)(cx, key, keylen, iv, mode, encrypt, xtra);
}
SECStatus
SEED_InitContext(SEEDContext *cx, const unsigned char *key,
unsigned int keylen, const unsigned char *iv, int mode,
unsigned int encrypt, unsigned int xtra)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return SECFailure;
return (vector->p_SEED_InitContext)(cx, key, keylen, iv, mode, encrypt, xtra);
}
SECStatus
RC2_InitContext(RC2Context *cx, const unsigned char *key,
unsigned int keylen, const unsigned char *iv, int mode,

View File

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: loader.h,v 1.21 2007/11/13 03:12:48 wtc%google.com Exp $ */
/* $Id: loader.h,v 1.22 2008/12/17 06:09:12 nelson%bolyard.com Exp $ */
#ifndef _LOADER_H_
#define _LOADER_H_ 1
@ -491,6 +491,33 @@ struct FREEBLVectorStr {
void (* p_PQG_DestroyVerify)(PQGVerify *vfy);
/* Version 3.010 came to here */
SECStatus (* p_SEED_InitContext)(SEEDContext *cx,
const unsigned char *key,
unsigned int keylen,
const unsigned char *iv,
int mode,
unsigned int encrypt,
unsigned int );
SEEDContext *(*p_SEED_AllocateContext)(void);
SEEDContext *(* p_SEED_CreateContext)(const unsigned char *key,
const unsigned char *iv,
int mode, PRBool encrypt);
void (* p_SEED_DestroyContext)(SEEDContext *cx, PRBool freeit);
SECStatus (* p_SEED_Encrypt)(SEEDContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);
SECStatus (* p_SEED_Decrypt)(SEEDContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);
/* Version 3.011 came to here */
};
typedef struct FREEBLVectorStr FREEBLVector;

View File

@ -70,7 +70,13 @@ ifneq (,$(findstring _,$(LIBRARY_NAME)))
LIBRARY_VERSION := _$(LIBRARY_VERSION)
endif
ifdef FREEBL_NO_DEPEND
LOWHASH_SRCS = stubs.c nsslowhash.c
LOWHASH_EXPORTS = nsslowhash.h
MAPFILE_SOURCE = freebl_hash.def
else
MAPFILE_SOURCE = freebl.def
endif
MAPFILE = $(OBJDIR)/$(LIBRARY_NAME).def
SOFTOKEN_LIBRARY_VERSION = 3
@ -85,6 +91,9 @@ EXPORTS = \
blapit.h \
shsign.h \
ecl-exp.h \
hasht.h \
sechash.h \
$(LOWHASH_EXPORTS) \
$(NULL)
PRIVATE_EXPORTS = \
@ -143,9 +152,11 @@ CSRCS = \
rsa.c \
shvfy.c \
tlsprfalg.c \
seed.c \
$(MPI_SRCS) \
$(MPCPU_SRCS) \
$(ECL_SRCS) \
$(LOWHASH_SRCS) \
$(NULL)
ALL_CSRCS := $(CSRCS)
@ -164,6 +175,7 @@ ALL_HDRS = \
sha256.h \
shsign.h \
vis_proto.h \
seed.h \
$(NULL)

View File

@ -34,6 +34,10 @@
*
* ***** END LICENSE BLOCK ***** */
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
#include "prerr.h"
#include "secerr.h"

View File

@ -34,6 +34,10 @@
*
* ***** END LICENSE BLOCK ***** */
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
#include "prerr.h"
#include "secerr.h"

View File

@ -66,7 +66,7 @@
#if defined(__GNUC__)
static void cpuid(unsigned long op, unsigned long *eax,
void freebl_cpuid(unsigned long op, unsigned long *eax,
unsigned long *ebx, unsigned long *ecx,
unsigned long *edx)
{
@ -82,7 +82,7 @@ static void cpuid(unsigned long op, unsigned long *eax,
#include <intrin.h>
static void cpuid(unsigned long op, unsigned long *eax,
void freebl_cpuid(unsigned long op, unsigned long *eax,
unsigned long *ebx, unsigned long *ecx,
unsigned long *edx)
{
@ -102,7 +102,7 @@ static void cpuid(unsigned long op, unsigned long *eax,
/* x86 */
#if defined(__GNUC__)
static void cpuid(unsigned long op, unsigned long *eax,
void freebl_cpuid(unsigned long op, unsigned long *eax,
unsigned long *ebx, unsigned long *ecx,
unsigned long *edx)
{
@ -148,7 +148,7 @@ static unsigned long changeFlag(unsigned long flag)
* windows versions of the above assembler
*/
#define wcpuid __asm __emit 0fh __asm __emit 0a2h
static void cpuid(unsigned long op, unsigned long *Reax,
void freebl_cpuid(unsigned long op, unsigned long *Reax,
unsigned long *Rebx, unsigned long *Recx, unsigned long *Redx)
{
unsigned long Leax, Lebx, Lecx, Ledx;
@ -572,7 +572,7 @@ getIntelCacheLineSize(int cpuidLevel)
* to the getIntelRegisterCacheLineSize code, which breaks the registers
* down into their component descriptors. In the end the lineSize of the
* lowest level cache data cache is returned. */
cpuid(2, &eax, &ebx, &ecx, &edx);
freebl_cpuid(2, &eax, &ebx, &ecx, &edx);
repeat = eax & 0xf;
for (count = 0; count < repeat; count++) {
if ((eax & 0x80000000) == 0) {
@ -588,7 +588,7 @@ getIntelCacheLineSize(int cpuidLevel)
getIntelRegisterCacheLineSize(edx, &level, &lineSize);
}
if (count+1 != repeat) {
cpuid(2, &eax, &ebx, &ecx, &edx);
freebl_cpuid(2, &eax, &ebx, &ecx, &edx);
}
}
return lineSize;
@ -608,11 +608,11 @@ getOtherCacheLineSize(unsigned long cpuidLevel)
unsigned long eax, ebx, ecx, edx;
/* get the Extended CPUID level */
cpuid(0x80000000, &eax, &ebx, &ecx, &edx);
freebl_cpuid(0x80000000, &eax, &ebx, &ecx, &edx);
cpuidLevel = eax;
if (cpuidLevel >= 0x80000005) {
cpuid(0x80000005, &eax, &ebx, &ecx, &edx);
freebl_cpuid(0x80000005, &eax, &ebx, &ecx, &edx);
lineSize = ecx & 0xff; /* line Size, L1 Data Cache */
}
return lineSize;
@ -659,7 +659,7 @@ s_mpi_is_sse2()
if (is386() || is486()) {
return 0;
}
cpuid(0, &eax, &ebx, &ecx, &edx);
freebl_cpuid(0, &eax, &ebx, &ecx, &edx);
*(int *)string = ebx;
*(int *)&string[4] = edx;
*(int *)&string[8] = ecx;
@ -682,7 +682,7 @@ s_mpi_is_sse2()
return 0;
}
cpuid(1,&eax,&ebx,&ecx,&edx);
freebl_cpuid(1,&eax,&ebx,&ecx,&edx);
return (edx & SSE2_FLAG) == SSE2_FLAG;
}
#endif
@ -706,7 +706,7 @@ s_mpi_getProcessorLineSize()
#endif
/* Pentium, cpuid command is available */
cpuid(0, &eax, &ebx, &ecx, &edx);
freebl_cpuid(0, &eax, &ebx, &ecx, &edx);
cpuidLevel = eax;
*(int *)string = ebx;
*(int *)&string[4] = edx;

View File

@ -592,8 +592,9 @@ CacheMap:
.byte 0
.text
.align 16
.type cpuid, @function
cpuid:
.globl freebl_cpuid
.type freebl_cpuid, @function
freebl_cpuid:
.LFB2:
movq %rdx, %r10
pushq %rbx
@ -611,7 +612,7 @@ cpuid:
movq %rdx, (%r8)
ret
.LFE2:
.size cpuid, .-cpuid
.size freebl_cpuid, .-freebl_cpuid
.align 16
.type getIntelCacheEntryLineSize, @function
getIntelCacheEntryLineSize:
@ -743,7 +744,7 @@ s_mpi_getProcessorLineSize:
xorl %ebx, %ebx
subq $200, %rsp
.LCFI14:
call cpuid
call freebl_cpuid
movq -152(%rbp), %rax
movq -160(%rbp), %r15
movb $0, -116(%rbp)
@ -776,7 +777,7 @@ s_mpi_getProcessorLineSize:
leaq -192(%rbp), %rsi
movl $2, %edi
xorl %ebx, %ebx
call cpuid
call freebl_cpuid
movq -192(%rbp), %rdi
movl %edi, %r12d
andl $15, %r12d
@ -805,7 +806,7 @@ s_mpi_getProcessorLineSize:
leaq -184(%rbp), %rdx
leaq -192(%rbp), %rsi
movl $2, %edi
call cpuid
call freebl_cpuid
.L24:
cmpl %r12d, %ebx
jge .L38
@ -862,7 +863,7 @@ s_mpi_getProcessorLineSize:
leaq -240(%rbp), %rsi
movl $2147483648, %edi
xorl %ebx, %ebx
call cpuid
call freebl_cpuid
movl $2147483652, %eax
cmpq %rax, -240(%rbp)
ja .L43
@ -886,7 +887,7 @@ s_mpi_getProcessorLineSize:
leaq -232(%rbp), %rdx
leaq -240(%rbp), %rsi
movl $2147483653, %edi
call cpuid
call freebl_cpuid
movzbq -224(%rbp), %rbx
jmp .L32
.LFE7:

View File

@ -592,8 +592,9 @@ CacheMap:
.byte 0
.text
.align 4
.type cpuid, @function
cpuid:
.globl freebl_cpuid
.type freebl_cpuid, @function
freebl_cpuid:
pushl %ebp
pushl %edi
pushl %esi
@ -618,7 +619,7 @@ cpuid:
popl %edi
popl %ebp
ret
.size cpuid, .-cpuid
.size freebl_cpuid, .-freebl_cpuid
.align 4
.type changeFlag, @function
changeFlag:
@ -780,7 +781,7 @@ s_mpi_getProcessorLineSize:
pushl %eax
leal -120(%ebp), %edx
xorl %eax, %eax
call cpuid
call freebl_cpuid
movl -120(%ebp), %eax
movl %eax, -164(%ebp)
movl -116(%ebp), %eax
@ -826,7 +827,7 @@ s_mpi_getProcessorLineSize:
movl $2, %eax
pushl %edx
leal -136(%ebp), %edx
call cpuid
call freebl_cpuid
movl -136(%ebp), %eax
movl %eax, %edi
andl $15, %edi
@ -881,7 +882,7 @@ s_mpi_getProcessorLineSize:
pushl -180(%ebp)
leal -136(%ebp), %edx
movl $2, %eax
call cpuid
call freebl_cpuid
addl $12, %esp
.L34:
cmpl %edi, %esi
@ -912,7 +913,7 @@ s_mpi_getProcessorLineSize:
pushl %esi
leal -160(%ebp), %edx
movl $-2147483648, %eax
call cpuid
call freebl_cpuid
addl $12, %esp
cmpl $-2147483644, -160(%ebp)
ja .L51
@ -925,7 +926,7 @@ s_mpi_getProcessorLineSize:
pushl %esi
leal -160(%ebp), %edx
movl $-2147483643, %eax
call cpuid
call freebl_cpuid
movzbl -152(%ebp), %edx
addl $12, %esp
movl %edx, -172(%ebp)

View File

@ -39,7 +39,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: mpi.h,v 1.22 2004/04/27 23:04:36 gerv%gerv.net Exp $ */
/* $Id: mpi.h,v 1.23 2008/12/04 18:16:34 rrelyea%redhat.com Exp $ */
#ifndef _H_MPI_
#define _H_MPI_
@ -305,6 +305,10 @@ mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size len);
/* Miscellaneous */
mp_size mp_trailing_zeros(const mp_int *mp);
void freebl_cpuid(unsigned long op, unsigned long *eax,
unsigned long *ebx, unsigned long *ecx,
unsigned long *edx);
#define MP_CHECKOK(x) if (MP_OKAY > (res = (x))) goto CLEANUP
#define MP_CHECKERR(x) if (MP_OKAY > (res = (x))) goto CLEANUP

View File

@ -329,10 +329,14 @@ mp_err mpp_pprime(mp_int *a, int nt)
/* Do the test nt times... */
for(iter = 0; iter < nt; iter++) {
/* Choose a random value for x < a */
/* Choose a random value for 1 < x < a */
s_mp_pad(&x, USED(a));
mpp_random(&x);
MP_CHECKOK( mp_mod(&x, a, &x) );
if(mp_cmp_d(&x, 1) <= 0) {
iter--; /* don't count this iteration */
continue; /* choose a new x */
}
/* Compute z = (x ** m) mod a */
MP_CHECKOK( mp_exptmod(&x, &m, a, &z) );

View File

@ -0,0 +1,365 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: nsslowhash.c,v 1.2 2008/11/27 15:20:44 wtc%google.com Exp $ */
#include "stubs.h"
#include "prtypes.h"
#include "secerr.h"
#include "pkcs11t.h"
#include "blapi.h"
#include "sechash.h"
#include "nsslowhash.h"
/* FIPS preprocessor directives for message digests */
#define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */
/* Known Hash Message (512-bits). Used for all hashes (incl. SHA-N [N>1]). */
static const PRUint8 known_hash_message[] = {
"The test message for the MD2, MD5, and SHA-1 hashing algorithms." };
static CK_RV
freebl_fips_MD2_PowerUpSelfTest( void )
{
/* MD2 Known Digest Message (128-bits). */
static const PRUint8 md2_known_digest[] = {
0x41,0x5a,0x12,0xb2,0x3f,0x28,0x97,0x17,
0x0c,0x71,0x4e,0xcc,0x40,0xc8,0x1d,0x1b};
/* MD2 variables. */
MD2Context * md2_context;
unsigned int md2_bytes_hashed;
PRUint8 md2_computed_digest[MD2_LENGTH];
/***********************************************/
/* MD2 Single-Round Known Answer Hashing Test. */
/***********************************************/
md2_context = MD2_NewContext();
if( md2_context == NULL )
return( CKR_HOST_MEMORY );
MD2_Begin( md2_context );
MD2_Update( md2_context, known_hash_message,
FIPS_KNOWN_HASH_MESSAGE_LENGTH );
MD2_End( md2_context, md2_computed_digest, &md2_bytes_hashed, MD2_LENGTH );
MD2_DestroyContext( md2_context , PR_TRUE );
if( ( md2_bytes_hashed != MD2_LENGTH ) ||
( PORT_Memcmp( md2_computed_digest, md2_known_digest,
MD2_LENGTH ) != 0 ) )
return( CKR_DEVICE_ERROR );
return( CKR_OK );
}
static CK_RV
freebl_fips_MD5_PowerUpSelfTest( void )
{
/* MD5 Known Digest Message (128-bits). */
static const PRUint8 md5_known_digest[] = {
0x25,0xc8,0xc0,0x10,0xc5,0x6e,0x68,0x28,
0x28,0xa4,0xa5,0xd2,0x98,0x9a,0xea,0x2d};
/* MD5 variables. */
PRUint8 md5_computed_digest[MD5_LENGTH];
SECStatus md5_status;
/***********************************************/
/* MD5 Single-Round Known Answer Hashing Test. */
/***********************************************/
md5_status = MD5_HashBuf( md5_computed_digest, known_hash_message,
FIPS_KNOWN_HASH_MESSAGE_LENGTH );
if( ( md5_status != SECSuccess ) ||
( PORT_Memcmp( md5_computed_digest, md5_known_digest,
MD5_LENGTH ) != 0 ) )
return( CKR_DEVICE_ERROR );
return( CKR_OK );
}
static CK_RV
freebl_fips_SHA_PowerUpSelfTest( void )
{
/* SHA-1 Known Digest Message (160-bits). */
static const PRUint8 sha1_known_digest[] = {
0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b,
0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
0xe0,0x68,0x47,0x7a};
/* SHA-256 Known Digest Message (256-bits). */
static const PRUint8 sha256_known_digest[] = {
0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61,
0x11,0xd4,0x0b,0xdc,0xce,0x35,0x14,0x8d,
0xf2,0xdd,0xaf,0xaf,0xcf,0xb7,0x87,0xe9,
0x96,0xa5,0xd2,0x83,0x62,0x46,0x56,0x79};
/* SHA-384 Known Digest Message (384-bits). */
static const PRUint8 sha384_known_digest[] = {
0x11,0xfe,0x1c,0x00,0x89,0x48,0xde,0xb3,
0x99,0xee,0x1c,0x18,0xb4,0x10,0xfb,0xfe,
0xe3,0xa8,0x2c,0xf3,0x04,0xb0,0x2f,0xc8,
0xa3,0xc4,0x5e,0xea,0x7e,0x60,0x48,0x7b,
0xce,0x2c,0x62,0xf7,0xbc,0xa7,0xe8,0xa3,
0xcf,0x24,0xce,0x9c,0xe2,0x8b,0x09,0x72};
/* SHA-512 Known Digest Message (512-bits). */
static const PRUint8 sha512_known_digest[] = {
0xc8,0xb3,0x27,0xf9,0x0b,0x24,0xc8,0xbf,
0x4c,0xba,0x33,0x54,0xf2,0x31,0xbf,0xdb,
0xab,0xfd,0xb3,0x15,0xd7,0xfa,0x48,0x99,
0x07,0x60,0x0f,0x57,0x41,0x1a,0xdd,0x28,
0x12,0x55,0x25,0xac,0xba,0x3a,0x99,0x12,
0x2c,0x7a,0x8f,0x75,0x3a,0xe1,0x06,0x6f,
0x30,0x31,0xc9,0x33,0xc6,0x1b,0x90,0x1a,
0x6c,0x98,0x9a,0x87,0xd0,0xb2,0xf8,0x07};
/* SHA-X variables. */
PRUint8 sha_computed_digest[HASH_LENGTH_MAX];
SECStatus sha_status;
/*************************************************/
/* SHA-1 Single-Round Known Answer Hashing Test. */
/*************************************************/
sha_status = SHA1_HashBuf( sha_computed_digest, known_hash_message,
FIPS_KNOWN_HASH_MESSAGE_LENGTH );
if( ( sha_status != SECSuccess ) ||
( PORT_Memcmp( sha_computed_digest, sha1_known_digest,
SHA1_LENGTH ) != 0 ) )
return( CKR_DEVICE_ERROR );
/***************************************************/
/* SHA-256 Single-Round Known Answer Hashing Test. */
/***************************************************/
sha_status = SHA256_HashBuf( sha_computed_digest, known_hash_message,
FIPS_KNOWN_HASH_MESSAGE_LENGTH );
if( ( sha_status != SECSuccess ) ||
( PORT_Memcmp( sha_computed_digest, sha256_known_digest,
SHA256_LENGTH ) != 0 ) )
return( CKR_DEVICE_ERROR );
/***************************************************/
/* SHA-384 Single-Round Known Answer Hashing Test. */
/***************************************************/
sha_status = SHA384_HashBuf( sha_computed_digest, known_hash_message,
FIPS_KNOWN_HASH_MESSAGE_LENGTH );
if( ( sha_status != SECSuccess ) ||
( PORT_Memcmp( sha_computed_digest, sha384_known_digest,
SHA384_LENGTH ) != 0 ) )
return( CKR_DEVICE_ERROR );
/***************************************************/
/* SHA-512 Single-Round Known Answer Hashing Test. */
/***************************************************/
sha_status = SHA512_HashBuf( sha_computed_digest, known_hash_message,
FIPS_KNOWN_HASH_MESSAGE_LENGTH );
if( ( sha_status != SECSuccess ) ||
( PORT_Memcmp( sha_computed_digest, sha512_known_digest,
SHA512_LENGTH ) != 0 ) )
return( CKR_DEVICE_ERROR );
return( CKR_OK );
}
static CK_RV
freebl_fipsSoftwareIntegrityTest(void)
{
CK_RV crv = CKR_OK;
/* make sure that our check file signatures are OK */
if (!BLAPI_VerifySelf(SHLIB_PREFIX"freebl"SHLIB_VERSION"."SHLIB_SUFFIX)) {
crv = CKR_DEVICE_ERROR; /* better error code? checksum error? */
}
return crv;
}
CK_RV
freebl_fipsPowerUpSelfTest( void )
{
CK_RV rv;
/* MD2 Power-Up SelfTest(s). */
rv = freebl_fips_MD2_PowerUpSelfTest();
if( rv != CKR_OK )
return rv;
/* MD5 Power-Up SelfTest(s). */
rv = freebl_fips_MD5_PowerUpSelfTest();
if( rv != CKR_OK )
return rv;
/* SHA-X Power-Up SelfTest(s). */
rv = freebl_fips_SHA_PowerUpSelfTest();
if( rv != CKR_OK )
return rv;
/* Software/Firmware Integrity Test. */
rv = freebl_fipsSoftwareIntegrityTest();
if( rv != CKR_OK )
return rv;
/* Passed Power-Up SelfTest(s). */
return( CKR_OK );
}
struct NSSLOWInitContextStr {
int count;
};
struct NSSLOWHASHContextStr {
const SECHashObject *hashObj;
void *hashCtxt;
};
static int post = 0;
static NSSLOWInitContext dummyContext = { 0 };
NSSLOWInitContext *
NSSLOW_Init(void)
{
SECStatus rv;
CK_RV crv;
PRBool nsprAvailable = PR_FALSE;
rv = FREEBL_InitStubs();
nsprAvailable = (rv == SECSuccess ) ? PR_TRUE : PR_FALSE;
if (!post) {
crv = freebl_fipsPowerUpSelfTest();
if (crv != CKR_OK) {
return NULL;
}
}
post = 1;
return &dummyContext;
}
void
NSSLOW_Shutdown(NSSLOWInitContext *context)
{
PORT_Assert(context == &dummyContext);
return;
}
NSSLOWHASHContext *
NSSLOWHASH_NewContext(NSSLOWInitContext *initContext,
HASH_HashType hashType)
{
NSSLOWHASHContext *context;
if (initContext != &dummyContext) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return (NULL);
}
context = PORT_ZNew(NSSLOWHASHContext);
if (!context) {
return NULL;
}
context->hashObj = HASH_GetRawHashObject(hashType);
if (!context->hashObj) {
PORT_Free(context);
return NULL;
}
context->hashCtxt = context->hashObj->create();
if (!context->hashCtxt) {
PORT_Free(context);
return NULL;
}
return context;
}
void
NSSLOWHASH_Begin(NSSLOWHASHContext *context)
{
return context->hashObj->begin(context->hashCtxt);
}
void
NSSLOWHASH_Update(NSSLOWHASHContext *context, const unsigned char *buf,
unsigned int len)
{
return context->hashObj->update(context->hashCtxt, buf, len);
}
void
NSSLOWHASH_End(NSSLOWHASHContext *context, unsigned char *buf,
unsigned int *ret, unsigned int len)
{
return context->hashObj->end(context->hashCtxt, buf, ret, len);
}
void
NSSLOWHASH_Destroy(NSSLOWHASHContext *context)
{
context->hashObj->destroy(context->hashCtxt, PR_TRUE);
PORT_Free(context);
}
unsigned int
NSSLOWHASH_Length(NSSLOWHASHContext *context)
{
return context->hashObj->length;
}

View File

@ -11,15 +11,14 @@
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the PKIX-C library.
* The Original Code is Red Hat, Inc.
*
* The Initial Developer of the Original Code is
* Sun Microsystems, Inc.
* Portions created by the Initial Developer are
* Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
* Red Hat, Inc.
* Portions created by the Initial Developer are Copyright (C) 2008
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Sun Microsystems, Inc.
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
@ -34,45 +33,27 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* pkix_defaultrevchecker.h
*
* Header file for default revocation checker
*
* Provide FIPS validated hashing for applications that only need hashing.
* NOTE: mac'ing requires keys and will not work in this interface.
* Also NOTE: this only works with Hashing. Only the FIPS interface is enabled.
*/
#ifndef _PKIX_DEFAULTREVCHECKER_H
#define _PKIX_DEFAULTREVCHECKER_H
typedef struct NSSLOWInitContextStr NSSLOWInitContext;
typedef struct NSSLOWHASHContextStr NSSLOWHASHContext;
#include "pkix_tools.h"
#ifdef __cplusplus
extern "C" {
#endif
struct PKIX_DefaultRevocationCheckerStruct {
PKIX_CertChainChecker *certChainChecker;
PKIX_CertChainChecker_CheckCallback check;
PKIX_List *certStores;
PKIX_PL_Date *testDate;
PKIX_PL_PublicKey *trustedPubKey;
PKIX_UInt32 certsRemaining;
};
PKIX_Error *
pkix_DefaultRevChecker_Initialize(
PKIX_List *certStores,
PKIX_PL_Date *testDate,
PKIX_PL_PublicKey *trustedPubKey,
PKIX_UInt32 certsRemaining,
PKIX_RevocationChecker **pRevChecker,
void *plContext);
PKIX_Error *
pkix_DefaultRevocationChecker_RegisterSelf(void *plContext);
#ifdef __cplusplus
}
#endif
#endif /* _PKIX_DEFAULTREVCHECKER_H */
NSSLOWInitContext *NSSLOW_Init(void);
void NSSLOW_Shutdown(NSSLOWInitContext *context);
NSSLOWHASHContext *NSSLOWHASH_NewContext(
NSSLOWInitContext *initContext,
HASH_HashType hashType);
void NSSLOWHASH_Begin(NSSLOWHASHContext *context);
void NSSLOWHASH_Update(NSSLOWHASHContext *context,
const unsigned char *buf,
unsigned int len);
void NSSLOWHASH_End(NSSLOWHASHContext *context,
unsigned char *buf,
unsigned int *ret, unsigned int len);
void NSSLOWHASH_Destroy(NSSLOWHASHContext *context);
unsigned int NSSLOWHASH_Length(NSSLOWHASHContext *context);

View File

@ -37,8 +37,11 @@
/*
* PQG parameter generation/verification. Based on FIPS 186-1.
*
* $Id: pqg.c,v 1.15 2007/11/09 18:49:32 wtc%google.com Exp $
* $Id: pqg.c,v 1.16 2008/11/18 19:48:23 rrelyea%redhat.com Exp $
*/
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
#include "prerr.h"
#include "secerr.h"

View File

@ -35,7 +35,11 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: prng_fips1861.c,v 1.27 2006/10/13 16:54:04 wtchang%redhat.com Exp $ */
/* $Id: prng_fips1861.c,v 1.28 2008/11/18 19:48:23 rrelyea%redhat.com Exp $ */
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
#include "prerr.h"
#include "secerr.h"

View File

@ -34,6 +34,10 @@
*
* ***** END LICENSE BLOCK ***** */
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
#include "nspr.h"
#include "sechash.h"
#include "blapi.h" /* below the line */

View File

@ -33,7 +33,11 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: rijndael.c,v 1.20 2005/08/09 03:09:38 nelsonb%netscape.com Exp $ */
/* $Id: rijndael.c,v 1.24 2008/12/04 18:16:31 rrelyea%redhat.com Exp $ */
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
#include "prinit.h"
#include "prerr.h"
@ -43,6 +47,11 @@
#include "blapi.h"
#include "rijndael.h"
#if USE_HW_AES
#include "intel-aes.h"
#include "mpi.h"
#endif
/*
* There are currently five ways to build this code, varying in performance
* and code size.
@ -845,6 +854,8 @@ rijndael_encryptECB(AESContext *cx, unsigned char *output,
{
SECStatus rv;
AESBlockFunc *encryptor;
encryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE)
? &rijndael_encryptBlock128
: &rijndael_encryptBlock;
@ -903,6 +914,7 @@ rijndael_decryptECB(AESContext *cx, unsigned char *output,
{
SECStatus rv;
AESBlockFunc *decryptor;
decryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE)
? &rijndael_decryptBlock128
: &rijndael_decryptBlock;
@ -930,6 +942,7 @@ rijndael_decryptCBC(AESContext *cx, unsigned char *output,
unsigned int j;
unsigned char newIV[RIJNDAEL_MAX_BLOCKSIZE];
if (!inputLen)
return SECSuccess;
PORT_Assert(output - input >= 0 || input - output >= (int)inputLen );
@ -974,11 +987,16 @@ AESContext * AES_AllocateContext(void)
return PORT_ZNew(AESContext);
}
SECStatus
AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
const unsigned char *iv, int mode, unsigned int encrypt,
unsigned int blocksize)
{
#if USE_HW_AES
static int has_intel_aes;
PRBool use_hw_aes = PR_FALSE;
#endif
unsigned int Nk;
/* According to Rijndael AES Proposal, section 12.1, block and key
* lengths between 128 and 256 bits are supported, as long as the
@ -1006,6 +1024,16 @@ AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
#if USE_HW_AES
if (has_intel_aes == 0) {
unsigned long eax, ebx, ecx, edx;
freebl_cpuid(1, &eax, &ebx, &ecx, &edx);
has_intel_aes = (ecx & (1 << 25)) != 0 ? 1 : -1;
}
use_hw_aes = (PRBool)
(has_intel_aes > 0 && (keysize % 8) == 0 && blocksize == 16);
#endif
/* Nb = (block size in bits) / 32 */
cx->Nb = blocksize / 4;
/* Nk = (key size in bits) / 32 */
@ -1015,22 +1043,51 @@ AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
/* copy in the iv, if neccessary */
if (mode == NSS_AES_CBC) {
memcpy(cx->iv, iv, blocksize);
cx->worker = (encrypt) ? &rijndael_encryptCBC : &rijndael_decryptCBC;
#if USE_HW_AES
if (use_hw_aes) {
cx->worker = intel_aes_cbc_worker(encrypt, keysize);
} else
#endif
cx->worker = (encrypt
? &rijndael_encryptCBC : &rijndael_decryptCBC);
} else {
cx->worker = (encrypt) ? &rijndael_encryptECB : &rijndael_decryptECB;
#if USE_HW_AES
if (use_hw_aes) {
cx->worker = intel_aes_ecb_worker(encrypt, keysize);
} else
#endif
cx->worker = (encrypt
? &rijndael_encryptECB : &rijndael_decryptECB);
}
PORT_Assert((cx->Nb * (cx->Nr + 1)) <= RIJNDAEL_MAX_EXP_KEY_SIZE);
if ((cx->Nb * (cx->Nr + 1)) > RIJNDAEL_MAX_EXP_KEY_SIZE) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
goto cleanup;
}
/* Generate expanded key */
if (encrypt) {
if (rijndael_key_expansion(cx, key, Nk) != SECSuccess)
goto cleanup;
} else {
if (rijndael_invkey_expansion(cx, key, Nk) != SECSuccess)
goto cleanup;
#ifdef USE_HW_AES
if (use_hw_aes) {
intel_aes_init(encrypt, keysize);
} else
#endif
{
#if defined(RIJNDAEL_GENERATE_TABLES) || \
defined(RIJNDAEL_GENERATE_TABLES_MACRO)
if (rijndaelTables == NULL) {
if (PR_CallOnce(&coRTInit, init_rijndael_tables)
!= PR_SUCCESS) {
return SecFailure;
}
}
#endif
/* Generate expanded key */
if (encrypt) {
if (rijndael_key_expansion(cx, key, Nk) != SECSuccess)
goto cleanup;
} else {
if (rijndael_invkey_expansion(cx, key, Nk) != SECSuccess)
goto cleanup;
}
}
return SECSuccess;
cleanup:
@ -1100,15 +1157,6 @@ AES_Encrypt(AESContext *cx, unsigned char *output,
return SECFailure;
}
*outputLen = inputLen;
#if defined(RIJNDAEL_GENERATE_TABLES) || \
defined(RIJNDAEL_GENERATE_TABLES_MACRO)
if (rijndaelTables == NULL) {
if (PR_CallOnce(&coRTInit, init_rijndael_tables)
!= PR_SUCCESS) {
return PR_FAILURE;
}
}
#endif
return (*cx->worker)(cx, output, outputLen, maxOutputLen,
input, inputLen, blocksize);
}
@ -1140,16 +1188,6 @@ AES_Decrypt(AESContext *cx, unsigned char *output,
return SECFailure;
}
*outputLen = inputLen;
#if defined(RIJNDAEL_GENERATE_TABLES) || \
defined(RIJNDAEL_GENERATE_TABLES_MACRO)
if (rijndaelTables == NULL) {
if (PR_CallOnce(&coRTInit, init_rijndael_tables)
!= PR_SUCCESS) {
return PR_FAILURE;
}
}
#endif
return (*cx->worker)(cx, output, outputLen, maxOutputLen,
input, inputLen, blocksize);
}

View File

@ -37,8 +37,11 @@
/*
* RSA key generation, public key op, private key op.
*
* $Id: rsa.c,v 1.37 2006/05/22 22:10:40 wtchang%redhat.com Exp $
* $Id: rsa.c,v 1.38 2008/11/18 19:48:24 rrelyea%redhat.com Exp $
*/
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
#include "secerr.h"

View File

@ -35,7 +35,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sechash.h,v 1.8 2008/02/22 21:14:20 nelson%bolyard.com Exp $ */
/* $Id: sechash.h,v 1.8 2008/12/10 22:48:04 nelson%bolyard.com Exp $ */
#include "seccomon.h"
#include "hasht.h"

View File

@ -0,0 +1,676 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the SEED code.
*
* The Initial Developer of the Original Code is
* KISA(Korea Information Security Agency).
*
* Portions created by the Initial Developer are Copyright (C) 2008
* the Initial Developer.
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stddef.h>
#ifdef WIN32
#include <memory.h>
#endif
#include "seed.h"
#include "secerr.h"
static const seed_word SS[4][256] = {
{
0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0,
0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c,
0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
0x28082028, 0x04444044, 0x20002020, 0x1d8d919c,
0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378,
0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,
0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8,
0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,
0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354,
0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
0x24042024, 0x1c0c101c, 0x33437370, 0x18889098,
0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,
0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380,
0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,
0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8,
0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078,
0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,
0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140,
0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,
0x1f0f131c, 0x19899198, 0x00000000, 0x19091118,
0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324,
0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,
0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c,
0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,
0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4,
0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218,
0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,
0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288,
0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,
0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4,
0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac,
0x36063234, 0x15051114, 0x22022220, 0x38083038,
0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c,
0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,
0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c,
0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8,
0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,
0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364,
0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,
0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320,
0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0,
0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,
0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0,
0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,
0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c,
0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244,
0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,
0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c,
0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,
0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c,
0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4,
0x22426260, 0x29092128, 0x07070304, 0x33033330,
0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178,
0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298
},
{
0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2,
0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,
0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3,
0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,
0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1,
0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
0xd013c3d3, 0x90118191, 0x10110111, 0x04060602,
0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,
0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0,
0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,
0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2,
0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32,
0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,
0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72,
0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,
0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0,
0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13,
0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,
0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1,
0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,
0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1,
0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131,
0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,
0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202,
0x20220222, 0x04040400, 0x68284860, 0x70314171,
0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991,
0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0,
0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,
0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12,
0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,
0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2,
0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32,
0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,
0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292,
0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,
0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571,
0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470,
0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,
0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040,
0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,
0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22,
0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
0x84058581, 0x14140410, 0x88098981, 0x981b8b93,
0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,
0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282,
0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,
0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11,
0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3,
0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,
0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30,
0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,
0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622,
0x30320232, 0x84048480, 0x68294961, 0x90138393,
0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0,
0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,
0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83,
0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3
},
{
0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3,
0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,
0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e,
0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,
0x20282808, 0x40440444, 0x20202000, 0x919c1d8d,
0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b,
0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,
0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888,
0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,
0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747,
0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
0x20242404, 0x101c1c0c, 0x73703343, 0x90981888,
0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,
0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383,
0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,
0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb,
0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848,
0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,
0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141,
0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,
0x131c1f0f, 0x91981989, 0x00000000, 0x11181909,
0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707,
0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,
0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d,
0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,
0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5,
0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a,
0x02040606, 0x21202101, 0x63682b4b, 0x62642646,
0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a,
0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,
0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5,
0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e,
0x32343606, 0x11141505, 0x22202202, 0x30383808,
0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c,
0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,
0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c,
0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8,
0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,
0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747,
0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,
0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303,
0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2,
0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,
0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1,
0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,
0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f,
0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646,
0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,
0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f,
0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,
0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f,
0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4,
0x62602242, 0x21282909, 0x03040707, 0x33303303,
0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949,
0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a
},
{
0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426,
0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407,
0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435,
0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
0xc3d3d013, 0x81919011, 0x01111011, 0x06020406,
0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828,
0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416,
0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e,
0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a,
0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000,
0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f,
0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829,
0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405,
0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031,
0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002,
0x02222022, 0x04000404, 0x48606828, 0x41717031,
0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819,
0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c,
0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a,
0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022,
0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a,
0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012,
0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435,
0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434,
0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000,
0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a,
0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
0x85818405, 0x04101414, 0x89818809, 0x8b93981b,
0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002,
0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d,
0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b,
0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
0x00303030, 0x85919415, 0x45616425, 0x0c303c3c,
0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
0x0e020c0e, 0x40505010, 0x09313839, 0x06222426,
0x02323032, 0x84808404, 0x49616829, 0x83939013,
0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424,
0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f,
0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437
}
};
/* key schedule constants - golden ratio */
#define KC0 0x9e3779b9
#define KC1 0x3c6ef373
#define KC2 0x78dde6e6
#define KC3 0xf1bbcdcc
#define KC4 0xe3779b99
#define KC5 0xc6ef3733
#define KC6 0x8dde6e67
#define KC7 0x1bbcdccf
#define KC8 0x3779b99e
#define KC9 0x6ef3733c
#define KC10 0xdde6e678
#define KC11 0xbbcdccf1
#define KC12 0x779b99e3
#define KC13 0xef3733c6
#define KC14 0xde6e678d
#define KC15 0xbcdccf1b
void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
SEED_KEY_SCHEDULE *ks)
{
seed_word K0, K1, K2, K3;
seed_word t0, t1;
char2word(rawkey , K0);
char2word(rawkey+4 , K1);
char2word(rawkey+8 , K2);
char2word(rawkey+12, K3);
t0 = (K0 + K2 - KC0);
t1 = (K1 - K3 + KC0);
KEYUPDATE_TEMP(t0, t1, &ks->data[0]);
KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC1);
KEYUPDATE_TEMP(t0, t1, &ks->data[2]);
KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC2);
KEYUPDATE_TEMP(t0, t1, &ks->data[4]);
KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC3);
KEYUPDATE_TEMP(t0, t1, &ks->data[6]);
KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC4);
KEYUPDATE_TEMP(t0, t1, &ks->data[8]);
KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC5);
KEYUPDATE_TEMP(t0, t1, &ks->data[10]);
KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC6);
KEYUPDATE_TEMP(t0, t1, &ks->data[12]);
KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC7);
KEYUPDATE_TEMP(t0, t1, &ks->data[14]);
KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC8);
KEYUPDATE_TEMP(t0, t1, &ks->data[16]);
KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC9);
KEYUPDATE_TEMP(t0, t1, &ks->data[18]);
KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC10);
KEYUPDATE_TEMP(t0, t1, &ks->data[20]);
KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC11);
KEYUPDATE_TEMP(t0, t1, &ks->data[22]);
KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC12);
KEYUPDATE_TEMP(t0, t1, &ks->data[24]);
KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC13);
KEYUPDATE_TEMP(t0, t1, &ks->data[26]);
KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC14);
KEYUPDATE_TEMP(t0, t1, &ks->data[28]);
KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC15);
KEYUPDATE_TEMP(t0, t1, &ks->data[30]);
}
void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
unsigned char d[SEED_BLOCK_SIZE],
const SEED_KEY_SCHEDULE *ks)
{
seed_word L0, L1, R0, R1;
seed_word t0, t1;
char2word(s, L0);
char2word(s+4, L1);
char2word(s+8, R0);
char2word(s+12, R1);
E_SEED(t0, t1, L0, L1, R0, R1, 0);
E_SEED(t0, t1, R0, R1, L0, L1, 2);
E_SEED(t0, t1, L0, L1, R0, R1, 4);
E_SEED(t0, t1, R0, R1, L0, L1, 6);
E_SEED(t0, t1, L0, L1, R0, R1, 8);
E_SEED(t0, t1, R0, R1, L0, L1, 10);
E_SEED(t0, t1, L0, L1, R0, R1, 12);
E_SEED(t0, t1, R0, R1, L0, L1, 14);
E_SEED(t0, t1, L0, L1, R0, R1, 16);
E_SEED(t0, t1, R0, R1, L0, L1, 18);
E_SEED(t0, t1, L0, L1, R0, R1, 20);
E_SEED(t0, t1, R0, R1, L0, L1, 22);
E_SEED(t0, t1, L0, L1, R0, R1, 24);
E_SEED(t0, t1, R0, R1, L0, L1, 26);
E_SEED(t0, t1, L0, L1, R0, R1, 28);
E_SEED(t0, t1, R0, R1, L0, L1, 30);
word2char(R0, d);
word2char(R1, d+4);
word2char(L0, d+8);
word2char(L1, d+12);
}
void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
unsigned char d[SEED_BLOCK_SIZE],
const SEED_KEY_SCHEDULE *ks)
{
seed_word L0, L1, R0, R1;
seed_word t0, t1;
char2word(s, L0);
char2word(s+4, L1);
char2word(s+8, R0);
char2word(s+12, R1);
E_SEED(t0, t1, L0, L1, R0, R1, 30);
E_SEED(t0, t1, R0, R1, L0, L1, 28);
E_SEED(t0, t1, L0, L1, R0, R1, 26);
E_SEED(t0, t1, R0, R1, L0, L1, 24);
E_SEED(t0, t1, L0, L1, R0, R1, 22);
E_SEED(t0, t1, R0, R1, L0, L1, 20);
E_SEED(t0, t1, L0, L1, R0, R1, 18);
E_SEED(t0, t1, R0, R1, L0, L1, 16);
E_SEED(t0, t1, L0, L1, R0, R1, 14);
E_SEED(t0, t1, R0, R1, L0, L1, 12);
E_SEED(t0, t1, L0, L1, R0, R1, 10);
E_SEED(t0, t1, R0, R1, L0, L1, 8);
E_SEED(t0, t1, L0, L1, R0, R1, 6);
E_SEED(t0, t1, R0, R1, L0, L1, 4);
E_SEED(t0, t1, L0, L1, R0, R1, 2);
E_SEED(t0, t1, R0, R1, L0, L1, 0);
word2char(R0, d);
word2char(R1, d+4);
word2char(L0, d+8);
word2char(L1, d+12);
}
void SEED_ecb_encrypt(const unsigned char *in,
unsigned char *out,
const SEED_KEY_SCHEDULE *ks, int enc)
{
if (enc) {
SEED_encrypt(in, out, ks);
} else {
SEED_decrypt(in, out, ks);
}
}
void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const SEED_KEY_SCHEDULE *ks,
unsigned char ivec[SEED_BLOCK_SIZE], int enc)
{
size_t n;
unsigned char tmp[SEED_BLOCK_SIZE];
const unsigned char *iv = ivec;
if (enc) {
while (len >= SEED_BLOCK_SIZE) {
for (n = 0; n < SEED_BLOCK_SIZE; ++n)
out[n] = in[n] ^ iv[n];
SEED_encrypt(out, out, ks);
iv = out;
len -= SEED_BLOCK_SIZE;
in += SEED_BLOCK_SIZE;
out += SEED_BLOCK_SIZE;
}
if (len) {
for (n = 0; n < len; ++n)
out[n] = in[n] ^ iv[n];
for (n = len; n < SEED_BLOCK_SIZE; ++n)
out[n] = iv[n];
SEED_encrypt(out, out, ks);
iv = out;
}
memcpy(ivec, iv, SEED_BLOCK_SIZE);
} else if (in != out) {
while (len >= SEED_BLOCK_SIZE) {
SEED_decrypt(in, out, ks);
for (n = 0; n < SEED_BLOCK_SIZE; ++n)
out[n] ^= iv[n];
iv = in;
len -= SEED_BLOCK_SIZE;
in += SEED_BLOCK_SIZE;
out += SEED_BLOCK_SIZE;
}
if (len) {
SEED_decrypt(in, tmp, ks);
for (n = 0; n < len; ++n)
out[n] = tmp[n] ^ iv[n];
iv = in;
}
memcpy(ivec, iv, SEED_BLOCK_SIZE);
} else {
while (len >= SEED_BLOCK_SIZE) {
memcpy(tmp, in, SEED_BLOCK_SIZE);
SEED_decrypt(in, out, ks);
for (n = 0; n < SEED_BLOCK_SIZE; ++n)
out[n] ^= ivec[n];
memcpy(ivec, tmp, SEED_BLOCK_SIZE);
len -= SEED_BLOCK_SIZE;
in += SEED_BLOCK_SIZE;
out += SEED_BLOCK_SIZE;
}
if (len) {
memcpy(tmp, in, SEED_BLOCK_SIZE);
SEED_decrypt(tmp, tmp, ks);
for (n = 0; n < len; ++n)
out[n] = tmp[n] ^ ivec[n];
memcpy(ivec, tmp, SEED_BLOCK_SIZE);
}
}
}
SEEDContext *
SEED_AllocateContext(void)
{
return PORT_ZNew(SEEDContext);
}
SECStatus
SEED_InitContext(SEEDContext *cx, const unsigned char *key,
unsigned int keylen, const unsigned char *iv,
int mode, unsigned int encrypt,unsigned int unused)
{
if (!cx) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
switch (mode) {
case NSS_SEED:
SEED_set_key(key, &cx->ks);
cx->mode = NSS_SEED;
cx->encrypt = encrypt;
break;
case NSS_SEED_CBC:
memcpy(cx->iv, iv, 16);
SEED_set_key(key, &cx->ks);
cx->mode = NSS_SEED_CBC;
cx->encrypt = encrypt;
break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
return SECSuccess;
}
SEEDContext *
SEED_CreateContext(const unsigned char * key, const unsigned char *iv,
int mode, PRBool encrypt)
{
SEEDContext *cx = PORT_ZNew(SEEDContext);
SECStatus rv = SEED_InitContext(cx, key, SEED_KEY_LENGTH, iv, mode,
encrypt, 0);
if (rv != SECSuccess) {
PORT_ZFree(cx, sizeof *cx);
cx = NULL;
}
return cx;
}
void
SEED_DestroyContext(SEEDContext *cx, PRBool freeit)
{
if (cx) {
memset(cx, 0, sizeof *cx);
if (freeit)
PORT_Free(cx);
}
}
SECStatus
SEED_Encrypt(SEEDContext *cx, unsigned char *out, unsigned int *outLen,
unsigned int maxOutLen, const unsigned char *in,
unsigned int inLen)
{
int num = 0;
if (!cx) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
if (!cx->encrypt) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
switch (cx->mode) {
case NSS_SEED:
SEED_ecb_encrypt(in, out, &cx->ks, 1);
*outLen = inLen;
break;
case NSS_SEED_CBC:
SEED_cbc_encrypt(in, out, inLen, &cx->ks, cx->iv, 1);
*outLen = inLen;
break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
return SECSuccess;
}
SECStatus
SEED_Decrypt(SEEDContext *cx, unsigned char *out, unsigned int *outLen,
unsigned int maxOutLen, const unsigned char *in,
unsigned int inLen)
{
int num = 0;
if (!cx) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
if (cx->encrypt) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
switch (cx->mode) {
case NSS_SEED:
SEED_ecb_encrypt(in, out, &cx->ks, 0);
*outLen = inLen;
break;
case NSS_SEED_CBC:
SEED_cbc_encrypt(in, out, inLen, &cx->ks, cx->iv, 0);
*outLen = inLen;
break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
return SECSuccess;
}

Some files were not shown because too many files have changed in this diff Show More