wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 816392: Update NSS to NSS 3_14_1_BETA1, r=me, a=relyea, a=wtc

Browse Source
This commit is contained in:
Brian Smith 2012-11-30 18:00:34 -08:00
parent fb9a8d6175
commit 4a19468daf
97 changed files with 1392 additions and 25111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configure.in
View File

@ -3983,7 +3983,7 @@ MOZ_ARG_WITH_BOOL(system-nss,
_USE_SYSTEM_NSS=1 )
if test -n "$_USE_SYSTEM_NSS"; then
AM_PATH_NSS(3.14, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
AM_PATH_NSS(3.14.1, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
fi
if test -n "$MOZ_NATIVE_NSS"; then

5
dbm/include/mcom_db.h
View File

@ -35,11 +35,6 @@
#ifndef _DB_H_
#define _DB_H_
#ifdef WINCE
#define off_t long
#endif
#ifndef macintosh
#include <sys/types.h>
#endif

6
dbm/include/winfile.h
View File

@ -31,13 +31,7 @@ typedef struct DIR_Struct {
typedef unsigned long mode_t;
typedef long uid_t;
typedef long gid_t;
#ifdef WINCE
typedef long ino_t;
#else
typedef long off_t;
#endif
typedef unsigned long nlink_t;
#endif

4
dbm/src/Makefile.in
View File

@ -53,10 +53,6 @@ include $(topsrcdir)/config/rules.mk
DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE $(SECURITY_FLAG)
ifeq ($(OS_ARCH),WINCE)
DEFINES += -D__STDC__ -DDBM_REOPEN_ON_FLUSH
endif
ifeq ($(OS_ARCH),AIX)
OS_LIBS += -lc_r
endif

8
dbm/src/mktemp.c
View File

@ -78,14 +78,6 @@ mkstempflags(char *path, int extraFlags)
return (_gettemp(path, &fd, extraFlags) ? fd : -1);
}
#ifdef WINCE /* otherwise, use the one in libc */
char *
mktemp(char *path)
{
return(_gettemp(path, (int *)NULL, 0) ? path : (char *)NULL);
}
#endif
/* NB: This routine modifies its input string, and does not always restore it.
** returns 1 on success, 0 on failure.
*/

2
security/coreconf/Linux.mk
View File

@ -132,7 +132,7 @@ endif
G++INCLUDES = -I/usr/include/g++
#
# Always set CPU_TAG on Linux, WINCE.
# Always set CPU_TAG on Linux.
#
CPU_TAG = _$(CPU_ARCH)

6
security/coreconf/README
View File

@ -457,12 +457,6 @@ OVERVIEW of "rules.mk":
MISCELLANEOUS
-------------
$(DIRS):: specifies a helper method
used by $(LOOP_THROUGH_DIRS)
to recursively change
directories and invoke
$(MAKE)
%.i: build the preprocessor file
associated with the
makefile rule dependency:

2
security/coreconf/WIN95.mk
View File

@ -11,5 +11,5 @@ include $(CORE_DEPTH)/coreconf/WIN32.mk
DEFINES += -DWIN95
# WINNT uses the lib prefix, Win95 and WinCE don't
# WINNT uses the lib prefix, Win95 doesn't
NSPR31_LIB_PREFIX = $(NULL)

182
security/coreconf/WINCE.mk
View File

@ -1,182 +0,0 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# Configuration common to all versions of Windows CE and Pocket PC x.
#
ifeq ($(CPU_ARCH),x86)
DEFAULT_COMPILER = cl
CC = cl
CCC = cl
else
ifeq ($(CPU_ARCH),ARM)
DEFAULT_COMPILER = clarm
CC = clarm
CCC = clarm
else
include CPU_ARCH_is_not_recognized
include _$(CPU_ARCH)
endif
endif
LINK = link
AR = lib
AR += -NOLOGO -OUT:"$@"
RANLIB = echo
BSDECHO = echo
ifdef BUILD_TREE
NSINSTALL_DIR = $(BUILD_TREE)/nss
else
NSINSTALL_DIR = $(CORE_DEPTH)/coreconf/nsinstall
endif
NSINSTALL = nsinstall
MKDEPEND_DIR = $(CORE_DEPTH)/coreconf/mkdepend
MKDEPEND = $(MKDEPEND_DIR)/$(OBJDIR_NAME)/mkdepend.exe
# Note: MKDEPENDENCIES __MUST__ be a relative pathname, not absolute.
# If it is absolute, gmake will crash unless the named file exists.
MKDEPENDENCIES = $(OBJDIR_NAME)/depend.mk
INSTALL = $(NSINSTALL)
MAKE_OBJDIR = mkdir
MAKE_OBJDIR += $(OBJDIR)
RC = rc.exe
GARBAGE += $(OBJDIR)/vc20.pdb $(OBJDIR)/vc40.pdb
XP_DEFINE += -DXP_PC
LIB_SUFFIX = lib
DLL_SUFFIX = dll
OS_DLLFLAGS += -DLL
EXTRA_EXE_LD_FLAGS += -ENTRY:mainWCRTStartup
ifdef BUILD_OPT
# OS_CFLAGS += -MD
OPTIMIZER += -O2
DEFINES += -UDEBUG -U_DEBUG -DNDEBUG
DLLFLAGS += -OUT:"$@"
else
#
# Define USE_DEBUG_RTL if you want to use the debug runtime library
# (RTL) in the debug build
#
ifdef USE_DEBUG_RTL
# OS_CFLAGS += -MDd
else
# OS_CFLAGS += -MD
endif
OPTIMIZER += -Od -Z7
#OPTIMIZER += -Zi -Fd$(OBJDIR)/ -Od
DEFINES += -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USERNAME)
DLLFLAGS += -DEBUG -DEBUGTYPE:CV -OUT:"$@"
LDFLAGS += -DEBUG -DEBUGTYPE:CV
endif
# DEFINES += -DWIN32
ifdef MAPFILE
DLLFLAGS += -DEF:$(MAPFILE)
endif
# Change PROCESS to put the mapfile in the correct format for this platform
PROCESS_MAP_FILE = cp $< $@
#
# The following is NOT needed for the NSPR 2.0 library.
#
DEFINES += -D_WINDOWS
# override default, which is ASFLAGS = CFLAGS
AS = ml.exe
ASFLAGS = -Cp -Sn -Zi -coff $(INCLUDES)
#
# override the definitions of RELEASE_TREE found in tree.mk
#
ifndef RELEASE_TREE
ifdef BUILD_SHIP
ifdef USE_SHIPS
RELEASE_TREE = $(NTBUILD_SHIP)
else
RELEASE_TREE = //redbuild/components
endif
else
RELEASE_TREE = //redbuild/components
endif
endif
#
# override the definitions of LIB_PREFIX and DLL_PREFIX in prefix.mk
#
ifndef LIB_PREFIX
LIB_PREFIX = $(NULL)
endif
ifndef DLL_PREFIX
DLL_PREFIX = $(NULL)
endif
#
# override the definitions of various _SUFFIX symbols in suffix.mk
#
#
# Object suffixes
#
ifndef OBJ_SUFFIX
OBJ_SUFFIX = .obj
endif
#
# Assembler source suffixes
#
ifndef ASM_SUFFIX
ASM_SUFFIX = .asm
endif
#
# Library suffixes
#
ifndef IMPORT_LIB_SUFFIX
IMPORT_LIB_SUFFIX = .$(LIB_SUFFIX)
endif
ifndef DYNAMIC_LIB_SUFFIX_FOR_LINKING
DYNAMIC_LIB_SUFFIX_FOR_LINKING = $(IMPORT_LIB_SUFFIX)
endif
#
# Program suffixes
#
ifndef PROG_SUFFIX
PROG_SUFFIX = .exe
endif
#
# override ruleset.mk, removing the "lib" prefix for library names, and
# adding the "32" after the LIBRARY_VERSION.
#
ifdef LIBRARY_NAME
SHARED_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION)32$(JDK_DEBUG_SUFFIX).dll
IMPORT_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION)32$(JDK_DEBUG_SUFFIX).lib
endif
#
# override the TARGETS defined in ruleset.mk, adding IMPORT_LIBRARY
#
ifndef TARGETS
TARGETS = $(LIBRARY) $(SHARED_LIBRARY) $(IMPORT_LIBRARY) $(PROGRAM)
endif
#
# Always set CPU_TAG on Linux, WINCE.
#
CPU_TAG = _$(CPU_ARCH)

2
security/coreconf/WINNT.mk
View File

@ -16,5 +16,5 @@ DEFINES += -DWINNT
#
OS_CFLAGS += -GT
# WINNT uses the lib prefix, Win95 and WinCE don't
# WINNT uses the lib prefix, Win95 doesn't
NSPR31_LIB_PREFIX = lib

2
security/coreconf/config.mk
View File

@ -31,7 +31,7 @@ endif
#######################################################################
TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS OpenBSD \
AIX RISCOS WINNT WIN95 WINCE Linux
AIX RISCOS WINNT WIN95 Linux
ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET)))
include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk

1
security/coreconf/coreconf.dep
View File

@ -10,4 +10,3 @@
*/
#error "Do not include this header file."

25
security/coreconf/rules.mk
View File

@ -241,7 +241,7 @@ alltags:
$(PROGRAM): $(OBJS) $(EXTRA_LIBS)
@$(MAKE_OBJDIR)
ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
$(MKPROG) $(subst /,\\,$(OBJS)) -Fe$@ -link $(LDFLAGS) $(subst /,\\,$(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)) $(EXTRA_EXE_LD_FLAGS)
$(MKPROG) $(subst /,\\,$(OBJS)) -Fe$@ -link $(LDFLAGS) $(subst /,\\,$(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS))
ifdef MT
if test -f $@.manifest; then \
$(MT) -NOLOGO -MANIFEST $@.manifest -OUTPUTRESOURCE:$@\;1; \
@ -337,7 +337,7 @@ $(OBJDIR)/$(PROG_PREFIX)%$(PROG_SUFFIX): $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX)
@$(MAKE_OBJDIR)
ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
$(MKPROG) $< -Fe$@ -link \
$(LDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) $(EXTRA_EXE_LD_FLAGS)
$(LDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)
ifdef MT
if test -f $@.manifest; then \
$(MT) -NOLOGO -MANIFEST $@.manifest -OUTPUTRESOURCE:$@\;1; \
@ -365,12 +365,16 @@ else
# Windows
ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
NEED_ABSOLUTE_PATH := 1
ifdef .PYMAKE
PWD := $(CURDIR)
else
PWD := $(shell pwd)
ifeq (,$(findstring ;,$(PATH)))
ifndef USE_MSYS
PWD := $(subst \,/,$(shell cygpath -w $(PWD)))
endif
endif
endif
else
# everything else
@ -476,19 +480,6 @@ endif
%: %.sh
rm -f $@; cp $< $@; chmod +x $@
ifdef DIRS
$(DIRS)::
@if test -d $@; then \
set $(EXIT_ON_ERROR); \
echo "cd $@; $(MAKE)"; \
cd $@; $(MAKE); \
set +e; \
else \
echo "Skipping non-directory $@..."; \
fi; \
$(CLICK_STOPWATCH)
endif
################################################################################
# Bunch of things that extend the 'export' rule (in order):
################################################################################
@ -896,7 +887,7 @@ $(MKDEPENDENCIES)::
$(NOMD_CFLAGS) $(YOPT) $(CSRCS) $(CPPSRCS) $(ASFILES)
$(MKDEPEND):: $(MKDEPEND_DIR)/*.c $(MKDEPEND_DIR)/*.h
cd $(MKDEPEND_DIR); $(MAKE)
$(MAKE) -C $(MKDEPEND_DIR)
ifdef OBJS
depend:: $(MKDEPEND) $(MKDEPENDENCIES)
@ -958,5 +949,5 @@ $(filter $(OBJDIR)/%$(OBJ_SUFFIX),$(OBJS)): $(OBJDIR)/%$(OBJ_SUFFIX): $(DUMMY_DE
# Fake targets. Always run these rules, even if a file/directory with that
# name already exists.
#
.PHONY: all all_platforms alltags boot clean clobber clobber_all export install libs program realclean release $(OBJDIR) $(DIRS)
.PHONY: all all_platforms alltags boot clean clobber clobber_all export install libs program realclean release $(OBJDIR)

22
security/coreconf/ruleset.mk
View File

@ -181,9 +181,11 @@ endif #NS_USE_JDK
ifdef NSS_BUILD_CONTINUE_ON_ERROR
# Try to build everything. I.e., don't exit on errors.
EXIT_ON_ERROR = +e
IGNORE_ERROR = -
CLICK_STOPWATCH = date
else
EXIT_ON_ERROR = -e
IGNORE_ERROR =
CLICK_STOPWATCH = true
endif
@ -201,18 +203,14 @@ ifdef SYSTEM_INCL_DIR
endif
ifdef DIRS
LOOP_OVER_DIRS = \
@for directory in $(DIRS); do \
if test -d $$directory; then \
set $(EXIT_ON_ERROR); \
echo "cd $$directory; $(MAKE) $@"; \
$(MAKE) -C $$directory $@; \
set +e; \
else \
echo "Skipping non-directory $$directory..."; \
fi; \
$(CLICK_STOPWATCH); \
done
define SUBMAKE
+@echo "cd $2; $(MAKE) $1"
$(IGNORE_ERROR)@$(MAKE) -C $(2) $(1)
@$(CLICK_STOPWATCH)
endef
LOOP_OVER_DIRS = $(foreach dir,$(DIRS),$(call SUBMAKE,$@,$(dir)))
endif
MK_RULESET = included

2
security/dbm/Makefile
View File

@ -11,7 +11,7 @@
include manifest.mn
ifdef NSS_DISABLE_DBM
DIRS = dummy
DIRS =
endif
#######################################################################

16
security/nss/Makefile
View File

@ -26,9 +26,7 @@ include $(CORE_DEPTH)/coreconf/config.mk
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
ifeq ($(OS_TARGET),WINCE)
DIRS = lib # omit cmd since wince has no command line shell
endif
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
@ -51,10 +49,10 @@ nss_build_all: build_coreconf build_nspr build_dbm all
nss_clean_all: clobber_coreconf clobber_nspr clobber_dbm clobber
build_coreconf:
cd $(CORE_DEPTH)/coreconf ; $(MAKE)
$(MAKE) -C $(CORE_DEPTH)/coreconf
clobber_coreconf:
cd $(CORE_DEPTH)/coreconf ; $(MAKE) clobber
$(MAKE) -C $(CORE_DEPTH)/coreconf clobber
NSPR_CONFIG_STATUS = $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME)/config.status
NSPR_CONFIGURE = $(CORE_DEPTH)/../nsprpub/configure
@ -109,20 +107,20 @@ $(NSPR_CONFIG_STATUS): $(NSPR_CONFIGURE)
--with-dist-includedir='$(NSPR_PREFIX)/include'
build_nspr: $(NSPR_CONFIG_STATUS)
cd $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) ; $(MAKE)
$(MAKE) -C $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME)
clobber_nspr: $(NSPR_CONFIG_STATUS)
cd $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) ; $(MAKE) clobber
$(MAKE) -C $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) clobber
build_dbm:
ifdef NSS_DISABLE_DBM
@echo "skipping the build of DBM"
else
cd $(CORE_DEPTH)/dbm ; $(MAKE) export libs
$(MAKE) -C $(CORE_DEPTH)/dbm export libs
endif
clobber_dbm:
cd $(CORE_DEPTH)/dbm ; $(MAKE) clobber
$(MAKE) -C $(CORE_DEPTH)/dbm clobber
moz_import::
ifeq (,$(filter-out WIN%,$(OS_TARGET)))

2
security/nss/TAG-INFO
View File

@ -1 +1 @@
NSS_3_14_RC1
NSS_3_14_1_BETA1

2
security/nss/TAG-INFO-CKBI
View File

@ -1 +1 @@
NSS_3_14_RC1
NSS_3_14_1_BETA1

17
security/nss/cmd/addbuiltin/addbuiltin.c
View File

@ -5,7 +5,7 @@
/*
* Tool for converting builtin CA certs.
*
* $Id: addbuiltin.c,v 1.19 2012/07/04 15:21:47 gerv%gerv.net Exp $
* $Id: addbuiltin.c,v 1.20 2012/11/29 02:11:04 bsmith%mozilla.com Exp $
*/
#include "nssrenam.h"
@ -266,7 +266,7 @@ void printheader() {
"# License, v. 2.0. If a copy of the MPL was not distributed with this\n"
"# file, You can obtain one at http://mozilla.org/MPL/2.0/.\n"
"#\n"
"CVS_ID \"@(#) $RCSfile: addbuiltin.c,v $ $Revision: 1.19 $ $Date: 2012/07/04 15:21:47 $\"\n"
"CVS_ID \"@(#) $RCSfile: addbuiltin.c,v $ $Revision: 1.20 $ $Date: 2012/11/29 02:11:04 $\"\n"
"\n"
"#\n"
"# certdata.txt\n"
@ -473,6 +473,19 @@ int main(int argc, char **argv)
infile = PR_STDIN;
}
#if defined(WIN32)
/* We must put stdout into O_BINARY mode or else the output will include
** carriage returns.
*/
{
int smrv = _setmode(_fileno(stdout), _O_BINARY);
if (smrv == -1) {
fprintf(stderr, "%s: Cannot change stdout to binary mode.\n", progName);
exit(1);
}
}
#endif
nickname = strdup(addbuiltin.options[opt_Nickname].arg);
NSS_NoDB_Init(NULL);

1
security/nss/cmd/bltest/blapitest.c
View File

@ -1459,6 +1459,7 @@ bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
return SECSuccess;
}
SECStatus
blapi_pqg_param_gen(unsigned int keysize, PQGParams **pqg, PQGVerify **vfy)
{
if (keysize < 1024) {

4
security/nss/cmd/certutil/keystuff.c
View File

@ -14,10 +14,8 @@
#if defined(XP_WIN) || defined (XP_PC)
#include <time.h>
#ifndef WINCE
#include <conio.h>
#endif
#endif
#if defined(__sun) && !defined(SVR4)
extern int fclose(FILE*);
@ -96,7 +94,7 @@ UpdateRNG(void)
/* Get random noise from keyboard strokes */
count = 0;
while (count < sizeof randbuf) {
#if defined(XP_UNIX) || defined(WINCE)
#if defined(XP_UNIX)
c = getc(stdin);
#else
c = getch();

6
security/nss/cmd/lib/basicutil.c
View File

@ -17,10 +17,8 @@
#include "basicutil.h"
#include <stdarg.h>
#if !defined(_WIN32_WCE)
#include <sys/stat.h>
#include <errno.h>
#endif
#ifdef XP_UNIX
#include <unistd.h>
@ -91,11 +89,7 @@ SECU_PrintSystemError(char *progName, char *msg, ...)
va_start(args, msg);
fprintf(stderr, "%s: ", progName);
vfprintf(stderr, msg, args);
#if defined(_WIN32_WCE)
fprintf(stderr, ": %d\n", PR_GetOSError());
#else
fprintf(stderr, ": %s\n", strerror(errno));
#endif
va_end(args);
}

4
security/nss/cmd/lib/config.mk
View File

@ -13,7 +13,3 @@ SHARED_LIBRARY =
IMPORT_LIBRARY =
PROGRAM =
ifeq (WINCE,$(OS_ARCH))
CSRCS += wincemain.c
endif

7
security/nss/cmd/lib/secpwd.c
View File

@ -20,7 +20,7 @@
#include <unistd.h> /* for isatty() */
#endif
#if( defined(_WINDOWS) && !defined(_WIN32_WCE))
#if defined(_WINDOWS)
#include <conio.h>
#include <io.h>
#define QUIET_FGETS quiet_fgets
@ -144,11 +144,8 @@ static char * quiet_fgets (char *buf, int length, FILE *input)
while (1)
{
#if defined (_WIN32_WCE)
c = getchar(); /* gets a character from stdin */
#else
c = getch(); /* getch gets a character from the console */
#endif
if (c == '\b')
{
if (end > buf)

2
security/nss/cmd/lib/secutil.c
View File

@ -20,10 +20,8 @@
#include "secpkcs7.h"
#include "secpkcs5.h"
#include <stdarg.h>
#if !defined(_WIN32_WCE)
#include <sys/stat.h>
#include <errno.h>
#endif
#ifdef XP_UNIX
#include <unistd.h>

10
security/nss/cmd/lib/secutil.h
View File

@ -317,7 +317,7 @@ extern SECStatus SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl,
** "len" the amount of data to sign
** "pk" the private key to encrypt with
*/
extern SECStatus SECU_DerSignDataCRL(PRArenaPool *arena, CERTSignedData *sd,
extern SECStatus SECU_DerSignDataCRL(PLArenaPool *arena, CERTSignedData *sd,
unsigned char *buf, int len,
SECKEYPrivateKey *pk, SECOidTag algID);
@ -334,14 +334,14 @@ SECU_SignAndEncodeCRL(CERTCertificate *issuer, CERTSignedCrl *signCrl,
SECOidTag hashAlgTag, SignAndEncodeFuncExitStat *resCode);
extern SECStatus
SECU_CopyCRL(PRArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl);
SECU_CopyCRL(PLArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl);
/*
** Finds the crl Authority Key Id extension. Returns NULL if no such extension
** was found.
*/
CERTAuthKeyID *
SECU_FindCRLAuthKeyIDExten (PRArenaPool *arena, CERTSignedCrl *crl);
SECU_FindCRLAuthKeyIDExten (PLArenaPool *arena, CERTSignedCrl *crl);
/*
* Find the issuer of a crl. Cert usage should be checked before signing a crl.
@ -353,12 +353,12 @@ SECU_FindCrlIssuer(CERTCertDBHandle *dbHandle, SECItem* subject,
/* call back function used in encoding of an extension. Called from
* SECU_EncodeAndAddExtensionValue */
typedef SECStatus (* EXTEN_EXT_VALUE_ENCODER) (PRArenaPool *extHandleArena,
typedef SECStatus (* EXTEN_EXT_VALUE_ENCODER) (PLArenaPool *extHandleArena,
void *value, SECItem *encodedValue);
/* Encodes and adds extensions to the CRL or CRL entries. */
SECStatus
SECU_EncodeAndAddExtensionValue(PRArenaPool *arena, void *extHandle,
SECU_EncodeAndAddExtensionValue(PLArenaPool *arena, void *extHandle,
void *value, PRBool criticality, int extenType,
EXTEN_EXT_VALUE_ENCODER EncodeValueFn);

33
security/nss/cmd/lib/wincemain.c
View File

@ -1,33 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifdef WINCE
#include <windows.h>
int
wmain(int argc, WCHAR **wargv)
{
char **argv;
int i, ret;
argv = malloc(argc * sizeof(char*));
for (i = 0; i < argc; i++) {
int len = WideCharToMultiByte(CP_ACP, 0, wargv[i], -1, NULL, 0, 0, 0);
argv[i] = malloc(len * sizeof(char));
WideCharToMultiByte(CP_ACP, 0, wargv[i], -1, argv[i], len, 0, 0);
}
ret = main(argc, argv);
for (i = 0; i < argc; i++) {
free(argv[i]);
}
free(argv);
return ret;
}
#endif

1
security/nss/cmd/manifest.mn
View File

@ -29,6 +29,7 @@ DIRS = lib \
makepqg \
multinit \
ocspclnt \
ocspresp \
oidcalc \
p7content \
p7env \

47
security/nss/cmd/ocspresp/Makefile Normal file
View File

@ -0,0 +1,47 @@
#! gmake
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include ../platlibs.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
include ../platrules.mk

15
security/nss/cmd/ocspresp/manifest.mn Normal file
View File

@ -0,0 +1,15 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
CORE_DEPTH = ../../..
MODULE = nss
CSRCS = ocspresp.c
REQUIRES = seccmd
PROGRAM = ocspresp

249
security/nss/cmd/ocspresp/ocspresp.c Normal file
View File

@ -0,0 +1,249 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* ocspresp - self test for OCSP response creation
*/
#include "nspr.h"
#include "secutil.h"
#include "secpkcs7.h"
#include "cert.h"
#include "certdb.h"
#include "nss.h"
#include "pk11func.h"
#include "cryptohi.h"
#include "ocsp.h"
#if defined(XP_UNIX)
#include <unistd.h>
#endif
#include <stdio.h>
#include <string.h>
secuPWData pwdata = { PW_NONE, 0 };
static PRBool
getCaAndSubjectCert(CERTCertDBHandle *certHandle,
const char *caNick, const char *eeNick,
CERTCertificate **outCA, CERTCertificate **outCert)
{
*outCA = CERT_FindCertByNickname(certHandle, caNick);
*outCert = CERT_FindCertByNickname(certHandle, eeNick);
return *outCA && *outCert;
}
static SECItem *
encode(PRArenaPool *arena, CERTOCSPCertID *cid,
CERTCertificate *ca, CERTCertificate *cert)
{
SECItem *response;
PRTime now = PR_Now();
PRTime nextUpdate;
CERTOCSPSingleResponse **responses;
CERTOCSPSingleResponse *sr;
if (!arena)
return NULL;
nextUpdate = now + 10 * PR_USEC_PER_SEC; /* in the future */
sr = OCSP_CreateSingleResponseGood(arena, cid, now, &nextUpdate);
/* meaning of value 2: one entry + one end marker */
responses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse*, 2);
if (responses == NULL)
return NULL;
responses[0] = sr;
responses[1] = NULL;
response = OCSP_CreateSuccessResponseEncodedBasicV1(
arena, ca, PR_TRUE, now, responses, &pwdata);
return response;
}
static SECItem *
encodeRevoked(PRArenaPool *arena, CERTOCSPCertID *cid,
CERTCertificate *ca, CERTCertificate *cert)
{
SECItem *response;
PRTime now = PR_Now();
PRTime revocationTime;
CERTOCSPSingleResponse **responses;
CERTOCSPSingleResponse *sr;
if (!arena)
return NULL;
revocationTime = now - 10 * PR_USEC_PER_SEC; /* in the past */
sr = OCSP_CreateSingleResponseRevoked(arena, cid, now, NULL,
revocationTime);
/* meaning of value 2: one entry + one end marker */
responses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse*, 2);
if (responses == NULL)
return NULL;
responses[0] = sr;
responses[1] = NULL;
response = OCSP_CreateSuccessResponseEncodedBasicV1(
arena, ca, PR_TRUE, now, responses, &pwdata);
return response;
}
int Usage()
{
PRFileDesc *pr_stderr = PR_STDERR;
PR_fprintf (pr_stderr, "ocspresp runs an internal selftest for OCSP response creation");
PR_fprintf (pr_stderr, "Usage:");
PR_fprintf (pr_stderr,
"\tocspresp <dbdir> <CA-nick> <EE-nick> [-p <pass>] [-f <file>]\n");
PR_fprintf (pr_stderr,
"\tdbdir: Find security databases in \"dbdir\"\n");
PR_fprintf (pr_stderr,
"\tCA-nick: nickname of a trusted CA certificate with private key\n");
PR_fprintf (pr_stderr,
"\tEE-nick: nickname of a entity cert issued by CA\n");
PR_fprintf (pr_stderr,
"\t-p: a password for db\n");
PR_fprintf (pr_stderr,
"\t-f: a filename containing the password for db\n");
return -1;
}
int
main(int argc, char **argv)
{
SECStatus rv;
int retval = -1;
CERTCertDBHandle *certHandle = NULL;
CERTCertificate *caCert = NULL, *cert = NULL;
CERTOCSPCertID *cid = NULL;
PRArenaPool *arena = NULL;
PRTime now = PR_Now();
SECItem *encoded = NULL;
CERTOCSPResponse *decoded = NULL;
SECStatus statusDecoded;
SECItem *encodedRev = NULL;
CERTOCSPResponse *decodedRev = NULL;
SECStatus statusDecodedRev;
SECItem *encodedFail = NULL;
CERTOCSPResponse *decodedFail = NULL;
SECStatus statusDecodedFail;
CERTCertificate *obtainedSignerCert = NULL;
if (argc != 4 && argc != 6) {
return Usage();
}
if (argc == 6) {
if (!strcmp(argv[4], "-p")) {
pwdata.source = PW_PLAINTEXT;
pwdata.data = PORT_Strdup(argv[5]);
}
else if (!strcmp(argv[4], "-f")) {
pwdata.source = PW_FROMFILE;
pwdata.data = PORT_Strdup(argv[5]);
}
else
return Usage();
}
PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
/*rv = NSS_Init(SECU_ConfigDirectory(NULL));*/
rv = NSS_Init(argv[1]);
if (rv != SECSuccess) {
SECU_PrintPRandOSError(argv[0]);
goto loser;
}
PK11_SetPasswordFunc(SECU_GetModulePassword);
certHandle = CERT_GetDefaultCertDB();
if (!certHandle)
goto loser;
if (!getCaAndSubjectCert(certHandle, argv[2], argv[3], &caCert, &cert))
goto loser;
cid = CERT_CreateOCSPCertID(cert, now);
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
encoded = encode(arena, cid, caCert, cert);
PORT_Assert(encoded);
decoded = CERT_DecodeOCSPResponse(encoded);
statusDecoded = CERT_GetOCSPResponseStatus(decoded);
PORT_Assert(statusDecoded == SECSuccess);
statusDecoded = CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata,
&obtainedSignerCert, caCert);
PORT_Assert(statusDecoded == SECSuccess);
statusDecoded = CERT_GetOCSPStatusForCertID(certHandle, decoded, cid,
obtainedSignerCert, now);
PORT_Assert(statusDecoded == SECSuccess);
CERT_DestroyCertificate(obtainedSignerCert);
encodedRev = encodeRevoked(arena, cid, caCert, cert);
PORT_Assert(encodedRev);
decodedRev = CERT_DecodeOCSPResponse(encodedRev);
statusDecodedRev = CERT_GetOCSPResponseStatus(decodedRev);
PORT_Assert(statusDecodedRev == SECSuccess);
statusDecodedRev = CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata,
&obtainedSignerCert, caCert);
PORT_Assert(statusDecodedRev == SECSuccess);
statusDecodedRev = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid,
obtainedSignerCert, now);
PORT_Assert(statusDecodedRev == SECFailure);
PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE);
CERT_DestroyCertificate(obtainedSignerCert);
encodedFail = OCSP_CreateFailureResponse(arena, SEC_ERROR_OCSP_TRY_SERVER_LATER);
PORT_Assert(encodedFail);
decodedFail = CERT_DecodeOCSPResponse(encodedFail);
statusDecodedFail = CERT_GetOCSPResponseStatus(decodedFail);
PORT_Assert(statusDecodedFail == SECFailure);
PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER);
retval = 0;
loser:
if (retval != 0)
SECU_PrintError(argv[0], "tests failed");
if (cid)
CERT_DestroyOCSPCertID(cid);
if (cert)
CERT_DestroyCertificate(cert);
if (caCert)
CERT_DestroyCertificate(caCert);
if (arena)
PORT_FreeArena(arena, PR_FALSE);
if (decoded)
CERT_DestroyOCSPResponse(decoded);
if (decodedRev)
CERT_DestroyOCSPResponse(decodedRev);
if (decodedFail)
CERT_DestroyOCSPResponse(decodedFail);
if (pwdata.data) {
PORT_Free(pwdata.data);
}
if (NSS_Shutdown() != SECSuccess) {
SECU_PrintError(argv[0], "NSS shutdown:");
if (retval == 0)
retval = -2;
}
return retval;
}

4
security/nss/cmd/platlibs.mk
View File

@ -53,7 +53,7 @@ PKIXLIB = \
$(DIST)/lib/$(LIB_PREFIX)pkixcertsel.$(LIB_SUFFIX)
# can't do this in manifest.mn because OS_ARCH isn't defined there.
ifeq (,$(filter-out WINNT WINCE,$(OS_ARCH)))
ifeq ($(OS_ARCH), WINNT)
EXTRA_LIBS += \
$(DIST)/lib/$(LIB_PREFIX)smime.$(LIB_SUFFIX) \
@ -139,7 +139,7 @@ endif
else # USE_STATIC_LIBS
# can't do this in manifest.mn because OS_ARCH isn't defined there.
ifeq (,$(filter-out WINNT WINCE,$(OS_ARCH)))
ifeq ($(OS_ARCH), WINNT)
# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
EXTRA_LIBS += \

2
security/nss/cmd/strsclnt/strsclnt.c
View File

@ -11,10 +11,8 @@
#include <unistd.h>
#endif
#include <stdlib.h>
#if !defined(_WIN32_WCE)
#include <errno.h>
#include <fcntl.h>
#endif
#include <stdarg.h>
#include "plgetopt.h"

1
security/nss/lib/certhigh/manifest.mn
View File

@ -21,6 +21,7 @@ CSRCS = \
certreq.c \
crlv2.c \
ocsp.c \
ocspsig.c \
certhigh.c \
certvfy.c \
certvfypkix.c \

14
security/nss/lib/certhigh/ocsp.c
View File

@ -6,7 +6,7 @@
* Implementation of OCSP services, for both client and server.
* (XXX, really, mostly just for client right now, but intended to do both.)
*
* $Id: ocsp.c,v 1.72 2012/09/22 13:41:58 wtc%google.com Exp $
* $Id: ocsp.c,v 1.74 2012/11/17 11:52:38 kaie%kuix.de Exp $
*/
#include "prerror.h"
@ -151,8 +151,8 @@ ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, int64 time);
#define OCSP_TRACE_CERT(cert) dumpCertificate(cert)
#define OCSP_TRACE_CERTID(certid) dumpCertID(certid)
#if (defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS) \
|| defined(XP_MACOSX)) && !defined(_WIN32_WCE)
#if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS) \
|| defined(XP_MACOSX)
#define NSS_HAVE_GETENV 1
#endif
@ -1161,7 +1161,7 @@ const SEC_ASN1Template ocsp_CertIDTemplate[] = {
* responseStatus OCSPResponseStatus,
* responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
*/
static const SEC_ASN1Template ocsp_OCSPResponseTemplate[] = {
const SEC_ASN1Template ocsp_OCSPResponseTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTOCSPResponse) },
{ SEC_ASN1_ENUMERATED,
@ -1178,7 +1178,7 @@ static const SEC_ASN1Template ocsp_OCSPResponseTemplate[] = {
* responseType OBJECT IDENTIFIER,
* response OCTET STRING }
*/
static const SEC_ASN1Template ocsp_ResponseBytesTemplate[] = {
const SEC_ASN1Template ocsp_ResponseBytesTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(ocspResponseBytes) },
{ SEC_ASN1_OBJECT_ID,
@ -1275,12 +1275,12 @@ const SEC_ASN1Template ocsp_ResponseDataTemplate[] = {
* can all be simplified down into a single template. Anyway, for
* now we list each choice as its own template:
*/
static const SEC_ASN1Template ocsp_ResponderIDByNameTemplate[] = {
const SEC_ASN1Template ocsp_ResponderIDByNameTemplate[] = {
{ SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
offsetof(ocspResponderID, responderIDValue.name),
CERT_NameTemplate }
};
static const SEC_ASN1Template ocsp_ResponderIDByKeyTemplate[] = {
const SEC_ASN1Template ocsp_ResponderIDByKeyTemplate[] = {
{ SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
SEC_ASN1_XTRN | 2,
offsetof(ocspResponderID, responderIDValue.keyHash),

32
security/nss/lib/certhigh/ocsp.h
View File

@ -5,7 +5,7 @@
/*
* Interface to the OCSP implementation.
*
* $Id: ocsp.h,v 1.22 2012/09/22 13:41:58 wtc%google.com Exp $
* $Id: ocsp.h,v 1.23 2012/11/17 11:52:38 kaie%kuix.de Exp $
*/
#ifndef _OCSP_H_
@ -18,6 +18,7 @@
#include "keyt.h"
#include "certt.h"
#include "ocspt.h"
#include "prerror.h"
/************************************************************************/
@ -632,6 +633,35 @@ CERT_CreateOCSPCertID(CERTCertificate *cert, PRTime time);
*/
extern SECStatus
CERT_DestroyOCSPCertID(CERTOCSPCertID* certID);
extern CERTOCSPSingleResponse*
OCSP_CreateSingleResponseGood(PLArenaPool *arena,
CERTOCSPCertID *id,
PRTime thisUpdate, PRTime *nextUpdate);
extern CERTOCSPSingleResponse*
OCSP_CreateSingleResponseUnknown(PLArenaPool *arena,
CERTOCSPCertID *id,
PRTime thisUpdate, PRTime *nextUpdate);
extern CERTOCSPSingleResponse*
OCSP_CreateSingleResponseRevoked(PLArenaPool *arena,
CERTOCSPCertID *id,
PRTime thisUpdate, PRTime *nextUpdate,
PRTime revocationTime);
extern SECItem*
OCSP_CreateSuccessResponseEncodedBasicV1(PLArenaPool *arena,
CERTCertificate *responderCert,
PRBool idByName, /* false: by key */
PRTime producedAt,
CERTOCSPSingleResponse **responses,
void *wincx);
extern SECItem*
OCSP_CreateFailureResponse(PLArenaPool *arena, PRErrorCode reason);
/************************************************************************/
SEC_END_PROTOS

571
security/nss/lib/certhigh/ocspsig.c Normal file
View File

@ -0,0 +1,571 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "prerror.h"
#include "prprf.h"
#include "plarena.h"
#include "prnetdb.h"
#include "seccomon.h"
#include "secitem.h"
#include "secoidt.h"
#include "secasn1.h"
#include "secder.h"
#include "cert.h"
#include "xconst.h"
#include "secerr.h"
#include "secoid.h"
#include "hasht.h"
#include "sechash.h"
#include "secasn1.h"
#include "keyhi.h"
#include "cryptohi.h"
#include "ocsp.h"
#include "ocspti.h"
#include "ocspi.h"
#include "genname.h"
#include "certxutl.h"
#include "pk11func.h" /* for PK11_HashBuf */
#include <stdarg.h>
#include <plhash.h>
extern const SEC_ASN1Template ocsp_ResponderIDByNameTemplate[];
extern const SEC_ASN1Template ocsp_ResponderIDByKeyTemplate[];
extern const SEC_ASN1Template ocsp_OCSPResponseTemplate[];
ocspCertStatus*
ocsp_CreateCertStatus(PLArenaPool *arena,
ocspCertStatusType status,
PRTime revocationTime)
{
ocspCertStatus *cs;
if (!arena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
switch (status) {
case ocspCertStatus_good:
case ocspCertStatus_unknown:
case ocspCertStatus_revoked:
break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
cs = PORT_ArenaZNew(arena, ocspCertStatus);
if (!cs)
return NULL;
cs->certStatusType = status;
switch (status) {
case ocspCertStatus_good:
cs->certStatusInfo.goodInfo = SECITEM_AllocItem(arena, NULL, 0);
if (!cs->certStatusInfo.goodInfo)
return NULL;
break;
case ocspCertStatus_unknown:
cs->certStatusInfo.unknownInfo = SECITEM_AllocItem(arena, NULL, 0);
if (!cs->certStatusInfo.unknownInfo)
return NULL;
break;
case ocspCertStatus_revoked:
cs->certStatusInfo.revokedInfo =
PORT_ArenaZNew(arena, ocspRevokedInfo);
if (!cs->certStatusInfo.revokedInfo)
return NULL;
cs->certStatusInfo.revokedInfo->revocationReason =
SECITEM_AllocItem(arena, NULL, 0);
if (!cs->certStatusInfo.revokedInfo->revocationReason)
return NULL;
if (DER_TimeToGeneralizedTimeArena(arena,
&cs->certStatusInfo.revokedInfo->revocationTime,
revocationTime) != SECSuccess)
return NULL;
break;
default:
PORT_Assert(PR_FALSE);
}
return cs;
}
#ifdef DEBUG_kaie
void dump_item_to_file(SECItem *item, const char *filename)
{
FILE *fp = fopen(filename, "wb");
if (fp) {
fwrite(item->data, item->len, 1, fp);
fclose(fp);
fprintf(stderr, "wrote item with %d bytes\n", item->len);
}
}
#endif
const SEC_ASN1Template mySEC_EnumeratedTemplate[] = {
{ SEC_ASN1_ENUMERATED, 0, NULL, sizeof(SECItem) }
};
const SEC_ASN1Template mySEC_PointerToEnumeratedTemplate[] = {
{ SEC_ASN1_POINTER, 0, mySEC_EnumeratedTemplate }
};
const SEC_ASN1Template ocsp_EncodeRevokedInfoTemplate[] = {
{ SEC_ASN1_GENERALIZED_TIME,
offsetof(ocspRevokedInfo, revocationTime) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC| 0,
offsetof(ocspRevokedInfo, revocationReason),
mySEC_PointerToEnumeratedTemplate },
{ 0 }
};
const SEC_ASN1Template ocsp_PointerToEncodeRevokedInfoTemplate[] = {
{ SEC_ASN1_POINTER, 0,
ocsp_EncodeRevokedInfoTemplate }
};
const SEC_ASN1Template mySEC_NullTemplate[] = {
{ SEC_ASN1_NULL, 0, NULL, sizeof(SECItem) }
};
const SEC_ASN1Template ocsp_CertStatusTemplate[] = {
{ SEC_ASN1_CHOICE, offsetof(ocspCertStatus, certStatusType),
0, sizeof(ocspCertStatus) },
{ SEC_ASN1_CONTEXT_SPECIFIC | 0,
0, mySEC_NullTemplate, ocspCertStatus_good },
{ SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
SEC_ASN1_CONTEXT_SPECIFIC | 1,
offsetof(ocspCertStatus, certStatusInfo.revokedInfo),
ocsp_PointerToEncodeRevokedInfoTemplate, ocspCertStatus_revoked },
{ SEC_ASN1_CONTEXT_SPECIFIC | 2,
0, mySEC_NullTemplate, ocspCertStatus_unknown },
{ 0 }
};
const SEC_ASN1Template mySECOID_AlgorithmIDTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(SECAlgorithmID) },
{ SEC_ASN1_OBJECT_ID,
offsetof(SECAlgorithmID,algorithm), },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
offsetof(SECAlgorithmID,parameters), },
{ 0, }
};
const SEC_ASN1Template mySEC_AnyTemplate[] = {
{ SEC_ASN1_ANY | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
};
const SEC_ASN1Template mySEC_SequenceOfAnyTemplate[] = {
{ SEC_ASN1_SEQUENCE_OF, 0, mySEC_AnyTemplate }
};
const SEC_ASN1Template mySEC_PointerToSequenceOfAnyTemplate[] = {
{ SEC_ASN1_POINTER, 0, mySEC_SequenceOfAnyTemplate }
};
const SEC_ASN1Template mySEC_IntegerTemplate[] = {
{ SEC_ASN1_INTEGER, 0, NULL, sizeof(SECItem) }
};
const SEC_ASN1Template mySEC_PointerToIntegerTemplate[] = {
{ SEC_ASN1_POINTER, 0, mySEC_IntegerTemplate }
};
const SEC_ASN1Template mySEC_GeneralizedTimeTemplate[] = {
{ SEC_ASN1_GENERALIZED_TIME | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem)}
};
const SEC_ASN1Template mySEC_PointerToGeneralizedTimeTemplate[] = {
{ SEC_ASN1_POINTER, 0, mySEC_GeneralizedTimeTemplate }
};
const SEC_ASN1Template ocsp_myCertIDTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTOCSPCertID) },
{ SEC_ASN1_INLINE,
offsetof(CERTOCSPCertID, hashAlgorithm),
mySECOID_AlgorithmIDTemplate },
{ SEC_ASN1_OCTET_STRING,
offsetof(CERTOCSPCertID, issuerNameHash) },
{ SEC_ASN1_OCTET_STRING,
offsetof(CERTOCSPCertID, issuerKeyHash) },
{ SEC_ASN1_INTEGER,
offsetof(CERTOCSPCertID, serialNumber) },
{ 0 }
};
const SEC_ASN1Template myCERT_CertExtensionTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTCertExtension) },
{ SEC_ASN1_OBJECT_ID,
offsetof(CERTCertExtension,id) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
offsetof(CERTCertExtension,critical) },
{ SEC_ASN1_OCTET_STRING,
offsetof(CERTCertExtension,value) },
{ 0, }
};
const SEC_ASN1Template myCERT_SequenceOfCertExtensionTemplate[] = {
{ SEC_ASN1_SEQUENCE_OF, 0, myCERT_CertExtensionTemplate }
};
const SEC_ASN1Template myCERT_PointerToSequenceOfCertExtensionTemplate[] = {
{ SEC_ASN1_POINTER, 0, myCERT_SequenceOfCertExtensionTemplate }
};
const SEC_ASN1Template ocsp_mySingleResponseTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTOCSPSingleResponse) },
{ SEC_ASN1_POINTER,
offsetof(CERTOCSPSingleResponse, certID),
ocsp_myCertIDTemplate },
{ SEC_ASN1_ANY,
offsetof(CERTOCSPSingleResponse, derCertStatus) },
{ SEC_ASN1_GENERALIZED_TIME,
offsetof(CERTOCSPSingleResponse, thisUpdate) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
offsetof(CERTOCSPSingleResponse, nextUpdate),
mySEC_PointerToGeneralizedTimeTemplate },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
offsetof(CERTOCSPSingleResponse, singleExtensions),
myCERT_PointerToSequenceOfCertExtensionTemplate },
{ 0 }
};
const SEC_ASN1Template ocsp_myResponseDataTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(ocspResponseData) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | /* XXX DER_DEFAULT */
SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
offsetof(ocspResponseData, version),
mySEC_PointerToIntegerTemplate },
{ SEC_ASN1_ANY,
offsetof(ocspResponseData, derResponderID) },
{ SEC_ASN1_GENERALIZED_TIME,
offsetof(ocspResponseData, producedAt) },
{ SEC_ASN1_SEQUENCE_OF,
offsetof(ocspResponseData, responses),
ocsp_mySingleResponseTemplate },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
offsetof(ocspResponseData, responseExtensions),
myCERT_PointerToSequenceOfCertExtensionTemplate },
{ 0 }
};
const SEC_ASN1Template ocsp_EncodeBasicOCSPResponseTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(ocspBasicOCSPResponse) },
{ SEC_ASN1_POINTER,
offsetof(ocspBasicOCSPResponse, tbsResponseData),
ocsp_myResponseDataTemplate },
{ SEC_ASN1_INLINE,
offsetof(ocspBasicOCSPResponse, responseSignature.signatureAlgorithm),
mySECOID_AlgorithmIDTemplate },
{ SEC_ASN1_BIT_STRING,
offsetof(ocspBasicOCSPResponse, responseSignature.signature) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
offsetof(ocspBasicOCSPResponse, responseSignature.derCerts),
mySEC_PointerToSequenceOfAnyTemplate },
{ 0 }
};
CERTOCSPSingleResponse*
ocsp_CreateSingleResponse(PLArenaPool *arena,
CERTOCSPCertID *id, ocspCertStatus *status,
PRTime thisUpdate, PRTime *nextUpdate)
{
CERTOCSPSingleResponse *sr;
if (!arena || !id || !status) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
sr = PORT_ArenaZNew(arena, CERTOCSPSingleResponse);
if (!sr)
return NULL;
sr->arena = arena;
sr->certID = id;
sr->certStatus = status;
if (DER_TimeToGeneralizedTimeArena(arena, &sr->thisUpdate, thisUpdate)
!= SECSuccess)
return NULL;
sr->nextUpdate = NULL;
if (nextUpdate) {
sr->nextUpdate = SECITEM_AllocItem(arena, NULL, 0);
if (!sr->nextUpdate)
return NULL;
if (DER_TimeToGeneralizedTimeArena(arena, sr->nextUpdate, *nextUpdate)
!= SECSuccess)
return NULL;
}
sr->singleExtensions = PORT_ArenaNewArray(arena, CERTCertExtension*, 1);
if (!sr->singleExtensions)
return NULL;
sr->singleExtensions[0] = NULL;
if (!SEC_ASN1EncodeItem(arena, &sr->derCertStatus,
status, ocsp_CertStatusTemplate))
return NULL;
return sr;
}
CERTOCSPSingleResponse*
OCSP_CreateSingleResponseGood(PLArenaPool *arena,
CERTOCSPCertID *id,
PRTime thisUpdate, PRTime *nextUpdate)
{
ocspCertStatus * cs;
if (!arena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
cs = ocsp_CreateCertStatus(arena, ocspCertStatus_good, 0);
if (!cs)
return NULL;
return ocsp_CreateSingleResponse(arena, id, cs, thisUpdate, nextUpdate);
}
CERTOCSPSingleResponse*
OCSP_CreateSingleResponseUnknown(PLArenaPool *arena,
CERTOCSPCertID *id,
PRTime thisUpdate, PRTime *nextUpdate)
{
ocspCertStatus * cs;
if (!arena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
cs = ocsp_CreateCertStatus(arena, ocspCertStatus_unknown, 0);
if (!cs)
return NULL;
return ocsp_CreateSingleResponse(arena, id, cs, thisUpdate, nextUpdate);
}
CERTOCSPSingleResponse*
OCSP_CreateSingleResponseRevoked(PLArenaPool *arena,
CERTOCSPCertID *id,
PRTime thisUpdate, PRTime *nextUpdate,
PRTime revocationTime)
{
ocspCertStatus * cs;
if (!arena) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
cs = ocsp_CreateCertStatus(arena, ocspCertStatus_revoked, revocationTime);
if (!cs)
return NULL;
return ocsp_CreateSingleResponse(arena, id, cs, thisUpdate, nextUpdate);
}
SECItem*
OCSP_CreateSuccessResponseEncodedBasicV1(PLArenaPool *arena,
CERTCertificate *responderCert,
PRBool idByName, /* false: by key */
PRTime producedAt,
CERTOCSPSingleResponse **responses,
void *wincx)
{
PLArenaPool *tmpArena;
ocspResponseData *rd = NULL;
ocspResponderID *rid = NULL;
ocspBasicOCSPResponse *br = NULL;
ocspResponseBytes *rb = NULL;
CERTOCSPResponse *response = NULL;
SECOidTag algID;
SECOidData *od = NULL;
SECKEYPrivateKey *privKey = NULL;
SECItem *result = NULL;
if (!arena || !responderCert || !responses) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!tmpArena)
return NULL;
rd = PORT_ArenaZNew(tmpArena, ocspResponseData);
if (!rd)
goto done;
rid = PORT_ArenaZNew(tmpArena, ocspResponderID);
if (!rid)
goto done;
br = PORT_ArenaZNew(tmpArena, ocspBasicOCSPResponse);
if (!br)
goto done;
rb = PORT_ArenaZNew(tmpArena, ocspResponseBytes);
if (!rb)
goto done;
response = PORT_ArenaZNew(tmpArena, CERTOCSPResponse);
if (!response)
goto done;
rd->version.data=NULL;
rd->version.len=0;
rd->responseExtensions = NULL;
rd->responses = responses;
if (DER_TimeToGeneralizedTimeArena(tmpArena, &rd->producedAt, producedAt)
!= SECSuccess)
goto done;
if (idByName) {
rid->responderIDType = ocspResponderID_byName;
if (CERT_CopyName(tmpArena, &rid->responderIDValue.name,
&responderCert->subject) != SECSuccess)
goto done;
}
else {
rid->responderIDType = ocspResponderID_byKey;
if (!CERT_GetSPKIDigest(tmpArena, responderCert, SEC_OID_SHA1,
&rid->responderIDValue.keyHash))
goto done;
}
if (!SEC_ASN1EncodeItem(tmpArena, &rd->derResponderID, rid,
idByName ? ocsp_ResponderIDByNameTemplate : ocsp_ResponderIDByKeyTemplate))
goto done;
br->tbsResponseData = rd;
if (!SEC_ASN1EncodeItem(tmpArena, &br->tbsResponseDataDER, br->tbsResponseData,
ocsp_myResponseDataTemplate))
goto done;
br->responseSignature.derCerts = PORT_ArenaNewArray(tmpArena, SECItem*, 1);
if (!br->responseSignature.derCerts)
goto done;
br->responseSignature.derCerts[0] = NULL;
privKey = PK11_FindKeyByAnyCert(responderCert, wincx);
if (!privKey)
goto done;
algID = SEC_GetSignatureAlgorithmOidTag(privKey->keyType, SEC_OID_SHA1);
if (algID == SEC_OID_UNKNOWN)
goto done;
if (SEC_SignData(&br->responseSignature.signature,
br->tbsResponseDataDER.data, br->tbsResponseDataDER.len,
privKey, algID)
!= SECSuccess)
goto done;
#ifdef DEBUG_kaie
dump_item_to_file(&br->responseSignature.signature, "/tmp/sig");
#endif
/* convert len-in-bytes to len-in-bits */
br->responseSignature.signature.len = br->responseSignature.signature.len << 3;
/* br->responseSignature.signature wasn't allocated from arena,
* we must free it when done. */
if (SECOID_SetAlgorithmID(tmpArena, &br->responseSignature.signatureAlgorithm, algID, 0)
!= SECSuccess)
goto done;
if (!SEC_ASN1EncodeItem(tmpArena, &rb->response, br,
ocsp_EncodeBasicOCSPResponseTemplate))
goto done;
#ifdef DEBUG_kaie
dump_item_to_file(&rb->response, "/tmp/basic");
#endif
rb->responseTypeTag = SEC_OID_PKIX_OCSP_BASIC_RESPONSE;
od = SECOID_FindOIDByTag(rb->responseTypeTag);
if (!od)
goto done;
rb->responseType = od->oid;
rb->decodedResponse.basic = br;
response->arena = tmpArena;
response->responseBytes = rb;
response->statusValue = ocspResponse_successful;
if (!SEC_ASN1EncodeInteger(tmpArena, &response->responseStatus,
response->statusValue))
goto done;
result = SEC_ASN1EncodeItem(arena, NULL, response, ocsp_OCSPResponseTemplate);
#ifdef DEBUG_kaie
if (result)
dump_item_to_file(result, "/tmp/item");
#endif
done:
if (privKey)
SECKEY_DestroyPrivateKey(privKey);
if (br->responseSignature.signature.data)
SECITEM_FreeItem(&br->responseSignature.signature, PR_FALSE);
PORT_FreeArena(tmpArena, PR_FALSE);
return result;
}
static const SEC_ASN1Template ocsp_OCSPFailureResponseTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTOCSPResponse) },
{ SEC_ASN1_ENUMERATED,
offsetof(CERTOCSPResponse, responseStatus) },
{ 0, 0,
mySEC_NullTemplate },
{ 0 }
};
SECItem*
OCSP_CreateFailureResponse(PLArenaPool *arena, PRErrorCode reason)
{
CERTOCSPResponse response;
SECItem *result = NULL;
switch (reason) {
case SEC_ERROR_OCSP_MALFORMED_REQUEST:
response.statusValue = ocspResponse_malformedRequest;
break;
case SEC_ERROR_OCSP_SERVER_ERROR:
response.statusValue = ocspResponse_internalError;
break;
case SEC_ERROR_OCSP_TRY_SERVER_LATER:
response.statusValue = ocspResponse_tryLater;
break;
case SEC_ERROR_OCSP_REQUEST_NEEDS_SIG:
response.statusValue = ocspResponse_sigRequired;
break;
case SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST:
response.statusValue = ocspResponse_unauthorized;
break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
if (!SEC_ASN1EncodeInteger(NULL, &response.responseStatus,
response.statusValue))
return NULL;
result = SEC_ASN1EncodeItem(arena, NULL, &response, ocsp_OCSPFailureResponseTemplate);
SECITEM_FreeItem(&response.responseStatus, PR_FALSE);
return result;
}

3
security/nss/lib/certhigh/ocspt.h
View File

@ -5,7 +5,7 @@
/*
* Public header for exported OCSP types.
*
* $Id: ocspt.h,v 1.10 2012/04/25 14:49:27 gerv%gerv.net Exp $
* $Id: ocspt.h,v 1.11 2012/11/17 11:52:38 kaie%kuix.de Exp $
*/
#ifndef _OCSPT_H_
@ -24,7 +24,6 @@ typedef struct CERTOCSPResponseStr CERTOCSPResponse;
* but until I know for certain I am leaving the rest of these here, too.
*/
typedef struct CERTOCSPCertIDStr CERTOCSPCertID;
typedef struct CERTOCSPCertStatusStr CERTOCSPCertStatus;
typedef struct CERTOCSPSingleResponseStr CERTOCSPSingleResponse;
/*

4
security/nss/lib/ckfw/Makefile
View File

@ -2,7 +2,7 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
MAKEFILE_CVS_ID = "@(#) $RCSfile: Makefile,v $ $Revision: 1.18 $ $Date: 2012/04/25 14:49:28 $"
MAKEFILE_CVS_ID = "@(#) $RCSfile: Makefile,v $ $Revision: 1.19 $ $Date: 2012/11/14 01:14:10 $"
include manifest.mn
include $(CORE_DEPTH)/coreconf/config.mk
@ -29,7 +29,7 @@ endif
export:: private_export
# can't do this in manifest.mn because OS_TARGET isn't defined there.
ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET))) # list omits WINCE
ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET)))
ifdef NSS_BUILD_CAPI
DIRS += capi
endif

12
security/nss/lib/ckfw/builtins/Makefile
View File

@ -2,7 +2,7 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
MAKEFILE_CVS_ID = "@(#) $RCSfile: Makefile,v $ $Revision: 1.21 $ $Date: 2012/04/25 14:49:29 $"
MAKEFILE_CVS_ID = "@(#) $RCSfile: Makefile,v $ $Revision: 1.22 $ $Date: 2012/11/30 02:40:52 $"
include manifest.mn
include $(CORE_DEPTH)/coreconf/config.mk
@ -44,5 +44,11 @@ endif
include $(CORE_DEPTH)/coreconf/rules.mk
# Generate certdata.c.
generate:
$(PERL) certdata.perl < certdata.txt
# By default, use the unmodified certdata.txt.
ifndef NSS_CERTDATA_TXT
NSS_CERTDATA_TXT = certdata.txt
endif
$(OBJDIR)/certdata.c: $(NSS_CERTDATA_TXT) certdata.perl
$(PERL) certdata.perl < $(NSS_CERTDATA_TXT) > $@

15
security/nss/lib/ckfw/builtins/README
View File

@ -20,17 +20,16 @@ variants), SHLIB_PATH (32-bit HP-UX), LIBPATH (AIX), or PATH (Windows).
3. In this directory, run addbuiltin to add the new root certificate. The
argument to the -n option should be replaced by the nickname of the root
certificate. Then run "gmake generate".
certificate.
% addbuiltin -n "Nickname of the Root Certificate" -t C,C,C < newroot.der >> certdata.txt
% gmake generate
4. Edit nssckbi.h to bump the version of the module.
5. Run gmake in this directory to build the nssckbi module.
6. After you verify that the new nssckbi module is correct, check in
certdata.txt, certdata.c, and nssckbi.h.
certdata.txt and nssckbi.h.
II. Removing a Builtin Root CA Certificate
@ -38,11 +37,9 @@ II. Removing a Builtin Root CA Certificate
2. Edit certdata.txt and remove the root CA certificate.
3. Run "gmake generate".
3. Edit nssckbi.h to bump the version of the module.
4. Edit nssckbi.h to bump the version of the module.
4. Run gmake in this directory to build the nssckbi module.
5. Run gmake in this directory to build the nssckbi module.
6. After you verify that the new nssckbi module is correct, check in
certdata.txt, certdata.c, and nssckbi.h.
5. After you verify that the new nssckbi module is correct, check in
certdata.txt and nssckbi.h.

24385
security/nss/lib/ckfw/builtins/certdata.c
View File

File diff suppressed because it is too large Load Diff

64
security/nss/lib/ckfw/builtins/certdata.perl
View File

@ -3,7 +3,7 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
my $cvs_id = '@(#) $RCSfile: certdata.perl,v $ $Revision: 1.15 $ $Date: 2012/07/04 15:21:49 $';
my $cvs_id = '@(#) $RCSfile: certdata.perl,v $ $Revision: 1.16 $ $Date: 2012/11/30 02:40:52 $';
use strict;
my %constants;
@ -25,7 +25,6 @@ while(<>) {
next if (/^\s*$/);
if( /(^CVS_ID\s+)(.*)/ ) {
# print "The CVS ID is $2\n";
$cvsid = $2 . "\"; $cvs_id\"";
my $scratch = $cvsid;
$size = 1 + $scratch =~ s/[^"\n]//g;
@ -129,9 +128,7 @@ for( $i = 0; $i <= $count; $i++ ) {
sub doprint {
my $i;
open(CFILE, ">certdata.c") || die "Can't open certdata.c: $!";
print CFILE <<EOD
print <<EOD
/* THIS IS A GENERATED FILE */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
@ -148,88 +145,87 @@ EOD
;
foreach $b (sort values(%constants)) {
print CFILE $b;
print $b;
}
for( $i = 0; $i <= $count; $i++ ) {
if( 0 == $i ) {
print CFILE "#ifdef DEBUG\n";
print "#ifdef DEBUG\n";
}
print CFILE "static const CK_ATTRIBUTE_TYPE nss_builtins_types_$i [] = {\n";
print "static const CK_ATTRIBUTE_TYPE nss_builtins_types_$i [] = {\n";
$o = $objects[$i];
# print STDOUT "type $i object $o \n";
my @ob = @{$o};
my $j;
for( $j = 0; $j < @ob; $j++ ) {
my $l = $ob[$j];
my @a = @{$l};
print CFILE " $a[0]";
print " $a[0]";
if( $j+1 != @ob ) {
print CFILE ", ";
print ", ";
}
}
print CFILE "\n};\n";
print "\n};\n";
if( 0 == $i ) {
print CFILE "#endif /* DEBUG */\n";
print "#endif /* DEBUG */\n";
}
}
for( $i = 0; $i <= $count; $i++ ) {
if( 0 == $i ) {
print CFILE "#ifdef DEBUG\n";
print "#ifdef DEBUG\n";
}
print CFILE "static const NSSItem nss_builtins_items_$i [] = {\n";
print "static const NSSItem nss_builtins_items_$i [] = {\n";
$o = $objects[$i];
my @ob = @{$o};
my $j;
for( $j = 0; $j < @ob; $j++ ) {
my $l = $ob[$j];
my @a = @{$l};
print CFILE " { (void *)$a[1], (PRUint32)$a[2] }";
print " { (void *)$a[1], (PRUint32)$a[2] }";
if( $j+1 != @ob ) {
print CFILE ",\n";
print ",\n";
} else {
print CFILE "\n";
print "\n";
}
}
print CFILE "};\n";
print "};\n";
if( 0 == $i ) {
print CFILE "#endif /* DEBUG */\n";
print "#endif /* DEBUG */\n";
}
}
print CFILE "\nbuiltinsInternalObject\n";
print CFILE "nss_builtins_data[] = {\n";
print "\nbuiltinsInternalObject\n";
print "nss_builtins_data[] = {\n";
for( $i = 0; $i <= $count; $i++ ) {
if( 0 == $i ) {
print CFILE "#ifdef DEBUG\n";
print "#ifdef DEBUG\n";
}
print CFILE " { $objsize[$i], nss_builtins_types_$i, nss_builtins_items_$i, {NULL} }";
print " { $objsize[$i], nss_builtins_types_$i, nss_builtins_items_$i, {NULL} }";
if( $i == $count ) {
print CFILE "\n";
print "\n";
} else {
print CFILE ",\n";
print ",\n";
}
if( 0 == $i ) {
print CFILE "#endif /* DEBUG */\n";
print "#endif /* DEBUG */\n";
}
}
print CFILE "};\n";
print "};\n";
print CFILE "const PRUint32\n";
print CFILE "#ifdef DEBUG\n";
print CFILE " nss_builtins_nObjects = $count+1;\n";
print CFILE "#else\n";
print CFILE " nss_builtins_nObjects = $count;\n";
print CFILE "#endif /* DEBUG */\n";
print "const PRUint32\n";
print "#ifdef DEBUG\n";
print " nss_builtins_nObjects = $count+1;\n";
print "#else\n";
print " nss_builtins_nObjects = $count;\n";
print "#endif /* DEBUG */\n";
}

5
security/nss/lib/ckfw/builtins/config.mk
View File

@ -2,7 +2,7 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
CONFIG_CVS_ID = "@(#) $RCSfile: config.mk,v $ $Revision: 1.15 $ $Date: 2012/04/25 14:49:29 $"
CONFIG_CVS_ID = "@(#) $RCSfile: config.mk,v $ $Revision: 1.16 $ $Date: 2012/11/30 02:40:52 $"
#
# Override TARGETS variable so that only shared libraries
@ -24,6 +24,9 @@ ifdef BUILD_IDG
DEFINES += -DNSSDEBUG
endif
# Needed for compilation of $(OBJDIR)/certdata.c
INCLUDES += -I.
#
# To create a loadable module on Darwin, we must use -bundle.
#

7
security/nss/lib/cryptohi/keythi.h
View File

@ -214,7 +214,12 @@ typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
#define SECKEY_HAS_ATTRIBUTE_SET(key,attribute) \
(0 != (key->staticflags & SECKEY_Attributes_Cached)) ? \
(0 != (key->staticflags & SECKEY_##attribute)) : \
PK11_HasAttributeSet(key->pkcs11Slot,key->pkcs11ID,attribute)
PK11_HasAttributeSet(key->pkcs11Slot,key->pkcs11ID,attribute, PR_FALSE)
#define SECKEY_HAS_ATTRIBUTE_SET_LOCK(key,attribute, haslock) \
(0 != (key->staticflags & SECKEY_Attributes_Cached)) ? \
(0 != (key->staticflags & SECKEY_##attribute)) : \
PK11_HasAttributeSet(key->pkcs11Slot,key->pkcs11ID,attribute, haslock)
/*
** A generic key structure

3
security/nss/lib/cryptohi/seckey.c
View File

@ -13,7 +13,6 @@
#include "secerr.h"
#include "secdig.h"
#include "prtime.h"
#include "ec.h"
#include "keyi.h"
SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
@ -1918,7 +1917,7 @@ loser:
}
#define SECKEY_CacheAttribute(key, attribute) \
if (CK_TRUE == PK11_HasAttributeSet(key->pkcs11Slot, key->pkcs11ID, attribute)) { \
if (CK_TRUE == PK11_HasAttributeSet(key->pkcs11Slot, key->pkcs11ID, attribute, PR_FALSE)) { \
key->staticflags |= SECKEY_##attribute; \
} else { \
key->staticflags &= (~SECKEY_##attribute); \

7
security/nss/lib/freebl/Makefile
View File

@ -115,7 +115,7 @@ ifeq (OS2,$(OS_TARGET))
DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
endif
ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET))) #omits WINCE
ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET)))
ifndef USE_64
# 32-bit Windows
ifdef NS_USE_GCC
@ -155,11 +155,6 @@ endif
endif
endif
ifeq ($(OS_TARGET),WINCE)
DEFINES += -DMP_ARGCHK=0 # no assert in WinCE
DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512
endif
ifeq ($(OS_TARGET),IRIX)
ifeq ($(USE_N32),1)
ASFILES = mpi_mips.s

5
security/nss/lib/freebl/arcfour.c
View File

@ -32,11 +32,6 @@
#define USE_WORD
#endif
#if defined(_WIN32_WCE)
#undef WORD
#define WORD ARC4WORD
#endif
#if (defined(IS_64))
typedef PRUint64 WORD;
#else

2
security/nss/lib/freebl/config.mk
View File

@ -53,13 +53,11 @@ SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_
RES = $(OBJDIR)/$(LIBRARY_NAME).res
RESNAME = freebl.rc
ifndef WINCE
ifdef NS_USE_GCC
OS_LIBS += -lshell32
else
OS_LIBS += shell32.lib
endif
endif
ifdef NS_USE_GCC
EXTRA_SHARED_LIBS += \

11
security/nss/lib/freebl/genload.c
View File

@ -27,6 +27,16 @@
*/
static char* loader_GetOriginalPathname(const char* link)
{
#ifdef __GLIBC__
char* tmp = realpath(link, NULL);
char* resolved;
if (! tmp)
return NULL;
resolved = PR_Malloc(strlen(tmp) + 1);
strcpy(resolved, tmp); /* This is necessary because PR_Free might not be using free() */
free(tmp);
return resolved;
#else
char* resolved = NULL;
char* input = NULL;
PRUint32 iterations = 0;
@ -61,6 +71,7 @@ static char* loader_GetOriginalPathname(const char* link)
input = NULL;
}
return input;
#endif
}
#endif /* XP_UNIX */

6
security/nss/lib/freebl/intel-aes.s
View File

@ -556,8 +556,10 @@ intel_aes_encrypt_cbc_128:
.globl intel_aes_decrypt_cbc_128
.align 16
intel_aes_decrypt_cbc_128:
leaq 16(%rdi), %rdx /* iv */
leaq 48(%rdi), %rdi /* expanded key */
// leaq IV_OFFSET(%rdi), %rdx
// leaq EXPANDED_KEY_OFFSET(%rdi), %rdi
leaq 16(%rdi), %rdx
leaq 48(%rdi), %rdi
movdqu (%rdx), %xmm0 /* iv */
movdqu (%rdi), %xmm2 /* first key block */

10
security/nss/lib/freebl/mpi/mpcpucache.c
View File

@ -74,13 +74,13 @@ void freebl_cpuid(unsigned long op, unsigned long *eax,
unsigned long *edx)
{
/* sigh GCC isn't smart enough to save the ebx PIC register on it's own
* in this case, so do it by hand. */
__asm__("pushl %%ebx\n\t"
* in this case, so do it by hand. Use edi to store ebx and pass the
* value returned in ebx from cpuid through edi. */
__asm__("mov %%ebx,%%edi\n\t"
"cpuid\n\t"
"mov %%ebx,%1\n\t"
"popl %%ebx\n\t"
"xchgl %%ebx,%%edi\n\t"
: "=a" (*eax),
"=r" (*ebx),
"=D" (*ebx),
"=c" (*ecx),
"=d" (*edx)
: "0" (op));

6
security/nss/lib/freebl/mpi/mpi.h
View File

@ -6,7 +6,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* $Id: mpi.h,v 1.25 2012/04/25 14:49:50 gerv%gerv.net Exp $ */
/* $Id: mpi.h,v 1.26 2012/11/14 01:14:11 wtc%google.com Exp $ */
#ifndef _H_MPI_
#define _H_MPI_
@ -29,11 +29,7 @@
#undef ULLONG_MAX
#endif
#if defined( _WIN32_WCE)
/* #include <sys/types.h> What do we need here ?? */
#else
#include <sys/types.h>
#endif
#define MP_NEG 1
#define MP_ZPOS 0

12
security/nss/lib/freebl/mpi/mpi_arm.c
View File

@ -57,7 +57,7 @@ void s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
"mov r4, #0\n"
"ldr r6, [%3]\n"
"adds r5, r6\n"
"adc r4, #0\n"
"adc r4, r4, #0\n"
"ldr r6, [%0], #4\n"
"umlal r5, r4, r6, %2\n"
@ -86,7 +86,7 @@ void s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit
"mov r4, #0\n"
"ldr r6, [%3]\n"
"adds r5, r6\n"
"adc r4, #0\n"
"adc r4, r4, #0\n"
"ldr r6, [%0], #4\n"
"umlal r5, r4, r6, %2\n"
"str r5, [%3], #4\n"
@ -106,7 +106,7 @@ void s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit
"mov r4, #0\n"
"ldr r6, [%3]\n"
"adds r5, r6\n"
"adc r4, #0\n"
"adc r4, r4, #0\n"
"str r5, [%3], #4\n"
"movs r5, r4\n"
"bne 2b\n"
@ -132,14 +132,14 @@ void s_mpv_sqr_add_prop(const mp_digit *pa, mp_size a_len, mp_digit *ps)
"ldr r6, [%0], #4\n"
"ldr r5, [%2]\n"
"adds r3, r5\n"
"adc r4, #0\n"
"adc r4, r4, #0\n"
"umlal r3, r4, r6, r6\n" /* w = r3:r4 */
"str r3, [%2], #4\n"
"ldr r5, [%2]\n"
"adds r3, r4, r5\n"
"mov r4, #0\n"
"adc r4, #0\n"
"adc r4, r4, #0\n"
"str r3, [%2], #4\n"
"mov r3, r4\n"
@ -157,7 +157,7 @@ void s_mpv_sqr_add_prop(const mp_digit *pa, mp_size a_len, mp_digit *ps)
"mov r4, #0\n"
"ldr r5, [%2]\n"
"adds r3, r5\n"
"adc r4, #0\n"
"adc r4, r4, #0\n"
"str r3, [%2], #4\n"
"movs r3, r4\n"
"bne 2b\n"

32
security/nss/lib/freebl/mpi/mpmontg.c
View File

@ -1,7 +1,7 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* $Id: mpmontg.c,v 1.24 2012/04/25 14:49:50 gerv%gerv.net Exp $ */
/* $Id: mpmontg.c,v 1.25 2012/11/14 01:14:11 wtc%google.com Exp $ */
/* This file implements moduluar exponentiation using Montgomery's
* method for modular reduction. This file implements the method
@ -35,12 +35,6 @@
#define MAX_ODD_INTS 32 /* 2 ** (WINDOW_BITS - 1) */
#if defined(_WIN32_WCE)
#define ABORT res = MP_UNDEF; goto CLEANUP
#else
#define ABORT abort()
#endif
/*! computes T = REDC(T), 2^b == R
\param T < RN
*/
@ -257,7 +251,7 @@ mp_err mp_exptmod_f(const mp_int * montBase,
} else if (smallExp & 1) {
SQR; MUL(0);
} else {
ABORT;
abort();
}
} else if (window_bits == 4) {
if (!smallExp) {
@ -271,7 +265,7 @@ mp_err mp_exptmod_f(const mp_int * montBase,
} else if (smallExp & 8) {
SQR; MUL(smallExp/16); SQR; SQR; SQR;
} else {
ABORT;
abort();
}
} else if (window_bits == 5) {
if (!smallExp) {
@ -287,7 +281,7 @@ mp_err mp_exptmod_f(const mp_int * montBase,
} else if (smallExp & 0x10) {
SQR; MUL(smallExp/32); SQR; SQR; SQR; SQR;
} else {
ABORT;
abort();
}
} else if (window_bits == 6) {
if (!smallExp) {
@ -305,10 +299,10 @@ mp_err mp_exptmod_f(const mp_int * montBase,
} else if (smallExp & 0x20) {
SQR; MUL(smallExp/64); SQR; SQR; SQR; SQR; SQR;
} else {
ABORT;
abort();
}
} else {
ABORT;
abort();
}
}
@ -405,7 +399,7 @@ mp_err mp_exptmod_i(const mp_int * montBase,
} else if (smallExp & 1) {
SQR(pa1,pa2); MUL(0,pa2,pa1);
} else {
ABORT;
abort();
}
} else if (window_bits == 4) {
if (!smallExp) {
@ -423,7 +417,7 @@ mp_err mp_exptmod_i(const mp_int * montBase,
SQR(pa1,pa2); MUL(smallExp/16,pa2,pa1); SQR(pa1,pa2);
SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA;
} else {
ABORT;
abort();
}
} else if (window_bits == 5) {
if (!smallExp) {
@ -445,7 +439,7 @@ mp_err mp_exptmod_i(const mp_int * montBase,
SQR(pa1,pa2); MUL(smallExp/32,pa2,pa1); SQR(pa1,pa2);
SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
} else {
ABORT;
abort();
}
} else if (window_bits == 6) {
if (!smallExp) {
@ -471,10 +465,10 @@ mp_err mp_exptmod_i(const mp_int * montBase,
SQR(pa1,pa2); MUL(smallExp/64,pa2,pa1); SQR(pa1,pa2);
SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA;
} else {
ABORT;
abort();
}
} else {
ABORT;
abort();
}
}
@ -1013,7 +1007,7 @@ mp_err mp_exptmod_safe_i(const mp_int * montBase,
} else if (smallExp & 1) {
SQR(pa1,pa2); MUL_NOWEAVE(montBase,pa2,pa1);
} else {
ABORT;
abort();
}
break;
case 6:
@ -1028,7 +1022,7 @@ mp_err mp_exptmod_safe_i(const mp_int * montBase,
SQR(pa1,pa2); MUL(smallExp,pa2,pa1);
break;
default:
ABORT; /* could do a loop? */
abort(); /* could do a loop? */
}
}

10
security/nss/lib/freebl/nsslowhash.c
View File

@ -1,7 +1,7 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* $Id: nsslowhash.c,v 1.9 2012/06/26 22:27:29 rrelyea%redhat.com Exp $ */
/* $Id: nsslowhash.c,v 1.10 2012/11/21 22:19:22 emaldona%redhat.com Exp $ */
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
@ -102,10 +102,10 @@ freebl_fips_SHA_PowerUpSelfTest( void )
/* SHA-224 Known Digest Message (224-bits). */
static const PRUint8 sha224_known_digest[] = {
0x1c,0xc3,0x06,0x8e,0xce,0x37,0x68,0xfb,
0x1a,0x82,0x4a,0xbe,0x2b,0x00,0x51,0xf8,
0x9d,0xb6,0xe0,0x90,0x0d,0x00,0xc9,0x64,
0x9a,0xb8,0x98,0x4e};
0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f,
0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f,
0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f,
0x8e,0x08,0xe5,0xcb};
/* SHA-256 Known Digest Message (256-bits). */
static const PRUint8 sha256_known_digest[] = {

88
security/nss/lib/freebl/win_rand.c
View File

@ -8,16 +8,10 @@
#ifdef XP_WIN
#include <windows.h>
#include <shlobj.h> /* for CSIDL constants */
#if defined(_WIN32_WCE)
#include <stdlib.h> /* Win CE puts lots of stuff here. */
#include "prprf.h" /* for PR_snprintf */
#else
#include <time.h>
#include <io.h>
#include <sys/types.h>
#include <sys/stat.h>
#endif
#include <stdio.h>
#include "prio.h"
#include "prerror.h"
@ -46,6 +40,7 @@ size_t RNG_GetNoise(void *buf, size_t maxbuf)
DWORD dwHigh, dwLow, dwVal;
int n = 0;
int nBytes;
time_t sTime;
if (maxbuf <= 0)
return 0;
@ -80,22 +75,11 @@ size_t RNG_GetNoise(void *buf, size_t maxbuf)
if (maxbuf <= 0)
return n;
{
#if defined(_WIN32_WCE)
// get the number of milliseconds elapsed since Windows CE was started.
FILETIME sTime;
SYSTEMTIME st;
GetSystemTime(&st);
SystemTimeToFileTime(&st,&sTime);
#else
time_t sTime;
// get the time in seconds since midnight Jan 1, 1970
time(&sTime);
#endif
nBytes = sizeof(sTime) > maxbuf ? maxbuf : sizeof(sTime);
memcpy(((char *)buf) + n, &sTime, nBytes);
n += nBytes;
}
return n;
}
@ -154,10 +138,8 @@ EnumSystemFiles(Handler func)
static const int folders[] = {
CSIDL_BITBUCKET,
CSIDL_RECENT,
#ifndef WINCE
CSIDL_INTERNET_CACHE,
CSIDL_HISTORY,
#endif
0
};
int i = 0;
@ -271,13 +253,11 @@ void RNG_SystemInfoForRNG(void)
int nBytes;
MEMORYSTATUS sMem;
HANDLE hVal;
#if !defined(_WIN32_WCE)
DWORD dwSerialNum;
DWORD dwComponentLen;
DWORD dwSysFlags;
char volName[128];
DWORD dwSectors, dwBytes, dwFreeClusters, dwNumClusters;
#endif
nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes
RNG_RandomUpdate(buffer, nBytes);
@ -285,16 +265,13 @@ void RNG_SystemInfoForRNG(void)
sMem.dwLength = sizeof(sMem);
GlobalMemoryStatus(&sMem); // assorted memory stats
RNG_RandomUpdate(&sMem, sizeof(sMem));
#if !defined(_WIN32_WCE)
dwVal = GetLogicalDrives();
RNG_RandomUpdate(&dwVal, sizeof(dwVal)); // bitfields in bits 0-25
#endif
#if !defined(_WIN32_WCE)
dwVal = sizeof(buffer);
if (GetComputerName(buffer, &dwVal))
RNG_RandomUpdate(buffer, dwVal);
#endif
hVal = GetCurrentProcess(); // 4 or 8 byte pseudo handle (a
// constant!) of current process
@ -306,7 +283,6 @@ void RNG_SystemInfoForRNG(void)
dwVal = GetCurrentThreadId(); // thread ID (4 bytes)
RNG_RandomUpdate(&dwVal, sizeof(dwVal));
#if !defined(_WIN32_WCE)
volName[0] = '\0';
buffer[0] = '\0';
GetVolumeInformation(NULL,
@ -331,7 +307,6 @@ void RNG_SystemInfoForRNG(void)
RNG_RandomUpdate(&dwFreeClusters, sizeof(dwFreeClusters));
RNG_RandomUpdate(&dwNumClusters, sizeof(dwNumClusters));
}
#endif
// Skip the potentially slow file scanning if the OS's PRNG worked.
if (!usedWindowsPRNG)
@ -352,63 +327,6 @@ static void rng_systemJitter(void)
}
#if defined(_WIN32_WCE)
void RNG_FileForRNG(const char *filename)
{
PRFileDesc * file;
int nBytes;
PRFileInfo infoBuf;
unsigned char buffer[1024];
if (PR_GetFileInfo(filename, &infoBuf) != PR_SUCCESS)
return;
RNG_RandomUpdate((unsigned char*)&infoBuf, sizeof(infoBuf));
file = PR_Open(filename, PR_RDONLY, 0);
if (file != NULL) {
for (;;) {
PRInt32 bytes = PR_Read(file, buffer, sizeof buffer);
if (bytes <= 0)
break;
RNG_RandomUpdate(buffer, bytes);
totalFileBytes += bytes;
if (totalFileBytes > maxFileBytes)
break;
}
PR_Close(file);
}
nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes
RNG_RandomUpdate(buffer, nBytes);
}
/*
* The Windows CE and Windows Mobile FIPS Security Policy, page 13,
* (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp825.pdf)
* says CeGenRandom is the right function to call for creating a seed
* for a random number generator.
*/
size_t RNG_SystemRNG(void *dest, size_t maxLen)
{
size_t bytes = 0;
usedWindowsPRNG = PR_FALSE;
if (CeGenRandom(maxLen, dest)) {
bytes = maxLen;
usedWindowsPRNG = PR_TRUE;
}
if (bytes == 0) {
bytes = rng_systemFromNoise(dest,maxLen);
}
return bytes;
}
#else /* not WinCE */
void RNG_FileForRNG(const char *filename)
{
FILE* file;
@ -542,6 +460,4 @@ done:
FreeLibrary(hModule);
return bytes;
}
#endif /* not WinCE */
#endif /* is XP_WIN */

10
security/nss/lib/nss/nss.def
View File

@ -1011,3 +1011,13 @@ PK11_PQG_ParamGenV2;
;+ local:
;+ *;
;+};
;+NSS_3.14.1 { # NSS 3.14.1 release
;+ global:
OCSP_CreateFailureResponse;
OCSP_CreateSingleResponseGood;
OCSP_CreateSingleResponseUnknown;
OCSP_CreateSingleResponseRevoked;
OCSP_CreateSuccessResponseEncodedBasicV1;
;+ local:
;+ *;
;+};

10
security/nss/lib/nss/nss.h
View File

@ -4,7 +4,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* $Id: nss.h,v 1.99 2012/10/18 16:54:44 kaie%kuix.de Exp $ */
/* $Id: nss.h,v 1.100 2012/10/19 20:06:07 kaie%kuix.de Exp $ */
#ifndef __nss_h_
#define __nss_h_
@ -34,12 +34,12 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define NSS_VERSION "3.14.0.1" _NSS_ECC_STRING _NSS_CUSTOMIZED
#define NSS_VERSION "3.14.1.0" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta"
#define NSS_VMAJOR 3
#define NSS_VMINOR 14
#define NSS_VPATCH 0
#define NSS_VBUILD 1
#define NSS_BETA PR_FALSE
#define NSS_VPATCH 1
#define NSS_VBUILD 0
#define NSS_BETA PR_TRUE
#ifndef RC_INVOKED

5
security/nss/lib/nss/nssinit.c
View File

@ -4,7 +4,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* $Id: nssinit.c,v 1.119 2012/10/09 18:22:46 emaldona%redhat.com Exp $ */
/* $Id: nssinit.c,v 1.120 2012/11/17 01:45:33 wtc%google.com Exp $ */
#include <ctype.h>
#include <string.h>
@ -637,9 +637,8 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix,
}
/* Skip the module init if we are already initted and we are trying
* to init with not noCertDB and noModDB */
* to init with noCertDB and noModDB */
if (!(isReallyInitted && noCertDB && noModDB)) {
/* we always try to initialize the modules */
rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
updateDir, updCertPrefix, updKeyPrefix, updateID,
updateName, configName, configStrings, passwordRequired,

2
security/nss/lib/nss/utilwrap.c
View File

@ -647,7 +647,7 @@ unsigned char *ATOB_AsciiToData(const char *string, unsigned int *lenp)
return ATOB_AsciiToData_Util(string, lenp);
}
SECStatus ATOB_ConvertAsciiToItem(SECItem *binary_item, char *ascii)
SECStatus ATOB_ConvertAsciiToItem(SECItem *binary_item, const char *ascii)
{
return ATOB_ConvertAsciiToItem_Util(binary_item, ascii);
}

6
security/nss/lib/pk11wrap/pk11akey.c
View File

@ -740,7 +740,7 @@ PK11_MakePrivKey(PK11SlotInfo *slot, KeyType keyType,
CK_KEY_TYPE pk11Type = CKK_RSA;
pk11Type = PK11_ReadULongAttribute(slot,privID,CKA_KEY_TYPE);
isTemp = (PRBool)!PK11_HasAttributeSet(slot,privID,CKA_TOKEN);
isTemp = (PRBool)!PK11_HasAttributeSet(slot,privID,CKA_TOKEN,PR_FALSE);
switch (pk11Type) {
case CKK_RSA: keyType = rsaKey; break;
case CKK_DSA: keyType = dsaKey; break;
@ -754,7 +754,7 @@ PK11_MakePrivKey(PK11SlotInfo *slot, KeyType keyType,
/* if the key is private, make sure we are authenticated to the
* token before we try to use it */
isPrivate = (PRBool)PK11_HasAttributeSet(slot,privID,CKA_PRIVATE);
isPrivate = (PRBool)PK11_HasAttributeSet(slot,privID,CKA_PRIVATE,PR_FALSE);
if (isPrivate) {
rv = PK11_Authenticate(slot, PR_TRUE, wincx);
if (rv != SECSuccess) {
@ -1432,7 +1432,7 @@ PK11_GenerateKeyPairWithOpFlags(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
/* set the ID to the public key so we can find it again */
cka_id = pk11_MakeIDFromPublicKey(*pubKey);
pubIsToken = (PRBool)PK11_HasAttributeSet(slot,pubID, CKA_TOKEN);
pubIsToken = (PRBool)PK11_HasAttributeSet(slot,pubID, CKA_TOKEN,PR_FALSE);
PK11_SETATTRS(&setTemplate, CKA_ID, cka_id->data, cka_id->len);

32
security/nss/lib/pk11wrap/pk11auth.c
View File

@ -45,8 +45,9 @@ static struct PK11GlobalStruct {
* Check the user's password. Log into the card if it's correct.
* succeed if the user is already logged in.
*/
SECStatus
pk11_CheckPassword(PK11SlotInfo *slot,char *pw,PRBool contextSpecific)
static SECStatus
pk11_CheckPassword(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
char *pw, PRBool alreadyLocked, PRBool contextSpecific)
{
int len = 0;
CK_RV crv;
@ -66,13 +67,13 @@ pk11_CheckPassword(PK11SlotInfo *slot,char *pw,PRBool contextSpecific)
}
do {
PK11_EnterSlotMonitor(slot);
crv = PK11_GETTAB(slot)->C_Login(slot->session,
if (!alreadyLocked) PK11_EnterSlotMonitor(slot);
crv = PK11_GETTAB(slot)->C_Login(session,
contextSpecific ? CKU_CONTEXT_SPECIFIC : CKU_USER,
(unsigned char *)pw,len);
slot->lastLoginCheck = 0;
mustRetry = PR_FALSE;
PK11_ExitSlotMonitor(slot);
if (!alreadyLocked) PK11_ExitSlotMonitor(slot);
switch (crv) {
/* if we're already logged in, we're good to go */
case CKR_OK:
@ -91,10 +92,19 @@ pk11_CheckPassword(PK11SlotInfo *slot,char *pw,PRBool contextSpecific)
* if the token is still there. */
case CKR_SESSION_HANDLE_INVALID:
case CKR_SESSION_CLOSED:
if (session != slot->session) {
/* don't bother retrying, we were in a middle of an operation,
* which is now lost. Just fail. */
PORT_SetError(PK11_MapError(crv));
rv = SECFailure;
break;
}
if (retry++ == 0) {
rv = PK11_InitToken(slot,PR_FALSE);
if (rv == SECSuccess) {
if (slot->session != CK_INVALID_SESSION) {
session = slot->session; /* we should have
* a new session now */
mustRetry = PR_TRUE;
} else {
PORT_SetError(PK11_MapError(crv));
@ -242,7 +252,8 @@ PK11_HandlePasswordCheck(PK11SlotInfo *slot,void *wincx)
NeedAuth = PR_TRUE;
}
}
if (NeedAuth) PK11_DoPassword(slot,PR_TRUE,wincx,PR_FALSE);
if (NeedAuth) PK11_DoPassword(slot, slot->session, PR_TRUE,
wincx, PR_FALSE, PR_FALSE);
}
void
@ -301,7 +312,8 @@ pk11_LoginStillRequired(PK11SlotInfo *slot, void *wincx)
SECStatus
PK11_Authenticate(PK11SlotInfo *slot, PRBool loadCerts, void *wincx) {
if (pk11_LoginStillRequired(slot,wincx)) {
return PK11_DoPassword(slot,loadCerts,wincx,PR_FALSE);
return PK11_DoPassword(slot, slot->session, loadCerts, wincx,
PR_FALSE, PR_FALSE);
}
return SECSuccess;
}
@ -532,7 +544,8 @@ PK11_SetIsLoggedInFunc(PK11IsLoggedInFunc func)
* of the PKCS 11 module.
*/
SECStatus
PK11_DoPassword(PK11SlotInfo *slot, PRBool loadCerts, void *wincx,
PK11_DoPassword(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
PRBool loadCerts, void *wincx, PRBool alreadyLocked,
PRBool contextSpecific)
{
SECStatus rv = SECFailure;
@ -602,7 +615,8 @@ PK11_DoPassword(PK11SlotInfo *slot, PRBool loadCerts, void *wincx,
break;
}
}
rv = pk11_CheckPassword(slot,password,contextSpecific);
rv = pk11_CheckPassword(slot, session, password,
alreadyLocked, contextSpecific);
PORT_Memset(password, 0, PORT_Strlen(password));
PORT_Free(password);
if (rv != SECWouldBlock) break;

2
security/nss/lib/pk11wrap/pk11cert.c
View File

@ -2663,7 +2663,7 @@ PK11_GetAllSlotsForCert(CERTCertificate *cert, void *arg)
nssCryptokiObject *instance = *ip;
PK11SlotInfo *slot = instance->token->pk11slot;
if (slot) {
PK11_AddSlotToList(slotList, slot);
PK11_AddSlotToList(slotList, slot, PR_TRUE);
found = PR_TRUE;
}
}

12
security/nss/lib/pk11wrap/pk11cxt.c
View File

@ -592,7 +592,7 @@ SECStatus PK11_DigestBegin(PK11Context *cx)
}
SECStatus
PK11_HashBuf(SECOidTag hashAlg, unsigned char *out, unsigned char *in,
PK11_HashBuf(SECOidTag hashAlg, unsigned char *out, const unsigned char *in,
PRInt32 len) {
PK11Context *context;
unsigned int max_length;
@ -637,7 +637,7 @@ PK11_HashBuf(SECOidTag hashAlg, unsigned char *out, unsigned char *in,
*/
SECStatus
PK11_CipherOp(PK11Context *context, unsigned char * out, int *outlen,
int maxout, unsigned char *in, int inlen)
int maxout, const unsigned char *in, int inlen)
{
CK_RV crv = CKR_OK;
CK_ULONG length = maxout;
@ -687,7 +687,7 @@ PK11_CipherOp(PK11Context *context, unsigned char * out, int *outlen,
} else if (context->operation == CKA_DECRYPT) {
length = sizeof(random);
crv = PK11_GETTAB(context->slot)->C_DecryptUpdate(context->session,
in,sizeof(random),random,&length);
(CK_BYTE_PTR)in,sizeof(random),random,&length);
inlen -= length;
in += length;
context->fortezzaHack = PR_FALSE;
@ -698,13 +698,15 @@ PK11_CipherOp(PK11Context *context, unsigned char * out, int *outlen,
case CKA_ENCRYPT:
length = maxout;
crv=PK11_GETTAB(context->slot)->C_EncryptUpdate(context->session,
in, inlen, out, &length);
(CK_BYTE_PTR)in, inlen,
out, &length);
length += offset;
break;
case CKA_DECRYPT:
length = maxout;
crv=PK11_GETTAB(context->slot)->C_DecryptUpdate(context->session,
in, inlen, out, &length);
(CK_BYTE_PTR)in, inlen,
out, &length);
break;
default:
crv = CKR_OPERATION_NOT_INITIALIZED;

28
security/nss/lib/pk11wrap/pk11merge.c
View File

@ -169,15 +169,15 @@ pk11_getPrivateKeyUsage(PK11SlotInfo *slot, CK_OBJECT_HANDLE id)
{
unsigned int usage = 0;
if ((PK11_HasAttributeSet(slot, id, CKA_UNWRAP) ||
PK11_HasAttributeSet(slot,id, CKA_DECRYPT))) {
if ((PK11_HasAttributeSet(slot, id, CKA_UNWRAP,PR_FALSE) ||
PK11_HasAttributeSet(slot,id, CKA_DECRYPT,PR_FALSE))) {
usage |= KU_KEY_ENCIPHERMENT;
}
if (PK11_HasAttributeSet(slot, id, CKA_DERIVE)) {
if (PK11_HasAttributeSet(slot, id, CKA_DERIVE, PR_FALSE)) {
usage |= KU_KEY_AGREEMENT;
}
if ((PK11_HasAttributeSet(slot, id, CKA_SIGN_RECOVER) ||
PK11_HasAttributeSet(slot, id, CKA_SIGN))) {
if ((PK11_HasAttributeSet(slot, id, CKA_SIGN_RECOVER, PR_FALSE) ||
PK11_HasAttributeSet(slot, id, CKA_SIGN, PR_FALSE))) {
usage |= KU_DIGITAL_SIGNATURE;
}
return usage;
@ -373,31 +373,31 @@ pk11_getSecretKeyFlags(PK11SlotInfo *slot, CK_OBJECT_HANDLE id)
{
CK_FLAGS flags = 0;
if (PK11_HasAttributeSet(slot, id, CKA_UNWRAP)) {
if (PK11_HasAttributeSet(slot, id, CKA_UNWRAP, PR_FALSE)) {
flags |= CKF_UNWRAP;
}
if (PK11_HasAttributeSet(slot, id, CKA_WRAP)) {
if (PK11_HasAttributeSet(slot, id, CKA_WRAP, PR_FALSE)) {
flags |= CKF_WRAP;
}
if (PK11_HasAttributeSet(slot, id, CKA_ENCRYPT)) {
if (PK11_HasAttributeSet(slot, id, CKA_ENCRYPT, PR_FALSE)) {
flags |= CKF_ENCRYPT;
}
if (PK11_HasAttributeSet(slot, id, CKA_DECRYPT)) {
if (PK11_HasAttributeSet(slot, id, CKA_DECRYPT, PR_FALSE)) {
flags |= CKF_DECRYPT;
}
if (PK11_HasAttributeSet(slot, id, CKA_DERIVE)) {
if (PK11_HasAttributeSet(slot, id, CKA_DERIVE, PR_FALSE)) {
flags |= CKF_DERIVE;
}
if (PK11_HasAttributeSet(slot, id, CKA_SIGN)) {
if (PK11_HasAttributeSet(slot, id, CKA_SIGN, PR_FALSE)) {
flags |= CKF_SIGN;
}
if (PK11_HasAttributeSet(slot, id, CKA_SIGN_RECOVER)) {
if (PK11_HasAttributeSet(slot, id, CKA_SIGN_RECOVER, PR_FALSE)) {
flags |= CKF_SIGN_RECOVER;
}
if (PK11_HasAttributeSet(slot, id, CKA_VERIFY)) {
if (PK11_HasAttributeSet(slot, id, CKA_VERIFY, PR_FALSE)) {
flags |= CKF_VERIFY;
}
if (PK11_HasAttributeSet(slot, id, CKA_VERIFY_RECOVER)) {
if (PK11_HasAttributeSet(slot, id, CKA_VERIFY_RECOVER, PR_FALSE)) {
flags |= CKF_VERIFY_RECOVER;
}
return flags;

63
security/nss/lib/pk11wrap/pk11obj.c
View File

@ -146,7 +146,7 @@ PK11_ReadULongAttribute(PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
*/
CK_BBOOL
PK11_HasAttributeSet( PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
CK_ATTRIBUTE_TYPE type )
CK_ATTRIBUTE_TYPE type, PRBool haslock )
{
CK_BBOOL ckvalue = CK_FALSE;
CK_ATTRIBUTE theTemplate;
@ -156,10 +156,10 @@ PK11_HasAttributeSet( PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
PK11_SETATTRS( &theTemplate, type, &ckvalue, sizeof( CK_BBOOL ) );
/* Retrieve attribute value. */
PK11_EnterSlotMonitor(slot);
if (!haslock) PK11_EnterSlotMonitor(slot);
crv = PK11_GETTAB( slot )->C_GetAttributeValue( slot->session, id,
&theTemplate, 1 );
PK11_ExitSlotMonitor(slot);
if (!haslock) PK11_ExitSlotMonitor(slot);
if( crv != CKR_OK ) {
PORT_SetError( PK11_MapError( crv ) );
return CK_FALSE;
@ -254,7 +254,7 @@ PK11_GetAttributes(PRArenaPool *arena,PK11SlotInfo *slot,
PRBool
PK11_IsPermObject(PK11SlotInfo *slot, CK_OBJECT_HANDLE handle)
{
return (PRBool) PK11_HasAttributeSet(slot, handle, CKA_TOKEN);
return (PRBool) PK11_HasAttributeSet(slot, handle, CKA_TOKEN, PR_FALSE);
}
char *
@ -600,8 +600,8 @@ pk11_FindAttrInTemplate(CK_ATTRIBUTE *attr, unsigned int numAttrs,
* figure out which hash algorithm to use until we decryptted this.
*/
SECStatus
PK11_VerifyRecover(SECKEYPublicKey *key,
SECItem *sig, SECItem *dsig, void *wincx)
PK11_VerifyRecover(SECKEYPublicKey *key, const SECItem *sig,
SECItem *dsig, void *wincx)
{
PK11SlotInfo *slot = key->pkcs11Slot;
CK_OBJECT_HANDLE id = key->pkcs11ID;
@ -660,7 +660,8 @@ PK11_VerifyRecover(SECKEYPublicKey *key,
* verify a signature from its hash.
*/
SECStatus
PK11_Verify(SECKEYPublicKey *key, SECItem *sig, SECItem *hash, void *wincx)
PK11_Verify(SECKEYPublicKey *key, const SECItem *sig, const SECItem *hash,
void *wincx)
{
PK11SlotInfo *slot = key->pkcs11Slot;
CK_OBJECT_HANDLE id = key->pkcs11ID;
@ -729,12 +730,13 @@ PK11_Verify(SECKEYPublicKey *key, SECItem *sig, SECItem *hash, void *wincx)
* sign a hash. The algorithm is determined by the key.
*/
SECStatus
PK11_Sign(SECKEYPrivateKey *key, SECItem *sig, SECItem *hash)
PK11_Sign(SECKEYPrivateKey *key, SECItem *sig, const SECItem *hash)
{
PK11SlotInfo *slot = key->pkcs11Slot;
CK_MECHANISM mech = {0, NULL, 0 };
PRBool owner = PR_TRUE;
CK_SESSION_HANDLE session;
PRBool haslock = PR_FALSE;
CK_ULONG len;
CK_RV crv;
@ -745,24 +747,27 @@ PK11_Sign(SECKEYPrivateKey *key, SECItem *sig, SECItem *hash)
}
session = pk11_GetNewSession(slot,&owner);
if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
haslock = (!owner || !(slot->isThreadSafe));
if (haslock) PK11_EnterSlotMonitor(slot);
crv = PK11_GETTAB(slot)->C_SignInit(session,&mech,key->pkcs11ID);
if (crv != CKR_OK) {
if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
if (haslock) PK11_ExitSlotMonitor(slot);
pk11_CloseSession(slot,session,owner);
PORT_SetError( PK11_MapError(crv) );
return SECFailure;
}
/* PKCS11 2.20 says if CKA_ALWAYS_AUTHENTICATE then
* do C_Login with CKU_CONTEXT_SPECIFIC
* between C_SignInit and C_Sign */
if (SECKEY_HAS_ATTRIBUTE_SET(key,CKA_ALWAYS_AUTHENTICATE)) {
PK11_DoPassword(slot, PR_FALSE, key->wincx, PR_TRUE);
}
/* PKCS11 2.20 says if CKA_ALWAYS_AUTHENTICATE then
* do C_Login with CKU_CONTEXT_SPECIFIC
* between C_SignInit and C_Sign */
if (SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, CKA_ALWAYS_AUTHENTICATE, haslock)) {
PK11_DoPassword(slot, session, PR_FALSE, key->wincx, haslock, PR_TRUE);
}
len = sig->len;
crv = PK11_GETTAB(slot)->C_Sign(session,hash->data,
hash->len, sig->data, &len);
if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
if (haslock) PK11_ExitSlotMonitor(slot);
pk11_CloseSession(slot,session,owner);
sig->len = len;
if (crv != CKR_OK) {
@ -788,6 +793,7 @@ pk11_PrivDecryptRaw(SECKEYPrivateKey *key, unsigned char *data,
CK_ULONG out = maxLen;
PRBool owner = PR_TRUE;
CK_SESSION_HANDLE session;
PRBool haslock = PR_FALSE;
CK_RV crv;
if (key->keyType != rsaKey) {
@ -803,23 +809,26 @@ pk11_PrivDecryptRaw(SECKEYPrivateKey *key, unsigned char *data,
PK11_HandlePasswordCheck(slot, key->wincx);
}
session = pk11_GetNewSession(slot,&owner);
if (!owner || !(slot->isThreadSafe)) PK11_EnterSlotMonitor(slot);
haslock = (!owner || !(slot->isThreadSafe));
if (haslock) PK11_EnterSlotMonitor(slot);
crv = PK11_GETTAB(slot)->C_DecryptInit(session, mech, key->pkcs11ID);
if (crv != CKR_OK) {
if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
if (haslock) PK11_ExitSlotMonitor(slot);
pk11_CloseSession(slot,session,owner);
PORT_SetError( PK11_MapError(crv) );
return SECFailure;
}
/* PKCS11 2.20 says if CKA_ALWAYS_AUTHENTICATE then
* do C_Login with CKU_CONTEXT_SPECIFIC
* between C_DecryptInit and C_Decrypt */
/* But see note above about servers */
if (SECKEY_HAS_ATTRIBUTE_SET(key,CKA_ALWAYS_AUTHENTICATE)) {
PK11_DoPassword(slot, PR_FALSE, key->wincx, PR_TRUE);
}
/* PKCS11 2.20 says if CKA_ALWAYS_AUTHENTICATE then
* do C_Login with CKU_CONTEXT_SPECIFIC
* between C_DecryptInit and C_Decrypt
* ... But see note above about servers */
if (SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, CKA_ALWAYS_AUTHENTICATE, haslock)) {
PK11_DoPassword(slot, session, PR_FALSE, key->wincx, haslock, PR_TRUE);
}
crv = PK11_GETTAB(slot)->C_Decrypt(session,enc, encLen, data, &out);
if (!owner || !(slot->isThreadSafe)) PK11_ExitSlotMonitor(slot);
if (haslock) PK11_ExitSlotMonitor(slot);
pk11_CloseSession(slot,session,owner);
*outLen = out;
if (crv != CKR_OK) {

10
security/nss/lib/pk11wrap/pk11priv.h
View File

@ -28,7 +28,7 @@ SEC_BEGIN_PROTOS
PK11SlotList * PK11_NewSlotList(void);
PK11SlotList * PK11_GetPrivateKeyTokens(CK_MECHANISM_TYPE type,
PRBool needRW,void *wincx);
SECStatus PK11_AddSlotToList(PK11SlotList *list,PK11SlotInfo *slot);
SECStatus PK11_AddSlotToList(PK11SlotList *list,PK11SlotInfo *slot, PRBool sorted);
SECStatus PK11_DeleteSlotFromList(PK11SlotList *list,PK11SlotListElement *le);
PK11SlotListElement *PK11_FindSlotElement(PK11SlotList *list,
PK11SlotInfo *slot);
@ -59,8 +59,9 @@ void PK11_CleanKeyList(PK11SlotInfo *slot);
/************************************************************
* Slot Password Management
************************************************************/
SECStatus PK11_DoPassword(PK11SlotInfo *slot, PRBool loadCerts, void *wincx,
PRBool contextSpecific);
SECStatus PK11_DoPassword(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
PRBool loadCerts, void *wincx, PRBool alreadyLocked,
PRBool contextSpecific);
SECStatus PK11_VerifyPW(PK11SlotInfo *slot,char *pw);
void PK11_HandlePasswordCheck(PK11SlotInfo *slot,void *wincx);
void PK11_SetVerifyPasswordFunc(PK11VerifyPasswordFunc func);
@ -121,7 +122,8 @@ CK_OBJECT_HANDLE PK11_MatchItem(PK11SlotInfo *slot,CK_OBJECT_HANDLE peer,
CK_OBJECT_CLASS o_class);
CK_BBOOL PK11_HasAttributeSet( PK11SlotInfo *slot,
CK_OBJECT_HANDLE id,
CK_ATTRIBUTE_TYPE type );
CK_ATTRIBUTE_TYPE type,
PRBool haslock );
CK_RV PK11_GetAttributes(PLArenaPool *arena,PK11SlotInfo *slot,
CK_OBJECT_HANDLE obj,CK_ATTRIBUTE *attr, int count);
int PK11_NumberCertsForCertSubject(CERTCertificate *cert);

17
security/nss/lib/pk11wrap/pk11pub.h
View File

@ -658,11 +658,12 @@ CERTSignedCrl* PK11_ImportCRL(PK11SlotInfo * slot, SECItem *derCRL, char *url,
*/
int PK11_SignatureLen(SECKEYPrivateKey *key);
PK11SlotInfo * PK11_GetSlotFromPrivateKey(SECKEYPrivateKey *key);
SECStatus PK11_Sign(SECKEYPrivateKey *key, SECItem *sig, SECItem *hash);
SECStatus PK11_VerifyRecover(SECKEYPublicKey *key, SECItem *sig,
SECItem *dsig, void * wincx);
SECStatus PK11_Verify(SECKEYPublicKey *key, SECItem *sig,
SECItem *hash, void *wincx);
SECStatus PK11_Sign(SECKEYPrivateKey *key, SECItem *sig,
const SECItem *hash);
SECStatus PK11_VerifyRecover(SECKEYPublicKey *key, const SECItem *sig,
SECItem *dsig, void * wincx);
SECStatus PK11_Verify(SECKEYPublicKey *key, const SECItem *sig,
const SECItem *hash, void *wincx);
@ -679,12 +680,12 @@ SECStatus PK11_DigestBegin(PK11Context *cx);
* The output buffer 'out' must be big enough to hold the output of
* the hash algorithm 'hashAlg'.
*/
SECStatus PK11_HashBuf(SECOidTag hashAlg, unsigned char *out, unsigned char *in,
PRInt32 len);
SECStatus PK11_HashBuf(SECOidTag hashAlg, unsigned char *out,
const unsigned char *in, PRInt32 len);
SECStatus PK11_DigestOp(PK11Context *context, const unsigned char *in,
unsigned len);
SECStatus PK11_CipherOp(PK11Context *context, unsigned char * out, int *outlen,
int maxout, unsigned char *in, int inlen);
int maxout, const unsigned char *in, int inlen);
SECStatus PK11_Finalize(PK11Context *context);
SECStatus PK11_DigestFinal(PK11Context *context, unsigned char *data,
unsigned int *outLen, unsigned int length);

3
security/nss/lib/pk11wrap/pk11skey.c
View File

@ -905,13 +905,10 @@ pk11_TokenKeyGenWithFlagsAndKeyType(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
CK_ATTRIBUTE genTemplate[MAX_TEMPL_ATTRS];
CK_ATTRIBUTE *attrs = genTemplate;
int count = sizeof(genTemplate)/sizeof(genTemplate[0]);
CK_SESSION_HANDLE session;
CK_MECHANISM_TYPE keyGenType;
CK_RV crv;
CK_BBOOL cktrue = CK_TRUE;
CK_BBOOL ckfalse = CK_FALSE;
CK_ULONG ck_key_size; /* only used for variable-length keys */
PRBool isToken = ((attrFlags & PK11_ATTR_TOKEN) != 0);
if (pk11_BadAttrFlags(attrFlags)) {
PORT_SetError( SEC_ERROR_INVALID_ARGS );

52
security/nss/lib/pk11wrap/pk11slot.c
View File

@ -171,11 +171,16 @@ PK11_FreeSlotList(PK11SlotList *list)
/*
* add a slot to a list
* "slot" is the slot to be added. Ownership is not transferred.
* "sorted" indicates whether or not the slot should be inserted according to
* cipherOrder of the associated module. PR_FALSE indicates that the slot
* should be inserted to the head of the list.
*/
SECStatus
PK11_AddSlotToList(PK11SlotList *list,PK11SlotInfo *slot)
PK11_AddSlotToList(PK11SlotList *list,PK11SlotInfo *slot, PRBool sorted)
{
PK11SlotListElement *le;
PK11SlotListElement *element;
le = (PK11SlotListElement *) PORT_Alloc(sizeof(PK11SlotListElement));
if (le == NULL) return SECFailure;
@ -184,9 +189,23 @@ PK11_AddSlotToList(PK11SlotList *list,PK11SlotInfo *slot)
le->prev = NULL;
le->refCount = 1;
PZ_Lock(list->lock);
if (list->head) list->head->prev = le; else list->tail = le;
le->next = list->head;
list->head = le;
element = list->head;
/* Insertion sort, with higher cipherOrders are sorted first in the list */
while (element && sorted && (element->slot->module->cipherOrder >
le->slot->module->cipherOrder)) {
element = element->next;
}
if (element) {
le->prev = element->prev;
element->prev = le;
le->next = element;
} else {
le->prev = list->tail;
le->next = NULL;
list->tail = le;
}
if (le->prev) le->prev->next = le;
if (list->head == element) list->head = le;
PZ_Unlock(list->lock);
return SECSuccess;
@ -208,11 +227,12 @@ PK11_DeleteSlotFromList(PK11SlotList *list,PK11SlotListElement *le)
}
/*
* Move a list to the end of the target list. NOTE: There is no locking
* here... This assumes BOTH lists are private copy lists.
* Move a list to the end of the target list.
* NOTE: There is no locking here... This assumes BOTH lists are private copy
* lists. It also does not re-sort the target list.
*/
SECStatus
PK11_MoveListToList(PK11SlotList *target,PK11SlotList *src)
pk11_MoveListToList(PK11SlotList *target,PK11SlotList *src)
{
if (src->head == NULL) return SECSuccess;
@ -511,7 +531,7 @@ PK11_FindSlotsByNames(const char *dllName, const char* slotName,
((NULL == slotName) || (0 == *slotName)) &&
((NULL == tokenName) || (0 == *tokenName)) ) {
/* default to softoken */
PK11_AddSlotToList(slotList, PK11_GetInternalKeySlot());
PK11_AddSlotToList(slotList, PK11_GetInternalKeySlot(), PR_TRUE);
return slotList;
}
@ -539,7 +559,7 @@ PK11_FindSlotsByNames(const char *dllName, const char* slotName,
( (!slotName) || (tmpSlot->slot_name &&
(0==PORT_Strcmp(tmpSlot->slot_name, slotName)))) ) {
if (tmpSlot) {
PK11_AddSlotToList(slotList, tmpSlot);
PK11_AddSlotToList(slotList, tmpSlot, PR_TRUE);
slotcount++;
}
}
@ -910,7 +930,7 @@ PK11_LoadSlotList(PK11SlotInfo *slot, PK11PreSlotInfo *psi, int count)
CK_MECHANISM_TYPE mechanism = PK11_DefaultArray[i].mechanism;
PK11SlotList *slotList = PK11_GetSlotList(mechanism);
if (slotList) PK11_AddSlotToList(slotList,slot);
if (slotList) PK11_AddSlotToList(slotList,slot,PR_FALSE);
}
}
@ -937,7 +957,7 @@ PK11_UpdateSlotAttribute(PK11SlotInfo *slot, PK11DefaultArrayEntry *entry,
/* add this slot to the list */
if (slotList!=NULL)
result = PK11_AddSlotToList(slotList, slot);
result = PK11_AddSlotToList(slotList, slot, PR_FALSE);
} else { /* trying to turn off */
@ -1910,12 +1930,12 @@ PK11_GetAllTokens(CK_MECHANISM_TYPE type, PRBool needRW, PRBool loadCerts,
|| PK11_DoesMechanism(slot, type)) {
if (pk11_LoginStillRequired(slot,wincx)) {
if (PK11_IsFriendly(slot)) {
PK11_AddSlotToList(friendlyList, slot);
PK11_AddSlotToList(friendlyList, slot, PR_TRUE);
} else {
PK11_AddSlotToList(loginList, slot);
PK11_AddSlotToList(loginList, slot, PR_TRUE);
}
} else {
PK11_AddSlotToList(list, slot);
PK11_AddSlotToList(list, slot, PR_TRUE);
}
}
}
@ -1923,9 +1943,9 @@ PK11_GetAllTokens(CK_MECHANISM_TYPE type, PRBool needRW, PRBool loadCerts,
}
SECMOD_ReleaseReadLock(moduleLock);
PK11_MoveListToList(list,friendlyList);
pk11_MoveListToList(list,friendlyList);
PK11_FreeSlotList(friendlyList);
PK11_MoveListToList(list,loginList);
pk11_MoveListToList(list,loginList);
PK11_FreeSlotList(loginList);
return list;

1
security/nss/lib/pk11wrap/pk11util.c
View File

@ -13,7 +13,6 @@
#include "pki3hack.h"
#include "secerr.h"
#include "dev.h"
#include "pkcs11ni.h"
#include "utilpars.h"
/* these are for displaying error messages */

8
security/nss/lib/pkcs7/p7decode.c
View File

@ -5,7 +5,7 @@
/*
* PKCS7 decoding, verification.
*
* $Id: p7decode.c,v 1.29 2012/04/25 14:50:06 gerv%gerv.net Exp $
* $Id: p7decode.c,v 1.30 2012/11/27 22:48:08 bsmith%mozilla.com Exp $
*/
#include "p7local.h"
@ -1280,12 +1280,12 @@ SEC_PKCS7ContentIsSigned(SEC_PKCS7ContentInfo *cinfo)
static PRBool
sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo,
SECCertUsage certusage,
SECItem *detached_digest,
const SECItem *detached_digest,
HASH_HashType digest_type,
PRBool keepcerts)
{
SECAlgorithmID **digestalgs, *bulkid;
SECItem *digest;
const SECItem *digest;
SECItem **digests;
SECItem **rawcerts;
CERTSignedCrl **crls;
@ -1774,7 +1774,7 @@ SEC_PKCS7VerifySignature(SEC_PKCS7ContentInfo *cinfo,
PRBool
SEC_PKCS7VerifyDetachedSignature(SEC_PKCS7ContentInfo *cinfo,
SECCertUsage certusage,
SECItem *detached_digest,
const SECItem *detached_digest,
HASH_HashType digest_type,
PRBool keepcerts)
{

4
security/nss/lib/pkcs7/secpkcs7.h
View File

@ -5,7 +5,7 @@
/*
* Interface to the PKCS7 implementation.
*
* $Id: secpkcs7.h,v 1.9 2012/04/25 14:50:06 gerv%gerv.net Exp $
* $Id: secpkcs7.h,v 1.10 2012/11/27 22:48:08 bsmith%mozilla.com Exp $
*/
#ifndef _SECPKCS7_H_
@ -129,7 +129,7 @@ extern PRBool SEC_PKCS7VerifySignature(SEC_PKCS7ContentInfo *cinfo,
*/
extern PRBool SEC_PKCS7VerifyDetachedSignature(SEC_PKCS7ContentInfo *cinfo,
SECCertUsage certusage,
SECItem *detached_digest,
const SECItem *detached_digest,
HASH_HashType digest_type,
PRBool keepcerts);

2
security/nss/lib/softoken/Makefile
View File

@ -39,7 +39,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
ifdef NSS_DISABLE_DBM
DIRS= dummy
DIRS=
endif
#######################################################################

4
security/nss/lib/softoken/config.mk
View File

@ -65,7 +65,3 @@ endif
ifeq ($(OS_TARGET),SunOS)
OS_LIBS += -lbsm
endif
ifeq ($(OS_TARGET),WINCE)
DEFINES += -DDBM_USING_NSPR
endif

4
security/nss/lib/softoken/legacydb/config.mk
View File

@ -59,7 +59,3 @@ endif
ifeq ($(OS_TARGET),SunOS)
OS_LIBS += -lbsm
endif
ifeq ($(OS_TARGET),WINCE)
DEFINES += -DDBM_USING_NSPR
endif

2
security/nss/lib/softoken/pkcs11u.c
View File

@ -511,7 +511,7 @@ sftk_forceTokenAttribute(SFTKObject *object,CK_ATTRIBUTE_TYPE type,
dbHandle = sftk_getDBForTokenObject(object->slot, object->handle);
attribute.type = type;
attribute.pValue = value;
attribute.pValue = (void *)value;
attribute.ulValueLen = len;
crv = sftkdb_SetAttributeValue(dbHandle, object, &attribute, 1);

28
security/nss/lib/softoken/sdb.c
View File

@ -1684,9 +1684,7 @@ sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate,
* a database */
if (create) {
/* NO NSPR call for this? :( */
#ifndef WINCE
chmod (dbname, 0600);
#endif
}
if (flags != SDB_RDONLY) {
@ -1823,6 +1821,7 @@ sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate,
enableCache = PR_TRUE;
} else {
char *tempDir = NULL;
PRBool mustFreeTempDir = PR_TRUE;
PRUint32 tempOps = 0;
/*
* Use PR_Access to determine how expensive it
@ -1830,14 +1829,37 @@ sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate,
* check in the temp directory. If the temp directory is faster, cache
* the database there. */
tempDir = sdb_getTempDir(sqlDB);
if (!tempDir) {
mustFreeTempDir = PR_FALSE; /* getenv will return references */
tempDir = getenv("TEMP");
if (!tempDir)
tempDir = getenv("TMP");
if (!tempDir) {
tempDir = tempnam(NULL, NULL);
if (tempDir) {
char dirsep = PR_GetDirectorySeparator();
char *end = PORT_Strrchr(tempDir, dirsep);
mustFreeTempDir = PR_TRUE;
if (end) {
/* We shorten the temp filename string to contain
* only the directory name.
*/
*end = 0;
}
}
}
}
if (tempDir) {
tempOps = sdb_measureAccess(tempDir);
PORT_Free(tempDir);
/* There is a cost to continually copying the database.
* Account for that cost with the arbitrary factor of 10 */
enableCache = (PRBool)(tempOps > accessOps * 10);
}
if (mustFreeTempDir)
PORT_Free(tempDir);
}
if (enableCache) {

8
security/nss/lib/softoken/softkver.h
View File

@ -25,11 +25,11 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define SOFTOKEN_VERSION "3.14.0.1" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VERSION "3.14.1.0" SOFTOKEN_ECC_STRING " Beta"
#define SOFTOKEN_VMAJOR 3
#define SOFTOKEN_VMINOR 14
#define SOFTOKEN_VPATCH 0
#define SOFTOKEN_VBUILD 1
#define SOFTOKEN_BETA PR_FALSE
#define SOFTOKEN_VPATCH 1
#define SOFTOKEN_VBUILD 0
#define SOFTOKEN_BETA PR_TRUE
#endif /* _SOFTKVER_H_ */

6
security/nss/lib/ssl/notes.txt
View File

@ -1,6 +1,6 @@
This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
SSL's Buffers: enumerated and explained.

22
security/nss/lib/ssl/ssl3con.c
View File

@ -5,7 +5,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* $Id: ssl3con.c,v 1.192 2012/09/28 05:10:25 wtc%google.com Exp $ */
/* $Id: ssl3con.c,v 1.195 2012/11/15 18:49:01 wtc%google.com Exp $ */
/* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */
@ -5577,7 +5577,6 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
}
/* NULL value for PMS signifies re-use of the old MS */
rv = ssl3_InitPendingCipherSpec(ss, NULL);
if (rv != SECSuccess) {
@ -5981,14 +5980,14 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
desc = no_certificate;
ss->ssl3.hs.ws = wait_hello_done;
if (ss->getClientAuthData == NULL) {
rv = SECFailure; /* force it to send a no_certificate alert */
} else {
if (ss->getClientAuthData != NULL) {
/* XXX Should pass cert_types in this call!! */
rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg,
ss->fd, &ca_list,
&ss->ssl3.clientCertificate,
&ss->ssl3.clientPrivateKey);
} else {
rv = SECFailure; /* force it to send a no_certificate alert */
}
switch (rv) {
case SECWouldBlock: /* getClientAuthData has put up a dialog box. */
@ -6078,10 +6077,17 @@ ssl3_CanFalseStart(sslSocket *ss) {
!ss->sec.isServer &&
!ss->ssl3.hs.isResuming &&
ss->ssl3.cwSpec &&
/* An attacker can control the selected ciphersuite so we only wish to
* do False Start in the case that the selected ciphersuite is
* sufficiently strong that the attack can gain no advantage.
* Therefore we require an 80-bit cipher and a forward-secret key
* exchange. */
ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 &&
(ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_rsa ||
ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_dh ||
ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_ecdh);
(ss->ssl3.hs.kea_def->kea == kea_dhe_dss ||
ss->ssl3.hs.kea_def->kea == kea_dhe_rsa ||
ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa ||
ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa);
ssl_ReleaseSpecReadLock(ss);
return rv;
}

16
security/nss/lib/ssl/ssl3ext.c
View File

@ -6,7 +6,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* TLS extension code moved here from ssl3ecc.c */
/* $Id: ssl3ext.c,v 1.28 2012/09/21 00:28:05 wtc%google.com Exp $ */
/* $Id: ssl3ext.c,v 1.30 2012/11/13 01:26:40 wtc%google.com Exp $ */
#include "nssrenam.h"
#include "nss.h"
@ -535,6 +535,12 @@ ssl3_ServerHandleNextProtoNegoXtn(sslSocket * ss, PRUint16 ex_type, SECItem *dat
return SECFailure;
}
ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
/* TODO: server side NPN support would require calling
* ssl3_RegisterServerHelloExtensionSender here in order to echo the
* extension back to the client. */
return SECSuccess;
}
@ -603,6 +609,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
return SECFailure;
}
ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result);
}
@ -1076,7 +1084,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
&mac_key, &mac_key_length);
} else
#endif
{
{
rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
&mac_key_pkcs11);
}
@ -1114,7 +1122,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
goto no_ticket;
} else
#endif
{
{
SECItem macParam;
macParam.data = NULL;
macParam.len = 0;
@ -1178,7 +1186,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
goto no_ticket;
} else
#endif
{
{
SECItem ivItem;
ivItem.data = enc_session_ticket.iv;
ivItem.len = AES_BLOCK_SIZE;

4
security/nss/lib/ssl/sslimpl.h
View File

@ -5,7 +5,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* $Id: sslimpl.h,v 1.108 2012/09/28 01:46:45 wtc%google.com Exp $ */
/* $Id: sslimpl.h,v 1.109 2012/11/14 01:14:12 wtc%google.com Exp $ */
#ifndef __sslimpl_h_
#define __sslimpl_h_
@ -1791,8 +1791,6 @@ SEC_END_PROTOS
#if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
#define SSL_GETPID getpid
#elif defined(_WIN32_WCE)
#define SSL_GETPID GetCurrentProcessId
#elif defined(WIN32)
extern int __cdecl _getpid(void);
#define SSL_GETPID _getpid

6
security/nss/lib/ssl/sslnonce.c
View File

@ -4,7 +4,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* $Id: sslnonce.c,v 1.27 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
/* $Id: sslnonce.c,v 1.28 2012/11/14 01:14:12 wtc%google.com Exp $ */
#include "cert.h"
#include "pk11pub.h"
@ -15,7 +15,7 @@
#include "sslimpl.h"
#include "sslproto.h"
#include "nssilock.h"
#if (defined(XP_UNIX) || defined(XP_WIN) || defined(_WINDOWS) || defined(XP_BEOS)) && !defined(_WIN32_WCE)
#if defined(XP_UNIX) || defined(XP_WIN) || defined(_WINDOWS) || defined(XP_BEOS)
#include <time.h>
#endif
@ -452,7 +452,7 @@ PRUint32
ssl_Time(void)
{
PRUint32 myTime;
#if (defined(XP_UNIX) || defined(XP_WIN) || defined(_WINDOWS) || defined(XP_BEOS)) && !defined(_WIN32_WCE)
#if defined(XP_UNIX) || defined(XP_WIN) || defined(_WINDOWS) || defined(XP_BEOS)
myTime = time(NULL); /* accurate until the year 2038. */
#else
/* portable, but possibly slower */

16
security/nss/lib/ssl/sslsock.c
View File

@ -6,7 +6,7 @@
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* $Id: sslsock.c,v 1.96 2012/09/24 23:57:42 wtc%google.com Exp $ */
/* $Id: sslsock.c,v 1.98 2012/11/14 01:14:12 wtc%google.com Exp $ */
#include "seccomon.h"
#include "cert.h"
#include "keyhi.h"
@ -2753,7 +2753,7 @@ loser:
return SECFailure;
}
#if (defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS)) && !defined(_WIN32_WCE)
#if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS)
#define NSS_HAVE_GETENV 1
#endif
@ -2792,11 +2792,15 @@ ssl_SetDefaultsFromEnvironment(void)
ev = getenv("SSLKEYLOGFILE");
if (ev && ev[0]) {
ssl_keylog_iob = fopen(ev, "a");
if (ftell(ssl_keylog_iob) == 0) {
fputs("# SSL/TLS secrets log file, generated by NSS\n",
ssl_keylog_iob);
if (!ssl_keylog_iob) {
SSL_TRACE(("SSL: failed to open key log file"));
} else {
if (ftell(ssl_keylog_iob) == 0) {
fputs("# SSL/TLS secrets log file, generated by NSS\n",
ssl_keylog_iob);
}
SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
}
SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
}
#ifndef NO_PKCS11_BYPASS
ev = getenv("SSLBYPASS");

4
security/nss/lib/util/base64.h
View File

@ -6,7 +6,7 @@
* base64.h - prototypes for base64 encoding/decoding
* Note: These functions are deprecated; see nssb64.h for new routines.
*
* $Id: base64.h,v 1.4 2012/04/25 14:50:16 gerv%gerv.net Exp $
* $Id: base64.h,v 1.5 2012/11/27 22:48:09 bsmith%mozilla.com Exp $
*/
#ifndef _BASE64_H_
#define _BASE64_H_
@ -31,7 +31,7 @@ extern unsigned char *ATOB_AsciiToData(const char *string, unsigned int *lenp);
/*
** Convert from ascii to binary encoding of an item.
*/
extern SECStatus ATOB_ConvertAsciiToItem(SECItem *binary_item, char *ascii);
extern SECStatus ATOB_ConvertAsciiToItem(SECItem *binary_item, const char *ascii);
/*
** Convert from binary encoding of an item to ascii.

4
security/nss/lib/util/nssb64d.c
View File

@ -5,7 +5,7 @@
/*
* Base64 decoding (ascii to binary).
*
* $Id: nssb64d.c,v 1.9 2012/04/25 14:50:16 gerv%gerv.net Exp $
* $Id: nssb64d.c,v 1.10 2012/11/27 22:48:09 bsmith%mozilla.com Exp $
*/
#include "nssb64.h"
@ -809,7 +809,7 @@ ATOB_AsciiToData(const char *string, unsigned int *lenp)
** Convert from ascii to binary encoding of an item.
*/
SECStatus
ATOB_ConvertAsciiToItem(SECItem *binary_item, char *ascii)
ATOB_ConvertAsciiToItem(SECItem *binary_item, const char *ascii)
{
SECItem *dummy;

8
security/nss/lib/util/nssutil.h
View File

@ -19,12 +19,12 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
#define NSSUTIL_VERSION "3.14.0.1"
#define NSSUTIL_VERSION "3.14.1.0 Beta"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 14
#define NSSUTIL_VPATCH 0
#define NSSUTIL_VBUILD 1
#define NSSUTIL_BETA PR_FALSE
#define NSSUTIL_VPATCH 1
#define NSSUTIL_VBUILD 0
#define NSSUTIL_BETA PR_TRUE
SEC_BEGIN_PROTOS

5
security/nss/lib/util/secder.h
View File

@ -11,13 +11,10 @@
* secder.h - public data structures and prototypes for the DER encoding and
* decoding utilities library
*
* $Id: secder.h,v 1.16 2012/04/25 14:50:16 gerv%gerv.net Exp $
* $Id: secder.h,v 1.17 2012/11/14 01:14:12 wtc%google.com Exp $
*/
#if defined(_WIN32_WCE)
#else
#include <time.h>
#endif
#include "plarena.h"
#include "prlong.h"

6
security/nss/lib/util/secport.c
View File

@ -9,7 +9,7 @@
*
* NOTE - These are not public interfaces
*
* $Id: secport.c,v 1.30 2012/04/25 14:50:16 gerv%gerv.net Exp $
* $Id: secport.c,v 1.31 2012/11/14 01:14:12 wtc%google.com Exp $
*/
#include "seccomon.h"
@ -633,9 +633,6 @@ PORT_UCS2_ASCIIConversion(PRBool toUnicode, unsigned char *inBuf,
int
NSS_PutEnv(const char * envVarName, const char * envValue)
{
#ifdef _WIN32_WCE
return SECFailure;
#else
SECStatus result = SECSuccess;
char * encoded;
int putEnvFailed;
@ -661,7 +658,6 @@ NSS_PutEnv(const char * envVarName, const char * envValue)
PORT_Free(encoded);
}
return result;
#endif
}
/*

11
security/nss/lib/util/secport.h
View File

@ -5,7 +5,7 @@
/*
* secport.h - portability interfaces for security libraries
*
* $Id: secport.h,v 1.28 2012/04/25 14:50:16 gerv%gerv.net Exp $
* $Id: secport.h,v 1.29 2012/11/14 01:14:12 wtc%google.com Exp $
*/
#ifndef _SECPORT_H_
@ -41,20 +41,11 @@
# endif
#endif
#if defined(_WIN32_WCE)
#include <windef.h>
#include <types.h>
#else
#include <sys/types.h>
#endif
#include <ctype.h>
#include <string.h>
#if defined(_WIN32_WCE)
#include <stdlib.h> /* WinCE puts some stddef symbols here. */
#else
#include <stddef.h>
#endif
#include <stdlib.h>
#include "prtypes.h"
#include "prlog.h" /* for PR_ASSERT */

36
security/nss/lib/util/utilmod.c
View File

@ -18,8 +18,7 @@
#include "prprf.h"
#include "prsystem.h"
#include "pkcs11t.h"
#include "secitem.h"
#include "secport.h"
#include "utilpars.h"
#include "secerr.h"
#if defined (_WIN32)
@ -116,15 +115,19 @@ char *_NSSUTIL_GetOldSecmodName(const char *dbname,const char *filename)
char *sep;
sep = PORT_Strrchr(dirPath,*NSSUTIL_PATH_SEPARATOR);
#ifdef WINDOWS
#ifdef _WIN32
if (!sep) {
/* utilparst.h defines NSSUTIL_PATH_SEPARATOR as "/" for all
* platforms. */
sep = PORT_Strrchr(dirPath,'\\');
}
#endif
if (sep) {
*(sep)=0;
*sep = 0;
file = PR_smprintf("%s"NSSUTIL_PATH_SEPARATOR"%s", dirPath, filename);
} else {
file = PR_smprintf("%s", filename);
}
file= PR_smprintf("%s"NSSUTIL_PATH_SEPARATOR"%s", dirPath, filename);
PORT_Free(dirPath);
return file;
}
@ -138,7 +141,6 @@ static SECStatus nssutil_AddSecmodDB(NSSDBType dbType, const char *appName,
#endif
#include <fcntl.h>
#ifndef WINCE
/* same as fopen, except it doesn't use umask, but explicit */
FILE *
lfopen(const char *name, const char *mode, int flags)
@ -157,7 +159,6 @@ lfopen(const char *name, const char *mode, int flags)
/* file inherits fd */
return file;
}
#endif
#define MAX_LINE_LENGTH 2048
@ -180,14 +181,13 @@ nssutil_ReadSecmodDB(NSSDBType dbType, const char *appName,
char *paramsValue=NULL;
PRBool failed = PR_TRUE;
if (dbname == NULL) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
moduleList = (char **) PORT_ZAlloc(useCount*sizeof(char **));
if (moduleList == NULL) return NULL;
if (dbname == NULL) {
goto return_default;
}
/* do we really want to use streams here */
fd = fopen(dbname, "r");
if (fd == NULL) goto done;
@ -354,7 +354,7 @@ done:
goto bail;
}
/* old one doesn't exist */
/* old one exists */
status = PR_Access(olddbname, PR_ACCESS_EXISTS);
if (status == PR_SUCCESS) {
PR_smprintf_free(olddbname);
@ -367,6 +367,8 @@ bail:
PR_smprintf_free(olddbname);
}
}
return_default:
if (!moduleList[0]) {
char * newParams;
@ -467,11 +469,7 @@ nssutil_DeleteSecmodDB(NSSDBType dbType, const char *appName,
/* do we really want to use streams here */
fd = fopen(dbname, "r");
if (fd == NULL) goto loser;
#ifdef WINCE
fd2 = fopen(dbname2, "w+");
#else
fd2 = lfopen(dbname2, "w+", O_CREAT|O_RDWR|O_TRUNC);
#endif
if (fd2 == NULL) goto loser;
name = NSSUTIL_ArgGetParamValue("name",args);
@ -590,11 +588,7 @@ nssutil_AddSecmodDB(NSSDBType dbType, const char *appName,
(void) nssutil_DeleteSecmodDB(dbType, appName, filename,
dbname, module, rw);
#ifdef WINCE
fd = fopen(dbname, "a+");
#else
fd = lfopen(dbname, "a+", O_CREAT|O_RDWR|O_APPEND);
#endif
if (fd == NULL) {
return SECFailure;
}

12
security/nss/lib/util/utilpars.c
View File

@ -339,7 +339,7 @@ nssutil_escapeQuotes(const char *string, char quote, PRBool addquotes)
size = nssutil_escapeQuotesSize(string, quote, addquotes);
dest = newString = PORT_ZAlloc(size+2);
dest = newString = PORT_ZAlloc(size);
if (newString == NULL) {
return NULL;
}
@ -543,6 +543,8 @@ static struct nssutilArgSlotFlagTable nssutil_argSlotFlagTable[] = {
NSSUTIL_ARG_ENTRY(FORTEZZA,SECMOD_FORTEZZA_FLAG),
NSSUTIL_ARG_ENTRY(RC5,SECMOD_RC5_FLAG),
NSSUTIL_ARG_ENTRY(SHA1,SECMOD_SHA1_FLAG),
NSSUTIL_ARG_ENTRY(SHA256,SECMOD_SHA256_FLAG),
NSSUTIL_ARG_ENTRY(SHA512,SECMOD_SHA512_FLAG),
NSSUTIL_ARG_ENTRY(MD5,SECMOD_MD5_FLAG),
NSSUTIL_ARG_ENTRY(MD2,SECMOD_MD2_FLAG),
NSSUTIL_ARG_ENTRY(SSL,SECMOD_SSL_FLAG),
@ -1062,6 +1064,7 @@ _NSSUTIL_GetSecmodName(char *param, NSSDBType *dbType, char **appName,
char *value = NULL;
char *save_params = param;
const char *lconfigdir;
PRBool noModDB = PR_FALSE;
param = NSSUTIL_ArgStrip(param);
@ -1086,7 +1089,10 @@ _NSSUTIL_GetSecmodName(char *param, NSSDBType *dbType, char **appName,
if (NSSUTIL_ArgHasFlag("flags","noModDB",save_params)) {
/* there isn't a module db, don't load the legacy support */
noModDB = PR_TRUE;
*dbType = NSS_DB_TYPE_SQL;
PORT_Free(*filename);
*filename = NULL;
*rw = PR_FALSE;
}
@ -1096,7 +1102,9 @@ _NSSUTIL_GetSecmodName(char *param, NSSDBType *dbType, char **appName,
secmodName="pkcs11.txt";
}
if (lconfigdir) {
if (noModDB) {
value = NULL;
} else if (lconfigdir && lconfigdir[0] != '\0') {
value = PR_smprintf("%s" NSSUTIL_PATH_SEPARATOR "%s",
lconfigdir,secmodName);
} else {

1
security/nss/lib/util/utilpars.h
View File

@ -6,6 +6,7 @@
#define _UTILPARS_H_ 1
#include "utilparst.h"
#include "plarena.h"
/* handle a module db request */
char ** NSSUTIL_DoModuleDBFunction(unsigned long function,char *parameters, void *args);

32
security/nss/tests/cert/cert.sh
View File

@ -129,6 +129,29 @@ crlu()
return $RET
}
################################ ocspr ##################################
# local shell function to call ocsresp, also: writes action and options to
# stdout, sets variable RET and writes results to the html file results
#########################################################################
ocspr()
{
echo "$SCRIPTNAME: ${OR_ACTION} --------------------------"
OCSPRESP="ocspresp"
echo "$OCSPRESP $*"
${PROFTOOL} ${BINDIR}/$OCSPRESP $*
RET=$?
if [ "$RET" -ne 0 ]; then
OCSPFAILED=$RET
html_failed "${OR_ACTION} ($RET) "
cert_log "ERROR: ${OR_ACTION} failed $RET"
else
html_passed "${OR_ACTION}"
fi
return $RET
}
modu()
{
echo "$SCRIPTNAME: ${CU_ACTION} --------------------------"
@ -1435,6 +1458,14 @@ cert_test_distrust()
RETEXPECTED=0
}
cert_test_ocspresp()
{
echo "$SCRIPTNAME: OCSP response creation selftest"
OR_ACTION="perform selftest"
RETEXPECTED=0
ocspr ${SERVER_CADIR} "serverCA" "chain-1-serverCA" -f "${R_PWFILE}" 2>&1
}
############################## cert_cleanup ############################
# local shell function to finish this script (no exit since it might be
# sourced)
@ -1459,6 +1490,7 @@ cert_eccurves
cert_extensions
cert_test_password
cert_test_distrust
cert_test_ocspresp
if [ -z "$NSS_TEST_DISABLE_CRL" ] ; then
cert_crl_ssl

3
security/nss/tests/chains/chains.sh
View File

@ -178,7 +178,8 @@ chains_init()
CU_DATA=${HOSTDIR}/cu_data
CRL_DATA=${HOSTDIR}/crl_data
NSS_AIA_PORT=${NSS_AIA_PORT-8641}
DEFAULT_AIA_BASE_PORT=$(expr ${PORT:-8631} + 10)
NSS_AIA_PORT=${NSS_AIA_PORT:-$DEFAULT_AIA_BASE_PORT}
NSS_AIA_HTTP=${NSS_AIA_HTTP:-"http://${HOSTADDR}:${NSS_AIA_PORT}"}
NSS_AIA_PATH=${NSS_AIA_PATH:-$HOSTDIR/aiahttp}