diff --git a/dbm/.cvsignore b/dbm/.cvsignore deleted file mode 100644 index f3c7a7c5da..0000000000 --- a/dbm/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -Makefile diff --git a/dbm/Makefile.in b/dbm/Makefile.in deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/dbm/include/.cvsignore b/dbm/include/.cvsignore deleted file mode 100644 index f3c7a7c5da..0000000000 --- a/dbm/include/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -Makefile diff --git a/dbm/include/Makefile.in b/dbm/include/Makefile.in deleted file mode 100644 index 343a08807c..0000000000 --- a/dbm/include/Makefile.in +++ /dev/null @@ -1,71 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is mozilla.org code. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1998 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -DEPTH = ../.. -topsrcdir = @top_srcdir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -include $(DEPTH)/config/autoconf.mk - -MODULE = dbm - -EXPORTS = \ - nsres.h \ - cdefs.h \ - mcom_db.h \ - ncompat.h \ - winfile.h \ - $(NULL) - -EXPORTS := $(addprefix $(srcdir)/, $(EXPORTS)) - -PRIVATE_EXPORTS = \ - hsearch.h \ - page.h \ - extern.h \ - ndbm.h \ - queue.h \ - hash.h \ - mpool.h \ - search.h \ - $(NULL) - -PRIVATE_EXPORTS := $(addprefix $(srcdir)/, $(PRIVATE_EXPORTS)) - -include $(topsrcdir)/config/rules.mk - diff --git a/dbm/include/Makefile.win b/dbm/include/Makefile.win deleted file mode 100644 index df31e52737..0000000000 --- a/dbm/include/Makefile.win +++ /dev/null @@ -1,77 +0,0 @@ -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is mozilla.org code. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1998 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - - -#//------------------------------------------------------------------------ -#// -#// Makefile to build the cert library -#// -#//------------------------------------------------------------------------ - -!if "$(MOZ_BITS)" == "16" -!ifndef MOZ_DEBUG -OPTIMIZER=-Os -UDEBUG -DNDEBUG -!endif -!endif - -#//------------------------------------------------------------------------ -#// -#// Specify the depth of the current directory relative to the -#// root of NS -#// -#//------------------------------------------------------------------------ -DEPTH= ..\.. - -!ifndef MAKE_OBJ_TYPE -MAKE_OBJ_TYPE=EXE -!endif - -#//------------------------------------------------------------------------ -#// -#// install headers -#// -#//------------------------------------------------------------------------ -EXPORTS=nsres.h cdefs.h mcom_db.h ncompat.h winfile.h - -#//------------------------------------------------------------------------ -#// -#// Include the common makefile rules -#// -#//------------------------------------------------------------------------ -include <$(DEPTH)/config/rules.mak> - -CFLAGS = $(CFLAGS) -DMOZILLA_CLIENT - diff --git a/dbm/include/cdefs.h b/dbm/include/cdefs.h deleted file mode 100644 index 6df5a80e37..0000000000 --- a/dbm/include/cdefs.h +++ /dev/null @@ -1,126 +0,0 @@ -/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Berkeley Software Design, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)cdefs.h 8.7 (Berkeley) 1/21/94 - */ - -#ifndef _CDEFS_H_ -#define _CDEFS_H_ - -#if defined(__cplusplus) -#define __BEGIN_DECLS extern "C" { -#define __END_DECLS } -#else -#define __BEGIN_DECLS -#define __END_DECLS -#endif - -/* - * The __CONCAT macro is used to concatenate parts of symbol names, e.g. - * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo. - * The __CONCAT macro is a bit tricky -- make sure you don't put spaces - * in between its arguments. __CONCAT can also concatenate double-quoted - * strings produced by the __STRING macro, but this only works with ANSI C. - */ -#if defined(__STDC__) || defined(__cplusplus) || defined(_WINDOWS) || defined(XP_OS2) -#define __P(protos) protos /* full-blown ANSI C */ -#define __CONCAT(x,y) x ## y -#define __STRING(x) #x - -/* On HP-UX 11.00, defines __const. */ -#ifndef __const -#define __const const /* define reserved names to standard */ -#endif /* __const */ -#define __signed signed -#define __volatile volatile -#ifndef _WINDOWS -#if defined(__cplusplus) -#define __inline inline /* convert to C++ keyword */ -#else -#if !defined(__GNUC__) && !defined(__MWERKS__) -#define __inline /* delete GCC keyword */ -#endif /* !__GNUC__ */ -#endif /* !__cplusplus */ -#endif /* !_WINDOWS */ - -#else /* !(__STDC__ || __cplusplus) */ -#define __P(protos) () /* traditional C preprocessor */ -#define __CONCAT(x,y) x/**/y -#define __STRING(x) "x" - -#ifndef __GNUC__ -#define __const /* delete pseudo-ANSI C keywords */ -#define __inline -#define __signed -#define __volatile -/* - * In non-ANSI C environments, new programs will want ANSI-only C keywords - * deleted from the program and old programs will want them left alone. - * When using a compiler other than gcc, programs using the ANSI C keywords - * const, inline etc. as normal identifiers should define -DNO_ANSI_KEYWORDS. - * When using "gcc -traditional", we assume that this is the intent; if - * __GNUC__ is defined but __STDC__ is not, we leave the new keywords alone. - */ -#ifndef NO_ANSI_KEYWORDS -#define const /* delete ANSI C keywords */ -#define inline -#define signed -#define volatile -#endif -#endif /* !__GNUC__ */ -#endif /* !(__STDC__ || __cplusplus) */ - -/* - * GCC1 and some versions of GCC2 declare dead (non-returning) and - * pure (no side effects) functions using "volatile" and "const"; - * unfortunately, these then cause warnings under "-ansi -pedantic". - * GCC2 uses a new, peculiar __attribute__((attrs)) style. All of - * these work for GNU C++ (modulo a slight glitch in the C++ grammar - * in the distribution version of 2.5.5). - */ -#if !defined(__GNUC__) || __GNUC__ < 2 || __GNUC_MINOR__ < 5 -#define __attribute__(x) /* delete __attribute__ if non-gcc or gcc1 */ -#if defined(__GNUC__) && !defined(__STRICT_ANSI__) -#define __dead __volatile -#define __pure __const -#endif -#endif - -/* Delete pseudo-keywords wherever they are not available or needed. */ -#ifndef __dead -#define __dead -#define __pure -#endif - -#endif /* !_CDEFS_H_ */ diff --git a/dbm/include/extern.h b/dbm/include/extern.h deleted file mode 100644 index cbc99222b3..0000000000 --- a/dbm/include/extern.h +++ /dev/null @@ -1,63 +0,0 @@ -/*- - * Copyright (c) 1991, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)extern.h 8.4 (Berkeley) 6/16/94 - */ - -BUFHEAD *__add_ovflpage (HTAB *, BUFHEAD *); -int __addel (HTAB *, BUFHEAD *, const DBT *, const DBT *); -int __big_delete (HTAB *, BUFHEAD *); -int __big_insert (HTAB *, BUFHEAD *, const DBT *, const DBT *); -int __big_keydata (HTAB *, BUFHEAD *, DBT *, DBT *, int); -int __big_return (HTAB *, BUFHEAD *, int, DBT *, int); -int __big_split (HTAB *, BUFHEAD *, BUFHEAD *, BUFHEAD *, - uint32, uint32, SPLIT_RETURN *); -int __buf_free (HTAB *, int, int); -void __buf_init (HTAB *, int); -uint32 __call_hash (HTAB *, char *, size_t); -int __delpair (HTAB *, BUFHEAD *, int); -int __expand_table (HTAB *); -int __find_bigpair (HTAB *, BUFHEAD *, int, char *, int); -uint16 __find_last_page (HTAB *, BUFHEAD **); -void __free_ovflpage (HTAB *, BUFHEAD *); -BUFHEAD *__get_buf (HTAB *, uint32, BUFHEAD *, int); -int __get_page (HTAB *, char *, uint32, int, int, int); -int __ibitmap (HTAB *, int, int, int); -uint32 __log2 (uint32); -int __put_page (HTAB *, char *, uint32, int, int); -void __reclaim_buf (HTAB *, BUFHEAD *); -int __split_page (HTAB *, uint32, uint32); - -/* Default hash routine. */ -extern uint32 (*__default_hash) (const void *, size_t); - -#ifdef HASH_STATISTICS -extern int hash_accesses, hash_collisions, hash_expansions, hash_overflows; -#endif diff --git a/dbm/include/hash.h b/dbm/include/hash.h deleted file mode 100644 index 20307b5c55..0000000000 --- a/dbm/include/hash.h +++ /dev/null @@ -1,335 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)hash.h 8.3 (Berkeley) 5/31/94 - */ - -/* Operations */ - -#include -#include "mcom_db.h" -typedef enum { - HASH_GET, HASH_PUT, HASH_PUTNEW, HASH_DELETE, HASH_FIRST, HASH_NEXT -} ACTION; - -/* Buffer Management structures */ -typedef struct _bufhead BUFHEAD; - -struct _bufhead { - BUFHEAD *prev; /* LRU links */ - BUFHEAD *next; /* LRU links */ - BUFHEAD *ovfl; /* Overflow page buffer header */ - uint32 addr; /* Address of this page */ - char *page; /* Actual page data */ - char is_disk; - char flags; -#define BUF_MOD 0x0001 -#define BUF_DISK 0x0002 -#define BUF_BUCKET 0x0004 -#define BUF_PIN 0x0008 -}; - -#define IS_BUCKET(X) ((X) & BUF_BUCKET) - -typedef BUFHEAD **SEGMENT; - -typedef int DBFILE_PTR; -#define NO_FILE -1 -#ifdef macintosh -#define DBFILE_OPEN(path, flag,mode) open((path), flag) -#define EXISTS(path) -#else -#define DBFILE_OPEN(path, flag,mode) open((path), (flag), (mode)) -#endif -/* Hash Table Information */ -typedef struct hashhdr { /* Disk resident portion */ - int32 magic; /* Magic NO for hash tables */ - int32 version; /* Version ID */ - uint32 lorder; /* Byte Order */ - int32 bsize; /* Bucket/Page Size */ - int32 bshift; /* Bucket shift */ - int32 dsize; /* Directory Size */ - int32 ssize; /* Segment Size */ - int32 sshift; /* Segment shift */ - int32 ovfl_point; /* Where overflow pages are being - * allocated */ - int32 last_freed; /* Last overflow page freed */ - int32 max_bucket; /* ID of Maximum bucket in use */ - int32 high_mask; /* Mask to modulo into entire table */ - int32 low_mask; /* Mask to modulo into lower half of - * table */ - int32 ffactor; /* Fill factor */ - int32 nkeys; /* Number of keys in hash table */ - int32 hdrpages; /* Size of table header */ - uint32 h_charkey; /* value of hash(CHARKEY) */ -#define NCACHED 32 /* number of bit maps and spare - * points */ - int32 spares[NCACHED];/* spare pages for overflow */ - uint16 bitmaps[NCACHED]; /* address of overflow page - * bitmaps */ -} HASHHDR; - -typedef struct htab { /* Memory resident data structure */ - HASHHDR hdr; /* Header */ - int nsegs; /* Number of allocated segments */ - int exsegs; /* Number of extra allocated - * segments */ - uint32 /* Hash function */ - (*hash)(const void *, size_t); - int flags; /* Flag values */ - DBFILE_PTR fp; /* File pointer */ - char *filename; - char *tmp_buf; /* Temporary Buffer for BIG data */ - char *tmp_key; /* Temporary Buffer for BIG keys */ - BUFHEAD *cpage; /* Current page */ - int cbucket; /* Current bucket */ - int cndx; /* Index of next item on cpage */ - int dbmerrno; /* Error Number -- for DBM - * compatability */ - int new_file; /* Indicates if fd is backing store - * or no */ - int save_file; /* Indicates whether we need to flush - * file at - * exit */ - uint32 *mapp[NCACHED]; /* Pointers to page maps */ - int nmaps; /* Initial number of bitmaps */ - int nbufs; /* Number of buffers left to - * allocate */ - BUFHEAD bufhead; /* Header of buffer lru list */ - SEGMENT *dir; /* Hash Bucket directory */ - off_t file_size; /* in bytes */ - char is_temp; /* unlink file on close */ - char updateEOF; /* force EOF update on flush */ -} HTAB; - -/* - * Constants - */ -#define DATABASE_CORRUPTED_ERROR -999 /* big ugly abort, delete database */ -#define OLD_MAX_BSIZE 65536 /* 2^16 */ -#define MAX_BSIZE 32l*1024l /* 2^15 */ -#define MIN_BUFFERS 6 -#define MINHDRSIZE 512 -#define DEF_BUFSIZE 65536l /* 64 K */ -#define DEF_BUCKET_SIZE 4096 -#define DEF_BUCKET_SHIFT 12 /* log2(BUCKET) */ -#define DEF_SEGSIZE 256 -#define DEF_SEGSIZE_SHIFT 8 /* log2(SEGSIZE) */ -#define DEF_DIRSIZE 256 -#define DEF_FFACTOR 65536l -#define MIN_FFACTOR 4 -#define SPLTMAX 8 -#define CHARKEY "%$sniglet^&" -#define NUMKEY 1038583l -#define BYTE_SHIFT 3 -#define INT_TO_BYTE 2 -#define INT_BYTE_SHIFT 5 -#define ALL_SET ((uint32)0xFFFFFFFF) -#define ALL_CLEAR 0 - -#define PTROF(X) ((ptrdiff_t)(X) == BUF_DISK ? 0 : (X)) -#define ISDISK(X) ((X) ? ((ptrdiff_t)(X) == BUF_DISK ? BUF_DISK \ - : (X)->is_disk) : 0) - -#define BITS_PER_MAP 32 - -/* Given the address of the beginning of a big map, clear/set the nth bit */ -#define CLRBIT(A, N) ((A)[(N)/BITS_PER_MAP] &= ~(1<<((N)%BITS_PER_MAP))) -#define SETBIT(A, N) ((A)[(N)/BITS_PER_MAP] |= (1<<((N)%BITS_PER_MAP))) -#define ISSET(A, N) ((A)[(N)/BITS_PER_MAP] & (1<<((N)%BITS_PER_MAP))) - -/* Overflow management */ -/* - * Overflow page numbers are allocated per split point. At each doubling of - * the table, we can allocate extra pages. So, an overflow page number has - * the top 5 bits indicate which split point and the lower 11 bits indicate - * which page at that split point is indicated (pages within split points are - * numberered starting with 1). - */ - -#define SPLITSHIFT 11 -#define SPLITMASK 0x7FF -#define SPLITNUM(N) (((uint32)(N)) >> SPLITSHIFT) -#define OPAGENUM(N) ((N) & SPLITMASK) -#define OADDR_OF(S,O) ((uint32)((uint32)(S) << SPLITSHIFT) + (O)) - -#define BUCKET_TO_PAGE(B) \ - (B) + hashp->HDRPAGES + ((B) ? hashp->SPARES[__log2((uint32)((B)+1))-1] : 0) -#define OADDR_TO_PAGE(B) \ - BUCKET_TO_PAGE ( (1 << SPLITNUM((B))) -1 ) + OPAGENUM((B)); - -/* - * page.h contains a detailed description of the page format. - * - * Normally, keys and data are accessed from offset tables in the top of - * each page which point to the beginning of the key and data. There are - * four flag values which may be stored in these offset tables which indicate - * the following: - * - * - * OVFLPAGE Rather than a key data pair, this pair contains - * the address of an overflow page. The format of - * the pair is: - * OVERFLOW_PAGE_NUMBER OVFLPAGE - * - * PARTIAL_KEY This must be the first key/data pair on a page - * and implies that page contains only a partial key. - * That is, the key is too big to fit on a single page - * so it starts on this page and continues on the next. - * The format of the page is: - * KEY_OFF PARTIAL_KEY OVFL_PAGENO OVFLPAGE - * - * KEY_OFF -- offset of the beginning of the key - * PARTIAL_KEY -- 1 - * OVFL_PAGENO - page number of the next overflow page - * OVFLPAGE -- 0 - * - * FULL_KEY This must be the first key/data pair on the page. It - * is used in two cases. - * - * Case 1: - * There is a complete key on the page but no data - * (because it wouldn't fit). The next page contains - * the data. - * - * Page format it: - * KEY_OFF FULL_KEY OVFL_PAGENO OVFL_PAGE - * - * KEY_OFF -- offset of the beginning of the key - * FULL_KEY -- 2 - * OVFL_PAGENO - page number of the next overflow page - * OVFLPAGE -- 0 - * - * Case 2: - * This page contains no key, but part of a large - * data field, which is continued on the next page. - * - * Page format it: - * DATA_OFF FULL_KEY OVFL_PAGENO OVFL_PAGE - * - * KEY_OFF -- offset of the beginning of the data on - * this page - * FULL_KEY -- 2 - * OVFL_PAGENO - page number of the next overflow page - * OVFLPAGE -- 0 - * - * FULL_KEY_DATA - * This must be the first key/data pair on the page. - * There are two cases: - * - * Case 1: - * This page contains a key and the beginning of the - * data field, but the data field is continued on the - * next page. - * - * Page format is: - * KEY_OFF FULL_KEY_DATA OVFL_PAGENO DATA_OFF - * - * KEY_OFF -- offset of the beginning of the key - * FULL_KEY_DATA -- 3 - * OVFL_PAGENO - page number of the next overflow page - * DATA_OFF -- offset of the beginning of the data - * - * Case 2: - * This page contains the last page of a big data pair. - * There is no key, only the tail end of the data - * on this page. - * - * Page format is: - * DATA_OFF FULL_KEY_DATA - * - * DATA_OFF -- offset of the beginning of the data on - * this page - * FULL_KEY_DATA -- 3 - * OVFL_PAGENO - page number of the next overflow page - * OVFLPAGE -- 0 - * - * OVFL_PAGENO and OVFLPAGE are optional (they are - * not present if there is no next page). - */ - -#define OVFLPAGE 0 -#define PARTIAL_KEY 1 -#define FULL_KEY 2 -#define FULL_KEY_DATA 3 -#define REAL_KEY 4 - -/* Short hands for accessing structure */ -#undef BSIZE -#define BSIZE hdr.bsize -#undef BSHIFT -#define BSHIFT hdr.bshift -#define DSIZE hdr.dsize -#define SGSIZE hdr.ssize -#define SSHIFT hdr.sshift -#define LORDER hdr.lorder -#define OVFL_POINT hdr.ovfl_point -#define LAST_FREED hdr.last_freed -#define MAX_BUCKET hdr.max_bucket -#define FFACTOR hdr.ffactor -#define HIGH_MASK hdr.high_mask -#define LOW_MASK hdr.low_mask -#define NKEYS hdr.nkeys -#define HDRPAGES hdr.hdrpages -#define SPARES hdr.spares -#define BITMAPS hdr.bitmaps -#define VERSION hdr.version -#define MAGIC hdr.magic -#define NEXT_FREE hdr.next_free -#define H_CHARKEY hdr.h_charkey - -extern uint32 (*__default_hash) (const void *, size_t); -void __buf_init(HTAB *hashp, int32 nbytes); -int __big_delete(HTAB *hashp, BUFHEAD *bufp); -BUFHEAD * __get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage); -uint32 __call_hash(HTAB *hashp, char *k, size_t len); -#include "page.h" -extern int __big_split(HTAB *hashp, BUFHEAD *op,BUFHEAD *np, -BUFHEAD *big_keyp,uint32 addr,uint32 obucket, SPLIT_RETURN *ret); -void __free_ovflpage(HTAB *hashp, BUFHEAD *obufp); -BUFHEAD * __add_ovflpage(HTAB *hashp, BUFHEAD *bufp); -int __big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val); -int __expand_table(HTAB *hashp); -uint32 __log2(uint32 num); -void __reclaim_buf(HTAB *hashp, BUFHEAD *bp); -int __get_page(HTAB *hashp, char * p, uint32 bucket, int is_bucket, int is_disk, int is_bitmap); -int __put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap); -int __ibitmap(HTAB *hashp, int pnum, int nbits, int ndx); -int __buf_free(HTAB *hashp, int do_free, int to_disk); -int __find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size); -uint16 __find_last_page(HTAB *hashp, BUFHEAD **bpp); -int __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT * val); -int __big_return(HTAB *hashp, BUFHEAD *bufp, int ndx, DBT *val, int set_current); -int __delpair(HTAB *hashp, BUFHEAD *bufp, int ndx); -int __big_keydata(HTAB *hashp, BUFHEAD *bufp, DBT *key, DBT *val, int set); -int __split_page(HTAB *hashp, uint32 obucket, uint32 nbucket); diff --git a/dbm/include/hsearch.h b/dbm/include/hsearch.h deleted file mode 100644 index ae1df1caaa..0000000000 --- a/dbm/include/hsearch.h +++ /dev/null @@ -1,49 +0,0 @@ -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)search.h 8.1 (Berkeley) 6/4/93 - */ - -/* Backward compatibility to hsearch interface. */ -typedef struct entry { - char *key; - char *data; -} ENTRY; - -typedef enum { - FIND, ENTER -} ACTION; - -int hcreate (unsigned int); -void hdestroy (void); -ENTRY *hsearch (ENTRY, ACTION); diff --git a/dbm/include/mcom_db.h b/dbm/include/mcom_db.h deleted file mode 100644 index 629cb0f715..0000000000 --- a/dbm/include/mcom_db.h +++ /dev/null @@ -1,413 +0,0 @@ -/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)db.h 8.7 (Berkeley) 6/16/94 - */ - -#ifndef _DB_H_ -#define _DB_H_ - - -#ifdef WINCE -#define off_t long -#endif - -#ifndef macintosh -#include -#endif -#include "prtypes.h" - -#include - -#ifdef __DBINTERFACE_PRIVATE - -#ifdef HAVE_SYS_CDEFS_H -#include -#else -#include "cdefs.h" -#endif - -#ifdef HAVE_SYS_BYTEORDER_H -#include -#endif - -#if defined(__linux) || defined(__BEOS__) -#include -#ifndef BYTE_ORDER -#define BYTE_ORDER __BYTE_ORDER -#define BIG_ENDIAN __BIG_ENDIAN -#define LITTLE_ENDIAN __LITTLE_ENDIAN -#endif -#endif /* __linux */ - -#ifdef __sgi -#define BYTE_ORDER BIG_ENDIAN -#define BIG_ENDIAN 4321 -#define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */ -#endif - -#ifdef __sun -#define BIG_ENDIAN 4321 -#define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */ - -#ifndef __SVR4 -/* compat.h is only in 4.1.3 machines. - dp */ -#include -#endif - -/* XXX - dp - * Need to find a general way of defining endian-ness in SunOS 5.3 - * SunOS 5.4 defines _BIG_ENDIAN and _LITTLE_ENDIAN - * SunOS 5.3 does nothing like this. - */ - -#ifndef BYTE_ORDER - -#if defined(_BIG_ENDIAN) -#define BYTE_ORDER BIG_ENDIAN -#elif defined(_LITTLE_ENDIAN) -#define BYTE_ORDER LITTLE_ENDIAN -#elif !defined(__SVR4) -/* 4.1.3 is always BIG_ENDIAN as it was released only on sparc platforms. */ -#define BYTE_ORDER BIG_ENDIAN -#elif !defined(vax) && !defined(ntohl) && !defined(lint) && !defined(i386) -/* 5.3 big endian. Copied this above line from sys/byteorder.h */ -/* Now we are in a 5.3 SunOS rather non 5.4 or above SunOS */ -#define BYTE_ORDER BIG_ENDIAN -#else -#define BYTE_ORDER LITTLE_ENDIAN -#endif - -#endif /* !BYTE_ORDER */ -#endif /* __sun */ - -#if defined(__hpux) || defined(__hppa) -#define BYTE_ORDER BIG_ENDIAN -#define BIG_ENDIAN 4321 -#define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */ -#endif - -#if defined(AIXV3) || defined(AIX) -/* BYTE_ORDER, LITTLE_ENDIAN, BIG_ENDIAN are all defined here */ -#include -#endif - -/* Digital Unix */ -#ifdef __osf__ -#include -#endif - -#ifdef __alpha -#ifndef WIN32 -#else -/* Alpha NT */ -#define BYTE_ORDER LITTLE_ENDIAN -#define BIG_ENDIAN 4321 -#define LITTLE_ENDIAN 1234 -#endif -#endif - -#ifdef NCR -#include -#endif - -#ifdef __QNX__ -#ifdef __QNXNTO__ -#include -#else -#define LITTLE_ENDIAN 1234 -#define BIG_ENDIAN 4321 -#define BYTE_ORDER LITTLE_ENDIAN -#endif -#endif - -#ifdef SNI -/* #include */ -#define BYTE_ORDER BIG_ENDIAN -#define BIG_ENDIAN 4321 -#define LITTLE_ENDIAN 1234 -#endif - -#ifdef _WINDOWS -#ifdef BYTE_ORDER -#undef BYTE_ORDER -#endif - -#define BYTE_ORDER LITTLE_ENDIAN -#define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */ -#define BIG_ENDIAN 4321 -#endif - -#ifdef macintosh -#define BIG_ENDIAN 4321 -#define LITTLE_ENDIAN 1234 -#define BYTE_ORDER BIG_ENDIAN -#endif - -#endif /* __DBINTERFACE_PRIVATE */ - -#ifdef SCO -#define MAXPATHLEN 1024 -#endif - -#include - -#if defined(_WINDOWS) || defined(XP_OS2) -#include -#include - -#ifndef XP_OS2 -#define MAXPATHLEN 1024 -#endif - -#define EFTYPE EINVAL /* POSIX 1003.1 format errno. */ - -#ifndef STDERR_FILENO -#define STDIN_FILENO 0 /* ANSI C #defines */ -#define STDOUT_FILENO 1 -#define STDERR_FILENO 2 -#endif - -#ifndef O_ACCMODE /* POSIX 1003.1 access mode mask. */ -#define O_ACCMODE (O_RDONLY|O_WRONLY|O_RDWR) -#endif -#endif - -#ifdef macintosh -#include -#include "xp_mcom.h" -#define O_ACCMODE 3 /* Mask for file access modes */ -#define EFTYPE 2000 -PR_BEGIN_EXTERN_C -int mkstemp(const char *path); -PR_END_EXTERN_C -#endif /* MACINTOSH */ - -#if !defined(_WINDOWS) && !defined(macintosh) -#include -#include -#endif - -/* define EFTYPE since most don't */ -#ifndef EFTYPE -#define EFTYPE EINVAL /* POSIX 1003.1 format errno. */ -#endif - -#define RET_ERROR -1 /* Return values. */ -#define RET_SUCCESS 0 -#define RET_SPECIAL 1 - -#define MAX_PAGE_NUMBER 0xffffffff /* >= # of pages in a file */ - -#ifndef __sgi -typedef uint32 pgno_t; -#endif - -#define MAX_PAGE_OFFSET 65535 /* >= # of bytes in a page */ -typedef uint16 indx_t; -#define MAX_REC_NUMBER 0xffffffff /* >= # of records in a tree */ -typedef uint32 recno_t; - -/* Key/data structure -- a Data-Base Thang. */ -typedef struct { - void *data; /* data */ - size_t size; /* data length */ -} DBT; - -/* Routine flags. */ -#define R_CURSOR 1 /* del, put, seq */ -#define __R_UNUSED 2 /* UNUSED */ -#define R_FIRST 3 /* seq */ -#define R_IAFTER 4 /* put (RECNO) */ -#define R_IBEFORE 5 /* put (RECNO) */ -#define R_LAST 6 /* seq (BTREE, RECNO) */ -#define R_NEXT 7 /* seq */ -#define R_NOOVERWRITE 8 /* put */ -#define R_PREV 9 /* seq (BTREE, RECNO) */ -#define R_SETCURSOR 10 /* put (RECNO) */ -#define R_RECNOSYNC 11 /* sync (RECNO) */ - -typedef enum { DB_BTREE, DB_HASH, DB_RECNO } DBTYPE; - -typedef enum { LockOutDatabase, UnlockDatabase } DBLockFlagEnum; - -/* - * !!! - * The following flags are included in the dbopen(3) call as part of the - * open(2) flags. In order to avoid conflicts with the open flags, start - * at the top of the 16 or 32-bit number space and work our way down. If - * the open flags were significantly expanded in the future, it could be - * a problem. Wish I'd left another flags word in the dbopen call. - * - * !!! - * None of this stuff is implemented yet. The only reason that it's here - * is so that the access methods can skip copying the key/data pair when - * the DB_LOCK flag isn't set. - */ -#if UINT_MAX > 65535 -#define DB_LOCK 0x20000000 /* Do locking. */ -#define DB_SHMEM 0x40000000 /* Use shared memory. */ -#define DB_TXN 0x80000000 /* Do transactions. */ -#else -#define DB_LOCK 0x2000 /* Do locking. */ -#define DB_SHMEM 0x4000 /* Use shared memory. */ -#define DB_TXN 0x8000 /* Do transactions. */ -#endif - -/* Access method description structure. */ -typedef struct __db { - DBTYPE type; /* Underlying db type. */ - int (*close) (struct __db *); - int (*del) (const struct __db *, const DBT *, uint); - int (*get) (const struct __db *, const DBT *, DBT *, uint); - int (*put) (const struct __db *, DBT *, const DBT *, uint); - int (*seq) (const struct __db *, DBT *, DBT *, uint); - int (*sync) (const struct __db *, uint); - void *internal; /* Access method private. */ - int (*fd) (const struct __db *); -} DB; - -#define BTREEMAGIC 0x053162 -#define BTREEVERSION 3 - -/* Structure used to pass parameters to the btree routines. */ -typedef struct { -#define R_DUP 0x01 /* duplicate keys */ - uint32 flags; - uint cachesize; /* bytes to cache */ - int maxkeypage; /* maximum keys per page */ - int minkeypage; /* minimum keys per page */ - uint psize; /* page size */ - int (*compare) /* comparison function */ - (const DBT *, const DBT *); - size_t (*prefix) /* prefix function */ - (const DBT *, const DBT *); - int lorder; /* byte order */ -} BTREEINFO; - -#define HASHMAGIC 0x061561 -#define HASHVERSION 2 - -/* Structure used to pass parameters to the hashing routines. */ -typedef struct { - uint bsize; /* bucket size */ - uint ffactor; /* fill factor */ - uint nelem; /* number of elements */ - uint cachesize; /* bytes to cache */ - uint32 /* hash function */ - (*hash) (const void *, size_t); - int lorder; /* byte order */ -} HASHINFO; - -/* Structure used to pass parameters to the record routines. */ -typedef struct { -#define R_FIXEDLEN 0x01 /* fixed-length records */ -#define R_NOKEY 0x02 /* key not required */ -#define R_SNAPSHOT 0x04 /* snapshot the input */ - uint32 flags; - uint cachesize; /* bytes to cache */ - uint psize; /* page size */ - int lorder; /* byte order */ - size_t reclen; /* record length (fixed-length records) */ - uint8 bval; /* delimiting byte (variable-length records */ - char *bfname; /* btree file name */ -} RECNOINFO; - -#ifdef __DBINTERFACE_PRIVATE -/* - * Little endian <==> big endian 32-bit swap macros. - * M_32_SWAP swap a memory location - * P_32_SWAP swap a referenced memory location - * P_32_COPY swap from one location to another - */ -#define M_32_SWAP(a) { \ - uint32 _tmp = a; \ - ((char *)&a)[0] = ((char *)&_tmp)[3]; \ - ((char *)&a)[1] = ((char *)&_tmp)[2]; \ - ((char *)&a)[2] = ((char *)&_tmp)[1]; \ - ((char *)&a)[3] = ((char *)&_tmp)[0]; \ -} -#define P_32_SWAP(a) { \ - uint32 _tmp = *(uint32 *)a; \ - ((char *)a)[0] = ((char *)&_tmp)[3]; \ - ((char *)a)[1] = ((char *)&_tmp)[2]; \ - ((char *)a)[2] = ((char *)&_tmp)[1]; \ - ((char *)a)[3] = ((char *)&_tmp)[0]; \ -} -#define P_32_COPY(a, b) { \ - ((char *)&(b))[0] = ((char *)&(a))[3]; \ - ((char *)&(b))[1] = ((char *)&(a))[2]; \ - ((char *)&(b))[2] = ((char *)&(a))[1]; \ - ((char *)&(b))[3] = ((char *)&(a))[0]; \ -} - -/* - * Little endian <==> big endian 16-bit swap macros. - * M_16_SWAP swap a memory location - * P_16_SWAP swap a referenced memory location - * P_16_COPY swap from one location to another - */ -#define M_16_SWAP(a) { \ - uint16 _tmp = a; \ - ((char *)&a)[0] = ((char *)&_tmp)[1]; \ - ((char *)&a)[1] = ((char *)&_tmp)[0]; \ -} -#define P_16_SWAP(a) { \ - uint16 _tmp = *(uint16 *)a; \ - ((char *)a)[0] = ((char *)&_tmp)[1]; \ - ((char *)a)[1] = ((char *)&_tmp)[0]; \ -} -#define P_16_COPY(a, b) { \ - ((char *)&(b))[0] = ((char *)&(a))[1]; \ - ((char *)&(b))[1] = ((char *)&(a))[0]; \ -} -#endif - -PR_BEGIN_EXTERN_C - -extern DB * -dbopen (const char *, int, int, DBTYPE, const void *); - -/* set or unset a global lock flag to disable the - * opening of any DBM file - */ -void dbSetOrClearDBLock(DBLockFlagEnum type); - -#ifdef __DBINTERFACE_PRIVATE -DB *__bt_open (const char *, int, int, const BTREEINFO *, int); -DB *__hash_open (const char *, int, int, const HASHINFO *, int); -DB *__rec_open (const char *, int, int, const RECNOINFO *, int); -void __dbpanic (DB *dbp); -#endif - -PR_END_EXTERN_C - -#endif /* !_DB_H_ */ diff --git a/dbm/include/mpool.h b/dbm/include/mpool.h deleted file mode 100644 index 0483d243e4..0000000000 --- a/dbm/include/mpool.h +++ /dev/null @@ -1,97 +0,0 @@ -/*- - * Copyright (c) 1991, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)mpool.h 8.2 (Berkeley) 7/14/94 - */ - -#include - -/* - * The memory pool scheme is a simple one. Each in-memory page is referenced - * by a bucket which is threaded in up to two of three ways. All active pages - * are threaded on a hash chain (hashed by page number) and an lru chain. - * Inactive pages are threaded on a free chain. Each reference to a memory - * pool is handed an opaque MPOOL cookie which stores all of this information. - */ -#define HASHSIZE 128 -#define HASHKEY(pgno) ((pgno - 1) % HASHSIZE) - -/* The BKT structures are the elements of the queues. */ -typedef struct _bkt { - CIRCLEQ_ENTRY(_bkt) hq; /* hash queue */ - CIRCLEQ_ENTRY(_bkt) q; /* lru queue */ - void *page; /* page */ - pgno_t pgno; /* page number */ - -#define MPOOL_DIRTY 0x01 /* page needs to be written */ -#define MPOOL_PINNED 0x02 /* page is pinned into memory */ - uint8 flags; /* flags */ -} BKT; - -typedef struct MPOOL { - CIRCLEQ_HEAD(_lqh, _bkt) lqh; /* lru queue head */ - /* hash queue array */ - CIRCLEQ_HEAD(_hqh, _bkt) hqh[HASHSIZE]; - pgno_t curcache; /* current number of cached pages */ - pgno_t maxcache; /* max number of cached pages */ - pgno_t npages; /* number of pages in the file */ - uint32 pagesize; /* file page size */ - int fd; /* file descriptor */ - /* page in conversion routine */ - void (*pgin) (void *, pgno_t, void *); - /* page out conversion routine */ - void (*pgout) (void *, pgno_t, void *); - void *pgcookie; /* cookie for page in/out routines */ -#ifdef STATISTICS - uint32 cachehit; - uint32 cachemiss; - uint32 pagealloc; - uint32 pageflush; - uint32 pageget; - uint32 pagenew; - uint32 pageput; - uint32 pageread; - uint32 pagewrite; -#endif -} MPOOL; - -__BEGIN_DECLS -MPOOL *mpool_open (void *, int, pgno_t, pgno_t); -void mpool_filter (MPOOL *, void (*)(void *, pgno_t, void *), - void (*)(void *, pgno_t, void *), void *); -void *mpool_new (MPOOL *, pgno_t *); -void *mpool_get (MPOOL *, pgno_t, uint); -int mpool_put (MPOOL *, void *, uint); -int mpool_sync (MPOOL *); -int mpool_close (MPOOL *); -#ifdef STATISTICS -void mpool_stat (MPOOL *); -#endif -__END_DECLS diff --git a/dbm/include/ncompat.h b/dbm/include/ncompat.h deleted file mode 100644 index b6126f819c..0000000000 --- a/dbm/include/ncompat.h +++ /dev/null @@ -1,230 +0,0 @@ -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)compat.h 8.13 (Berkeley) 2/21/94 - */ - -#ifndef _COMPAT_H_ -#define _COMPAT_H_ - -#include - -/* - * If your system doesn't typedef u_long, u_short, or u_char, change - * the 0 to a 1. - */ -#if 0 -typedef unsigned char u_char; /* 4.[34]BSD names. */ -typedef unsigned int u_int; -typedef unsigned long u_long; -typedef unsigned short u_short; -#endif - -/* If your system doesn't typedef size_t, change the 0 to a 1. */ -#if 0 -typedef unsigned int size_t; /* POSIX, 4.[34]BSD names. */ -#endif - -/* If your system doesn't typedef ssize_t, change the 0 to a 1. */ -#if 0 -typedef int ssize_t; /* POSIX names. */ -#endif - -/* - * If your system doesn't have the POSIX type for a signal mask, - * change the 0 to a 1. - */ -#if 0 /* POSIX 1003.1 signal mask type. */ -typedef unsigned int sigset_t; -#endif - -/* - * If your system's vsprintf returns a char *, not an int, - * change the 0 to a 1. - */ -#if defined (__sun) && !defined(__SVR4) /* SUNOS */ -#define VSPRINTF_CHARSTAR -#endif -/* - * If you don't have POSIX 1003.1 signals, the signal code surrounding the - * temporary file creation is intended to block all of the possible signals - * long enough to create the file and unlink it. All of this stuff is - * intended to use old-style BSD calls to fake POSIX 1003.1 calls. - */ -#ifdef NO_POSIX_SIGNALS -#define sigemptyset(set) (*(set) = 0) -#define sigfillset(set) (*(set) = ~(sigset_t)0, 0) -#define sigaddset(set,signo) (*(set) |= sigmask(signo), 0) -#define sigdelset(set,signo) (*(set) &= ~sigmask(signo), 0) -#define sigismember(set,signo) ((*(set) & sigmask(signo)) != 0) - -#define SIG_BLOCK 1 -#define SIG_UNBLOCK 2 -#define SIG_SETMASK 3 - -static int __sigtemp; /* For the use of sigprocmask */ - -/* Repeated test of oset != NULL is to avoid "*0". */ -#define sigprocmask(how, set, oset) \ - ((__sigtemp = \ - (((how) == SIG_BLOCK) ? \ - sigblock(0) | *(set) : \ - (((how) == SIG_UNBLOCK) ? \ - sigblock(0) & ~(*(set)) : \ - ((how) == SIG_SETMASK ? \ - *(set) : sigblock(0))))), \ - ((oset) ? (*(oset ? oset : set) = sigsetmask(__sigtemp)) : \ - sigsetmask(__sigtemp)), 0) -#endif - -/* - * If your system doesn't have an include file with the appropriate - * byte order set, make sure you specify the correct one. - */ -#ifndef BYTE_ORDER -#define LITTLE_ENDIAN 1234 /* LSB first: i386, vax */ -#define BIG_ENDIAN 4321 /* MSB first: 68000, ibm, net */ -#define BYTE_ORDER BIG_ENDIAN /* Set for your system. */ -#endif - -#if defined(SYSV) || defined(SYSTEM5) || defined(__sun) -#define index(a, b) strchr(a, b) -#define rindex(a, b) strrchr(a, b) -#define bzero(a, b) memset(a, 0, b) -#define bcmp(a, b, n) memcmp(a, b, n) -#define bcopy(a, b, n) memmove(b, a, n) -#endif - -#if defined(BSD) || defined(BSD4_3) -#define strchr(a, b) index(a, b) -#define strrchr(a, b) rindex(a, b) -#define memcmp(a, b, n) bcmp(a, b, n) -#define memmove(a, b, n) bcopy(b, a, n) -#endif - -/* - * 32-bit machine. The db routines are theoretically independent of - * the size of u_shorts and u_longs, but I don't know that anyone has - * ever actually tried it. At a minimum, change the following #define's - * if you are trying to compile on a different type of system. - */ -#ifndef USHRT_MAX -#define USHRT_MAX 0xFFFF -#define ULONG_MAX 0xFFFFFFFF -#endif - -#ifndef O_ACCMODE /* POSIX 1003.1 access mode mask. */ -#define O_ACCMODE (O_RDONLY|O_WRONLY|O_RDWR) -#endif - -#ifndef _POSIX2_RE_DUP_MAX /* POSIX 1003.2 RE limit. */ -#define _POSIX2_RE_DUP_MAX 255 -#endif - -/* - * If you can't provide lock values in the open(2) call. Note, this - * allows races to happen. - */ -#ifndef O_EXLOCK /* 4.4BSD extension. */ -#define O_EXLOCK 0 -#endif - -#ifndef O_SHLOCK /* 4.4BSD extension. */ -#define O_SHLOCK 0 -#endif - -#ifndef EFTYPE -#define EFTYPE EINVAL /* POSIX 1003.1 format errno. */ -#endif - -#ifndef WCOREDUMP /* 4.4BSD extension */ -#define WCOREDUMP(a) 0 -#endif - -#ifndef STDERR_FILENO -#define STDIN_FILENO 0 /* ANSI C #defines */ -#define STDOUT_FILENO 1 -#define STDERR_FILENO 2 -#endif - -#ifndef SEEK_END -#define SEEK_SET 0 /* POSIX 1003.1 seek values */ -#define SEEK_CUR 1 -#define SEEK_END 2 -#endif - -#ifndef _POSIX_VDISABLE /* POSIX 1003.1 disabling char. */ -#define _POSIX_VDISABLE 0 /* Some systems used 0. */ -#endif - -#ifndef TCSASOFT /* 4.4BSD extension. */ -#define TCSASOFT 0 -#endif - -#ifndef _POSIX2_RE_DUP_MAX /* POSIX 1003.2 values. */ -#define _POSIX2_RE_DUP_MAX 255 -#endif - -#ifndef NULL /* ANSI C #defines NULL everywhere. */ -#define NULL 0 -#endif - -#ifndef MAX /* Usually found in . */ -#define MAX(_a,_b) ((_a)<(_b)?(_b):(_a)) -#endif -#ifndef MIN /* Usually found in . */ -#define MIN(_a,_b) ((_a)<(_b)?(_a):(_b)) -#endif - -/* Default file permissions. */ -#ifndef DEFFILEMODE /* 4.4BSD extension. */ -#define DEFFILEMODE (S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH) -#endif - -#ifndef __sun -#ifndef S_ISDIR /* POSIX 1003.1 file type tests. */ -#define S_ISDIR(m) ((m & 0170000) == 0040000) /* directory */ -#define S_ISCHR(m) ((m & 0170000) == 0020000) /* char special */ -#define S_ISBLK(m) ((m & 0170000) == 0060000) /* block special */ -#define S_ISREG(m) ((m & 0170000) == 0100000) /* regular file */ -#define S_ISFIFO(m) ((m & 0170000) == 0010000) /* fifo */ -#endif -#ifndef S_ISLNK /* BSD POSIX 1003.1 extensions */ -#define S_ISLNK(m) ((m & 0170000) == 0120000) /* symbolic link */ -#define S_ISSOCK(m) ((m & 0170000) == 0140000) /* socket */ -#endif -#endif /* __sun */ - -/* The type of a va_list. */ -#ifndef _BSD_VA_LIST_ /* 4.4BSD #define. */ -#define _BSD_VA_LIST_ char * -#endif - -#endif /* !_COMPAT_H_ */ diff --git a/dbm/include/page.h b/dbm/include/page.h deleted file mode 100644 index be2446d4e1..0000000000 --- a/dbm/include/page.h +++ /dev/null @@ -1,94 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)page.h 8.2 (Berkeley) 5/31/94 - */ - -/* - * Definitions for hashing page file format. - */ - -/* - * routines dealing with a data page - * - * page format: - * +------------------------------+ - * p | n | keyoff | datoff | keyoff | - * +------------+--------+--------+ - * | datoff | free | ptr | --> | - * +--------+---------------------+ - * | F R E E A R E A | - * +--------------+---------------+ - * | <---- - - - | data | - * +--------+-----+----+----------+ - * | key | data | key | - * +--------+----------+----------+ - * - * Pointer to the free space is always: p[p[0] + 2] - * Amount of free space on the page is: p[p[0] + 1] - */ - -/* - * How many bytes required for this pair? - * 2 shorts in the table at the top of the page + room for the - * key and room for the data - * - * We prohibit entering a pair on a page unless there is also room to append - * an overflow page. The reason for this it that you can get in a situation - * where a single key/data pair fits on a page, but you can't append an - * overflow page and later you'd have to split the key/data and handle like - * a big pair. - * You might as well do this up front. - */ -#ifndef PAGE_H -#define PAGE_H - -#define PAIRSIZE(K,D) (2*sizeof(uint16) + (K)->size + (D)->size) -#define BIGOVERHEAD (4*sizeof(uint16)) -#define KEYSIZE(K) (4*sizeof(uint16) + (K)->size); -#define OVFLSIZE (2*sizeof(uint16)) -#define FREESPACE(P) ((P)[(P)[0]+1]) -#define OFFSET(P) ((P)[(P)[0]+2]) -#define PAIRFITS(P,K,D) \ - (((P)[2] >= REAL_KEY) && \ - (PAIRSIZE((K),(D)) + OVFLSIZE) <= FREESPACE((P))) -#define PAGE_META(N) (((N)+3) * sizeof(uint16)) - -typedef struct { - BUFHEAD *newp; - BUFHEAD *oldp; - BUFHEAD *nextp; - uint16 next_addr; -} SPLIT_RETURN; -#endif - diff --git a/dbm/include/queue.h b/dbm/include/queue.h deleted file mode 100644 index 3b4ffeb2dd..0000000000 --- a/dbm/include/queue.h +++ /dev/null @@ -1,243 +0,0 @@ -/* - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)queue.h 8.3 (Berkeley) 12/13/93 - */ - -#ifndef _QUEUE_H_ -#define _QUEUE_H_ - -/* - * This file defines three types of data structures: lists, tail queues, - * and circular queues. - * - * A list is headed by a single forward pointer (or an array of forward - * pointers for a hash table header). The elements are doubly linked - * so that an arbitrary element can be removed without a need to - * traverse the list. New elements can be added to the list after - * an existing element or at the head of the list. A list may only be - * traversed in the forward direction. - * - * A tail queue is headed by a pair of pointers, one to the head of the - * list and the other to the tail of the list. The elements are doubly - * linked so that an arbitrary element can be removed without a need to - * traverse the list. New elements can be added to the list after - * an existing element, at the head of the list, or at the end of the - * list. A tail queue may only be traversed in the forward direction. - * - * A circle queue is headed by a pair of pointers, one to the head of the - * list and the other to the tail of the list. The elements are doubly - * linked so that an arbitrary element can be removed without a need to - * traverse the list. New elements can be added to the list before or after - * an existing element, at the head of the list, or at the end of the list. - * A circle queue may be traversed in either direction, but has a more - * complex end of list detection. - * - * For details on the use of these macros, see the queue(3) manual page. - */ - -/* - * List definitions. - */ -#define LIST_HEAD(name, type) \ -struct name { \ - struct type *lh_first; /* first element */ \ -} - -#define LIST_ENTRY(type) \ -struct { \ - struct type *le_next; /* next element */ \ - struct type **le_prev; /* address of previous next element */ \ -} - -/* - * List functions. - */ -#define LIST_INIT(head) { \ - (head)->lh_first = NULL; \ -} - -#define LIST_INSERT_AFTER(listelm, elm, field) { \ - if (((elm)->field.le_next = (listelm)->field.le_next) != NULL) \ - (listelm)->field.le_next->field.le_prev = \ - &(elm)->field.le_next; \ - (listelm)->field.le_next = (elm); \ - (elm)->field.le_prev = &(listelm)->field.le_next; \ -} - -#define LIST_INSERT_HEAD(head, elm, field) { \ - if (((elm)->field.le_next = (head)->lh_first) != NULL) \ - (head)->lh_first->field.le_prev = &(elm)->field.le_next;\ - (head)->lh_first = (elm); \ - (elm)->field.le_prev = &(head)->lh_first; \ -} - -#define LIST_REMOVE(elm, field) { \ - if ((elm)->field.le_next != NULL) \ - (elm)->field.le_next->field.le_prev = \ - (elm)->field.le_prev; \ - *(elm)->field.le_prev = (elm)->field.le_next; \ -} - -/* - * Tail queue definitions. - */ -#define TAILQ_HEAD(name, type) \ -struct name { \ - struct type *tqh_first; /* first element */ \ - struct type **tqh_last; /* addr of last next element */ \ -} - -#define TAILQ_ENTRY(type) \ -struct { \ - struct type *tqe_next; /* next element */ \ - struct type **tqe_prev; /* address of previous next element */ \ -} - -/* - * Tail queue functions. - */ -#define TAILQ_INIT(head) { \ - (head)->tqh_first = NULL; \ - (head)->tqh_last = &(head)->tqh_first; \ -} - -#define TAILQ_INSERT_HEAD(head, elm, field) { \ - if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \ - (elm)->field.tqe_next->field.tqe_prev = \ - &(elm)->field.tqe_next; \ - else \ - (head)->tqh_last = &(elm)->field.tqe_next; \ - (head)->tqh_first = (elm); \ - (elm)->field.tqe_prev = &(head)->tqh_first; \ -} - -#define TAILQ_INSERT_TAIL(head, elm, field) { \ - (elm)->field.tqe_next = NULL; \ - (elm)->field.tqe_prev = (head)->tqh_last; \ - *(head)->tqh_last = (elm); \ - (head)->tqh_last = &(elm)->field.tqe_next; \ -} - -#define TAILQ_INSERT_AFTER(head, listelm, elm, field) { \ - if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\ - (elm)->field.tqe_next->field.tqe_prev = \ - &(elm)->field.tqe_next; \ - else \ - (head)->tqh_last = &(elm)->field.tqe_next; \ - (listelm)->field.tqe_next = (elm); \ - (elm)->field.tqe_prev = &(listelm)->field.tqe_next; \ -} - -#define TAILQ_REMOVE(head, elm, field) { \ - if (((elm)->field.tqe_next) != NULL) \ - (elm)->field.tqe_next->field.tqe_prev = \ - (elm)->field.tqe_prev; \ - else \ - (head)->tqh_last = (elm)->field.tqe_prev; \ - *(elm)->field.tqe_prev = (elm)->field.tqe_next; \ -} - -/* - * Circular queue definitions. - */ -#define CIRCLEQ_HEAD(name, type) \ -struct name { \ - struct type *cqh_first; /* first element */ \ - struct type *cqh_last; /* last element */ \ -} - -#define CIRCLEQ_ENTRY(type) \ -struct { \ - struct type *cqe_next; /* next element */ \ - struct type *cqe_prev; /* previous element */ \ -} - -/* - * Circular queue functions. - */ -#define CIRCLEQ_INIT(head) { \ - (head)->cqh_first = (void *)(head); \ - (head)->cqh_last = (void *)(head); \ -} - -#define CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) { \ - (elm)->field.cqe_next = (listelm)->field.cqe_next; \ - (elm)->field.cqe_prev = (listelm); \ - if ((listelm)->field.cqe_next == (void *)(head)) \ - (head)->cqh_last = (elm); \ - else \ - (listelm)->field.cqe_next->field.cqe_prev = (elm); \ - (listelm)->field.cqe_next = (elm); \ -} - -#define CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) { \ - (elm)->field.cqe_next = (listelm); \ - (elm)->field.cqe_prev = (listelm)->field.cqe_prev; \ - if ((listelm)->field.cqe_prev == (void *)(head)) \ - (head)->cqh_first = (elm); \ - else \ - (listelm)->field.cqe_prev->field.cqe_next = (elm); \ - (listelm)->field.cqe_prev = (elm); \ -} - -#define CIRCLEQ_INSERT_HEAD(head, elm, field) { \ - (elm)->field.cqe_next = (head)->cqh_first; \ - (elm)->field.cqe_prev = (void *)(head); \ - if ((head)->cqh_last == (void *)(head)) \ - (head)->cqh_last = (elm); \ - else \ - (head)->cqh_first->field.cqe_prev = (elm); \ - (head)->cqh_first = (elm); \ -} - -#define CIRCLEQ_INSERT_TAIL(head, elm, field) { \ - (elm)->field.cqe_next = (void *)(head); \ - (elm)->field.cqe_prev = (head)->cqh_last; \ - if ((head)->cqh_first == (void *)(head)) \ - (head)->cqh_first = (elm); \ - else \ - (head)->cqh_last->field.cqe_next = (elm); \ - (head)->cqh_last = (elm); \ -} - -#define CIRCLEQ_REMOVE(head, elm, field) { \ - if ((elm)->field.cqe_next == (void *)(head)) \ - (head)->cqh_last = (elm)->field.cqe_prev; \ - else \ - (elm)->field.cqe_next->field.cqe_prev = \ - (elm)->field.cqe_prev; \ - if ((elm)->field.cqe_prev == (void *)(head)) \ - (head)->cqh_first = (elm)->field.cqe_next; \ - else \ - (elm)->field.cqe_prev->field.cqe_next = \ - (elm)->field.cqe_next; \ -} -#endif /* !_QUEUE_H_ */ diff --git a/dbm/include/search.h b/dbm/include/search.h deleted file mode 100644 index ae1df1caaa..0000000000 --- a/dbm/include/search.h +++ /dev/null @@ -1,49 +0,0 @@ -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)search.h 8.1 (Berkeley) 6/4/93 - */ - -/* Backward compatibility to hsearch interface. */ -typedef struct entry { - char *key; - char *data; -} ENTRY; - -typedef enum { - FIND, ENTER -} ACTION; - -int hcreate (unsigned int); -void hdestroy (void); -ENTRY *hsearch (ENTRY, ACTION); diff --git a/dbm/include/winfile.h b/dbm/include/winfile.h deleted file mode 100644 index 36b59f7212..0000000000 --- a/dbm/include/winfile.h +++ /dev/null @@ -1,112 +0,0 @@ - -/* --------------------------------------------------------------------------- - Stuff to fake unix file I/O on windows boxes - ------------------------------------------------------------------------*/ - -#ifndef WINFILE_H -#define WINFILE_H - -#ifdef _WINDOWS -/* hacked out of on an SGI */ -#if defined(XP_WIN32) || defined(_WIN32) -/* 32-bit stuff here */ -#include -#include -#ifdef __MINGW32__ -#include -#include -#else -#include -#include -#endif - -typedef struct DIR_Struct { - void * directoryPtr; - WIN32_FIND_DATA data; -} DIR; - -#define _ST_FSTYPSZ 16 - -#if !defined(__BORLANDC__) && !defined(__GNUC__) - typedef unsigned long mode_t; - typedef long uid_t; - typedef long gid_t; - -#ifdef WINCE - typedef long ino_t; -#else - typedef long off_t; -#endif - - typedef unsigned long nlink_t; -#endif - -typedef struct timestruc { - time_t tv_sec; /* seconds */ - long tv_nsec; /* and nanoseconds */ -} timestruc_t; - - -struct dirent { /* data from readdir() */ - ino_t d_ino; /* inode number of entry */ - off_t d_off; /* offset of disk direntory entry */ - unsigned short d_reclen; /* length of this record */ - char d_name[_MAX_FNAME]; /* name of file */ -}; - -#if !defined(__BORLANDC__) && !defined (__GNUC__) -#define S_ISDIR(s) ((s) & _S_IFDIR) -#endif - -#else /* _WIN32 */ -/* 16-bit windows stuff */ - -#include -#include -#include - - - -/* Getting cocky to support multiple file systems */ -typedef struct dirStruct_tag { - struct _find_t file_data; - char c_checkdrive; -} dirStruct; - -typedef struct DIR_Struct { - void * directoryPtr; - dirStruct data; -} DIR; - -#define _ST_FSTYPSZ 16 -typedef unsigned long mode_t; -typedef long uid_t; -typedef long gid_t; -typedef long off_t; -typedef unsigned long nlink_t; - -typedef struct timestruc { - time_t tv_sec; /* seconds */ - long tv_nsec; /* and nanoseconds */ -} timestruc_t; - -struct dirent { /* data from readdir() */ - ino_t d_ino; /* inode number of entry */ - off_t d_off; /* offset of disk direntory entry */ - unsigned short d_reclen; /* length of this record */ -#ifdef XP_WIN32 - char d_name[_MAX_FNAME]; /* name of file */ -#else - char d_name[20]; /* name of file */ -#endif -}; - -#define S_ISDIR(s) ((s) & _S_IFDIR) - -#endif /* 16-bit windows */ - -#define CONST const - -#endif /* _WINDOWS */ - -#endif /* WINFILE_H */ diff --git a/dbm/src/.cvsignore b/dbm/src/.cvsignore deleted file mode 100644 index f3c7a7c5da..0000000000 --- a/dbm/src/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -Makefile diff --git a/dbm/src/Makefile.in b/dbm/src/Makefile.in deleted file mode 100644 index 2f7476d8c8..0000000000 --- a/dbm/src/Makefile.in +++ /dev/null @@ -1,95 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is mozilla.org code. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1998 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -DEPTH = ../.. -topsrcdir = @top_srcdir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -include $(DEPTH)/config/autoconf.mk - -LIBRARY_NAME = mozdbm_s -LIB_IS_C_ONLY = 1 - -ifeq ($(OS_ARCH),WINNT) -LIBRARY_NAME = dbm$(MOZ_BITS) -endif - -CSRCS = \ - db.c \ - h_bigkey.c \ - h_func.c \ - h_log2.c \ - h_page.c \ - hash.c \ - hash_buf.c \ - hsearch.c \ - mktemp.c \ - ndbm.c \ - strerror.c \ - nsres.c \ - $(NULL) - -ifeq ($(OS_ARCH),WINNT) -CSRCS += memmove.c snprintf.c -else -ifeq (,$(filter -DHAVE_MEMMOVE=1,$(ACDEFINES))) -CSRCS += memmove.c -endif - -ifeq (,$(filter -DHAVE_SNPRINTF=1,$(ACDEFINES))) -CSRCS += snprintf.c -endif -endif # WINNT - -LOCAL_INCLUDES = -I$(srcdir)/../include - -FORCE_STATIC_LIB = 1 -FORCE_USE_PIC = 1 - -include $(topsrcdir)/config/rules.mk - -DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE $(SECURITY_FLAG) - -ifeq ($(OS_ARCH),WINCE) -DEFINES += -D__STDC__ -DDBM_REOPEN_ON_FLUSH -endif - -ifeq ($(OS_ARCH),AIX) -OS_LIBS += -lc_r -endif - diff --git a/dbm/src/Makefile.win b/dbm/src/Makefile.win deleted file mode 100644 index 91bdf7d209..0000000000 --- a/dbm/src/Makefile.win +++ /dev/null @@ -1,113 +0,0 @@ -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is mozilla.org code. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1998 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - - -#//------------------------------------------------------------------------ -#// -#// Makefile to build the cert library -#// -#//------------------------------------------------------------------------ - -!if "$(MOZ_BITS)" == "16" -!ifndef MOZ_DEBUG -OPTIMIZER=-Os -UDEBUG -DNDEBUG -!endif -!endif - -#//------------------------------------------------------------------------ -#// -#// Specify the depth of the current directory relative to the -#// root of NS -#// -#//------------------------------------------------------------------------ -DEPTH= ..\.. - -!ifndef MAKE_OBJ_TYPE -MAKE_OBJ_TYPE=EXE -!endif - -#//------------------------------------------------------------------------ -#// -#// Define any Public Make Variables here: (ie. PDFFILE, MAPFILE, ...) -#// -#//------------------------------------------------------------------------ -LIBNAME=dbm$(MOZ_BITS) -PDBFILE=$(LIBNAME).pdb - -#//------------------------------------------------------------------------ -#// -#// Define the files necessary to build the target (ie. OBJS) -#// -#//------------------------------------------------------------------------ -OBJS= \ - .\$(OBJDIR)\db.obj \ - .\$(OBJDIR)\h_bigkey.obj \ - .\$(OBJDIR)\h_func.obj \ - .\$(OBJDIR)\h_log2.obj \ - .\$(OBJDIR)\h_page.obj \ - .\$(OBJDIR)\hash.obj \ - .\$(OBJDIR)\hash_buf.obj \ - .\$(OBJDIR)\hsearch.obj \ - .\$(OBJDIR)\memmove.obj \ - .\$(OBJDIR)\mktemp.obj \ - .\$(OBJDIR)\ndbm.obj \ - .\$(OBJDIR)\snprintf.obj \ - .\$(OBJDIR)\strerror.obj \ - .\$(OBJDIR)\nsres.obj \ - $(NULL) - -#//------------------------------------------------------------------------ -#// -#// Define any Public Targets here (ie. PROGRAM, LIBRARY, DLL, ...) -#// (these must be defined before the common makefiles are included) -#// -#//------------------------------------------------------------------------ -LIBRARY = .\$(OBJDIR)\$(LIBNAME).lib -LINCS = -I..\include - -#//------------------------------------------------------------------------ -#// -#// Include the common makefile rules -#// -#//------------------------------------------------------------------------ -include <$(DEPTH)/config/rules.mak> - -CFLAGS = $(CFLAGS) -DMOZILLA_CLIENT -D__DBINTERFACE_PRIVATE - -install:: $(LIBRARY) - $(MAKE_INSTALL) $(LIBRARY) $(DIST)\lib - - diff --git a/dbm/src/db.c b/dbm/src/db.c deleted file mode 100644 index 264e9fac70..0000000000 --- a/dbm/src/db.c +++ /dev/null @@ -1,136 +0,0 @@ -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)db.c 8.4 (Berkeley) 2/21/94"; -#endif /* LIBC_SCCS and not lint */ - -#ifndef __DBINTERFACE_PRIVATE -#define __DBINTERFACE_PRIVATE -#endif -#ifdef macintosh -#include -#else -#include -#endif - -#include -#include -#include -#include - -#include "mcom_db.h" - -/* a global flag that locks closed all databases */ -int all_databases_locked_closed = 0; - -/* set or unset a global lock flag to disable the - * opening of any DBM file - */ -void -dbSetOrClearDBLock(DBLockFlagEnum type) -{ - if(type == LockOutDatabase) - all_databases_locked_closed = 1; - else - all_databases_locked_closed = 0; -} - -DB * -dbopen(const char *fname, int flags,int mode, DBTYPE type, const void *openinfo) -{ - - /* lock out all file databases. Let in-memory databases through - */ - if(all_databases_locked_closed && fname) - { - errno = EINVAL; - return(NULL); - } - -#define DB_FLAGS (DB_LOCK | DB_SHMEM | DB_TXN) - - -#if 0 /* most systems don't have EXLOCK and SHLOCK */ -#define USE_OPEN_FLAGS \ - (O_CREAT | O_EXCL | O_EXLOCK | O_NONBLOCK | O_RDONLY | \ - O_RDWR | O_SHLOCK | O_TRUNC) -#else -#define USE_OPEN_FLAGS \ - (O_CREAT | O_EXCL | O_RDONLY | \ - O_RDWR | O_TRUNC) -#endif - - if ((flags & ~(USE_OPEN_FLAGS | DB_FLAGS)) == 0) - switch (type) { -/* we don't need btree and recno right now */ -#if 0 - case DB_BTREE: - return (__bt_open(fname, flags & USE_OPEN_FLAGS, - mode, openinfo, flags & DB_FLAGS)); - case DB_RECNO: - return (__rec_open(fname, flags & USE_OPEN_FLAGS, - mode, openinfo, flags & DB_FLAGS)); -#endif - - case DB_HASH: - return (__hash_open(fname, flags & USE_OPEN_FLAGS, - mode, (const HASHINFO *)openinfo, flags & DB_FLAGS)); - default: - break; - } - errno = EINVAL; - return (NULL); -} - -static int -__dberr() -{ - return (RET_ERROR); -} - -/* - * __DBPANIC -- Stop. - * - * Parameters: - * dbp: pointer to the DB structure. - */ -void -__dbpanic(DB *dbp) -{ - /* The only thing that can succeed is a close. */ - dbp->del = (int (*)(const struct __db *, const DBT *, uint))__dberr; - dbp->fd = (int (*)(const struct __db *))__dberr; - dbp->get = (int (*)(const struct __db *, const DBT *, DBT *, uint))__dberr; - dbp->put = (int (*)(const struct __db *, DBT *, const DBT *, uint))__dberr; - dbp->seq = (int (*)(const struct __db *, DBT *, DBT *, uint))__dberr; - dbp->sync = (int (*)(const struct __db *, uint))__dberr; -} diff --git a/dbm/src/h_bigkey.c b/dbm/src/h_bigkey.c deleted file mode 100644 index c174e32a72..0000000000 --- a/dbm/src/h_bigkey.c +++ /dev/null @@ -1,709 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)hash_bigkey.c 8.3 (Berkeley) 5/31/94"; -#endif /* LIBC_SCCS and not lint */ - -/* - * PACKAGE: hash - * DESCRIPTION: - * Big key/data handling for the hashing package. - * - * ROUTINES: - * External - * __big_keydata - * __big_split - * __big_insert - * __big_return - * __big_delete - * __find_last_page - * Internal - * collect_key - * collect_data - */ - -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) -#include -#endif - -#include -#include -#include -#include - -#ifdef DEBUG -#include -#endif - -#include "mcom_db.h" -#include "hash.h" -#include "page.h" -/* #include "extern.h" */ - -static int collect_key __P((HTAB *, BUFHEAD *, int, DBT *, int)); -static int collect_data __P((HTAB *, BUFHEAD *, int, int)); - -/* - * Big_insert - * - * You need to do an insert and the key/data pair is too big - * - * Returns: - * 0 ==> OK - *-1 ==> ERROR - */ -extern int -__big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val) -{ - register uint16 *p; - uint key_size, n, val_size; - uint16 space, move_bytes, off; - char *cp, *key_data, *val_data; - - cp = bufp->page; /* Character pointer of p. */ - p = (uint16 *)cp; - - key_data = (char *)key->data; - key_size = key->size; - val_data = (char *)val->data; - val_size = val->size; - - /* First move the Key */ - for (space = FREESPACE(p) - BIGOVERHEAD; key_size; - space = FREESPACE(p) - BIGOVERHEAD) { - move_bytes = PR_MIN(space, key_size); - off = OFFSET(p) - move_bytes; - memmove(cp + off, key_data, move_bytes); - key_size -= move_bytes; - key_data += move_bytes; - n = p[0]; - p[++n] = off; - p[0] = ++n; - FREESPACE(p) = off - PAGE_META(n); - OFFSET(p) = off; - p[n] = PARTIAL_KEY; - bufp = __add_ovflpage(hashp, bufp); - if (!bufp) - return (-1); - n = p[0]; - if (!key_size) { - if (FREESPACE(p)) { - move_bytes = PR_MIN(FREESPACE(p), val_size); - off = OFFSET(p) - move_bytes; - p[n] = off; - memmove(cp + off, val_data, move_bytes); - val_data += move_bytes; - val_size -= move_bytes; - p[n - 2] = FULL_KEY_DATA; - FREESPACE(p) = FREESPACE(p) - move_bytes; - OFFSET(p) = off; - } else - p[n - 2] = FULL_KEY; - } - p = (uint16 *)bufp->page; - cp = bufp->page; - bufp->flags |= BUF_MOD; - } - - /* Now move the data */ - for (space = FREESPACE(p) - BIGOVERHEAD; val_size; - space = FREESPACE(p) - BIGOVERHEAD) { - move_bytes = PR_MIN(space, val_size); - /* - * Here's the hack to make sure that if the data ends on the - * same page as the key ends, FREESPACE is at least one. - */ - if (space == val_size && val_size == val->size) - move_bytes--; - off = OFFSET(p) - move_bytes; - memmove(cp + off, val_data, move_bytes); - val_size -= move_bytes; - val_data += move_bytes; - n = p[0]; - p[++n] = off; - p[0] = ++n; - FREESPACE(p) = off - PAGE_META(n); - OFFSET(p) = off; - if (val_size) { - p[n] = FULL_KEY; - bufp = __add_ovflpage(hashp, bufp); - if (!bufp) - return (-1); - cp = bufp->page; - p = (uint16 *)cp; - } else - p[n] = FULL_KEY_DATA; - bufp->flags |= BUF_MOD; - } - return (0); -} - -/* - * Called when bufp's page contains a partial key (index should be 1) - * - * All pages in the big key/data pair except bufp are freed. We cannot - * free bufp because the page pointing to it is lost and we can't get rid - * of its pointer. - * - * Returns: - * 0 => OK - *-1 => ERROR - */ -extern int -__big_delete(HTAB *hashp, BUFHEAD *bufp) -{ - register BUFHEAD *last_bfp, *rbufp; - uint16 *bp, pageno; - int key_done, n; - - rbufp = bufp; - last_bfp = NULL; - bp = (uint16 *)bufp->page; - pageno = 0; - key_done = 0; - - while (!key_done || (bp[2] != FULL_KEY_DATA)) { - if (bp[2] == FULL_KEY || bp[2] == FULL_KEY_DATA) - key_done = 1; - - /* - * If there is freespace left on a FULL_KEY_DATA page, then - * the data is short and fits entirely on this page, and this - * is the last page. - */ - if (bp[2] == FULL_KEY_DATA && FREESPACE(bp)) - break; - pageno = bp[bp[0] - 1]; - rbufp->flags |= BUF_MOD; - rbufp = __get_buf(hashp, pageno, rbufp, 0); - if (last_bfp) - __free_ovflpage(hashp, last_bfp); - last_bfp = rbufp; - if (!rbufp) - return (-1); /* Error. */ - bp = (uint16 *)rbufp->page; - } - - /* - * If we get here then rbufp points to the last page of the big - * key/data pair. Bufp points to the first one -- it should now be - * empty pointing to the next page after this pair. Can't free it - * because we don't have the page pointing to it. - */ - - /* This is information from the last page of the pair. */ - n = bp[0]; - pageno = bp[n - 1]; - - /* Now, bp is the first page of the pair. */ - bp = (uint16 *)bufp->page; - if (n > 2) { - /* There is an overflow page. */ - bp[1] = pageno; - bp[2] = OVFLPAGE; - bufp->ovfl = rbufp->ovfl; - } else - /* This is the last page. */ - bufp->ovfl = NULL; - n -= 2; - bp[0] = n; - FREESPACE(bp) = hashp->BSIZE - PAGE_META(n); - OFFSET(bp) = hashp->BSIZE - 1; - - bufp->flags |= BUF_MOD; - if (rbufp) - __free_ovflpage(hashp, rbufp); - if (last_bfp != rbufp) - __free_ovflpage(hashp, last_bfp); - - hashp->NKEYS--; - return (0); -} -/* - * Returns: - * 0 = key not found - * -1 = get next overflow page - * -2 means key not found and this is big key/data - * -3 error - */ -extern int -__find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size) -{ - register uint16 *bp; - register char *p; - int ksize; - uint16 bytes; - char *kkey; - - bp = (uint16 *)bufp->page; - p = bufp->page; - ksize = size; - kkey = key; - - for (bytes = hashp->BSIZE - bp[ndx]; - bytes <= size && bp[ndx + 1] == PARTIAL_KEY; - bytes = hashp->BSIZE - bp[ndx]) { - if (memcmp(p + bp[ndx], kkey, bytes)) - return (-2); - kkey += bytes; - ksize -= bytes; - bufp = __get_buf(hashp, bp[ndx + 2], bufp, 0); - if (!bufp) - return (-3); - p = bufp->page; - bp = (uint16 *)p; - ndx = 1; - } - - if (bytes != ksize || memcmp(p + bp[ndx], kkey, bytes)) { -#ifdef HASH_STATISTICS - ++hash_collisions; -#endif - return (-2); - } else - return (ndx); -} - -/* - * Given the buffer pointer of the first overflow page of a big pair, - * find the end of the big pair - * - * This will set bpp to the buffer header of the last page of the big pair. - * It will return the pageno of the overflow page following the last page - * of the pair; 0 if there isn't any (i.e. big pair is the last key in the - * bucket) - */ -extern uint16 -__find_last_page(HTAB *hashp, BUFHEAD **bpp) -{ - BUFHEAD *bufp; - uint16 *bp, pageno; - uint n; - - bufp = *bpp; - bp = (uint16 *)bufp->page; - for (;;) { - n = bp[0]; - - /* - * This is the last page if: the tag is FULL_KEY_DATA and - * either only 2 entries OVFLPAGE marker is explicit there - * is freespace on the page. - */ - if (bp[2] == FULL_KEY_DATA && - ((n == 2) || (bp[n] == OVFLPAGE) || (FREESPACE(bp)))) - break; - - /* LJM bound the size of n to reasonable limits - */ - if(n > hashp->BSIZE/sizeof(uint16)) - return(0); - - pageno = bp[n - 1]; - bufp = __get_buf(hashp, pageno, bufp, 0); - if (!bufp) - return (0); /* Need to indicate an error! */ - bp = (uint16 *)bufp->page; - } - - *bpp = bufp; - if (bp[0] > 2) - return (bp[3]); - else - return (0); -} - -/* - * Return the data for the key/data pair that begins on this page at this - * index (index should always be 1). - */ -extern int -__big_return( - HTAB *hashp, - BUFHEAD *bufp, - int ndx, - DBT *val, - int set_current) -{ - BUFHEAD *save_p; - uint16 *bp, len, off, save_addr; - char *tp; - int save_flags; - - bp = (uint16 *)bufp->page; - while (bp[ndx + 1] == PARTIAL_KEY) { - bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); - if (!bufp) - return (-1); - bp = (uint16 *)bufp->page; - ndx = 1; - } - - if (bp[ndx + 1] == FULL_KEY) { - bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); - if (!bufp) - return (-1); - bp = (uint16 *)bufp->page; - save_p = bufp; - save_addr = save_p->addr; - off = bp[1]; - len = 0; - } else - if (!FREESPACE(bp)) { - /* - * This is a hack. We can't distinguish between - * FULL_KEY_DATA that contains complete data or - * incomplete data, so we require that if the data - * is complete, there is at least 1 byte of free - * space left. - */ - off = bp[bp[0]]; - len = bp[1] - off; - save_p = bufp; - save_addr = bufp->addr; - bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); - if (!bufp) - return (-1); - bp = (uint16 *)bufp->page; - } else { - /* The data is all on one page. */ - tp = (char *)bp; - off = bp[bp[0]]; - val->data = (uint8 *)tp + off; - val->size = bp[1] - off; - if (set_current) { - if (bp[0] == 2) { /* No more buckets in - * chain */ - hashp->cpage = NULL; - hashp->cbucket++; - hashp->cndx = 1; - } else { - hashp->cpage = __get_buf(hashp, - bp[bp[0] - 1], bufp, 0); - if (!hashp->cpage) - return (-1); - hashp->cndx = 1; - if (!((uint16 *) - hashp->cpage->page)[0]) { - hashp->cbucket++; - hashp->cpage = NULL; - } - } - } - return (0); - } - - /* pin our saved buf so that we don't lose if - * we run out of buffers */ - save_flags = save_p->flags; - save_p->flags |= BUF_PIN; - val->size = collect_data(hashp, bufp, (int)len, set_current); - save_p->flags = save_flags; - if (val->size == (size_t)-1) - return (-1); - if (save_p->addr != save_addr) { - /* We are pretty short on buffers. */ - errno = EINVAL; /* OUT OF BUFFERS */ - return (-1); - } - memmove(hashp->tmp_buf, (save_p->page) + off, len); - val->data = (uint8 *)hashp->tmp_buf; - return (0); -} - - -/* - * Count how big the total datasize is by looping through the pages. Then - * allocate a buffer and copy the data in the second loop. NOTE: Our caller - * may already have a bp which it is holding onto. The caller is - * responsible for copying that bp into our temp buffer. 'len' is how much - * space to reserve for that buffer. - */ -static int -collect_data( - HTAB *hashp, - BUFHEAD *bufp, - int len, int set) -{ - register uint16 *bp; - BUFHEAD *save_bufp; - int save_flags; - int mylen, totlen; - - /* - * save the input buf head because we need to walk the list twice. - * pin it to make sure it doesn't leave the buffer pool. - * This has the effect of growing the buffer pool if necessary. - */ - save_bufp = bufp; - save_flags = save_bufp->flags; - save_bufp->flags |= BUF_PIN; - - /* read the length of the buffer */ - for (totlen = len; bufp ; bufp = __get_buf(hashp, bp[bp[0]-1], bufp, 0)) { - bp = (uint16 *)bufp->page; - mylen = hashp->BSIZE - bp[1]; - - /* if mylen ever goes negative it means that the - * page is screwed up. - */ - if (mylen < 0) { - save_bufp->flags = save_flags; - return (-1); - } - totlen += mylen; - if (bp[2] == FULL_KEY_DATA) { /* End of Data */ - break; - } - } - - if (!bufp) { - save_bufp->flags = save_flags; - return (-1); - } - - /* allocate a temp buf */ - if (hashp->tmp_buf) - free(hashp->tmp_buf); - if ((hashp->tmp_buf = (char *)malloc((size_t)totlen)) == NULL) { - save_bufp->flags = save_flags; - return (-1); - } - - /* copy the buffers back into temp buf */ - for (bufp = save_bufp; bufp ; - bufp = __get_buf(hashp, bp[bp[0]-1], bufp, 0)) { - bp = (uint16 *)bufp->page; - mylen = hashp->BSIZE - bp[1]; - memmove(&hashp->tmp_buf[len], (bufp->page) + bp[1], (size_t)mylen); - len += mylen; - if (bp[2] == FULL_KEY_DATA) { - break; - } - } - - /* 'clear' the pin flags */ - save_bufp->flags = save_flags; - - /* update the database cursor */ - if (set) { - hashp->cndx = 1; - if (bp[0] == 2) { /* No more buckets in chain */ - hashp->cpage = NULL; - hashp->cbucket++; - } else { - hashp->cpage = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); - if (!hashp->cpage) - return (-1); - else if (!((uint16 *)hashp->cpage->page)[0]) { - hashp->cbucket++; - hashp->cpage = NULL; - } - } - } - return (totlen); -} - -/* - * Fill in the key and data for this big pair. - */ -extern int -__big_keydata( - HTAB *hashp, - BUFHEAD *bufp, - DBT *key, DBT *val, - int set) -{ - key->size = collect_key(hashp, bufp, 0, val, set); - if (key->size == (size_t)-1) - return (-1); - key->data = (uint8 *)hashp->tmp_key; - return (0); -} - -/* - * Count how big the total key size is by recursing through the pages. Then - * collect the data, allocate a buffer and copy the key as you recurse up. - */ -static int -collect_key( - HTAB *hashp, - BUFHEAD *bufp, - int len, - DBT *val, - int set) -{ - BUFHEAD *xbp; - char *p; - int mylen, totlen; - uint16 *bp, save_addr; - - p = bufp->page; - bp = (uint16 *)p; - mylen = hashp->BSIZE - bp[1]; - - save_addr = bufp->addr; - totlen = len + mylen; - if (bp[2] == FULL_KEY || bp[2] == FULL_KEY_DATA) { /* End of Key. */ - if (hashp->tmp_key != NULL) - free(hashp->tmp_key); - if ((hashp->tmp_key = (char *)malloc((size_t)totlen)) == NULL) - return (-1); - if (__big_return(hashp, bufp, 1, val, set)) - return (-1); - } else { - xbp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); - if (!xbp || ((totlen = - collect_key(hashp, xbp, totlen, val, set)) < 1)) - return (-1); - } - if (bufp->addr != save_addr) { - errno = EINVAL; /* MIS -- OUT OF BUFFERS */ - return (-1); - } - memmove(&hashp->tmp_key[len], (bufp->page) + bp[1], (size_t)mylen); - return (totlen); -} - -/* - * Returns: - * 0 => OK - * -1 => error - */ -extern int -__big_split( - HTAB *hashp, - BUFHEAD *op, /* Pointer to where to put keys that go in old bucket */ - BUFHEAD *np, /* Pointer to new bucket page */ - /* Pointer to first page containing the big key/data */ - BUFHEAD *big_keyp, - uint32 addr, /* Address of big_keyp */ - uint32 obucket,/* Old Bucket */ - SPLIT_RETURN *ret) -{ - register BUFHEAD *tmpp; - register uint16 *tp; - BUFHEAD *bp; - DBT key, val; - uint32 change; - uint16 free_space, n, off; - - bp = big_keyp; - - /* Now figure out where the big key/data goes */ - if (__big_keydata(hashp, big_keyp, &key, &val, 0)) - return (-1); - change = (__call_hash(hashp,(char*) key.data, key.size) != obucket); - - if ((ret->next_addr = __find_last_page(hashp, &big_keyp))) { - if (!(ret->nextp = - __get_buf(hashp, ret->next_addr, big_keyp, 0))) - return (-1);; - } else - ret->nextp = NULL; - - /* Now make one of np/op point to the big key/data pair */ -#ifdef DEBUG - assert(np->ovfl == NULL); -#endif - if (change) - tmpp = np; - else - tmpp = op; - - tmpp->flags |= BUF_MOD; -#ifdef DEBUG1 - (void)fprintf(stderr, - "BIG_SPLIT: %d->ovfl was %d is now %d\n", tmpp->addr, - (tmpp->ovfl ? tmpp->ovfl->addr : 0), (bp ? bp->addr : 0)); -#endif - tmpp->ovfl = bp; /* one of op/np point to big_keyp */ - tp = (uint16 *)tmpp->page; - - -#if 0 /* this get's tripped on database corrupted error */ - assert(FREESPACE(tp) >= OVFLSIZE); -#endif - if(FREESPACE(tp) < OVFLSIZE) - return(DATABASE_CORRUPTED_ERROR); - - n = tp[0]; - off = OFFSET(tp); - free_space = FREESPACE(tp); - tp[++n] = (uint16)addr; - tp[++n] = OVFLPAGE; - tp[0] = n; - OFFSET(tp) = off; - FREESPACE(tp) = free_space - OVFLSIZE; - - /* - * Finally, set the new and old return values. BIG_KEYP contains a - * pointer to the last page of the big key_data pair. Make sure that - * big_keyp has no following page (2 elements) or create an empty - * following page. - */ - - ret->newp = np; - ret->oldp = op; - - tp = (uint16 *)big_keyp->page; - big_keyp->flags |= BUF_MOD; - if (tp[0] > 2) { - /* - * There may be either one or two offsets on this page. If - * there is one, then the overflow page is linked on normally - * and tp[4] is OVFLPAGE. If there are two, tp[4] contains - * the second offset and needs to get stuffed in after the - * next overflow page is added. - */ - n = tp[4]; - free_space = FREESPACE(tp); - off = OFFSET(tp); - tp[0] -= 2; - FREESPACE(tp) = free_space + OVFLSIZE; - OFFSET(tp) = off; - tmpp = __add_ovflpage(hashp, big_keyp); - if (!tmpp) - return (-1); - tp[4] = n; - } else - tmpp = big_keyp; - - if (change) - ret->newp = tmpp; - else - ret->oldp = tmpp; - return (0); -} diff --git a/dbm/src/h_func.c b/dbm/src/h_func.c deleted file mode 100644 index 8c86be64ad..0000000000 --- a/dbm/src/h_func.c +++ /dev/null @@ -1,207 +0,0 @@ -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)hash_func.c 8.2 (Berkeley) 2/21/94"; -#endif /* LIBC_SCCS and not lint */ - -#ifndef macintosh -#include -#endif -#include "mcom_db.h" -#include "hash.h" -#include "page.h" -/* #include "extern.h" */ - -#if 0 -static uint32 hash1 __P((const void *, size_t)); -static uint32 hash2 __P((const void *, size_t)); -static uint32 hash3 __P((const void *, size_t)); -#endif -static uint32 hash4 __P((const void *, size_t)); - -/* Global default hash function */ -uint32 (*__default_hash) __P((const void *, size_t)) = hash4; - -/* - * HASH FUNCTIONS - * - * Assume that we've already split the bucket to which this key hashes, - * calculate that bucket, and check that in fact we did already split it. - * - * This came from ejb's hsearch. - */ - -#define PRIME1 37 -#define PRIME2 1048583 - -#if 0 -static uint32 -hash1(const void *keyarg, register size_t len) -{ - register const uint8 *key; - register uint32 h; - - /* Convert string to integer */ - for (key = (const uint8 *)keyarg, h = 0; len--;) - h = h * PRIME1 ^ (*key++ - ' '); - h %= PRIME2; - return (h); -} - -/* - * Phong's linear congruential hash - */ -#define dcharhash(h, c) ((h) = 0x63c63cd9*(h) + 0x9c39c33d + (c)) - -static uint32 -hash2(const void *keyarg, size_t len) -{ - register const uint8 *e, *key; - register uint32 h; - register uint8 c; - - key = (const uint8 *)keyarg; - e = key + len; - for (h = 0; key != e;) { - c = *key++; - if (!c && key > e) - break; - dcharhash(h, c); - } - return (h); -} - -/* - * This is INCREDIBLY ugly, but fast. We break the string up into 8 byte - * units. On the first time through the loop we get the "leftover bytes" - * (strlen % 8). On every other iteration, we perform 8 HASHC's so we handle - * all 8 bytes. Essentially, this saves us 7 cmp & branch instructions. If - * this routine is heavily used enough, it's worth the ugly coding. - * - * OZ's original sdbm hash - */ -static uint32 -hash3(const void *keyarg, register size_t len) -{ - register const uint8 *key; - register size_t loop; - register uint32 h; - -#define HASHC h = *key++ + 65599 * h - - h = 0; - key = (const uint8 *)keyarg; - if (len > 0) { - loop = (len + 8 - 1) >> 3; - - switch (len & (8 - 1)) { - case 0: - do { - HASHC; - /* FALLTHROUGH */ - case 7: - HASHC; - /* FALLTHROUGH */ - case 6: - HASHC; - /* FALLTHROUGH */ - case 5: - HASHC; - /* FALLTHROUGH */ - case 4: - HASHC; - /* FALLTHROUGH */ - case 3: - HASHC; - /* FALLTHROUGH */ - case 2: - HASHC; - /* FALLTHROUGH */ - case 1: - HASHC; - } while (--loop); - } - } - return (h); -} -#endif /* 0 */ - -/* Hash function from Chris Torek. */ -static uint32 -hash4(const void *keyarg, register size_t len) -{ - register const uint8 *key; - register size_t loop; - register uint32 h; - -#define HASH4a h = (h << 5) - h + *key++; -#define HASH4b h = (h << 5) + h + *key++; -#define HASH4 HASH4b - - h = 0; - key = (const uint8 *)keyarg; - if (len > 0) { - loop = (len + 8 - 1) >> 3; - - switch (len & (8 - 1)) { - case 0: - do { - HASH4; - /* FALLTHROUGH */ - case 7: - HASH4; - /* FALLTHROUGH */ - case 6: - HASH4; - /* FALLTHROUGH */ - case 5: - HASH4; - /* FALLTHROUGH */ - case 4: - HASH4; - /* FALLTHROUGH */ - case 3: - HASH4; - /* FALLTHROUGH */ - case 2: - HASH4; - /* FALLTHROUGH */ - case 1: - HASH4; - } while (--loop); - } - } - return (h); -} diff --git a/dbm/src/h_log2.c b/dbm/src/h_log2.c deleted file mode 100644 index 9c8ea06c8b..0000000000 --- a/dbm/src/h_log2.c +++ /dev/null @@ -1,52 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)hash_log2.c 8.2 (Berkeley) 5/31/94"; -#endif /* LIBC_SCCS and not lint */ - -#include -#ifndef macintosh -#include -#endif -#include "mcom_db.h" - -uint32 __log2(uint32 num) -{ - register uint32 i, limit; - - limit = 1; - for (i = 0; limit < num; limit = limit << 1, i++) {} - return (i); -} diff --git a/dbm/src/h_page.c b/dbm/src/h_page.c deleted file mode 100644 index 3b95554dba..0000000000 --- a/dbm/src/h_page.c +++ /dev/null @@ -1,1286 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(unix) -#define MY_LSEEK lseek -#else -#define MY_LSEEK new_lseek -extern long new_lseek(int fd, long pos, int start); -#endif - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)hash_page.c 8.7 (Berkeley) 8/16/94"; -#endif /* LIBC_SCCS and not lint */ - -/* - * PACKAGE: hashing - * - * DESCRIPTION: - * Page manipulation for hashing package. - * - * ROUTINES: - * - * External - * __get_page - * __add_ovflpage - * Internal - * overflow_page - * open_temp - */ -#ifndef macintosh -#include -#endif - -#if defined(macintosh) -#include -#endif - -#include -#include -#if defined(_WIN32) || defined(_WINDOWS) -#include -#endif -#include -#include -#include -#include - -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) -#include -#endif - -#include - -#include "mcom_db.h" -#include "hash.h" -#include "page.h" -/* #include "extern.h" */ - -extern int mkstempflags(char *path, int extraFlags); - -static uint32 *fetch_bitmap __P((HTAB *, uint32)); -static uint32 first_free __P((uint32)); -static int open_temp __P((HTAB *)); -static uint16 overflow_page __P((HTAB *)); -static void squeeze_key __P((uint16 *, const DBT *, const DBT *)); -static int ugly_split - __P((HTAB *, uint32, BUFHEAD *, BUFHEAD *, int, int)); - -#define PAGE_INIT(P) { \ - ((uint16 *)(P))[0] = 0; \ - ((uint16 *)(P))[1] = hashp->BSIZE - 3 * sizeof(uint16); \ - ((uint16 *)(P))[2] = hashp->BSIZE; \ -} - -/* implement a new lseek using lseek that - * writes zero's when extending a file - * beyond the end. - */ -long new_lseek(int fd, long offset, int origin) -{ - long cur_pos=0; - long end_pos=0; - long seek_pos=0; - - if(origin == SEEK_CUR) - { - if(offset < 1) - return(lseek(fd, offset, SEEK_CUR)); - - cur_pos = lseek(fd, 0, SEEK_CUR); - - if(cur_pos < 0) - return(cur_pos); - } - - end_pos = lseek(fd, 0, SEEK_END); - if(end_pos < 0) - return(end_pos); - - if(origin == SEEK_SET) - seek_pos = offset; - else if(origin == SEEK_CUR) - seek_pos = cur_pos + offset; - else if(origin == SEEK_END) - seek_pos = end_pos + offset; - else - { - assert(0); - return(-1); - } - - /* the seek position desired is before the - * end of the file. We don't need - * to do anything special except the seek. - */ - if(seek_pos <= end_pos) - return(lseek(fd, seek_pos, SEEK_SET)); - - /* the seek position is beyond the end of the - * file. Write zero's to the end. - * - * we are already at the end of the file so - * we just need to "write()" zeros for the - * difference between seek_pos-end_pos and - * then seek to the position to finish - * the call - */ - { - char buffer[1024]; - long len = seek_pos-end_pos; - memset(&buffer, 0, 1024); - while(len > 0) - { - write(fd, (char*)&buffer, (size_t)(1024 > len ? len : 1024)); - len -= 1024; - } - return(lseek(fd, seek_pos, SEEK_SET)); - } - -} - -/* - * This is called AFTER we have verified that there is room on the page for - * the pair (PAIRFITS has returned true) so we go right ahead and start moving - * stuff on. - */ -static void -putpair(char *p, const DBT *key, DBT * val) -{ - register uint16 *bp, n, off; - - bp = (uint16 *)p; - - /* Enter the key first. */ - n = bp[0]; - - off = OFFSET(bp) - key->size; - memmove(p + off, key->data, key->size); - bp[++n] = off; - - /* Now the data. */ - off -= val->size; - memmove(p + off, val->data, val->size); - bp[++n] = off; - - /* Adjust page info. */ - bp[0] = n; - bp[n + 1] = off - ((n + 3) * sizeof(uint16)); - bp[n + 2] = off; -} - -/* - * Returns: - * 0 OK - * -1 error - */ -extern int -__delpair(HTAB *hashp, BUFHEAD *bufp, int ndx) -{ - register uint16 *bp, newoff; - register int n; - uint16 pairlen; - - bp = (uint16 *)bufp->page; - n = bp[0]; - - if (bp[ndx + 1] < REAL_KEY) - return (__big_delete(hashp, bufp)); - if (ndx != 1) - newoff = bp[ndx - 1]; - else - newoff = hashp->BSIZE; - pairlen = newoff - bp[ndx + 1]; - - if (ndx != (n - 1)) { - /* Hard Case -- need to shuffle keys */ - register int i; - register char *src = bufp->page + (int)OFFSET(bp); - uint32 dst_offset = (uint32)OFFSET(bp) + (uint32)pairlen; - register char *dst = bufp->page + dst_offset; - uint32 length = bp[ndx + 1] - OFFSET(bp); - - /* - * +-----------+XXX+---------+XXX+---------+---------> +infinity - * | | | | - * 0 src_offset dst_offset BSIZE - * - * Dst_offset is > src_offset, so if src_offset were bad, dst_offset - * would be too, therefore we check only dst_offset. - * - * If dst_offset is >= BSIZE, either OFFSET(bp), or pairlen, or both - * is corrupted. - * - * Once we know dst_offset is < BSIZE, we can subtract it from BSIZE - * to get an upper bound on length. - */ - if(dst_offset > (uint32)hashp->BSIZE) - return(DATABASE_CORRUPTED_ERROR); - - if(length > (uint32)(hashp->BSIZE - dst_offset)) - return(DATABASE_CORRUPTED_ERROR); - - memmove(dst, src, length); - - /* Now adjust the pointers */ - for (i = ndx + 2; i <= n; i += 2) { - if (bp[i + 1] == OVFLPAGE) { - bp[i - 2] = bp[i]; - bp[i - 1] = bp[i + 1]; - } else { - bp[i - 2] = bp[i] + pairlen; - bp[i - 1] = bp[i + 1] + pairlen; - } - } - } - /* Finally adjust the page data */ - bp[n] = OFFSET(bp) + pairlen; - bp[n - 1] = bp[n + 1] + pairlen + 2 * sizeof(uint16); - bp[0] = n - 2; - hashp->NKEYS--; - - bufp->flags |= BUF_MOD; - return (0); -} -/* - * Returns: - * 0 ==> OK - * -1 ==> Error - */ -extern int -__split_page(HTAB *hashp, uint32 obucket, uint32 nbucket) -{ - register BUFHEAD *new_bufp, *old_bufp; - register uint16 *ino; - register uint16 *tmp_uint16_array; - register char *np; - DBT key, val; - uint16 n, ndx; - int retval; - uint16 copyto, diff, moved; - size_t off; - char *op; - - copyto = (uint16)hashp->BSIZE; - off = (uint16)hashp->BSIZE; - old_bufp = __get_buf(hashp, obucket, NULL, 0); - if (old_bufp == NULL) - return (-1); - new_bufp = __get_buf(hashp, nbucket, NULL, 0); - if (new_bufp == NULL) - return (-1); - - old_bufp->flags |= (BUF_MOD | BUF_PIN); - new_bufp->flags |= (BUF_MOD | BUF_PIN); - - ino = (uint16 *)(op = old_bufp->page); - np = new_bufp->page; - - moved = 0; - - for (n = 1, ndx = 1; n < ino[0]; n += 2) { - if (ino[n + 1] < REAL_KEY) { - retval = ugly_split(hashp, obucket, old_bufp, new_bufp, - (int)copyto, (int)moved); - old_bufp->flags &= ~BUF_PIN; - new_bufp->flags &= ~BUF_PIN; - return (retval); - - } - key.data = (uint8 *)op + ino[n]; - - /* check here for ino[n] being greater than - * off. If it is then the database has - * been corrupted. - */ - if(ino[n] > off) - return(DATABASE_CORRUPTED_ERROR); - - key.size = off - ino[n]; - -#ifdef DEBUG - /* make sure the size is positive */ - assert(((int)key.size) > -1); -#endif - - if (__call_hash(hashp, (char *)key.data, key.size) == obucket) { - /* Don't switch page */ - diff = copyto - off; - if (diff) { - copyto = ino[n + 1] + diff; - memmove(op + copyto, op + ino[n + 1], - off - ino[n + 1]); - ino[ndx] = copyto + ino[n] - ino[n + 1]; - ino[ndx + 1] = copyto; - } else - copyto = ino[n + 1]; - ndx += 2; - } else { - /* Switch page */ - val.data = (uint8 *)op + ino[n + 1]; - val.size = ino[n] - ino[n + 1]; - - /* if the pair doesn't fit something is horribly - * wrong. LJM - */ - tmp_uint16_array = (uint16*)np; - if(!PAIRFITS(tmp_uint16_array, &key, &val)) - return(DATABASE_CORRUPTED_ERROR); - - putpair(np, &key, &val); - moved += 2; - } - - off = ino[n + 1]; - } - - /* Now clean up the page */ - ino[0] -= moved; - FREESPACE(ino) = copyto - sizeof(uint16) * (ino[0] + 3); - OFFSET(ino) = copyto; - -#ifdef DEBUG3 - (void)fprintf(stderr, "split %d/%d\n", - ((uint16 *)np)[0] / 2, - ((uint16 *)op)[0] / 2); -#endif - /* unpin both pages */ - old_bufp->flags &= ~BUF_PIN; - new_bufp->flags &= ~BUF_PIN; - return (0); -} - -/* - * Called when we encounter an overflow or big key/data page during split - * handling. This is special cased since we have to begin checking whether - * the key/data pairs fit on their respective pages and because we may need - * overflow pages for both the old and new pages. - * - * The first page might be a page with regular key/data pairs in which case - * we have a regular overflow condition and just need to go on to the next - * page or it might be a big key/data pair in which case we need to fix the - * big key/data pair. - * - * Returns: - * 0 ==> success - * -1 ==> failure - */ - -/* the maximum number of loops we will allow UGLY split to chew - * on before we assume the database is corrupted and throw it - * away. - */ -#define MAX_UGLY_SPLIT_LOOPS 10000 - -static int -ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp, - BUFHEAD *new_bufp,/* Same as __split_page. */ int copyto, int moved) - /* int copyto; First byte on page which contains key/data values. */ - /* int moved; Number of pairs moved to new page. */ -{ - register BUFHEAD *bufp; /* Buffer header for ino */ - register uint16 *ino; /* Page keys come off of */ - register uint16 *np; /* New page */ - register uint16 *op; /* Page keys go on to if they aren't moving */ - uint32 loop_detection=0; - - BUFHEAD *last_bfp; /* Last buf header OVFL needing to be freed */ - DBT key, val; - SPLIT_RETURN ret; - uint16 n, off, ov_addr, scopyto; - char *cino; /* Character value of ino */ - int status; - - bufp = old_bufp; - ino = (uint16 *)old_bufp->page; - np = (uint16 *)new_bufp->page; - op = (uint16 *)old_bufp->page; - last_bfp = NULL; - scopyto = (uint16)copyto; /* ANSI */ - - n = ino[0] - 1; - while (n < ino[0]) { - - - /* this function goes nuts sometimes and never returns. - * I havent found the problem yet but I need a solution - * so if we loop too often we assume a database curruption error - * :LJM - */ - loop_detection++; - - if(loop_detection > MAX_UGLY_SPLIT_LOOPS) - return DATABASE_CORRUPTED_ERROR; - - if (ino[2] < REAL_KEY && ino[2] != OVFLPAGE) { - if ((status = __big_split(hashp, old_bufp, - new_bufp, bufp, bufp->addr, obucket, &ret))) - return (status); - old_bufp = ret.oldp; - if (!old_bufp) - return (-1); - op = (uint16 *)old_bufp->page; - new_bufp = ret.newp; - if (!new_bufp) - return (-1); - np = (uint16 *)new_bufp->page; - bufp = ret.nextp; - if (!bufp) - return (0); - cino = (char *)bufp->page; - ino = (uint16 *)cino; - last_bfp = ret.nextp; - } else if (ino[n + 1] == OVFLPAGE) { - ov_addr = ino[n]; - /* - * Fix up the old page -- the extra 2 are the fields - * which contained the overflow information. - */ - ino[0] -= (moved + 2); - FREESPACE(ino) = - scopyto - sizeof(uint16) * (ino[0] + 3); - OFFSET(ino) = scopyto; - - bufp = __get_buf(hashp, ov_addr, bufp, 0); - if (!bufp) - return (-1); - - ino = (uint16 *)bufp->page; - n = 1; - scopyto = hashp->BSIZE; - moved = 0; - - if (last_bfp) - __free_ovflpage(hashp, last_bfp); - last_bfp = bufp; - } - /* Move regular sized pairs of there are any */ - off = hashp->BSIZE; - for (n = 1; (n < ino[0]) && (ino[n + 1] >= REAL_KEY); n += 2) { - cino = (char *)ino; - key.data = (uint8 *)cino + ino[n]; - key.size = off - ino[n]; - val.data = (uint8 *)cino + ino[n + 1]; - val.size = ino[n] - ino[n + 1]; - off = ino[n + 1]; - - if (__call_hash(hashp, (char*)key.data, key.size) == obucket) { - /* Keep on old page */ - if (PAIRFITS(op, (&key), (&val))) - putpair((char *)op, &key, &val); - else { - old_bufp = - __add_ovflpage(hashp, old_bufp); - if (!old_bufp) - return (-1); - op = (uint16 *)old_bufp->page; - putpair((char *)op, &key, &val); - } - old_bufp->flags |= BUF_MOD; - } else { - /* Move to new page */ - if (PAIRFITS(np, (&key), (&val))) - putpair((char *)np, &key, &val); - else { - new_bufp = - __add_ovflpage(hashp, new_bufp); - if (!new_bufp) - return (-1); - np = (uint16 *)new_bufp->page; - putpair((char *)np, &key, &val); - } - new_bufp->flags |= BUF_MOD; - } - } - } - if (last_bfp) - __free_ovflpage(hashp, last_bfp); - return (0); -} - -/* - * Add the given pair to the page - * - * Returns: - * 0 ==> OK - * 1 ==> failure - */ -extern int -__addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT * val) -{ - register uint16 *bp, *sop; - int do_expand; - - bp = (uint16 *)bufp->page; - do_expand = 0; - while (bp[0] && (bp[2] < REAL_KEY || bp[bp[0]] < REAL_KEY)) - /* Exception case */ - if (bp[2] == FULL_KEY_DATA && bp[0] == 2) - /* This is the last page of a big key/data pair - and we need to add another page */ - break; - else if (bp[2] < REAL_KEY && bp[bp[0]] != OVFLPAGE) { - bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); - if (!bufp) - { -#ifdef DEBUG - assert(0); -#endif - return (-1); - } - bp = (uint16 *)bufp->page; - } else - /* Try to squeeze key on this page */ - if (FREESPACE(bp) > PAIRSIZE(key, val)) { - { - squeeze_key(bp, key, val); - - /* LJM: I added this because I think it was - * left out on accident. - * if this isn't incremented nkeys will not - * be the actual number of keys in the db. - */ - hashp->NKEYS++; - return (0); - } - } else { - bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); - if (!bufp) - { -#ifdef DEBUG - assert(0); -#endif - return (-1); - } - bp = (uint16 *)bufp->page; - } - - if (PAIRFITS(bp, key, val)) - putpair(bufp->page, key, (DBT *)val); - else { - do_expand = 1; - bufp = __add_ovflpage(hashp, bufp); - if (!bufp) - { -#ifdef DEBUG - assert(0); -#endif - return (-1); - } - sop = (uint16 *)bufp->page; - - if (PAIRFITS(sop, key, val)) - putpair((char *)sop, key, (DBT *)val); - else - if (__big_insert(hashp, bufp, key, val)) - { -#ifdef DEBUG - assert(0); -#endif - return (-1); - } - } - bufp->flags |= BUF_MOD; - /* - * If the average number of keys per bucket exceeds the fill factor, - * expand the table. - */ - hashp->NKEYS++; - if (do_expand || - (hashp->NKEYS / (hashp->MAX_BUCKET + 1) > hashp->FFACTOR)) - return (__expand_table(hashp)); - return (0); -} - -/* - * - * Returns: - * pointer on success - * NULL on error - */ -extern BUFHEAD * -__add_ovflpage(HTAB *hashp, BUFHEAD *bufp) -{ - register uint16 *sp; - uint16 ndx, ovfl_num; -#ifdef DEBUG1 - int tmp1, tmp2; -#endif - sp = (uint16 *)bufp->page; - - /* Check if we are dynamically determining the fill factor */ - if (hashp->FFACTOR == DEF_FFACTOR) { - hashp->FFACTOR = sp[0] >> 1; - if (hashp->FFACTOR < MIN_FFACTOR) - hashp->FFACTOR = MIN_FFACTOR; - } - bufp->flags |= BUF_MOD; - ovfl_num = overflow_page(hashp); -#ifdef DEBUG1 - tmp1 = bufp->addr; - tmp2 = bufp->ovfl ? bufp->ovfl->addr : 0; -#endif - if (!ovfl_num || !(bufp->ovfl = __get_buf(hashp, ovfl_num, bufp, 1))) - return (NULL); - bufp->ovfl->flags |= BUF_MOD; -#ifdef DEBUG1 - (void)fprintf(stderr, "ADDOVFLPAGE: %d->ovfl was %d is now %d\n", - tmp1, tmp2, bufp->ovfl->addr); -#endif - ndx = sp[0]; - /* - * Since a pair is allocated on a page only if there's room to add - * an overflow page, we know that the OVFL information will fit on - * the page. - */ - sp[ndx + 4] = OFFSET(sp); - sp[ndx + 3] = FREESPACE(sp) - OVFLSIZE; - sp[ndx + 1] = ovfl_num; - sp[ndx + 2] = OVFLPAGE; - sp[0] = ndx + 2; -#ifdef HASH_STATISTICS - hash_overflows++; -#endif - return (bufp->ovfl); -} - -/* - * Returns: - * 0 indicates SUCCESS - * -1 indicates FAILURE - */ -extern int -__get_page(HTAB *hashp, - char * p, - uint32 bucket, - int is_bucket, - int is_disk, - int is_bitmap) -{ - register int fd, page; - size_t size; - int rsize; - uint16 *bp; - - fd = hashp->fp; - size = hashp->BSIZE; - - if ((fd == -1) || !is_disk) { - PAGE_INIT(p); - return (0); - } - if (is_bucket) - page = BUCKET_TO_PAGE(bucket); - else - page = OADDR_TO_PAGE(bucket); - if ((MY_LSEEK(fd, (off_t)page << hashp->BSHIFT, SEEK_SET) == -1) || - ((rsize = read(fd, p, size)) == -1)) - return (-1); - - bp = (uint16 *)p; - if (!rsize) - bp[0] = 0; /* We hit the EOF, so initialize a new page */ - else - if ((unsigned)rsize != size) { - errno = EFTYPE; - return (-1); - } - - if (!is_bitmap && !bp[0]) { - PAGE_INIT(p); - } else { - -#ifdef DEBUG - if(BYTE_ORDER == LITTLE_ENDIAN) - { - int is_little_endian; - is_little_endian = BYTE_ORDER; - } - else if(BYTE_ORDER == BIG_ENDIAN) - { - int is_big_endian; - is_big_endian = BYTE_ORDER; - } - else - { - assert(0); - } -#endif - - if (hashp->LORDER != BYTE_ORDER) { - register int i, max; - - if (is_bitmap) { - max = hashp->BSIZE >> 2; /* divide by 4 */ - for (i = 0; i < max; i++) - M_32_SWAP(((int *)p)[i]); - } else { - M_16_SWAP(bp[0]); - max = bp[0] + 2; - - /* bound the size of max by - * the maximum number of entries - * in the array - */ - if((unsigned)max > (size / sizeof(uint16))) - return(DATABASE_CORRUPTED_ERROR); - - /* do the byte order swap - */ - for (i = 1; i <= max; i++) - M_16_SWAP(bp[i]); - } - } - - /* check the validity of the page here - * (after doing byte order swaping if necessary) - */ - if(!is_bitmap && bp[0] != 0) - { - uint16 num_keys = bp[0]; - uint16 offset; - uint16 i; - - /* bp[0] is supposed to be the number of - * entries currently in the page. If - * bp[0] is too large (larger than the whole - * page) then the page is corrupted - */ - if(bp[0] > (size / sizeof(uint16))) - return(DATABASE_CORRUPTED_ERROR); - - /* bound free space */ - if(FREESPACE(bp) > size) - return(DATABASE_CORRUPTED_ERROR); - - /* check each key and data offset to make - * sure they are all within bounds they - * should all be less than the previous - * offset as well. - */ - offset = size; - for(i=1 ; i <= num_keys; i+=2) - { - /* ignore overflow pages etc. */ - if(bp[i+1] >= REAL_KEY) - { - - if(bp[i] > offset || bp[i+1] > bp[i]) - return(DATABASE_CORRUPTED_ERROR); - - offset = bp[i+1]; - } - else - { - /* there are no other valid keys after - * seeing a non REAL_KEY - */ - break; - } - } - } - } - return (0); -} - -/* - * Write page p to disk - * - * Returns: - * 0 ==> OK - * -1 ==>failure - */ -extern int -__put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap) -{ - register int fd, page; - size_t size; - int wsize; - off_t offset; - - size = hashp->BSIZE; - if ((hashp->fp == -1) && open_temp(hashp)) - return (-1); - fd = hashp->fp; - - if (hashp->LORDER != BYTE_ORDER) { - register int i; - register int max; - - if (is_bitmap) { - max = hashp->BSIZE >> 2; /* divide by 4 */ - for (i = 0; i < max; i++) - M_32_SWAP(((int *)p)[i]); - } else { - max = ((uint16 *)p)[0] + 2; - - /* bound the size of max by - * the maximum number of entries - * in the array - */ - if((unsigned)max > (size / sizeof(uint16))) - return(DATABASE_CORRUPTED_ERROR); - - for (i = 0; i <= max; i++) - M_16_SWAP(((uint16 *)p)[i]); - - } - } - - if (is_bucket) - page = BUCKET_TO_PAGE(bucket); - else - page = OADDR_TO_PAGE(bucket); - offset = (off_t)page << hashp->BSHIFT; - if ((MY_LSEEK(fd, offset, SEEK_SET) == -1) || - ((wsize = write(fd, p, size)) == -1)) - /* Errno is set */ - return (-1); - if ((unsigned)wsize != size) { - errno = EFTYPE; - return (-1); - } -#if defined(_WIN32) || defined(_WINDOWS) - if (offset + size > hashp->file_size) { - hashp->updateEOF = 1; - } -#endif - /* put the page back the way it was so that it isn't byteswapped - * if it remains in memory - LJM - */ - if (hashp->LORDER != BYTE_ORDER) { - register int i; - register int max; - - if (is_bitmap) { - max = hashp->BSIZE >> 2; /* divide by 4 */ - for (i = 0; i < max; i++) - M_32_SWAP(((int *)p)[i]); - } else { - uint16 *bp = (uint16 *)p; - - M_16_SWAP(bp[0]); - max = bp[0] + 2; - - /* no need to bound the size if max again - * since it was done already above - */ - - /* do the byte order re-swap - */ - for (i = 1; i <= max; i++) - M_16_SWAP(bp[i]); - } - } - - return (0); -} - -#define BYTE_MASK ((1 << INT_BYTE_SHIFT) -1) -/* - * Initialize a new bitmap page. Bitmap pages are left in memory - * once they are read in. - */ -extern int -__ibitmap(HTAB *hashp, int pnum, int nbits, int ndx) -{ - uint32 *ip; - size_t clearbytes, clearints; - - if ((ip = (uint32 *)malloc((size_t)hashp->BSIZE)) == NULL) - return (1); - hashp->nmaps++; - clearints = ((nbits - 1) >> INT_BYTE_SHIFT) + 1; - clearbytes = clearints << INT_TO_BYTE; - (void)memset((char *)ip, 0, clearbytes); - (void)memset(((char *)ip) + clearbytes, 0xFF, - hashp->BSIZE - clearbytes); - ip[clearints - 1] = ALL_SET << (nbits & BYTE_MASK); - SETBIT(ip, 0); - hashp->BITMAPS[ndx] = (uint16)pnum; - hashp->mapp[ndx] = ip; - return (0); -} - -static uint32 -first_free(uint32 map) -{ - register uint32 i, mask; - - mask = 0x1; - for (i = 0; i < BITS_PER_MAP; i++) { - if (!(mask & map)) - return (i); - mask = mask << 1; - } - return (i); -} - -static uint16 -overflow_page(HTAB *hashp) -{ - register uint32 *freep=NULL; - register int max_free, offset, splitnum; - uint16 addr; - uint32 i; - int bit, first_page, free_bit, free_page, in_use_bits, j; -#ifdef DEBUG2 - int tmp1, tmp2; -#endif - splitnum = hashp->OVFL_POINT; - max_free = hashp->SPARES[splitnum]; - - free_page = (max_free - 1) >> (hashp->BSHIFT + BYTE_SHIFT); - free_bit = (max_free - 1) & ((hashp->BSIZE << BYTE_SHIFT) - 1); - - /* Look through all the free maps to find the first free block */ - first_page = hashp->LAST_FREED >>(hashp->BSHIFT + BYTE_SHIFT); - for ( i = first_page; i <= (unsigned)free_page; i++ ) { - if (!(freep = (uint32 *)hashp->mapp[i]) && - !(freep = fetch_bitmap(hashp, i))) - return (0); - if (i == (unsigned)free_page) - in_use_bits = free_bit; - else - in_use_bits = (hashp->BSIZE << BYTE_SHIFT) - 1; - - if (i == (unsigned)first_page) { - bit = hashp->LAST_FREED & - ((hashp->BSIZE << BYTE_SHIFT) - 1); - j = bit / BITS_PER_MAP; - bit = bit & ~(BITS_PER_MAP - 1); - } else { - bit = 0; - j = 0; - } - for (; bit <= in_use_bits; j++, bit += BITS_PER_MAP) - if (freep[j] != ALL_SET) - goto found; - } - - /* No Free Page Found */ - hashp->LAST_FREED = hashp->SPARES[splitnum]; - hashp->SPARES[splitnum]++; - offset = hashp->SPARES[splitnum] - - (splitnum ? hashp->SPARES[splitnum - 1] : 0); - -#define OVMSG "HASH: Out of overflow pages. Increase page size\n" - if (offset > SPLITMASK) { - if (++splitnum >= NCACHED) { -#ifndef macintosh - (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1); -#endif - return (0); - } - hashp->OVFL_POINT = splitnum; - hashp->SPARES[splitnum] = hashp->SPARES[splitnum-1]; - hashp->SPARES[splitnum-1]--; - offset = 1; - } - - /* Check if we need to allocate a new bitmap page */ - if (free_bit == (hashp->BSIZE << BYTE_SHIFT) - 1) { - free_page++; - if (free_page >= NCACHED) { -#ifndef macintosh - (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1); -#endif - return (0); - } - /* - * This is tricky. The 1 indicates that you want the new page - * allocated with 1 clear bit. Actually, you are going to - * allocate 2 pages from this map. The first is going to be - * the map page, the second is the overflow page we were - * looking for. The init_bitmap routine automatically, sets - * the first bit of itself to indicate that the bitmap itself - * is in use. We would explicitly set the second bit, but - * don't have to if we tell init_bitmap not to leave it clear - * in the first place. - */ - if (__ibitmap(hashp, - (int)OADDR_OF(splitnum, offset), 1, free_page)) - return (0); - hashp->SPARES[splitnum]++; -#ifdef DEBUG2 - free_bit = 2; -#endif - offset++; - if (offset > SPLITMASK) { - if (++splitnum >= NCACHED) { -#ifndef macintosh - (void)write(STDERR_FILENO, OVMSG, - sizeof(OVMSG) - 1); -#endif - return (0); - } - hashp->OVFL_POINT = splitnum; - hashp->SPARES[splitnum] = hashp->SPARES[splitnum-1]; - hashp->SPARES[splitnum-1]--; - offset = 0; - } - } else { - /* - * Free_bit addresses the last used bit. Bump it to address - * the first available bit. - */ - free_bit++; - SETBIT(freep, free_bit); - } - - /* Calculate address of the new overflow page */ - addr = OADDR_OF(splitnum, offset); -#ifdef DEBUG2 - (void)fprintf(stderr, "OVERFLOW_PAGE: ADDR: %d BIT: %d PAGE %d\n", - addr, free_bit, free_page); -#endif - return (addr); - -found: - bit = bit + first_free(freep[j]); - SETBIT(freep, bit); -#ifdef DEBUG2 - tmp1 = bit; - tmp2 = i; -#endif - /* - * Bits are addressed starting with 0, but overflow pages are addressed - * beginning at 1. Bit is a bit addressnumber, so we need to increment - * it to convert it to a page number. - */ - bit = 1 + bit + (i * (hashp->BSIZE << BYTE_SHIFT)); - if (bit >= hashp->LAST_FREED) - hashp->LAST_FREED = bit - 1; - - /* Calculate the split number for this page */ - for (i = 0; (i < (unsigned)splitnum) && (bit > hashp->SPARES[i]); i++) {} - offset = (i ? bit - hashp->SPARES[i - 1] : bit); - if (offset >= SPLITMASK) - return (0); /* Out of overflow pages */ - addr = OADDR_OF(i, offset); -#ifdef DEBUG2 - (void)fprintf(stderr, "OVERFLOW_PAGE: ADDR: %d BIT: %d PAGE %d\n", - addr, tmp1, tmp2); -#endif - - /* Allocate and return the overflow page */ - return (addr); -} - -/* - * Mark this overflow page as free. - */ -extern void -__free_ovflpage(HTAB *hashp, BUFHEAD *obufp) -{ - uint16 addr; - uint32 *freep; - uint32 bit_address, free_page, free_bit; - uint16 ndx; - - if(!obufp || !obufp->addr) - return; - - addr = obufp->addr; -#ifdef DEBUG1 - (void)fprintf(stderr, "Freeing %d\n", addr); -#endif - ndx = (((uint16)addr) >> SPLITSHIFT); - bit_address = - (ndx ? hashp->SPARES[ndx - 1] : 0) + (addr & SPLITMASK) - 1; - if (bit_address < (uint32)hashp->LAST_FREED) - hashp->LAST_FREED = bit_address; - free_page = (bit_address >> (hashp->BSHIFT + BYTE_SHIFT)); - free_bit = bit_address & ((hashp->BSIZE << BYTE_SHIFT) - 1); - - if (!(freep = hashp->mapp[free_page])) - freep = fetch_bitmap(hashp, free_page); - -#ifdef DEBUG - /* - * This had better never happen. It means we tried to read a bitmap - * that has already had overflow pages allocated off it, and we - * failed to read it from the file. - */ - if (!freep) - { - assert(0); - return; - } -#endif - CLRBIT(freep, free_bit); -#ifdef DEBUG2 - (void)fprintf(stderr, "FREE_OVFLPAGE: ADDR: %d BIT: %d PAGE %d\n", - obufp->addr, free_bit, free_page); -#endif - __reclaim_buf(hashp, obufp); -} - -/* - * Returns: - * 0 success - * -1 failure - */ -static int -open_temp(HTAB *hashp) -{ -#ifdef XP_OS2 - hashp->fp = mkstemp(NULL); -#else -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) - sigset_t set, oset; -#endif -#if !defined(macintosh) - char * tmpdir; - size_t len; - char last; -#endif - static const char namestr[] = "/_hashXXXXXX"; - char filename[1024]; - -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) - /* Block signals; make sure file goes away at process exit. */ - (void)sigfillset(&set); - (void)sigprocmask(SIG_BLOCK, &set, &oset); -#endif - - filename[0] = 0; -#if defined(macintosh) - strcat(filename, namestr + 1); -#else - tmpdir = getenv("TMP"); - if (!tmpdir) - tmpdir = getenv("TMPDIR"); - if (!tmpdir) - tmpdir = getenv("TEMP"); - if (!tmpdir) - tmpdir = "."; - len = strlen(tmpdir); - if (len && len < (sizeof filename - sizeof namestr)) { - strcpy(filename, tmpdir); - } - len = strlen(filename); - last = tmpdir[len - 1]; - strcat(filename, (last == '/' || last == '\\') ? namestr + 1 : namestr); -#endif - -#if defined(_WIN32) || defined(_WINDOWS) - if ((hashp->fp = mkstempflags(filename, _O_BINARY|_O_TEMPORARY)) != -1) { - if (hashp->filename) { - free(hashp->filename); - } - hashp->filename = strdup(filename); - hashp->is_temp = 1; - } -#else - if ((hashp->fp = mkstemp(filename)) != -1) { - (void)unlink(filename); -#if !defined(macintosh) - (void)fcntl(hashp->fp, F_SETFD, 1); -#endif - } -#endif - -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) - (void)sigprocmask(SIG_SETMASK, &oset, (sigset_t *)NULL); -#endif -#endif /* !OS2 */ - return (hashp->fp != -1 ? 0 : -1); -} - -/* - * We have to know that the key will fit, but the last entry on the page is - * an overflow pair, so we need to shift things. - */ -static void -squeeze_key(uint16 *sp, const DBT * key, const DBT * val) -{ - register char *p; - uint16 free_space, n, off, pageno; - - p = (char *)sp; - n = sp[0]; - free_space = FREESPACE(sp); - off = OFFSET(sp); - - pageno = sp[n - 1]; - off -= key->size; - sp[n - 1] = off; - memmove(p + off, key->data, key->size); - off -= val->size; - sp[n] = off; - memmove(p + off, val->data, val->size); - sp[0] = n + 2; - sp[n + 1] = pageno; - sp[n + 2] = OVFLPAGE; - FREESPACE(sp) = free_space - PAIRSIZE(key, val); - OFFSET(sp) = off; -} - -static uint32 * -fetch_bitmap(HTAB *hashp, uint32 ndx) -{ - if (ndx >= (unsigned)hashp->nmaps) - return (NULL); - if ((hashp->mapp[ndx] = (uint32 *)malloc((size_t)hashp->BSIZE)) == NULL) - return (NULL); - if (__get_page(hashp, - (char *)hashp->mapp[ndx], hashp->BITMAPS[ndx], 0, 1, 1)) { - free(hashp->mapp[ndx]); - hashp->mapp[ndx] = NULL; /* NEW: 9-11-95 */ - return (NULL); - } - return (hashp->mapp[ndx]); -} - -#ifdef DEBUG4 -int -print_chain(int addr) -{ - BUFHEAD *bufp; - short *bp, oaddr; - - (void)fprintf(stderr, "%d ", addr); - bufp = __get_buf(hashp, addr, NULL, 0); - bp = (short *)bufp->page; - while (bp[0] && ((bp[bp[0]] == OVFLPAGE) || - ((bp[0] > 2) && bp[2] < REAL_KEY))) { - oaddr = bp[bp[0] - 1]; - (void)fprintf(stderr, "%d ", (int)oaddr); - bufp = __get_buf(hashp, (int)oaddr, bufp, 0); - bp = (short *)bufp->page; - } - (void)fprintf(stderr, "\n"); -} -#endif diff --git a/dbm/src/hash.c b/dbm/src/hash.c deleted file mode 100644 index c7b1d18133..0000000000 --- a/dbm/src/hash.c +++ /dev/null @@ -1,1175 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)hash.c 8.9 (Berkeley) 6/16/94"; -#endif /* LIBC_SCCS and not lint */ - -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) -#include -#endif - -#if !defined(macintosh) -#ifdef XP_OS2 -#include -#endif -#include -#endif - -#if defined(macintosh) -#include -#include -#endif - -#include -#include -#include -#include -#include - -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) -#include -#endif -#if defined(_WIN32) || defined(_WINDOWS) -#include -#endif - -#include - -#include "mcom_db.h" -#include "hash.h" -#include "page.h" - -/* -#include "extern.h" -*/ -static int alloc_segs __P((HTAB *, int)); -static int flush_meta __P((HTAB *)); -static int hash_access __P((HTAB *, ACTION, DBT *, DBT *)); -static int hash_close __P((DB *)); -static int hash_delete __P((const DB *, const DBT *, uint)); -static int hash_fd __P((const DB *)); -static int hash_get __P((const DB *, const DBT *, DBT *, uint)); -static int hash_put __P((const DB *, DBT *, const DBT *, uint)); -static void *hash_realloc __P((SEGMENT **, size_t, size_t)); -static int hash_seq __P((const DB *, DBT *, DBT *, uint)); -static int hash_sync __P((const DB *, uint)); -static int hdestroy __P((HTAB *)); -static HTAB *init_hash __P((HTAB *, const char *, HASHINFO *)); -static int init_htab __P((HTAB *, int)); -#if BYTE_ORDER == LITTLE_ENDIAN -static void swap_header __P((HTAB *)); -static void swap_header_copy __P((HASHHDR *, HASHHDR *)); -#endif - -/* Fast arithmetic, relying on powers of 2, */ -#define MOD(x, y) ((x) & ((y) - 1)) - -#define RETURN_ERROR(ERR, LOC) { save_errno = ERR; goto LOC; } - -/* Return values */ -#define SUCCESS (0) -#define DBM_ERROR (-1) -#define ABNORMAL (1) - -#ifdef HASH_STATISTICS -int hash_accesses, hash_collisions, hash_expansions, hash_overflows; -#endif - -/* A new Lou (montulli@mozilla.com) routine. - * - * The database is screwed. - * - * This closes the file, flushing buffers as appropriate. - */ -static void -__remove_database(DB *dbp) -{ - HTAB *hashp = (HTAB *)dbp->internal; - - assert(0); - - if (!hashp) - return; - hdestroy(hashp); - dbp->internal = NULL; -} - -/************************** INTERFACE ROUTINES ***************************/ -/* OPEN/CLOSE */ - - -extern DB * -__hash_open(const char *file, int flags, int mode, const HASHINFO *info, int dflags) -{ - HTAB *hashp=NULL; - struct stat statbuf; - DB *dbp; - int bpages, hdrsize, new_table, nsegs, save_errno; - - if ((flags & O_ACCMODE) == O_WRONLY) { - errno = EINVAL; - return NULL; - } - - /* zero the statbuffer so that - * we can check it for a non-zero - * date to see if stat succeeded - */ - memset(&statbuf, 0, sizeof(struct stat)); - - if (!(hashp = (HTAB *)calloc(1, sizeof(HTAB)))) { - errno = ENOMEM; - return NULL; - } - hashp->fp = NO_FILE; - if(file) - hashp->filename = strdup(file); - - /* - * Even if user wants write only, we need to be able to read - * the actual file, so we need to open it read/write. But, the - * field in the hashp structure needs to be accurate so that - * we can check accesses. - */ - hashp->flags = flags; - - new_table = 0; - if (!file || (flags & O_TRUNC) || (stat(file, &statbuf) && (errno == ENOENT))) - { - if (errno == ENOENT) - errno = 0; /* Just in case someone looks at errno */ - new_table = 1; - } - else if(statbuf.st_mtime && statbuf.st_size == 0) - { - /* check for a zero length file and delete it - * if it exists - */ - new_table = 1; - } - hashp->file_size = statbuf.st_size; - - if (file) { -#if defined(_WIN32) || defined(_WINDOWS) || defined (macintosh) || defined(XP_OS2) - if ((hashp->fp = DBFILE_OPEN(file, flags | O_BINARY, mode)) == -1) - RETURN_ERROR(errno, error1); -#else - if ((hashp->fp = open(file, flags, mode)) == -1) - RETURN_ERROR(errno, error1); - (void)fcntl(hashp->fp, F_SETFD, 1); -#endif - } - if (new_table) { - if (!init_hash(hashp, file, (HASHINFO *)info)) - RETURN_ERROR(errno, error1); - } else { - /* Table already exists */ - if (info && info->hash) - hashp->hash = info->hash; - else - hashp->hash = __default_hash; - - hdrsize = read(hashp->fp, (char *)&hashp->hdr, sizeof(HASHHDR)); - if (hdrsize == -1) - RETURN_ERROR(errno, error1); - if (hdrsize != sizeof(HASHHDR)) - RETURN_ERROR(EFTYPE, error1); -#if BYTE_ORDER == LITTLE_ENDIAN - swap_header(hashp); -#endif - /* Verify file type, versions and hash function */ - if (hashp->MAGIC != HASHMAGIC) - RETURN_ERROR(EFTYPE, error1); -#define OLDHASHVERSION 1 - if (hashp->VERSION != HASHVERSION && - hashp->VERSION != OLDHASHVERSION) - RETURN_ERROR(EFTYPE, error1); - if (hashp->hash(CHARKEY, sizeof(CHARKEY)) != hashp->H_CHARKEY) - RETURN_ERROR(EFTYPE, error1); - if (hashp->NKEYS < 0) /* Old bad database. */ - RETURN_ERROR(EFTYPE, error1); - - /* - * Figure out how many segments we need. Max_Bucket is the - * maximum bucket number, so the number of buckets is - * max_bucket + 1. - */ - nsegs = (hashp->MAX_BUCKET + 1 + hashp->SGSIZE - 1) / - hashp->SGSIZE; - hashp->nsegs = 0; - if (alloc_segs(hashp, nsegs)) - /* If alloc_segs fails, errno will have been set. */ - RETURN_ERROR(errno, error1); - /* Read in bitmaps */ - bpages = (hashp->SPARES[hashp->OVFL_POINT] + - (hashp->BSIZE << BYTE_SHIFT) - 1) >> - (hashp->BSHIFT + BYTE_SHIFT); - - hashp->nmaps = bpages; - (void)memset(&hashp->mapp[0], 0, bpages * sizeof(uint32 *)); - } - - /* Initialize Buffer Manager */ - if (info && info->cachesize) - __buf_init(hashp, (int32) info->cachesize); - else - __buf_init(hashp, DEF_BUFSIZE); - - hashp->new_file = new_table; -#ifdef macintosh - hashp->save_file = file && !(hashp->flags & O_RDONLY); -#else - hashp->save_file = file && (hashp->flags & O_RDWR); -#endif - hashp->cbucket = -1; - if (!(dbp = (DB *)malloc(sizeof(DB)))) { - RETURN_ERROR(ENOMEM, error1); - } - dbp->internal = hashp; - dbp->close = hash_close; - dbp->del = hash_delete; - dbp->fd = hash_fd; - dbp->get = hash_get; - dbp->put = hash_put; - dbp->seq = hash_seq; - dbp->sync = hash_sync; - dbp->type = DB_HASH; - -#ifdef HASH_STATISTICS - hash_overflows = hash_accesses = hash_collisions = hash_expansions = 0; -#endif - return (dbp); - -error1: - hdestroy(hashp); - errno = save_errno; - return (NULL); -} - -static int -hash_close(DB *dbp) -{ - HTAB *hashp; - int retval; - - if (!dbp) - return (DBM_ERROR); - - hashp = (HTAB *)dbp->internal; - if(!hashp) - return (DBM_ERROR); - - retval = hdestroy(hashp); - free(dbp); - return (retval); -} - -static int hash_fd(const DB *dbp) -{ - HTAB *hashp; - - if (!dbp) - return (DBM_ERROR); - - hashp = (HTAB *)dbp->internal; - if(!hashp) - return (DBM_ERROR); - - if (hashp->fp == -1) { - errno = ENOENT; - return (-1); - } - return (hashp->fp); -} - -/************************** LOCAL CREATION ROUTINES **********************/ -static HTAB * -init_hash(HTAB *hashp, const char *file, HASHINFO *info) -{ - struct stat statbuf; - int nelem; - - nelem = 1; - hashp->NKEYS = 0; - hashp->LORDER = BYTE_ORDER; - hashp->BSIZE = DEF_BUCKET_SIZE; - hashp->BSHIFT = DEF_BUCKET_SHIFT; - hashp->SGSIZE = DEF_SEGSIZE; - hashp->SSHIFT = DEF_SEGSIZE_SHIFT; - hashp->DSIZE = DEF_DIRSIZE; - hashp->FFACTOR = DEF_FFACTOR; - hashp->hash = __default_hash; - memset(hashp->SPARES, 0, sizeof(hashp->SPARES)); - memset(hashp->BITMAPS, 0, sizeof (hashp->BITMAPS)); - - /* Fix bucket size to be optimal for file system */ - if (file != NULL) { - if (stat(file, &statbuf)) - return (NULL); - -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2) -#if defined(__QNX__) && !defined(__QNXNTO__) - hashp->BSIZE = 512; /* preferred blk size on qnx4 */ -#else - hashp->BSIZE = statbuf.st_blksize; -#endif - - /* new code added by Lou to reduce block - * size down below MAX_BSIZE - */ - if (hashp->BSIZE > MAX_BSIZE) - hashp->BSIZE = MAX_BSIZE; -#endif - hashp->BSHIFT = __log2((uint32)hashp->BSIZE); - } - - if (info) { - if (info->bsize) { - /* Round pagesize up to power of 2 */ - hashp->BSHIFT = __log2(info->bsize); - hashp->BSIZE = 1 << hashp->BSHIFT; - if (hashp->BSIZE > MAX_BSIZE) { - errno = EINVAL; - return (NULL); - } - } - if (info->ffactor) - hashp->FFACTOR = info->ffactor; - if (info->hash) - hashp->hash = info->hash; - if (info->nelem) - nelem = info->nelem; - if (info->lorder) { - if (info->lorder != BIG_ENDIAN && - info->lorder != LITTLE_ENDIAN) { - errno = EINVAL; - return (NULL); - } - hashp->LORDER = info->lorder; - } - } - /* init_htab sets errno if it fails */ - if (init_htab(hashp, nelem)) - return (NULL); - else - return (hashp); -} -/* - * This calls alloc_segs which may run out of memory. Alloc_segs will - * set errno, so we just pass the error information along. - * - * Returns 0 on No Error - */ -static int -init_htab(HTAB *hashp, int nelem) -{ - register int nbuckets, nsegs; - int l2; - - /* - * Divide number of elements by the fill factor and determine a - * desired number of buckets. Allocate space for the next greater - * power of two number of buckets. - */ - nelem = (nelem - 1) / hashp->FFACTOR + 1; - - l2 = __log2((uint32)PR_MAX(nelem, 2)); - nbuckets = 1 << l2; - - hashp->SPARES[l2] = l2 + 1; - hashp->SPARES[l2 + 1] = l2 + 1; - hashp->OVFL_POINT = l2; - hashp->LAST_FREED = 2; - - /* First bitmap page is at: splitpoint l2 page offset 1 */ - if (__ibitmap(hashp, (int)OADDR_OF(l2, 1), l2 + 1, 0)) - return (-1); - - hashp->MAX_BUCKET = hashp->LOW_MASK = nbuckets - 1; - hashp->HIGH_MASK = (nbuckets << 1) - 1; - hashp->HDRPAGES = ((PR_MAX(sizeof(HASHHDR), MINHDRSIZE) - 1) >> - hashp->BSHIFT) + 1; - - nsegs = (nbuckets - 1) / hashp->SGSIZE + 1; - nsegs = 1 << __log2((uint32)nsegs); - - if (nsegs > hashp->DSIZE) - hashp->DSIZE = nsegs; - return (alloc_segs(hashp, nsegs)); -} - -/********************** DESTROY/CLOSE ROUTINES ************************/ - -/* - * Flushes any changes to the file if necessary and destroys the hashp - * structure, freeing all allocated space. - */ -static int -hdestroy(HTAB *hashp) -{ - int i, save_errno; - - save_errno = 0; - -#ifdef HASH_STATISTICS - (void)fprintf(stderr, "hdestroy: accesses %ld collisions %ld\n", - hash_accesses, hash_collisions); - (void)fprintf(stderr, "hdestroy: expansions %ld\n", - hash_expansions); - (void)fprintf(stderr, "hdestroy: overflows %ld\n", - hash_overflows); - (void)fprintf(stderr, "keys %ld maxp %d segmentcount %d\n", - hashp->NKEYS, hashp->MAX_BUCKET, hashp->nsegs); - - for (i = 0; i < NCACHED; i++) - (void)fprintf(stderr, - "spares[%d] = %d\n", i, hashp->SPARES[i]); -#endif - /* - * Call on buffer manager to free buffers, and if required, - * write them to disk. - */ - if (__buf_free(hashp, 1, hashp->save_file)) - save_errno = errno; - if (hashp->dir) { - free(*hashp->dir); /* Free initial segments */ - /* Free extra segments */ - while (hashp->exsegs--) - free(hashp->dir[--hashp->nsegs]); - free(hashp->dir); - } - if (flush_meta(hashp) && !save_errno) - save_errno = errno; - /* Free Bigmaps */ - for (i = 0; i < hashp->nmaps; i++) - if (hashp->mapp[i]) - free(hashp->mapp[i]); - - if (hashp->fp != -1) - (void)close(hashp->fp); - - if(hashp->filename) { -#if defined(_WIN32) || defined(_WINDOWS) || defined(XP_OS2) - if (hashp->is_temp) - (void)unlink(hashp->filename); -#endif - free(hashp->filename); - } - if (hashp->tmp_buf) - free(hashp->tmp_buf); - if (hashp->tmp_key) - free(hashp->tmp_key); - free(hashp); - if (save_errno) { - errno = save_errno; - return (DBM_ERROR); - } - return (SUCCESS); -} - -#if defined(_WIN32) || defined(_WINDOWS) -/* - * Close and reopen file to force file length update on windows. - * - * Returns: - * 0 == OK - * -1 DBM_ERROR - */ -static int -update_EOF(HTAB *hashp) -{ -#if defined(DBM_REOPEN_ON_FLUSH) - char * file = hashp->filename; - off_t file_size; - int flags; - int mode = -1; - struct stat statbuf; - - memset(&statbuf, 0, sizeof statbuf); - - /* make sure we won't lose the file by closing it. */ - if (!file || (stat(file, &statbuf) && (errno == ENOENT))) { - /* pretend we did it. */ - return 0; - } - - (void)close(hashp->fp); - - flags = hashp->flags & ~(O_TRUNC | O_CREAT | O_EXCL); - - if ((hashp->fp = DBFILE_OPEN(file, flags | O_BINARY, mode)) == -1) - return -1; - file_size = lseek(hashp->fp, (off_t)0, SEEK_END); - if (file_size == -1) - return -1; - hashp->file_size = file_size; - return 0; -#else - int fd = hashp->fp; - off_t file_size = lseek(fd, (off_t)0, SEEK_END); - HANDLE handle = (HANDLE)_get_osfhandle(fd); - BOOL cool = FlushFileBuffers(handle); -#ifdef DEBUG3 - if (!cool) { - DWORD err = GetLastError(); - (void)fprintf(stderr, - "FlushFileBuffers failed, last error = %d, 0x%08x\n", - err, err); - } -#endif - if (file_size == -1) - return -1; - hashp->file_size = file_size; - return cool ? 0 : -1; -#endif -} -#endif - -/* - * Write modified pages to disk - * - * Returns: - * 0 == OK - * -1 DBM_ERROR - */ -static int -hash_sync(const DB *dbp, uint flags) -{ - HTAB *hashp; - - if (flags != 0) { - errno = EINVAL; - return (DBM_ERROR); - } - - if (!dbp) - return (DBM_ERROR); - - hashp = (HTAB *)dbp->internal; - if(!hashp) - return (DBM_ERROR); - - if (!hashp->save_file) - return (0); - if (__buf_free(hashp, 0, 1) || flush_meta(hashp)) - return (DBM_ERROR); -#if defined(_WIN32) || defined(_WINDOWS) - if (hashp->updateEOF && hashp->filename && !hashp->is_temp) { - int status = update_EOF(hashp); - hashp->updateEOF = 0; - if (status) - return status; - } -#endif - hashp->new_file = 0; - return (0); -} - -/* - * Returns: - * 0 == OK - * -1 indicates that errno should be set - */ -static int -flush_meta(HTAB *hashp) -{ - HASHHDR *whdrp; -#if BYTE_ORDER == LITTLE_ENDIAN - HASHHDR whdr; -#endif - int fp, i, wsize; - - if (!hashp->save_file) - return (0); - hashp->MAGIC = HASHMAGIC; - hashp->VERSION = HASHVERSION; - hashp->H_CHARKEY = hashp->hash(CHARKEY, sizeof(CHARKEY)); - - fp = hashp->fp; - whdrp = &hashp->hdr; -#if BYTE_ORDER == LITTLE_ENDIAN - whdrp = &whdr; - swap_header_copy(&hashp->hdr, whdrp); -#endif - if ((lseek(fp, (off_t)0, SEEK_SET) == -1) || - ((wsize = write(fp, (char*)whdrp, sizeof(HASHHDR))) == -1)) - return (-1); - else - if (wsize != sizeof(HASHHDR)) { - errno = EFTYPE; - hashp->dbmerrno = errno; - return (-1); - } - for (i = 0; i < NCACHED; i++) - if (hashp->mapp[i]) - if (__put_page(hashp, (char *)hashp->mapp[i], - hashp->BITMAPS[i], 0, 1)) - return (-1); - return (0); -} - -/*******************************SEARCH ROUTINES *****************************/ -/* - * All the access routines return - * - * Returns: - * 0 on SUCCESS - * 1 to indicate an external DBM_ERROR (i.e. key not found, etc) - * -1 to indicate an internal DBM_ERROR (i.e. out of memory, etc) - */ -static int -hash_get( - const DB *dbp, - const DBT *key, - DBT *data, - uint flag) -{ - HTAB *hashp; - int rv; - - hashp = (HTAB *)dbp->internal; - if (!hashp) - return (DBM_ERROR); - - if (flag) { - hashp->dbmerrno = errno = EINVAL; - return (DBM_ERROR); - } - - rv = hash_access(hashp, HASH_GET, (DBT *)key, data); - - if(rv == DATABASE_CORRUPTED_ERROR) - { -#if defined(unix) && defined(DEBUG) - printf("\n\nDBM Database has been corrupted, tell Lou...\n\n"); -#endif - __remove_database((DB *)dbp); - } - - return(rv); -} - -static int -hash_put( - const DB *dbp, - DBT *key, - const DBT *data, - uint flag) -{ - HTAB *hashp; - int rv; - - hashp = (HTAB *)dbp->internal; - if (!hashp) - return (DBM_ERROR); - - if (flag && flag != R_NOOVERWRITE) { - hashp->dbmerrno = errno = EINVAL; - return (DBM_ERROR); - } - if ((hashp->flags & O_ACCMODE) == O_RDONLY) { - hashp->dbmerrno = errno = EPERM; - return (DBM_ERROR); - } - - rv = hash_access(hashp, flag == R_NOOVERWRITE ? - HASH_PUTNEW : HASH_PUT, (DBT *)key, (DBT *)data); - - if(rv == DATABASE_CORRUPTED_ERROR) - { -#if defined(unix) && defined(DEBUG) - printf("\n\nDBM Database has been corrupted, tell Lou...\n\n"); -#endif - __remove_database((DB *)dbp); - } - - return(rv); -} - -static int -hash_delete( - const DB *dbp, - const DBT *key, - uint flag) /* Ignored */ -{ - HTAB *hashp; - int rv; - - hashp = (HTAB *)dbp->internal; - if (!hashp) - return (DBM_ERROR); - - if (flag && flag != R_CURSOR) { - hashp->dbmerrno = errno = EINVAL; - return (DBM_ERROR); - } - if ((hashp->flags & O_ACCMODE) == O_RDONLY) { - hashp->dbmerrno = errno = EPERM; - return (DBM_ERROR); - } - rv = hash_access(hashp, HASH_DELETE, (DBT *)key, NULL); - - if(rv == DATABASE_CORRUPTED_ERROR) - { -#if defined(unix) && defined(DEBUG) - printf("\n\nDBM Database has been corrupted, tell Lou...\n\n"); -#endif - __remove_database((DB *)dbp); - } - - return(rv); -} - -#define MAX_OVERFLOW_HASH_ACCESS_LOOPS 2000 -/* - * Assume that hashp has been set in wrapper routine. - */ -static int -hash_access( - HTAB *hashp, - ACTION action, - DBT *key, DBT *val) -{ - register BUFHEAD *rbufp; - BUFHEAD *bufp, *save_bufp; - register uint16 *bp; - register long n, ndx, off; - register size_t size; - register char *kp; - uint16 pageno; - uint32 ovfl_loop_count=0; - int32 last_overflow_page_no = -1; - -#ifdef HASH_STATISTICS - hash_accesses++; -#endif - - off = hashp->BSIZE; - size = key->size; - kp = (char *)key->data; - rbufp = __get_buf(hashp, __call_hash(hashp, kp, size), NULL, 0); - if (!rbufp) - return (DATABASE_CORRUPTED_ERROR); - save_bufp = rbufp; - - /* Pin the bucket chain */ - rbufp->flags |= BUF_PIN; - for (bp = (uint16 *)rbufp->page, n = *bp++, ndx = 1; ndx < n;) - { - - if (bp[1] >= REAL_KEY) { - /* Real key/data pair */ - if (size == (unsigned long)(off - *bp) && - memcmp(kp, rbufp->page + *bp, size) == 0) - goto found; - off = bp[1]; -#ifdef HASH_STATISTICS - hash_collisions++; -#endif - bp += 2; - ndx += 2; - } else if (bp[1] == OVFLPAGE) { - - /* database corruption: overflow loop detection */ - if(last_overflow_page_no == (int32)*bp) - return (DATABASE_CORRUPTED_ERROR); - - last_overflow_page_no = *bp; - - rbufp = __get_buf(hashp, *bp, rbufp, 0); - if (!rbufp) { - save_bufp->flags &= ~BUF_PIN; - return (DBM_ERROR); - } - - ovfl_loop_count++; - if(ovfl_loop_count > MAX_OVERFLOW_HASH_ACCESS_LOOPS) - return (DATABASE_CORRUPTED_ERROR); - - /* FOR LOOP INIT */ - bp = (uint16 *)rbufp->page; - n = *bp++; - ndx = 1; - off = hashp->BSIZE; - } else if (bp[1] < REAL_KEY) { - if ((ndx = - __find_bigpair(hashp, rbufp, ndx, kp, (int)size)) > 0) - goto found; - if (ndx == -2) { - bufp = rbufp; - if (!(pageno = - __find_last_page(hashp, &bufp))) { - ndx = 0; - rbufp = bufp; - break; /* FOR */ - } - rbufp = __get_buf(hashp, pageno, bufp, 0); - if (!rbufp) { - save_bufp->flags &= ~BUF_PIN; - return (DBM_ERROR); - } - /* FOR LOOP INIT */ - bp = (uint16 *)rbufp->page; - n = *bp++; - ndx = 1; - off = hashp->BSIZE; - } else { - save_bufp->flags &= ~BUF_PIN; - return (DBM_ERROR); - - } - } - } - - /* Not found */ - switch (action) { - case HASH_PUT: - case HASH_PUTNEW: - if (__addel(hashp, rbufp, key, val)) { - save_bufp->flags &= ~BUF_PIN; - return (DBM_ERROR); - } else { - save_bufp->flags &= ~BUF_PIN; - return (SUCCESS); - } - case HASH_GET: - case HASH_DELETE: - default: - save_bufp->flags &= ~BUF_PIN; - return (ABNORMAL); - } - -found: - switch (action) { - case HASH_PUTNEW: - save_bufp->flags &= ~BUF_PIN; - return (ABNORMAL); - case HASH_GET: - bp = (uint16 *)rbufp->page; - if (bp[ndx + 1] < REAL_KEY) { - if (__big_return(hashp, rbufp, ndx, val, 0)) - return (DBM_ERROR); - } else { - val->data = (uint8 *)rbufp->page + (int)bp[ndx + 1]; - val->size = bp[ndx] - bp[ndx + 1]; - } - break; - case HASH_PUT: - if ((__delpair(hashp, rbufp, ndx)) || - (__addel(hashp, rbufp, key, val))) { - save_bufp->flags &= ~BUF_PIN; - return (DBM_ERROR); - } - break; - case HASH_DELETE: - if (__delpair(hashp, rbufp, ndx)) - return (DBM_ERROR); - break; - default: - abort(); - } - save_bufp->flags &= ~BUF_PIN; - return (SUCCESS); -} - -static int -hash_seq( - const DB *dbp, - DBT *key, DBT *data, - uint flag) -{ - register uint32 bucket; - register BUFHEAD *bufp; - HTAB *hashp; - uint16 *bp, ndx; - - hashp = (HTAB *)dbp->internal; - if (!hashp) - return (DBM_ERROR); - - if (flag && flag != R_FIRST && flag != R_NEXT) { - hashp->dbmerrno = errno = EINVAL; - return (DBM_ERROR); - } -#ifdef HASH_STATISTICS - hash_accesses++; -#endif - if ((hashp->cbucket < 0) || (flag == R_FIRST)) { - hashp->cbucket = 0; - hashp->cndx = 1; - hashp->cpage = NULL; - } - - for (bp = NULL; !bp || !bp[0]; ) { - if (!(bufp = hashp->cpage)) { - for (bucket = hashp->cbucket; - bucket <= (uint32)hashp->MAX_BUCKET; - bucket++, hashp->cndx = 1) { - bufp = __get_buf(hashp, bucket, NULL, 0); - if (!bufp) - return (DBM_ERROR); - hashp->cpage = bufp; - bp = (uint16 *)bufp->page; - if (bp[0]) - break; - } - hashp->cbucket = bucket; - if (hashp->cbucket > hashp->MAX_BUCKET) { - hashp->cbucket = -1; - return (ABNORMAL); - } - } else - bp = (uint16 *)hashp->cpage->page; - -#ifdef DEBUG - assert(bp); - assert(bufp); -#endif - while (bp[hashp->cndx + 1] == OVFLPAGE) { - bufp = hashp->cpage = - __get_buf(hashp, bp[hashp->cndx], bufp, 0); - if (!bufp) - return (DBM_ERROR); - bp = (uint16 *)(bufp->page); - hashp->cndx = 1; - } - if (!bp[0]) { - hashp->cpage = NULL; - ++hashp->cbucket; - } - } - ndx = hashp->cndx; - if (bp[ndx + 1] < REAL_KEY) { - if (__big_keydata(hashp, bufp, key, data, 1)) - return (DBM_ERROR); - } else { - key->data = (uint8 *)hashp->cpage->page + bp[ndx]; - key->size = (ndx > 1 ? bp[ndx - 1] : hashp->BSIZE) - bp[ndx]; - data->data = (uint8 *)hashp->cpage->page + bp[ndx + 1]; - data->size = bp[ndx] - bp[ndx + 1]; - ndx += 2; - if (ndx > bp[0]) { - hashp->cpage = NULL; - hashp->cbucket++; - hashp->cndx = 1; - } else - hashp->cndx = ndx; - } - return (SUCCESS); -} - -/********************************* UTILITIES ************************/ - -/* - * Returns: - * 0 ==> OK - * -1 ==> Error - */ -extern int -__expand_table(HTAB *hashp) -{ - uint32 old_bucket, new_bucket; - int new_segnum, spare_ndx; - size_t dirsize; - -#ifdef HASH_STATISTICS - hash_expansions++; -#endif - new_bucket = ++hashp->MAX_BUCKET; - old_bucket = (hashp->MAX_BUCKET & hashp->LOW_MASK); - - new_segnum = new_bucket >> hashp->SSHIFT; - - /* Check if we need a new segment */ - if (new_segnum >= hashp->nsegs) { - /* Check if we need to expand directory */ - if (new_segnum >= hashp->DSIZE) { - /* Reallocate directory */ - dirsize = hashp->DSIZE * sizeof(SEGMENT *); - if (!hash_realloc(&hashp->dir, dirsize, dirsize << 1)) - return (-1); - hashp->DSIZE = dirsize << 1; - } - if ((hashp->dir[new_segnum] = - (SEGMENT)calloc((size_t)hashp->SGSIZE, sizeof(SEGMENT))) == NULL) - return (-1); - hashp->exsegs++; - hashp->nsegs++; - } - /* - * If the split point is increasing (MAX_BUCKET's log base 2 - * * increases), we need to copy the current contents of the spare - * split bucket to the next bucket. - */ - spare_ndx = __log2((uint32)(hashp->MAX_BUCKET + 1)); - if (spare_ndx > hashp->OVFL_POINT) { - hashp->SPARES[spare_ndx] = hashp->SPARES[hashp->OVFL_POINT]; - hashp->OVFL_POINT = spare_ndx; - } - - if (new_bucket > (uint32)hashp->HIGH_MASK) { - /* Starting a new doubling */ - hashp->LOW_MASK = hashp->HIGH_MASK; - hashp->HIGH_MASK = new_bucket | hashp->LOW_MASK; - } - /* Relocate records to the new bucket */ - return (__split_page(hashp, old_bucket, new_bucket)); -} - -/* - * If realloc guarantees that the pointer is not destroyed if the realloc - * fails, then this routine can go away. - */ -static void * -hash_realloc( - SEGMENT **p_ptr, - size_t oldsize, size_t newsize) -{ - register void *p; - - if ((p = malloc(newsize))) { - memmove(p, *p_ptr, oldsize); - memset((char *)p + oldsize, 0, newsize - oldsize); - free(*p_ptr); - *p_ptr = (SEGMENT *)p; - } - return (p); -} - -extern uint32 -__call_hash(HTAB *hashp, char *k, size_t len) -{ - uint32 n, bucket; - - n = hashp->hash(k, len); - bucket = n & hashp->HIGH_MASK; - if (bucket > (uint32)hashp->MAX_BUCKET) - bucket = bucket & hashp->LOW_MASK; - return (bucket); -} - -/* - * Allocate segment table. On error, set errno. - * - * Returns 0 on success - */ -static int -alloc_segs( - HTAB *hashp, - int nsegs) -{ - register int i; - register SEGMENT store; - - if ((hashp->dir = - (SEGMENT *)calloc((size_t)hashp->DSIZE, sizeof(SEGMENT *))) == NULL) { - errno = ENOMEM; - return (-1); - } - /* Allocate segments */ - if ((store = - (SEGMENT)calloc((size_t)nsegs << hashp->SSHIFT, sizeof(SEGMENT))) == NULL) { - errno = ENOMEM; - return (-1); - } - for (i = 0; i < nsegs; i++, hashp->nsegs++) - hashp->dir[i] = &store[i << hashp->SSHIFT]; - return (0); -} - -#if BYTE_ORDER == LITTLE_ENDIAN -/* - * Hashp->hdr needs to be byteswapped. - */ -static void -swap_header_copy( - HASHHDR *srcp, HASHHDR *destp) -{ - int i; - - P_32_COPY(srcp->magic, destp->magic); - P_32_COPY(srcp->version, destp->version); - P_32_COPY(srcp->lorder, destp->lorder); - P_32_COPY(srcp->bsize, destp->bsize); - P_32_COPY(srcp->bshift, destp->bshift); - P_32_COPY(srcp->dsize, destp->dsize); - P_32_COPY(srcp->ssize, destp->ssize); - P_32_COPY(srcp->sshift, destp->sshift); - P_32_COPY(srcp->ovfl_point, destp->ovfl_point); - P_32_COPY(srcp->last_freed, destp->last_freed); - P_32_COPY(srcp->max_bucket, destp->max_bucket); - P_32_COPY(srcp->high_mask, destp->high_mask); - P_32_COPY(srcp->low_mask, destp->low_mask); - P_32_COPY(srcp->ffactor, destp->ffactor); - P_32_COPY(srcp->nkeys, destp->nkeys); - P_32_COPY(srcp->hdrpages, destp->hdrpages); - P_32_COPY(srcp->h_charkey, destp->h_charkey); - for (i = 0; i < NCACHED; i++) { - P_32_COPY(srcp->spares[i], destp->spares[i]); - P_16_COPY(srcp->bitmaps[i], destp->bitmaps[i]); - } -} - -static void -swap_header(HTAB *hashp) -{ - HASHHDR *hdrp; - int i; - - hdrp = &hashp->hdr; - - M_32_SWAP(hdrp->magic); - M_32_SWAP(hdrp->version); - M_32_SWAP(hdrp->lorder); - M_32_SWAP(hdrp->bsize); - M_32_SWAP(hdrp->bshift); - M_32_SWAP(hdrp->dsize); - M_32_SWAP(hdrp->ssize); - M_32_SWAP(hdrp->sshift); - M_32_SWAP(hdrp->ovfl_point); - M_32_SWAP(hdrp->last_freed); - M_32_SWAP(hdrp->max_bucket); - M_32_SWAP(hdrp->high_mask); - M_32_SWAP(hdrp->low_mask); - M_32_SWAP(hdrp->ffactor); - M_32_SWAP(hdrp->nkeys); - M_32_SWAP(hdrp->hdrpages); - M_32_SWAP(hdrp->h_charkey); - for (i = 0; i < NCACHED; i++) { - M_32_SWAP(hdrp->spares[i]); - M_16_SWAP(hdrp->bitmaps[i]); - } -} -#endif diff --git a/dbm/src/hash_buf.c b/dbm/src/hash_buf.c deleted file mode 100644 index 727164c653..0000000000 --- a/dbm/src/hash_buf.c +++ /dev/null @@ -1,410 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)hash_buf.c 8.5 (Berkeley) 7/15/94"; -#endif /* LIBC_SCCS and not lint */ - -/* - * PACKAGE: hash - * - * DESCRIPTION: - * Contains buffer management - * - * ROUTINES: - * External - * __buf_init - * __get_buf - * __buf_free - * __reclaim_buf - * Internal - * newbuf - */ -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) -#include -#endif - -#include -#include -#include -#include -#include - -#ifdef DEBUG -#include -#endif - -#include "mcom_db.h" -#include "hash.h" -#include "page.h" -/* #include "extern.h" */ - -static BUFHEAD *newbuf __P((HTAB *, uint32, BUFHEAD *)); - -/* Unlink B from its place in the lru */ -#define BUF_REMOVE(B) { \ - (B)->prev->next = (B)->next; \ - (B)->next->prev = (B)->prev; \ -} - -/* Insert B after P */ -#define BUF_INSERT(B, P) { \ - (B)->next = (P)->next; \ - (B)->prev = (P); \ - (P)->next = (B); \ - (B)->next->prev = (B); \ -} - -#define MRU hashp->bufhead.next -#define LRU hashp->bufhead.prev - -#define MRU_INSERT(B) BUF_INSERT((B), &hashp->bufhead) -#define LRU_INSERT(B) BUF_INSERT((B), LRU) - -/* - * We are looking for a buffer with address "addr". If prev_bp is NULL, then - * address is a bucket index. If prev_bp is not NULL, then it points to the - * page previous to an overflow page that we are trying to find. - * - * CAVEAT: The buffer header accessed via prev_bp's ovfl field may no longer - * be valid. Therefore, you must always verify that its address matches the - * address you are seeking. - */ -extern BUFHEAD * -__get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage) -/* If prev_bp set, indicates a new overflow page. */ -{ - register BUFHEAD *bp; - register uint32 is_disk_mask; - register int is_disk, segment_ndx = 0; - SEGMENT segp = 0; - - is_disk = 0; - is_disk_mask = 0; - if (prev_bp) { - bp = prev_bp->ovfl; - if (!bp || (bp->addr != addr)) - bp = NULL; - if (!newpage) - is_disk = BUF_DISK; - } else { - /* Grab buffer out of directory */ - segment_ndx = addr & (hashp->SGSIZE - 1); - - /* valid segment ensured by __call_hash() */ - segp = hashp->dir[addr >> hashp->SSHIFT]; -#ifdef DEBUG - assert(segp != NULL); -#endif - - bp = PTROF(segp[segment_ndx]); - - is_disk_mask = ISDISK(segp[segment_ndx]); - is_disk = is_disk_mask || !hashp->new_file; - } - - if (!bp) { - bp = newbuf(hashp, addr, prev_bp); - if (!bp) - return(NULL); - if(__get_page(hashp, bp->page, addr, !prev_bp, is_disk, 0)) - { - /* free bp and its page */ - if(prev_bp) - { - /* if prev_bp is set then the new page that - * failed is hooked onto prev_bp as an overflow page. - * if we don't remove the pointer to the bad page - * we may try and access it later and we will die - * horribly because it will have already been - * free'd and overwritten with bogus data. - */ - prev_bp->ovfl = NULL; - } - BUF_REMOVE(bp); - free(bp->page); - free(bp); - return (NULL); - } - - if (!prev_bp) - { -#if 0 - /* 16 bit windows and mac can't handle the - * oring of the is disk flag. - */ - segp[segment_ndx] = - (BUFHEAD *)((ptrdiff_t)bp | is_disk_mask); -#else - /* set the is_disk thing inside the structure - */ - bp->is_disk = is_disk_mask; - segp[segment_ndx] = bp; -#endif - } - } else { - BUF_REMOVE(bp); - MRU_INSERT(bp); - } - return (bp); -} - -/* - * We need a buffer for this page. Either allocate one, or evict a resident - * one (if we have as many buffers as we're allowed) and put this one in. - * - * If newbuf finds an error (returning NULL), it also sets errno. - */ -static BUFHEAD * -newbuf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp) -{ - register BUFHEAD *bp; /* The buffer we're going to use */ - register BUFHEAD *xbp; /* Temp pointer */ - register BUFHEAD *next_xbp; - SEGMENT segp; - int segment_ndx; - uint16 oaddr, *shortp; - - oaddr = 0; - bp = LRU; - /* - * If LRU buffer is pinned, the buffer pool is too small. We need to - * allocate more buffers. - */ - if (hashp->nbufs || (bp->flags & BUF_PIN)) { - /* Allocate a new one */ - if ((bp = (BUFHEAD *)malloc(sizeof(BUFHEAD))) == NULL) - return (NULL); - - /* this memset is supposedly unnecessary but lets add - * it anyways. - */ - memset(bp, 0xff, sizeof(BUFHEAD)); - - if ((bp->page = (char *)malloc((size_t)hashp->BSIZE)) == NULL) { - free(bp); - return (NULL); - } - - /* this memset is supposedly unnecessary but lets add - * it anyways. - */ - memset(bp->page, 0xff, (size_t)hashp->BSIZE); - - if (hashp->nbufs) - hashp->nbufs--; - } else { - /* Kick someone out */ - BUF_REMOVE(bp); - /* - * If this is an overflow page with addr 0, it's already been - * flushed back in an overflow chain and initialized. - */ - if ((bp->addr != 0) || (bp->flags & BUF_BUCKET)) { - /* - * Set oaddr before __put_page so that you get it - * before bytes are swapped. - */ - shortp = (uint16 *)bp->page; - if (shortp[0]) - { - if(shortp[0] > (hashp->BSIZE / sizeof(uint16))) - { - return(NULL); - } - oaddr = shortp[shortp[0] - 1]; - } - if ((bp->flags & BUF_MOD) && __put_page(hashp, bp->page, - bp->addr, (int)IS_BUCKET(bp->flags), 0)) - return (NULL); - /* - * Update the pointer to this page (i.e. invalidate it). - * - * If this is a new file (i.e. we created it at open - * time), make sure that we mark pages which have been - * written to disk so we retrieve them from disk later, - * rather than allocating new pages. - */ - if (IS_BUCKET(bp->flags)) { - segment_ndx = bp->addr & (hashp->SGSIZE - 1); - segp = hashp->dir[bp->addr >> hashp->SSHIFT]; -#ifdef DEBUG - assert(segp != NULL); -#endif - - if (hashp->new_file && - ((bp->flags & BUF_MOD) || - ISDISK(segp[segment_ndx]))) - segp[segment_ndx] = (BUFHEAD *)BUF_DISK; - else - segp[segment_ndx] = NULL; - } - /* - * Since overflow pages can only be access by means of - * their bucket, free overflow pages associated with - * this bucket. - */ - for (xbp = bp; xbp->ovfl;) { - next_xbp = xbp->ovfl; - xbp->ovfl = 0; - xbp = next_xbp; - - /* leave pinned pages alone, we are still using - * them. */ - if (xbp->flags & BUF_PIN) { - continue; - } - - /* Check that ovfl pointer is up date. */ - if (IS_BUCKET(xbp->flags) || - (oaddr != xbp->addr)) - break; - - shortp = (uint16 *)xbp->page; - if (shortp[0]) - { - /* LJM is the number of reported - * pages way too much? - */ - if(shortp[0] > hashp->BSIZE/sizeof(uint16)) - return NULL; - /* set before __put_page */ - oaddr = shortp[shortp[0] - 1]; - } - if ((xbp->flags & BUF_MOD) && __put_page(hashp, - xbp->page, xbp->addr, 0, 0)) - return (NULL); - xbp->addr = 0; - xbp->flags = 0; - BUF_REMOVE(xbp); - LRU_INSERT(xbp); - } - } - } - - /* Now assign this buffer */ - bp->addr = addr; -#ifdef DEBUG1 - (void)fprintf(stderr, "NEWBUF1: %d->ovfl was %d is now %d\n", - bp->addr, (bp->ovfl ? bp->ovfl->addr : 0), 0); -#endif - bp->ovfl = NULL; - if (prev_bp) { - /* - * If prev_bp is set, this is an overflow page, hook it in to - * the buffer overflow links. - */ -#ifdef DEBUG1 - (void)fprintf(stderr, "NEWBUF2: %d->ovfl was %d is now %d\n", - prev_bp->addr, (prev_bp->ovfl ? bp->ovfl->addr : 0), - (bp ? bp->addr : 0)); -#endif - prev_bp->ovfl = bp; - bp->flags = 0; - } else - bp->flags = BUF_BUCKET; - MRU_INSERT(bp); - return (bp); -} - -extern void __buf_init(HTAB *hashp, int32 nbytes) -{ - BUFHEAD *bfp; - int npages; - - bfp = &(hashp->bufhead); - npages = (nbytes + hashp->BSIZE - 1) >> hashp->BSHIFT; - npages = PR_MAX(npages, MIN_BUFFERS); - - hashp->nbufs = npages; - bfp->next = bfp; - bfp->prev = bfp; - /* - * This space is calloc'd so these are already null. - * - * bfp->ovfl = NULL; - * bfp->flags = 0; - * bfp->page = NULL; - * bfp->addr = 0; - */ -} - -extern int -__buf_free(HTAB *hashp, int do_free, int to_disk) -{ - BUFHEAD *bp; - int status = -1; - - /* Need to make sure that buffer manager has been initialized */ - if (!LRU) - return (0); - for (bp = LRU; bp != &hashp->bufhead;) { - /* Check that the buffer is valid */ - if (bp->addr || IS_BUCKET(bp->flags)) { - if (to_disk && (bp->flags & BUF_MOD) && - (status = __put_page(hashp, bp->page, - bp->addr, IS_BUCKET(bp->flags), 0))) { - - if (do_free) { - if (bp->page) - free(bp->page); - BUF_REMOVE(bp); - free(bp); - } - - return (status); - } - } - /* Check if we are freeing stuff */ - if (do_free) { - if (bp->page) - free(bp->page); - BUF_REMOVE(bp); - free(bp); - bp = LRU; - } else - bp = bp->prev; - } - return (0); -} - -extern void -__reclaim_buf(HTAB *hashp, BUFHEAD *bp) -{ - bp->ovfl = 0; - bp->addr = 0; - bp->flags = 0; - BUF_REMOVE(bp); - LRU_INSERT(bp); -} diff --git a/dbm/src/memmove.c b/dbm/src/memmove.c deleted file mode 100644 index 935ab46387..0000000000 --- a/dbm/src/memmove.c +++ /dev/null @@ -1,146 +0,0 @@ -#if defined(__sun) && !defined(__SVR4) -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Chris Torek. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)bcopy.c 8.1 (Berkeley) 6/4/93"; -#endif /* LIBC_SCCS and not lint */ - -#ifdef HAVE_SYS_CDEFS_H -#include -#else -#include "cdefs.h" -#endif -#include - -/* - * sizeof(word) MUST BE A POWER OF TWO - * SO THAT wmask BELOW IS ALL ONES - */ -typedef int word; /* "word" used for optimal copy speed */ - -#define wsize sizeof(word) -#define wmask (wsize - 1) - -/* - * Copy a block of memory, handling overlap. - * This is the routine that actually implements - * (the portable versions of) bcopy, memcpy, and memmove. - */ -#ifdef MEMCOPY -void * -memcpy(dst0, src0, length) -#else -#ifdef MEMMOVE -void * -memmove(dst0, src0, length) -#else -void -bcopy(src0, dst0, length) -#endif -#endif - void *dst0; - const void *src0; - register size_t length; -{ - register char *dst = dst0; - register const char *src = src0; - register size_t t; - - if (length == 0 || dst == src) /* nothing to do */ - goto done; - - /* - * Macros: loop-t-times; and loop-t-times, t>0 - */ -#define TLOOP(s) if (t) TLOOP1(s) -#define TLOOP1(s) do { s; } while (--t) - - if ((unsigned long)dst < (unsigned long)src) { - /* - * Copy forward. - */ - t = (int)src; /* only need low bits */ - if ((t | (int)dst) & wmask) { - /* - * Try to align operands. This cannot be done - * unless the low bits match. - */ - if ((t ^ (int)dst) & wmask || length < wsize) - t = length; - else - t = wsize - (t & wmask); - length -= t; - TLOOP1(*dst++ = *src++); - } - /* - * Copy whole words, then mop up any trailing bytes. - */ - t = length / wsize; - TLOOP(*(word *)dst = *(word *)src; src += wsize; dst += wsize); - t = length & wmask; - TLOOP(*dst++ = *src++); - } else { - /* - * Copy backwards. Otherwise essentially the same. - * Alignment works as before, except that it takes - * (t&wmask) bytes to align, not wsize-(t&wmask). - */ - src += length; - dst += length; - t = (int)src; - if ((t | (int)dst) & wmask) { - if ((t ^ (int)dst) & wmask || length <= wsize) - t = length; - else - t &= wmask; - length -= t; - TLOOP1(*--dst = *--src); - } - t = length / wsize; - TLOOP(src -= wsize; dst -= wsize; *(word *)dst = *(word *)src); - t = length & wmask; - TLOOP(*--dst = *--src); - } -done: -#if defined(MEMCOPY) || defined(MEMMOVE) - return (dst0); -#else - return; -#endif -} -#endif /* no __sgi */ - -/* Some compilers don't like an empty source file. */ -static int dummy = 0; diff --git a/dbm/src/mktemp.c b/dbm/src/mktemp.c deleted file mode 100644 index d93da9f5b9..0000000000 --- a/dbm/src/mktemp.c +++ /dev/null @@ -1,160 +0,0 @@ -/* - * Copyright (c) 1987, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)mktemp.c 8.1 (Berkeley) 6/4/93"; -#endif /* LIBC_SCCS and not lint */ - -#ifdef macintosh -#include -#else -#include -#include -#endif -#include -#include -#include -#include -#include "mcom_db.h" - -#ifndef _WINDOWS -#include -#endif - -#ifdef _WINDOWS -#include -#include "winfile.h" -#endif - -static int _gettemp(char *path, register int *doopen, int extraFlags); - -int -mkstemp(char *path) -{ -#ifdef XP_OS2 - FILE *temp = tmpfile(); - - return (temp ? fileno(temp) : -1); -#else - int fd; - - return (_gettemp(path, &fd, 0) ? fd : -1); -#endif -} - -int -mkstempflags(char *path, int extraFlags) -{ - int fd; - - return (_gettemp(path, &fd, extraFlags) ? fd : -1); -} - -#ifdef WINCE /* otherwise, use the one in libc */ -char * -mktemp(char *path) -{ - return(_gettemp(path, (int *)NULL, 0) ? path : (char *)NULL); -} -#endif - -/* NB: This routine modifies its input string, and does not always restore it. -** returns 1 on success, 0 on failure. -*/ -static int -_gettemp(char *path, register int *doopen, int extraFlags) -{ -#if !defined(_WINDOWS) || defined(_WIN32) - extern int errno; -#endif - register char *start, *trv; - struct stat sbuf; - unsigned int pid; - - pid = getpid(); - for (trv = path; *trv; ++trv); /* extra X's get set to 0's */ - while (*--trv == 'X') { - *trv = (pid % 10) + '0'; - pid /= 10; - } - - /* - * check the target directory; if you have six X's and it - * doesn't exist this runs for a *very* long time. - */ - for (start = trv + 1;; --trv) { - char saved; - if (trv <= path) - break; - saved = *trv; - if (saved == '/' || saved == '\\') { - int rv; - *trv = '\0'; - rv = stat(path, &sbuf); - *trv = saved; - if (rv) - return(0); - if (!S_ISDIR(sbuf.st_mode)) { - errno = ENOTDIR; - return(0); - } - break; - } - } - - for (;;) { - if (doopen) { - if ((*doopen = - open(path, O_CREAT|O_EXCL|O_RDWR|extraFlags, 0600)) >= 0) - return(1); - if (errno != EEXIST) - return(0); - } - else if (stat(path, &sbuf)) - return(errno == ENOENT ? 1 : 0); - - /* tricky little algorithm for backward compatibility */ - for (trv = start;;) { - if (!*trv) - return(0); - if (*trv == 'z') - *trv++ = 'a'; - else { - if (isdigit(*trv)) - *trv = 'a'; - else - ++*trv; - break; - } - } - } - /*NOTREACHED*/ -} diff --git a/dbm/src/snprintf.c b/dbm/src/snprintf.c deleted file mode 100644 index 96696d8e87..0000000000 --- a/dbm/src/snprintf.c +++ /dev/null @@ -1,73 +0,0 @@ -#ifndef HAVE_SNPRINTF - -#include -#include -#include - -#ifdef HAVE_SYS_CDEFS_H -#include -#else -#include "cdefs.h" -#endif - -#include "prtypes.h" - -#include - -#ifdef __STDC__ -#include -#else -#include -#endif - -int -#ifdef __STDC__ -snprintf(char *str, size_t n, const char *fmt, ...) -#else -snprintf(str, n, fmt, va_alist) - char *str; - size_t n; - const char *fmt; - va_dcl -#endif -{ - va_list ap; -#ifdef VSPRINTF_CHARSTAR - char *rp; -#else - int rval; -#endif -#ifdef __STDC__ - va_start(ap, fmt); -#else - va_start(ap); -#endif -#ifdef VSPRINTF_CHARSTAR - rp = vsprintf(str, fmt, ap); - va_end(ap); - return (strlen(rp)); -#else - rval = vsprintf(str, fmt, ap); - va_end(ap); - return (rval); -#endif -} - -int -vsnprintf(str, n, fmt, ap) - char *str; - size_t n; - const char *fmt; - va_list ap; -{ -#ifdef VSPRINTF_CHARSTAR - return (strlen(vsprintf(str, fmt, ap))); -#else - return (vsprintf(str, fmt, ap)); -#endif -} - -#endif /* HAVE_SNPRINTF */ - -/* Some compilers don't like an empty source file. */ -static int dummy = 0; diff --git a/dbm/src/strerror.c b/dbm/src/strerror.c deleted file mode 100644 index 83d16e7c26..0000000000 --- a/dbm/src/strerror.c +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (c) 1988, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)strerror.c 8.1 (Berkeley) 6/4/93"; -#endif /* LIBC_SCCS and not lint */ - -#include - -#ifdef _DLL -#define sys_nerr (*_sys_nerr_dll) -#endif - -#ifndef HAVE_STRERROR -#ifndef _AFXDLL -char * -strerror(num) - int num; -{ - extern int sys_nerr; - extern char *sys_errlist[]; -#define UPREFIX "Unknown error: " - static char ebuf[40] = UPREFIX; /* 64-bit number + slop */ - register unsigned int errnum; - register char *p, *t; - char tmp[40]; - - errnum = num; /* convert to unsigned */ - if (errnum < sys_nerr) - return(sys_errlist[errnum]); - - /* Do this by hand, so we don't include stdio(3). */ - t = tmp; - do { - *t++ = "0123456789"[errnum % 10]; - } while (errnum /= 10); - for (p = ebuf + sizeof(UPREFIX) - 1;;) { - *p++ = *--t; - if (t <= tmp) - break; - } - return(ebuf); -} - -#endif -#endif /* !HAVE_STRERROR */ diff --git a/dbm/tests/.cvsignore b/dbm/tests/.cvsignore deleted file mode 100644 index a21fbfc35f..0000000000 --- a/dbm/tests/.cvsignore +++ /dev/null @@ -1,3 +0,0 @@ -Makefile -lots -test.db diff --git a/dbm/tests/Makefile.in b/dbm/tests/Makefile.in deleted file mode 100644 index ffb83f29b3..0000000000 --- a/dbm/tests/Makefile.in +++ /dev/null @@ -1,62 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is mozilla.org code. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1998 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -DEPTH = ../.. -topsrcdir = @top_srcdir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -include $(DEPTH)/config/autoconf.mk - -MODULE = dbm - -PACKAGE_FILE = dbmtest.pkg - -PROGRAM = lots$(BIN_SUFFIX) - -CSRCS = lots.c - -ifeq ($(OS_ARCH),WINNT) -EXTRA_DSO_LIBS = dbm$(MOZ_BITS) -else -EXTRA_DSO_LIBS = mozdbm_s -endif - -LIBS = $(EXTRA_DSO_LIBS) - -include $(topsrcdir)/config/rules.mk - diff --git a/dbm/tests/dbmtest.pkg b/dbm/tests/dbmtest.pkg deleted file mode 100644 index abd564bedf..0000000000 --- a/dbm/tests/dbmtest.pkg +++ /dev/null @@ -1,2 +0,0 @@ -[gecko-tests] -dist/bin/lots@BINS@ diff --git a/dbm/tests/lots.c b/dbm/tests/lots.c deleted file mode 100644 index ea8bc6ea23..0000000000 --- a/dbm/tests/lots.c +++ /dev/null @@ -1,638 +0,0 @@ -/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is mozilla.org code. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1998 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* use sequental numbers printed to strings - * to store lots and lots of entries in the - * database. - * - * Start with 100 entries, put them and then - * read them out. Then delete the first - * half and verify that all of the first half - * is gone and then verify that the second - * half is still there. - * Then add the first half back and verify - * again. Then delete the middle third - * and verify again. - * Then increase the size by 1000 and do - * the whole add delete thing again. - * - * The data for each object is the number string translated - * to hex and replicated a random number of times. The - * number of times that the data is replicated is the first - * int32 in the data. - */ - -#include - -#include -#ifdef STDC_HEADERS -#include -#else -#include -#endif - -#ifdef HAVE_MEMORY_H -#include -#endif -#include -#include -#include "mcom_db.h" - -DB *database=0; -int MsgPriority=5; - -#if defined(_WINDOWS) && !defined(WIN32) -#define int32 long -#define uint32 unsigned long -#else -#define int32 int -#define uint32 unsigned int -#endif - -typedef enum { -USE_LARGE_KEY, -USE_SMALL_KEY -} key_type_enum; - -#define TraceMe(priority, msg) \ - do { \ - if(priority <= MsgPriority) \ - { \ - ReportStatus msg; \ - } \ - } while(0) - -int -ReportStatus(char *string, ...) -{ - va_list args; - -#ifdef STDC_HEADERS - va_start(args, string); -#else - va_start(args); -#endif - vfprintf(stderr, string, args); - va_end(args); - - fprintf (stderr, "\n"); - - return(0); -} - -int -ReportError(char *string, ...) -{ - va_list args; - -#ifdef STDC_HEADERS - va_start(args, string); -#else - va_start(args); -#endif - fprintf (stderr, "\n "); - vfprintf(stderr, string, args); - fprintf (stderr, "\n"); - va_end(args); - - return(0); -} - -DBT * MakeLargeKey(int32 num) -{ - int32 low_bits; - static DBT rv; - static char *string_rv=0; - int rep_char; - size_t size; - - if(string_rv) - free(string_rv); - - /* generate a really large text key derived from - * an int32 - */ - low_bits = (num % 10000) + 1; - - /* get the repeat char from the low 26 */ - rep_char = (char) ((low_bits % 26) + 'a'); - - /* malloc a string low_bits wide */ - size = low_bits*sizeof(char); - string_rv = (char *)malloc(size); - - memset(string_rv, rep_char, size); - - rv.data = string_rv; - rv.size = size; - - return(&rv); -} - -DBT * MakeSmallKey(int32 num) -{ - static DBT rv; - static char data_string[64]; - - rv.data = data_string; - - sprintf(data_string, "%ld", (long)num); - rv.size = strlen(data_string); - - return(&rv); - -} - -DBT * GenKey(int32 num, key_type_enum key_type) -{ - DBT *key; - - switch(key_type) - { - case USE_LARGE_KEY: - key = MakeLargeKey(num); - break; - case USE_SMALL_KEY: - key = MakeSmallKey(num); - break; - default: - abort(); - break; - } - - return(key); -} - -int -SeqDatabase() -{ - int status; - DBT key, data; - - ReportStatus("SEQuencing through database..."); - - /* seq through the whole database */ - if(!(status = (*database->seq)(database, &key, &data, R_FIRST))) - { - while(!(status = (database->seq) (database, &key, &data, R_NEXT))) - ; /* null body */ - } - - if(status < 0) - ReportError("Error seq'ing database"); - - return(status); -} - -int -VerifyData(DBT *data, int32 num, key_type_enum key_type) -{ - int32 count, compare_num; - size_t size; - int32 *int32_array; - - /* The first int32 is count - * The other n entries should - * all equal num - */ - if(data->size < sizeof(int32)) - { - ReportError("Data size corrupted"); - return -1; - } - - memcpy(&count, data->data, sizeof(int32)); - - size = sizeof(int32)*(count+1); - - if(size != data->size) - { - ReportError("Data size corrupted"); - return -1; - } - - int32_array = (int32*)data->data; - - for(;count > 0; count--) - { - memcpy(&compare_num, &int32_array[count], sizeof(int32)); - - if(compare_num != num) - { - ReportError("Data corrupted"); - return -1; - } - } - - return(0); -} - - -/* verify that a range of number strings exist - * or don't exist. And that the data is valid - */ -#define SHOULD_EXIST 1 -#define SHOULD_NOT_EXIST 0 -int -VerifyRange(int32 low, int32 high, int32 should_exist, key_type_enum key_type) -{ - DBT *key, data; - int32 num; - int status; - - TraceMe(1, ("Verifying: %ld to %ld, using %s keys", - low, high, key_type == USE_SMALL_KEY ? "SMALL" : "LARGE")); - - for(num = low; num <= high; num++) - { - - key = GenKey(num, key_type); - - status = (*database->get)(database, key, &data, 0); - - if(status == 0) - { - /* got the item */ - if(!should_exist) - { - ReportError("Item exists but shouldn't: %ld", num); - } - else - { - /* else verify the data */ - VerifyData(&data, num, key_type); - } - } - else if(status > 0) - { - /* item not found */ - if(should_exist) - { - ReportError("Item not found but should be: %ld", num); - } - } - else - { - /* database error */ - ReportError("Database error"); - return(-1); - } - - } - - TraceMe(1, ("Correctly verified: %ld to %ld", low, high)); - - return(0); - -} - -DBT * -GenData(int32 num) -{ - int32 n; - static DBT *data=0; - int32 *int32_array; - size_t size; - - if(!data) - { - data = (DBT*)malloc(sizeof(DBT)); - data->size = 0; - data->data = 0; - } - else if(data->data) - { - free(data->data); - } - - n = rand(); - - n = n % 512; /* bound to a 2K size */ - - - size = sizeof(int32)*(n+1); - int32_array = (int32 *) malloc(size); - - memcpy(&int32_array[0], &n, sizeof(int32)); - - for(; n > 0; n--) - { - memcpy(&int32_array[n], &num, sizeof(int32)); - } - - data->data = (void*)int32_array; - data->size = size; - - return(data); -} - -#define ADD_RANGE 1 -#define DELETE_RANGE 2 - -int -AddOrDelRange(int32 low, int32 high, int action, key_type_enum key_type) -{ - DBT *key, *data; -#if 0 /* only do this if your really analy checking the puts */ - DBT tmp_data; -#endif - int32 num; - int status; - - if(action != ADD_RANGE && action != DELETE_RANGE) - assert(0); - - if(action == ADD_RANGE) - { - TraceMe(1, ("Adding: %ld to %ld: %s keys", low, high, - key_type == USE_SMALL_KEY ? "SMALL" : "LARGE")); - } - else - { - TraceMe(1, ("Deleting: %ld to %ld: %s keys", low, high, - key_type == USE_SMALL_KEY ? "SMALL" : "LARGE")); - } - - for(num = low; num <= high; num++) - { - - key = GenKey(num, key_type); - - if(action == ADD_RANGE) - { - data = GenData(num); - status = (*database->put)(database, key, data, 0); - } - else - { - status = (*database->del)(database, key, 0); - } - - if(status < 0) - { - ReportError("Database error %s item: %ld", - action == ADD_RANGE ? "ADDING" : "DELETING", - num); - } - else if(status > 0) - { - ReportError("Could not %s item: %ld", - action == ADD_RANGE ? "ADD" : "DELETE", - num); - } - else if(action == ADD_RANGE) - { -#define SYNC_EVERY_TIME -#ifdef SYNC_EVERY_TIME - status = (*database->sync)(database, 0); - if(status != 0) - ReportError("Database error syncing after add"); -#endif - -#if 0 /* only do this if your really analy checking the puts */ - - /* make sure we can still get it - */ - status = (*database->get)(database, key, &tmp_data, 0); - - if(status != 0) - { - ReportError("Database error checking item just added: %d", - num); - } - else - { - /* now verify that none of the ones we already - * put in have disappeared - */ - VerifyRange(low, num, SHOULD_EXIST, key_type); - } -#endif - - } - } - - - if(action == ADD_RANGE) - { - TraceMe(1, ("Successfully added: %ld to %ld", low, high)); - } - else - { - TraceMe(1, ("Successfully deleted: %ld to %ld", low, high)); - } - - return(0); -} - -int -TestRange(int32 low, int32 range, key_type_enum key_type) -{ - int status; int32 low_of_range1, high_of_range1; int32 low_of_range2, high_of_range2; - int32 low_of_range3, high_of_range3; - - status = AddOrDelRange(low, low+range, ADD_RANGE, key_type); - status = VerifyRange(low, low+range, SHOULD_EXIST, key_type); - - TraceMe(1, ("Finished with sub test 1")); - - SeqDatabase(); - - low_of_range1 = low; - high_of_range1 = low+(range/2); - low_of_range2 = high_of_range1+1; - high_of_range2 = low+range; - status = AddOrDelRange(low_of_range1, high_of_range1, DELETE_RANGE, key_type); - status = VerifyRange(low_of_range1, high_of_range1, SHOULD_NOT_EXIST, key_type); - status = VerifyRange(low_of_range2, low_of_range2, SHOULD_EXIST, key_type); - - TraceMe(1, ("Finished with sub test 2")); - - SeqDatabase(); - - status = AddOrDelRange(low_of_range1, high_of_range1, ADD_RANGE, key_type); - /* the whole thing should exist now */ - status = VerifyRange(low, low+range, SHOULD_EXIST, key_type); - - TraceMe(1, ("Finished with sub test 3")); - - SeqDatabase(); - - status = AddOrDelRange(low_of_range2, high_of_range2, DELETE_RANGE, key_type); - status = VerifyRange(low_of_range1, high_of_range1, SHOULD_EXIST, key_type); - status = VerifyRange(low_of_range2, high_of_range2, SHOULD_NOT_EXIST, key_type); - - TraceMe(1, ("Finished with sub test 4")); - - SeqDatabase(); - - status = AddOrDelRange(low_of_range2, high_of_range2, ADD_RANGE, key_type); - /* the whole thing should exist now */ - status = VerifyRange(low, low+range, SHOULD_EXIST, key_type); - - TraceMe(1, ("Finished with sub test 5")); - - SeqDatabase(); - - low_of_range1 = low; - high_of_range1 = low+(range/3); - low_of_range2 = high_of_range1+1; - high_of_range2 = high_of_range1+(range/3); - low_of_range3 = high_of_range2+1; - high_of_range3 = low+range; - /* delete range 2 */ - status = AddOrDelRange(low_of_range2, high_of_range2, DELETE_RANGE, key_type); - status = VerifyRange(low_of_range1, high_of_range1, SHOULD_EXIST, key_type); - status = VerifyRange(low_of_range2, low_of_range2, SHOULD_NOT_EXIST, key_type); - status = VerifyRange(low_of_range3, low_of_range2, SHOULD_EXIST, key_type); - - TraceMe(1, ("Finished with sub test 6")); - - SeqDatabase(); - - status = AddOrDelRange(low_of_range2, high_of_range2, ADD_RANGE, key_type); - /* the whole thing should exist now */ - status = VerifyRange(low, low+range, SHOULD_EXIST, key_type); - - TraceMe(1, ("Finished with sub test 7")); - - return(0); -} - -#define START_RANGE 109876 -int -main(int argc, char **argv) -{ - int32 i, j=0; - int quick_exit = 0; - int large_keys = 0; - HASHINFO hash_info = { - 16*1024, - 0, - 0, - 0, - 0, - 0}; - - - if(argc > 1) - { - while(argc > 1) - { - if(!strcmp(argv[argc-1], "-quick")) - quick_exit = 1; - else if(!strcmp(argv[argc-1], "-large")) - { - large_keys = 1; - } - argc--; - } - } - - database = dbopen("test.db", O_RDWR | O_CREAT, 0644, DB_HASH, &hash_info); - - if(!database) - { - ReportError("Could not open database"); -#ifdef unix - perror(""); -#endif - exit(1); - } - - if(quick_exit) - { - if(large_keys) - TestRange(START_RANGE, 200, USE_LARGE_KEY); - else - TestRange(START_RANGE, 200, USE_SMALL_KEY); - - (*database->sync)(database, 0); - (*database->close)(database); - exit(0); - } - - for(i=100; i < 10000000; i+=200) - { - if(1 || j) - { - TestRange(START_RANGE, i, USE_LARGE_KEY); - j = 0; - } - else - { - TestRange(START_RANGE, i, USE_SMALL_KEY); - j = 1; - } - - if(1 == rand() % 3) - { - (*database->sync)(database, 0); - } - - if(1 == rand() % 3) - { - /* close and reopen */ - (*database->close)(database); - database = dbopen("test.db", O_RDWR | O_CREAT, 0644, DB_HASH, 0); - if(!database) - { - ReportError("Could not reopen database"); -#ifdef unix - perror(""); -#endif - exit(1); - } - } - else - { - /* reopen database without closeing the other */ - database = dbopen("test.db", O_RDWR | O_CREAT, 0644, DB_HASH, 0); - if(!database) - { - ReportError("Could not reopen database " - "after not closing the other"); -#ifdef unix - perror(""); -#endif - exit(1); - } - } - } - - return(0); -} diff --git a/security/dbm/Makefile b/security/dbm/Makefile deleted file mode 100644 index bfcff6a177..0000000000 --- a/security/dbm/Makefile +++ /dev/null @@ -1,88 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -ifdef NSS_DISABLE_DBM -DIRS = dummy -endif - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -coreconf_hack: - cd ../coreconf; gmake - gmake import - -RelEng_bld: coreconf_hack - gmake diff --git a/security/dbm/config/config.mk b/security/dbm/config/config.mk deleted file mode 100644 index adab124476..0000000000 --- a/security/dbm/config/config.mk +++ /dev/null @@ -1,71 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -# -# These macros are defined by mozilla's configure script. -# We define them manually here. -# - -DEFINES += -DSTDC_HEADERS -DHAVE_STRERROR - -# -# Most platforms have snprintf, so it's simpler to list the exceptions. -# -HAVE_SNPRINTF = 1 -# -# OSF1 V4.0D doesn't have snprintf but V5.0A does. -# -ifeq ($(OS_TARGET)$(OS_RELEASE),OSF1V4.0D) -HAVE_SNPRINTF = -endif -ifdef HAVE_SNPRINTF -DEFINES += -DHAVE_SNPRINTF -endif - -ifeq (,$(filter-out IRIX Linux,$(OS_TARGET))) -DEFINES += -DHAVE_SYS_CDEFS_H -endif - -ifeq (,$(filter-out DGUX NCR ReliantUNIX SCO_SV SCOOS UNIXWARE,$(OS_TARGET))) -DEFINES += -DHAVE_SYS_BYTEORDER_H -endif - -# -# None of the platforms that we are interested in need to -# define HAVE_MEMORY_H. -# diff --git a/security/dbm/include/Makefile b/security/dbm/include/Makefile deleted file mode 100644 index 5189628239..0000000000 --- a/security/dbm/include/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - diff --git a/security/dbm/include/manifest.mn b/security/dbm/include/manifest.mn deleted file mode 100644 index 31cbe56eff..0000000000 --- a/security/dbm/include/manifest.mn +++ /dev/null @@ -1,59 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/include - -MODULE = dbm - -EXPORTS = cdefs.h \ - mcom_db.h \ - ncompat.h \ - winfile.h \ - $(NULL) - -PRIVATE_EXPORTS = hsearch.h \ - page.h \ - extern.h \ - queue.h \ - hash.h \ - mpool.h \ - search.h \ - $(NULL) - diff --git a/security/dbm/manifest.mn b/security/dbm/manifest.mn deleted file mode 100644 index 48b39176a0..0000000000 --- a/security/dbm/manifest.mn +++ /dev/null @@ -1,49 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = .. - -MODULE = dbm - -IMPORTS = nspr20/v4.4.1 - -RELEASE = dbm - -DIRS = include \ - src \ - $(NULL) diff --git a/security/dbm/src/Makefile b/security/dbm/src/Makefile deleted file mode 100644 index 6d9a95bdd3..0000000000 --- a/security/dbm/src/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/dbm/config/config.mk - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - diff --git a/security/dbm/src/config.mk b/security/dbm/src/config.mk deleted file mode 100644 index e64d886d18..0000000000 --- a/security/dbm/src/config.mk +++ /dev/null @@ -1,67 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE $(SECURITY_FLAG) - -INCLUDES += -I$(CORE_DEPTH)/../dbm/include - -# -# Currently, override TARGETS variable so that only static libraries -# are specifed as dependencies within rules.mk. -# - -TARGETS = $(LIBRARY) -SHARED_LIBRARY = -IMPORT_LIBRARY = -PURE_LIBRARY = -PROGRAM = - -ifdef SHARED_LIBRARY - ifeq (,$(filter-out WIN%,$(OS_TARGET))) - DLLBASE=/BASE:0x30000000 - RES=$(OBJDIR)/dbm.res - RESNAME=../include/dbm.rc - endif - ifeq ($(DLL_SUFFIX),dll) - DEFINES += -D_DLL - endif -endif - -ifeq ($(OS_TARGET),AIX) - OS_LIBS += -lc_r -endif diff --git a/security/dbm/src/dirent.c b/security/dbm/src/dirent.c deleted file mode 100644 index cae92d81b7..0000000000 --- a/security/dbm/src/dirent.c +++ /dev/null @@ -1,348 +0,0 @@ -#ifdef OS2 - -#include -#include -#include -#include - -#include -#include - -/*#ifndef __EMX__ -#include -#endif */ - -#define INCL_DOSFILEMGR -#define INCL_DOSERRORS -#include - -#if OS2 >= 2 -# define FFBUF FILEFINDBUF3 -# define Word ULONG - /* - * LS20 recommends a request count of 100, but according to the - * APAR text it does not lead to missing files, just to funny - * numbers of returned entries. - * - * LS30 HPFS386 requires a count greater than 2, or some files - * are missing (those starting with a character less that '.'). - * - * Novell loses entries which overflow the buffer. In previous - * versions of dirent2, this could have lead to missing files - * when the average length of 100 directory entries was 40 bytes - * or more (quite unlikely for files on a Novell server). - * - * Conclusion: Make sure that the entries all fit into the buffer - * and that the buffer is large enough for more than 2 entries - * (each entry is at most 300 bytes long). And ignore the LS20 - * effect. - */ -# define Count 25 -# define BufSz (25 * (sizeof(FILEFINDBUF3)+1)) -#else -# define FFBUF FILEFINDBUF -# define Word USHORT -# define BufSz 1024 -# define Count 3 -#endif - -#if defined(__IBMC__) || defined(__IBMCPP__) - #define error(rc) _doserrno = rc, errno = EOS2ERR -#elif defined(MICROSOFT) - #define error(rc) _doserrno = rc, errno = 255 -#else - #define error(rc) errno = 255 -#endif - -struct _dirdescr { - HDIR handle; /* DosFindFirst handle */ - char fstype; /* filesystem type */ - Word count; /* valid entries in */ - long number; /* absolute number of next entry */ - int index; /* relative number of next entry */ - FFBUF * next; /* pointer to next entry */ - char name[MAXPATHLEN+3]; /* directory name */ - unsigned attrmask; /* attribute mask for seekdir */ - struct dirent entry; /* buffer for directory entry */ - BYTE ffbuf[BufSz]; -}; - -/* - * Return first char of filesystem type, or 0 if unknown. - */ -static char -getFSType(const char *path) -{ - static char cache[1+26]; - char drive[3], info[512]; - Word unit, infolen; - char r; - - if (isalpha(path[0]) && path[1] == ':') { - unit = toupper(path[0]) - '@'; - path += 2; - } else { - ULONG driveMap; -#if OS2 >= 2 - if (DosQueryCurrentDisk(&unit, &driveMap)) -#else - if (DosQCurDisk(&unit, &driveMap)) -#endif - return 0; - } - - if ((path[0] == '\\' || path[0] == '/') - && (path[1] == '\\' || path[1] == '/')) - return 0; - - if (cache [unit]) - return cache [unit]; - - drive[0] = '@' + unit; - drive[1] = ':'; - drive[2] = '\0'; - infolen = sizeof info; -#if OS2 >= 2 - if (DosQueryFSAttach(drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen)) - return 0; - if (infolen >= sizeof(FSQBUFFER2)) { - FSQBUFFER2 *p = (FSQBUFFER2 *)info; - r = p->szFSDName[p->cbName]; - } else -#else - if (DosQFSAttach((PSZ)drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen, 0)) - return 0; - if (infolen >= 9) { - char *p = info + sizeof(USHORT); - p += sizeof(USHORT) + *(USHORT *)p + 1 + sizeof(USHORT); - r = *p; - } else -#endif - r = 0; - return cache [unit] = r; -} - -char * -abs_path(const char *name, char *buffer, int len) -{ - char buf[4]; - if (isalpha(name[0]) && name[1] == ':' && name[2] == '\0') { - buf[0] = name[0]; - buf[1] = name[1]; - buf[2] = '.'; - buf[3] = '\0'; - name = buf; - } -#if OS2 >= 2 - if (DosQueryPathInfo((PSZ)name, FIL_QUERYFULLNAME, buffer, len)) -#else - if (DosQPathInfo((PSZ)name, FIL_QUERYFULLNAME, (PBYTE)buffer, len, 0L)) -#endif - return NULL; - return buffer; -} - -DIR * -openxdir(const char *path, unsigned att_mask) -{ - DIR *dir; - char name[MAXPATHLEN+3]; - Word rc; - - dir = malloc(sizeof(DIR)); - if (dir == NULL) { - errno = ENOMEM; - return NULL; - } - - strncpy(name, path, MAXPATHLEN); - name[MAXPATHLEN] = '\0'; - switch (name[strlen(name)-1]) { - default: - strcat(name, "\\"); - case '\\': - case '/': - case ':': - ; - } - strcat(name, "."); - if (!abs_path(name, dir->name, MAXPATHLEN+1)) - strcpy(dir->name, name); - if (dir->name[strlen(dir->name)-1] == '\\') - strcat(dir->name, "*"); - else - strcat(dir->name, "\\*"); - - dir->fstype = getFSType(dir->name); - dir->attrmask = att_mask | A_DIR; - - dir->handle = HDIR_CREATE; - dir->count = 100; -#if OS2 >= 2 - rc = DosFindFirst(dir->name, &dir->handle, dir->attrmask, - dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD); -#else - rc = DosFindFirst((PSZ)dir->name, &dir->handle, dir->attrmask, - (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0); -#endif - switch (rc) { - default: - free(dir); - error(rc); - return NULL; - case NO_ERROR: - case ERROR_NO_MORE_FILES: - ; - } - - dir->number = 0; - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - - return (DIR *)dir; -} - -DIR * -opendir(const char *pathname) -{ - return openxdir(pathname, 0); -} - -struct dirent * -readdir(DIR *dir) -{ - static int dummy_ino = 2; - - if (dir->index == dir->count) { - Word rc; - dir->count = 100; -#if OS2 >= 2 - rc = DosFindNext(dir->handle, dir->ffbuf, - sizeof dir->ffbuf, &dir->count); -#else - rc = DosFindNext(dir->handle, (PFILEFINDBUF)dir->ffbuf, - sizeof dir->ffbuf, &dir->count); -#endif - if (rc) { - error(rc); - return NULL; - } - - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - } - - if (dir->index == dir->count) - return NULL; - - memcpy(dir->entry.d_name, dir->next->achName, dir->next->cchName); - dir->entry.d_name[dir->next->cchName] = '\0'; - dir->entry.d_ino = dummy_ino++; - dir->entry.d_reclen = dir->next->cchName; - dir->entry.d_namlen = dir->next->cchName; - dir->entry.d_size = dir->next->cbFile; - dir->entry.d_attribute = dir->next->attrFile; - dir->entry.d_time = *(USHORT *)&dir->next->ftimeLastWrite; - dir->entry.d_date = *(USHORT *)&dir->next->fdateLastWrite; - - switch (dir->fstype) { - case 'F': /* FAT */ - case 'C': /* CDFS */ - if (dir->next->attrFile & FILE_DIRECTORY) - strupr(dir->entry.d_name); - else - strlwr(dir->entry.d_name); - } - -#if OS2 >= 2 - dir->next = (FFBUF *)((BYTE *)dir->next + dir->next->oNextEntryOffset); -#else - dir->next = (FFBUF *)((BYTE *)dir->next->achName + dir->next->cchName + 1); -#endif - ++dir->number; - ++dir->index; - - return &dir->entry; -} - -long -telldir(DIR *dir) -{ - return dir->number; -} - -void -seekdir(DIR *dir, long off) -{ - if (dir->number > off) { - char name[MAXPATHLEN+2]; - Word rc; - - DosFindClose(dir->handle); - - strcpy(name, dir->name); - strcat(name, "*"); - - dir->handle = HDIR_CREATE; - dir->count = 32767; -#if OS2 >= 2 - rc = DosFindFirst(name, &dir->handle, dir->attrmask, - dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD); -#else - rc = DosFindFirst((PSZ)name, &dir->handle, dir->attrmask, - (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0); -#endif - switch (rc) { - default: - error(rc); - return; - case NO_ERROR: - case ERROR_NO_MORE_FILES: - ; - } - - dir->number = 0; - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - } - - while (dir->number < off && readdir(dir)) - ; -} - -void -closedir(DIR *dir) -{ - DosFindClose(dir->handle); - free(dir); -} - -/*****************************************************************************/ - -#ifdef TEST - -main(int argc, char **argv) -{ - int i; - DIR *dir; - struct dirent *ep; - - for (i = 1; i < argc; ++i) { - dir = opendir(argv[i]); - if (!dir) - continue; - while (ep = readdir(dir)) - if (strchr("\\/:", argv[i] [strlen(argv[i]) - 1])) - printf("%s%s\n", argv[i], ep->d_name); - else - printf("%s/%s\n", argv[i], ep->d_name); - closedir(dir); - } - - return 0; -} - -#endif - -#endif /* OS2 */ - diff --git a/security/dbm/src/dirent.h b/security/dbm/src/dirent.h deleted file mode 100644 index 07a6c0ac87..0000000000 --- a/security/dbm/src/dirent.h +++ /dev/null @@ -1,97 +0,0 @@ -#ifndef __DIRENT_H__ -#define __DIRENT_H__ -/* - * @(#)msd_dir.h 1.4 87/11/06 Public Domain. - * - * A public domain implementation of BSD directory routines for - * MS-DOS. Written by Michael Rendell ({uunet,utai}michael@garfield), - * August 1897 - * - * Extended by Peter Lim (lim@mullian.oz) to overcome some MS DOS quirks - * and returns 2 more pieces of information - file size & attribute. - * Plus a little reshuffling of some #define's positions December 1987 - * - * Some modifications by Martin Junius 02-14-89 - * - * AK900712 - * AK910410 abs_path - make absolute path - * - */ - -#ifdef __EMX__ -#include -#else -#if defined(__IBMC__) || defined(__IBMCPP__) || defined(XP_W32_MSVC) -#include -#ifdef MAXPATHLEN - #undef MAXPATHLEN -#endif -#define MAXPATHLEN (FILENAME_MAX*4) -#define MAXNAMLEN FILENAME_MAX - -#else -#include -#endif -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* attribute stuff */ -#ifndef A_RONLY -# define A_RONLY 0x01 -# define A_HIDDEN 0x02 -# define A_SYSTEM 0x04 -# define A_LABEL 0x08 -# define A_DIR 0x10 -# define A_ARCHIVE 0x20 -#endif - -struct dirent { -#if defined(OS2) || defined(WIN32) /* use the layout of EMX to avoid trouble */ - int d_ino; /* Dummy */ - int d_reclen; /* Dummy, same as d_namlen */ - int d_namlen; /* length of name */ - char d_name[MAXNAMLEN + 1]; - unsigned long d_size; - unsigned short d_attribute; /* attributes (see above) */ - unsigned short d_time; /* modification time */ - unsigned short d_date; /* modification date */ -#else - char d_name[MAXNAMLEN + 1]; /* garentee null termination */ - char d_attribute; /* .. extension .. */ - unsigned long d_size; /* .. extension .. */ -#endif -}; - -typedef struct _dirdescr DIR; -/* the structs do not have to be defined here */ - -extern DIR *opendir(const char *); -extern DIR *openxdir(const char *, unsigned); -extern struct dirent *readdir(DIR *); -extern void seekdir(DIR *, long); -extern long telldir(DIR *); -extern void closedir(DIR *); -#define rewinddir(dirp) seekdir(dirp, 0L) - -extern char * abs_path(const char *name, char *buffer, int len); - -#ifndef S_IFMT -#define S_IFMT ( S_IFDIR | S_IFREG ) -#endif - -#ifndef S_ISDIR -#define S_ISDIR( m ) (((m) & S_IFMT) == S_IFDIR) -#endif - -#ifndef S_ISREG -#define S_ISREG( m ) (((m) & S_IFMT) == S_IFREG) -#endif - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/security/dbm/src/manifest.mn b/security/dbm/src/manifest.mn deleted file mode 100644 index 392f564070..0000000000 --- a/security/dbm/src/manifest.mn +++ /dev/null @@ -1,62 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/src - -MODULE = dbm - -# -# memmove.c, snprintf.c, and strerror.c are not in CSRCS because -# the Standard C Library has memmove and strerror and DBM is not -# using snprintf. -# - -CSRCS = db.c \ - h_bigkey.c \ - h_func.c \ - h_log2.c \ - h_page.c \ - hash.c \ - hash_buf.c \ - mktemp.c \ - dirent.c \ - $(NULL) - -LIBRARY_NAME = dbm diff --git a/security/dbm/tests/Makefile b/security/dbm/tests/Makefile deleted file mode 100644 index 63bc293880..0000000000 --- a/security/dbm/tests/Makefile +++ /dev/null @@ -1,73 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** -DEPTH = ../.. -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/tests - -MODULE = dbm - -CSRCS = lots.c - -PROGRAM = lots - -include $(DEPTH)/coreconf/config.mk - -include $(DEPTH)/dbm/config/config.mk - -ifeq (,$(filter-out WIN%,$(OS_TARGET))) -LIBDBM = ../src/$(PLATFORM)/dbm$(STATIC_LIB_SUFFIX) -else -LIBDBM = ../src/$(PLATFORM)/libdbm$(STATIC_LIB_SUFFIX) -endif - -INCLUDES += -I$(CORE_DEPTH)/../dbm/include - -LDFLAGS = $(LDOPTS) $(LIBDBM) - -include $(DEPTH)/coreconf/rules.mk - -lots.pure: lots - purify $(CC) -o lots.pure $(CFLAGS) $(OBJS) $(MYLIBS) - -crash: crash.o $(MYLIBS) - $(CC) -o crash $(CFLAGS) $^ - -crash.pure: crash.o $(MYLIBS) - purify $(CC) -o crash.pure $(CFLAGS) $^ - diff --git a/security/nss/Makefile b/security/nss/Makefile deleted file mode 100644 index 0590b7410f..0000000000 --- a/security/nss/Makefile +++ /dev/null @@ -1,185 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -ifeq ($(OS_TARGET),WINCE) -DIRS = lib # omit cmd since wince has no command line shell -endif - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -nss_build_all: build_coreconf build_nspr build_dbm all - -nss_clean_all: clobber_coreconf clobber_nspr clobber_dbm clobber - -build_coreconf: - cd $(CORE_DEPTH)/coreconf ; $(MAKE) - -clobber_coreconf: - cd $(CORE_DEPTH)/coreconf ; $(MAKE) clobber - -NSPR_CONFIG_STATUS = $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME)/config.status -NSPR_CONFIGURE = $(CORE_DEPTH)/../nsprpub/configure - -# -# Translate coreconf build options to NSPR configure options. -# - -ifdef BUILD_OPT -NSPR_CONFIGURE_OPTS += --disable-debug --enable-optimize -endif -ifdef USE_64 -NSPR_CONFIGURE_OPTS += --enable-64bit -endif -ifeq ($(OS_TARGET),WIN95) -NSPR_CONFIGURE_OPTS += --enable-win32-target=WIN95 -endif -ifdef USE_DEBUG_RTL -NSPR_CONFIGURE_OPTS += --enable-debug-rtl -endif -ifdef NS_USE_GCC -NSPR_COMPILERS = CC=gcc CXX=g++ -endif - -# -# Some pwd commands on Windows (for example, the pwd -# command in Cygwin) return a pathname that begins -# with a (forward) slash. When such a pathname is -# passed to Windows build tools (for example, cl), it -# is mistaken as a command-line option. If that is the case, -# we use a relative pathname as NSPR's prefix on Windows. -# - -USEABSPATH="YES" -ifeq (,$(filter-out WIN%,$(OS_TARGET))) -ifeq (,$(findstring :,$(shell pwd))) -USEABSPATH="NO" -endif -endif -ifeq ($(USEABSPATH),"YES") -NSPR_PREFIX = $(shell pwd)/../../dist/$(OBJDIR_NAME) -else -NSPR_PREFIX = $$(topsrcdir)/../dist/$(OBJDIR_NAME) -endif - -$(NSPR_CONFIG_STATUS): $(NSPR_CONFIGURE) - $(NSINSTALL) -D $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) - cd $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) ; \ - $(NSPR_COMPILERS) sh ../configure \ - $(NSPR_CONFIGURE_OPTS) \ - --with-dist-prefix='$(NSPR_PREFIX)' \ - --with-dist-includedir='$(NSPR_PREFIX)/include' - -build_nspr: $(NSPR_CONFIG_STATUS) - cd $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) ; $(MAKE) - -clobber_nspr: $(NSPR_CONFIG_STATUS) - cd $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) ; $(MAKE) clobber - -build_dbm: -ifndef NSS_DISABLE_DBM - cd $(CORE_DEPTH)/dbm ; $(MAKE) export libs -else - echo "skipping the build of DBM" -endif - -clobber_dbm: - cd $(CORE_DEPTH)/dbm ; $(MAKE) clobber - -moz_import:: -ifeq (,$(filter-out WIN%,$(OS_TARGET))) - $(NSINSTALL) -D $(DIST)/include/nspr - cp $(DIST)/../include/nspr/*.h $(DIST)/include/nspr - cp $(DIST)/../include/* $(DIST)/include -ifdef BUILD_OPT - cp $(DIST)/../WIN32_O.OBJ/lib/* $(DIST)/lib -else - cp $(DIST)/../WIN32_D.OBJ/lib/* $(DIST)/lib -endif - mv $(DIST)/lib/dbm32.lib $(DIST)/lib/dbm.lib -else -ifeq ($(OS_TARGET),OS2) - cp -rf $(DIST)/../include $(DIST) - cp -rf $(DIST)/../lib $(DIST) - cp -f $(DIST)/lib/libmozdbm_s.$(LIB_SUFFIX) $(DIST)/lib/libdbm.$(LIB_SUFFIX) -else - $(NSINSTALL) -L ../../dist include $(DIST) - $(NSINSTALL) -L ../../dist lib $(DIST) - cp $(DIST)/lib/libmozdbm_s.$(LIB_SUFFIX) $(DIST)/lib/libdbm.$(LIB_SUFFIX) -endif -endif - -nss_RelEng_bld: build_coreconf import build_dbm all - -package: - $(MAKE) -C pkg publish diff --git a/security/nss/cmd/.cvsignore b/security/nss/cmd/.cvsignore deleted file mode 100644 index 6329db22e8..0000000000 --- a/security/nss/cmd/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -.gdbinit diff --git a/security/nss/cmd/Makefile b/security/nss/cmd/Makefile deleted file mode 100644 index 67dd375abf..0000000000 --- a/security/nss/cmd/Makefile +++ /dev/null @@ -1,57 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../.. -DEPTH = ../.. - -include manifest.mn -include $(CORE_DEPTH)/coreconf/config.mk - -ifdef BUILD_LIBPKIX_TESTS -DIRS += libpkix -endif - -INCLUDES += \ - -I$(DIST)/../public/security \ - -I./include \ - $(NULL) - -include $(CORE_DEPTH)/coreconf/rules.mk - -symbols:: - @echo "TARGETS = $(TARGETS)" diff --git a/security/nss/cmd/addbuiltin/Makefile b/security/nss/cmd/addbuiltin/Makefile deleted file mode 100644 index fe7991878f..0000000000 --- a/security/nss/cmd/addbuiltin/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/addbuiltin/addbuiltin.c b/security/nss/cmd/addbuiltin/addbuiltin.c deleted file mode 100644 index 8bb99547ce..0000000000 --- a/security/nss/cmd/addbuiltin/addbuiltin.c +++ /dev/null @@ -1,391 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* - * Tool for converting builtin CA certs. - * - * $Id$ - */ - -#include "nssrenam.h" -#include "nss.h" -#include "cert.h" -#include "certdb.h" -#include "secutil.h" -#include "pk11func.h" - -#if defined(WIN32) -#include -#include -#endif - -void dumpbytes(unsigned char *buf, int len) -{ - int i; - for (i=0; i < len; i++) { - if ((i !=0) && ((i & 0xf) == 0)) { - printf("\n"); - } - printf("\\%03o",buf[i]); - } - printf("\n"); -} - -char *getTrustString(unsigned int trust) -{ - if (trust & CERTDB_TRUSTED) { - if (trust & CERTDB_TRUSTED_CA) { - return "CKT_NETSCAPE_TRUSTED_DELEGATOR|CKT_NETSCAPE_TRUSTED"; - } else { - return "CKT_NETSCAPE_TRUSTED"; - } - } else { - if (trust & CERTDB_TRUSTED_CA) { - return "CKT_NETSCAPE_TRUSTED_DELEGATOR"; - } else if (trust & CERTDB_VALID_CA) { - return "CKT_NETSCAPE_VALID_DELEGATOR"; - } else { - return "CKT_NETSCAPE_TRUST_UNKNOWN"; - } - } - return "CKT_NETSCAPE_TRUST_UNKNOWN"; /* not reached */ -} - -static const SEC_ASN1Template serialTemplate[] = { - { SEC_ASN1_INTEGER, offsetof(CERTCertificate,serialNumber) }, - { 0 } -}; - -static SECStatus -ConvertCertificate(SECItem *sdder, char *nickname, CERTCertTrust *trust) -{ - SECStatus rv = SECSuccess; - CERTCertificate *cert; - unsigned char sha1_hash[SHA1_LENGTH]; - unsigned char md5_hash[MD5_LENGTH]; - SECItem *serial = NULL; - - cert = CERT_DecodeDERCertificate(sdder, PR_FALSE, nickname); - if (!cert) { - return SECFailure; - } - serial = SEC_ASN1EncodeItem(NULL,NULL,cert,serialTemplate); - if (!serial) { - return SECFailure; - } - - printf("\n#\n# Certificate \"%s\"\n#\n",nickname); - printf("CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n"); - printf("CKA_TOKEN CK_BBOOL CK_TRUE\n"); - printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n"); - printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"); - printf("CKA_LABEL UTF8 \"%s\"\n",nickname); - printf("CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n"); - printf("CKA_SUBJECT MULTILINE_OCTAL\n"); - dumpbytes(cert->derSubject.data,cert->derSubject.len); - printf("END\n"); - printf("CKA_ID UTF8 \"0\"\n"); - printf("CKA_ISSUER MULTILINE_OCTAL\n"); - dumpbytes(cert->derIssuer.data,cert->derIssuer.len); - printf("END\n"); - printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n"); - dumpbytes(serial->data,serial->len); - printf("END\n"); - printf("CKA_VALUE MULTILINE_OCTAL\n"); - dumpbytes(sdder->data,sdder->len); - printf("END\n"); - - PK11_HashBuf(SEC_OID_SHA1, sha1_hash, sdder->data, sdder->len); - PK11_HashBuf(SEC_OID_MD5, md5_hash, sdder->data, sdder->len); - printf("\n# Trust for Certificate \"%s\"\n",nickname); - printf("CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST\n"); - printf("CKA_TOKEN CK_BBOOL CK_TRUE\n"); - printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n"); - printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"); - printf("CKA_LABEL UTF8 \"%s\"\n",nickname); - printf("CKA_CERT_SHA1_HASH MULTILINE_OCTAL\n"); - dumpbytes(sha1_hash,SHA1_LENGTH); - printf("END\n"); - printf("CKA_CERT_MD5_HASH MULTILINE_OCTAL\n"); - dumpbytes(md5_hash,MD5_LENGTH); - printf("END\n"); - - printf("CKA_ISSUER MULTILINE_OCTAL\n"); - dumpbytes(cert->derIssuer.data,cert->derIssuer.len); - printf("END\n"); - printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n"); - dumpbytes(serial->data,serial->len); - printf("END\n"); - - printf("CKA_TRUST_SERVER_AUTH CK_TRUST %s\n", - getTrustString(trust->sslFlags)); - printf("CKA_TRUST_EMAIL_PROTECTION CK_TRUST %s\n", - getTrustString(trust->emailFlags)); - printf("CKA_TRUST_CODE_SIGNING CK_TRUST %s\n", - getTrustString(trust->objectSigningFlags)); -#ifdef notdef - printf("CKA_TRUST_CLIENT_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED\n");*/ - printf("CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n"); - printf("CKA_TRUST_NON_REPUDIATION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n"); - printf("CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n"); - printf("CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n"); - printf("CKA_TRUST_KEY_AGREEMENT CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n"); - printf("CKA_TRUST_KEY_CERT_SIGN CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n"); -#endif - printf("CKA_TRUST_STEP_UP_APPROVED CK_BBOOL %s\n", - trust->sslFlags & CERTDB_GOVT_APPROVED_CA ? - "CK_TRUE" : "CK_FALSE"); - - - PORT_Free(sdder->data); - return(rv); - -} - -void printheader() { - printf("# \n" -"# ***** BEGIN LICENSE BLOCK *****\n" -"# Version: MPL 1.1/GPL 2.0/LGPL 2.1\n" -"#\n" -"# The contents of this file are subject to the Mozilla Public License Version\n" -"# 1.1 (the \"License\"); you may not use this file except in compliance with\n" -"# the License. You may obtain a copy of the License at\n" -"# http://www.mozilla.org/MPL/\n" -"#\n" -"# Software distributed under the License is distributed on an \"AS IS\" basis,\n" -"# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License\n" -"# for the specific language governing rights and limitations under the\n" -"# License.\n" -"#\n" -"# The Original Code is the Netscape security libraries..\n" -"#\n" -"# The Initial Developer of the Original Code is\n" -"# Netscape Communications Corporation.\n" -"# Portions created by the Initial Developer are Copyright (C) 1994-2000\n" -"# the Initial Developer. All Rights Reserved.\n" -"#\n" -"# Contributor(s):\n" -"#\n" -"# Alternatively, the contents of this file may be used under the terms of\n" -"# either the GNU General Public License Version 2 or later (the \"GPL\"), or\n" -"# the GNU Lesser General Public License Version 2.1 or later (the \"LGPL\"),\n" -"# in which case the provisions of the GPL or the LGPL are applicable instead\n" -"# of those above. If you wish to allow use of your version of this file only\n" -"# under the terms of either the GPL or the LGPL, and not to allow others to\n" -"# use your version of this file under the terms of the MPL, indicate your\n" -"# decision by deleting the provisions above and replace them with the notice\n" -"# and other provisions required by the GPL or the LGPL. If you do not delete\n" -"# the provisions above, a recipient may use your version of this file under\n" -"# the terms of any one of the MPL, the GPL or the LGPL.\n" -"#\n" -"# ***** END LICENSE BLOCK *****\n" - "#\n" - "CVS_ID \"@(#) $RCSfile$ $Revision$ $Date$\"\n" - "\n" - "#\n" - "# certdata.txt\n" - "#\n" - "# This file contains the object definitions for the certs and other\n" - "# information \"built into\" NSS.\n" - "#\n" - "# Object definitions:\n" - "#\n" - "# Certificates\n" - "#\n" - "# -- Attribute -- -- type -- -- value --\n" - "# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n" - "# CKA_TOKEN CK_BBOOL CK_TRUE\n" - "# CKA_PRIVATE CK_BBOOL CK_FALSE\n" - "# CKA_MODIFIABLE CK_BBOOL CK_FALSE\n" - "# CKA_LABEL UTF8 (varies)\n" - "# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n" - "# CKA_SUBJECT DER+base64 (varies)\n" - "# CKA_ID byte array (varies)\n" - "# CKA_ISSUER DER+base64 (varies)\n" - "# CKA_SERIAL_NUMBER DER+base64 (varies)\n" - "# CKA_VALUE DER+base64 (varies)\n" - "# CKA_NETSCAPE_EMAIL ASCII7 (unused here)\n" - "#\n" - "# Trust\n" - "#\n" - "# -- Attribute -- -- type -- -- value --\n" - "# CKA_CLASS CK_OBJECT_CLASS CKO_TRUST\n" - "# CKA_TOKEN CK_BBOOL CK_TRUE\n" - "# CKA_PRIVATE CK_BBOOL CK_FALSE\n" - "# CKA_MODIFIABLE CK_BBOOL CK_FALSE\n" - "# CKA_LABEL UTF8 (varies)\n" - "# CKA_ISSUER DER+base64 (varies)\n" - "# CKA_SERIAL_NUMBER DER+base64 (varies)\n" - "# CKA_CERT_HASH binary+base64 (varies)\n" - "# CKA_EXPIRES CK_DATE (not used here)\n" - "# CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST (varies)\n" - "# CKA_TRUST_NON_REPUDIATION CK_TRUST (varies)\n" - "# CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST (varies)\n" - "# CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST (varies)\n" - "# CKA_TRUST_KEY_AGREEMENT CK_TRUST (varies)\n" - "# CKA_TRUST_KEY_CERT_SIGN CK_TRUST (varies)\n" - "# CKA_TRUST_CRL_SIGN CK_TRUST (varies)\n" - "# CKA_TRUST_SERVER_AUTH CK_TRUST (varies)\n" - "# CKA_TRUST_CLIENT_AUTH CK_TRUST (varies)\n" - "# CKA_TRUST_CODE_SIGNING CK_TRUST (varies)\n" - "# CKA_TRUST_EMAIL_PROTECTION CK_TRUST (varies)\n" - "# CKA_TRUST_IPSEC_END_SYSTEM CK_TRUST (varies)\n" - "# CKA_TRUST_IPSEC_TUNNEL CK_TRUST (varies)\n" - "# CKA_TRUST_IPSEC_USER CK_TRUST (varies)\n" - "# CKA_TRUST_TIME_STAMPING CK_TRUST (varies)\n" - "# (other trust attributes can be defined)\n" - "#\n" - "\n" - "#\n" - "# The object to tell NSS that this is a root list and we don't\n" - "# have to go looking for others.\n" - "#\n" - "BEGINDATA\n" - "CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_BUILTIN_ROOT_LIST\n" - "CKA_TOKEN CK_BBOOL CK_TRUE\n" - "CKA_PRIVATE CK_BBOOL CK_FALSE\n" - "CKA_MODIFIABLE CK_BBOOL CK_FALSE\n" - "CKA_LABEL UTF8 \"Mozilla Builtin Roots\"\n"); -} - -static void Usage(char *progName) -{ - fprintf(stderr, "%s -n nickname -t trust [-i certfile]\n", progName); - fprintf(stderr, - "\tRead a der-encoded cert from certfile or stdin, and output\n" - "\tit to stdout in a format suitable for the builtin root module.\n" - "\tExample: %s -n MyCA -t \"C,C,C\" -i myca.der >> certdata.txt\n" - "\t(pipe through atob if the cert is b64-encoded)\n", progName); - fprintf(stderr, "%-15s nickname to assign to builtin cert.\n", - "-n nickname"); - fprintf(stderr, "%-15s trust flags (cCTpPuw).\n", "-t trust"); - fprintf(stderr, "%-15s file to read (default stdin)\n", "-i certfile"); - exit(-1); -} - -enum { - opt_Input = 0, - opt_Nickname, - opt_Trust -}; - -static secuCommandFlag addbuiltin_options[] = -{ - { /* opt_Input */ 'i', PR_TRUE, 0, PR_FALSE }, - { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE }, - { /* opt_Trust */ 't', PR_TRUE, 0, PR_FALSE } -}; - -int main(int argc, char **argv) -{ - SECStatus rv; - char *nickname; - char *trusts; - char *progName; - PRFileDesc *infile; - CERTCertTrust trust = { 0 }; - SECItem derCert = { 0 }; - - secuCommand addbuiltin = { 0 }; - addbuiltin.numOptions = sizeof(addbuiltin_options)/sizeof(secuCommandFlag); - addbuiltin.options = addbuiltin_options; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - rv = SECU_ParseCommandLine(argc, argv, progName, &addbuiltin); - - if (rv != SECSuccess) - Usage(progName); - - if (!addbuiltin.options[opt_Nickname].activated && - !addbuiltin.options[opt_Trust].activated) { - fprintf(stderr, "%s: you must specify both a nickname and trust.\n", - progName); - Usage(progName); - } - - if (addbuiltin.options[opt_Input].activated) { - infile = PR_Open(addbuiltin.options[opt_Input].arg, PR_RDONLY, 00660); - if (!infile) { - fprintf(stderr, "%s: failed to open input file.\n", progName); - exit(1); - } - } else { -#if defined(WIN32) - /* If we're going to read binary data from stdin, we must put stdin - ** into O_BINARY mode or else incoming \r\n's will become \n's, - ** and latin-1 characters will be altered. - */ - - int smrv = _setmode(_fileno(stdin), _O_BINARY); - if (smrv == -1) { - fprintf(stderr, - "%s: Cannot change stdin to binary mode. Use -i option instead.\n", - progName); - exit(1); - } -#endif - infile = PR_STDIN; - } - - nickname = strdup(addbuiltin.options[opt_Nickname].arg); - trusts = strdup(addbuiltin.options[opt_Trust].arg); - - NSS_NoDB_Init(NULL); - - rv = CERT_DecodeTrustString(&trust, trusts); - if (rv) { - fprintf(stderr, "%s: incorrectly formatted trust string.\n", progName); - Usage(progName); - } - - SECU_FileToItem(&derCert, infile); - - /*printheader();*/ - - rv = ConvertCertificate(&derCert, nickname, &trust); - if (rv) { - fprintf(stderr, "%s: failed to convert certificate.\n", progName); - exit(1); - } - - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - - return(SECSuccess); -} diff --git a/security/nss/cmd/addbuiltin/manifest.mn b/security/nss/cmd/addbuiltin/manifest.mn deleted file mode 100644 index 0729834a72..0000000000 --- a/security/nss/cmd/addbuiltin/manifest.mn +++ /dev/null @@ -1,52 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = \ - addbuiltin.c \ - $(NULL) - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd - -PROGRAM = addbuiltin - diff --git a/security/nss/cmd/atob/Makefile b/security/nss/cmd/atob/Makefile deleted file mode 100644 index 61e2cb3598..0000000000 --- a/security/nss/cmd/atob/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/atob/atob.c b/security/nss/cmd/atob/atob.c deleted file mode 100644 index e5fad05ecf..0000000000 --- a/security/nss/cmd/atob/atob.c +++ /dev/null @@ -1,180 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include "plgetopt.h" -#include "secutil.h" -#include "nssb64.h" -#include - -#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4)) -#if !defined(WIN32) -extern int fread(char *, size_t, size_t, FILE*); -extern int fwrite(char *, size_t, size_t, FILE*); -extern int fprintf(FILE *, char *, ...); -#endif -#endif - -#if defined(WIN32) -#include "fcntl.h" -#include "io.h" -#endif - -static PRInt32 -output_binary (void *arg, const unsigned char *obuf, PRInt32 size) -{ - FILE *outFile = arg; - int nb; - - nb = fwrite(obuf, 1, size, outFile); - if (nb != size) { - PORT_SetError(SEC_ERROR_IO); - return -1; - } - - return nb; -} - -static SECStatus -decode_file(FILE *outFile, FILE *inFile) -{ - NSSBase64Decoder *cx; - int nb; - SECStatus status = SECFailure; - char ibuf[4096]; - - cx = NSSBase64Decoder_Create(output_binary, outFile); - if (!cx) { - return -1; - } - - for (;;) { - if (feof(inFile)) break; - nb = fread(ibuf, 1, sizeof(ibuf), inFile); - if (nb != sizeof(ibuf)) { - if (nb == 0) { - if (ferror(inFile)) { - PORT_SetError(SEC_ERROR_IO); - goto loser; - } - /* eof */ - break; - } - } - - status = NSSBase64Decoder_Update(cx, ibuf, nb); - if (status != SECSuccess) goto loser; - } - - return NSSBase64Decoder_Destroy(cx, PR_FALSE); - - loser: - (void) NSSBase64Decoder_Destroy(cx, PR_TRUE); - return status; -} - -static void Usage(char *progName) -{ - fprintf(stderr, - "Usage: %s [-i input] [-o output]\n", - progName); - fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n", - "-i input"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", - "-o output"); - exit(-1); -} - -int main(int argc, char **argv) -{ - char *progName; - SECStatus rv; - FILE *inFile, *outFile; - PLOptState *optstate; - PLOptStatus status; - - inFile = 0; - outFile = 0; - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - /* Parse command line arguments */ - optstate = PL_CreateOptState(argc, argv, "i:o:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case '?': - Usage(progName); - break; - - case 'i': - inFile = fopen(optstate->value, "r"); - if (!inFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - return -1; - } - break; - - case 'o': - outFile = fopen(optstate->value, "wb"); - if (!outFile) { - fprintf(stderr, "%s: unable to open \"%s\" for writing\n", - progName, optstate->value); - return -1; - } - break; - } - } - if (!inFile) inFile = stdin; - if (!outFile) { -#if defined(WIN32) - int smrv = _setmode(_fileno(stdout), _O_BINARY); - if (smrv == -1) { - fprintf(stderr, - "%s: Cannot change stdout to binary mode. Use -o option instead.\n", - progName); - return smrv; - } -#endif - outFile = stdout; - } - rv = decode_file(outFile, inFile); - if (rv != SECSuccess) { - fprintf(stderr, "%s: lossage: error=%d errno=%d\n", - progName, PORT_GetError(), errno); - return -1; - } - return 0; -} diff --git a/security/nss/cmd/atob/manifest.mn b/security/nss/cmd/atob/manifest.mn deleted file mode 100644 index 363cad1923..0000000000 --- a/security/nss/cmd/atob/manifest.mn +++ /dev/null @@ -1,54 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = atob.c - -PROGRAM = atob - diff --git a/security/nss/cmd/bltest/Makefile b/security/nss/cmd/bltest/Makefile deleted file mode 100644 index 115886cd75..0000000000 --- a/security/nss/cmd/bltest/Makefile +++ /dev/null @@ -1,86 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn -#MKPROG = purify -cache-dir=/u/mcgreer/pcache -best-effort \ -# -always-use-cache-dir $(CC) - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -#EXTRA_SHARED_LIBS += \ -# -L/usr/lib \ -# -lposix4 \ -# $(NULL) - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -include ../platrules.mk diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c deleted file mode 100644 index 051ea7c43d..0000000000 --- a/security/nss/cmd/bltest/blapitest.c +++ /dev/null @@ -1,3745 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include -#include - -#include "blapi.h" -#include "secrng.h" -#include "prmem.h" -#include "prprf.h" -#include "prtime.h" -#include "prsystem.h" -#include "plstr.h" -#include "nssb64.h" -#include "secutil.h" -#include "plgetopt.h" -#include "softoken.h" -#include "nspr.h" -#include "nss.h" -#include "secoid.h" - -#ifdef NSS_ENABLE_ECC -#include "ecl-curve.h" -SECStatus EC_DecodeParams(const SECItem *encodedParams, - ECParams **ecparams); -SECStatus EC_CopyParams(PRArenaPool *arena, ECParams *dstParams, - const ECParams *srcParams); -#endif - -/* Temporary - add debugging ouput on windows for RSA to track QA failure */ -#ifdef _WIN32 -#define TRACK_BLTEST_BUG - char __bltDBG[] = "BLTEST DEBUG"; -#endif - -char *progName; -char *testdir = NULL; - -#define BLTEST_DEFAULT_CHUNKSIZE 4096 - -#define WORDSIZE sizeof(unsigned long) - -#define CHECKERROR(rv, ln) \ - if (rv) { \ - PRErrorCode prerror = PR_GetError(); \ - PR_fprintf(PR_STDERR, "%s: ERR %d (%s) at line %d.\n", progName, \ - prerror, SECU_Strerror(prerror), ln); \ - exit(-1); \ - } - -/* Macros for performance timing. */ -#define TIMESTART() \ - time1 = PR_IntervalNow(); - -#define TIMEFINISH(time, reps) \ - time2 = (PRIntervalTime)(PR_IntervalNow() - time1); \ - time1 = PR_IntervalToMilliseconds(time2); \ - time = ((double)(time1))/reps; - -#define TIMEMARK(seconds) \ - time1 = PR_SecondsToInterval(seconds); \ - { \ - PRInt64 tmp, L100; \ - LL_I2L(L100, 100); \ - if (time2 == 0) { \ - time2 = 1; \ - } \ - LL_DIV(tmp, time1, time2); \ - if (tmp < 10) { \ - if (tmp == 0) { \ - opsBetweenChecks = 1; \ - } else { \ - LL_L2I(opsBetweenChecks, tmp); \ - } \ - } else { \ - opsBetweenChecks = 10; \ - } \ - } \ - time2 = time1; \ - time1 = PR_IntervalNow(); - -#define TIMETOFINISH() \ - PR_IntervalNow() - time1 >= time2 - -static void Usage() -{ -#define PRINTUSAGE(subject, option, predicate) \ - fprintf(stderr, "%10s %s\t%s\n", subject, option, predicate); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "[-DEHSV]", "List available cipher modes"); /* XXX */ - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-E -m mode ", "Encrypt a buffer"); - PRINTUSAGE("", "", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]"); - PRINTUSAGE("", "", "[-b bufsize] [-g keysize] [-e exp] [-r rounds]"); - PRINTUSAGE("", "", "[-w wordsize] [-p repetitions | -5 time_interval]"); - PRINTUSAGE("", "", "[-4 th_num]"); - PRINTUSAGE("", "-m", "cipher mode to use"); - PRINTUSAGE("", "-i", "file which contains input buffer"); - PRINTUSAGE("", "-o", "file for output buffer"); - PRINTUSAGE("", "-k", "file which contains key"); - PRINTUSAGE("", "-v", "file which contains initialization vector"); - PRINTUSAGE("", "-b", "size of input buffer"); - PRINTUSAGE("", "-g", "key size (in bytes)"); - PRINTUSAGE("", "-p", "do performance test"); - PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads"); - PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)"); - PRINTUSAGE("(rsa)", "-e", "rsa public exponent"); - PRINTUSAGE("(rc5)", "-r", "number of rounds"); - PRINTUSAGE("(rc5)", "-w", "wordsize (32 or 64)"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-D -m mode", "Decrypt a buffer"); - PRINTUSAGE("", "", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]"); - PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]"); - PRINTUSAGE("", "-m", "cipher mode to use"); - PRINTUSAGE("", "-i", "file which contains input buffer"); - PRINTUSAGE("", "-o", "file for output buffer"); - PRINTUSAGE("", "-k", "file which contains key"); - PRINTUSAGE("", "-v", "file which contains initialization vector"); - PRINTUSAGE("", "-p", "do performance test"); - PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads"); - PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-H -m mode", "Hash a buffer"); - PRINTUSAGE("", "", "[-i plaintext] [-o hash]"); - PRINTUSAGE("", "", "[-b bufsize]"); - PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]"); - PRINTUSAGE("", "-m", "cipher mode to use"); - PRINTUSAGE("", "-i", "file which contains input buffer"); - PRINTUSAGE("", "-o", "file for hash"); - PRINTUSAGE("", "-b", "size of input buffer"); - PRINTUSAGE("", "-p", "do performance test"); - PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads"); - PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-S -m mode", "Sign a buffer"); - PRINTUSAGE("", "", "[-i plaintext] [-o signature] [-k key]"); - PRINTUSAGE("", "", "[-b bufsize]"); -#ifdef NSS_ENABLE_ECC - PRINTUSAGE("", "", "[-n curvename]"); -#endif - PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]"); - PRINTUSAGE("", "-m", "cipher mode to use"); - PRINTUSAGE("", "-i", "file which contains input buffer"); - PRINTUSAGE("", "-o", "file for signature"); - PRINTUSAGE("", "-k", "file which contains key"); -#ifdef NSS_ENABLE_ECC - PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:"); - PRINTUSAGE("", "", " sect163k1, nistk163, sect163r1, sect163r2,"); - PRINTUSAGE("", "", " nistb163, sect193r1, sect193r2, sect233k1, nistk233,"); - PRINTUSAGE("", "", " sect233r1, nistb233, sect239k1, sect283k1, nistk283,"); - PRINTUSAGE("", "", " sect283r1, nistb283, sect409k1, nistk409, sect409r1,"); - PRINTUSAGE("", "", " nistb409, sect571k1, nistk571, sect571r1, nistb571,"); - PRINTUSAGE("", "", " secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,"); - PRINTUSAGE("", "", " nistp192, secp224k1, secp224r1, nistp224, secp256k1,"); - PRINTUSAGE("", "", " secp256r1, nistp256, secp384r1, nistp384, secp521r1,"); - PRINTUSAGE("", "", " nistp521, prime192v1, prime192v2, prime192v3,"); - PRINTUSAGE("", "", " prime239v1, prime239v2, prime239v3, c2pnb163v1,"); - PRINTUSAGE("", "", " c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,"); - PRINTUSAGE("", "", " c2tnb191v2, c2tnb191v3, c2onb191v4, c2onb191v5,"); - PRINTUSAGE("", "", " c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,"); - PRINTUSAGE("", "", " c2onb239v4, c2onb239v5, c2pnb272w1, c2pnb304w1,"); - PRINTUSAGE("", "", " c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,"); - PRINTUSAGE("", "", " secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,"); - PRINTUSAGE("", "", " sect131r1, sect131r2"); -#endif - PRINTUSAGE("", "-p", "do performance test"); - PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads"); - PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-V -m mode", "Verify a signed buffer"); - PRINTUSAGE("", "", "[-i plaintext] [-s signature] [-k key]"); - PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]"); - PRINTUSAGE("", "-m", "cipher mode to use"); - PRINTUSAGE("", "-i", "file which contains input buffer"); - PRINTUSAGE("", "-s", "file which contains signature of input buffer"); - PRINTUSAGE("", "-k", "file which contains key"); - PRINTUSAGE("", "-p", "do performance test"); - PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads"); - PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-N -m mode -b bufsize", - "Create a nonce plaintext and key"); - PRINTUSAGE("", "", "[-g keysize] [-u cxreps]"); - PRINTUSAGE("", "-g", "key size (in bytes)"); - PRINTUSAGE("", "-u", "number of repetitions of context creation"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-F", "Run the FIPS self-test"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-T [-m mode1,mode2...]", "Run the BLAPI self-test"); - fprintf(stderr, "\n"); - exit(1); -} - -/* Helper functions for ascii<-->binary conversion/reading/writing */ - -/* XXX argh */ -struct item_with_arena { - SECItem *item; - PRArenaPool *arena; -}; - -static PRInt32 -get_binary(void *arg, const unsigned char *ibuf, PRInt32 size) -{ - struct item_with_arena *it = arg; - SECItem *binary = it->item; - SECItem *tmp; - int index; - if (binary->data == NULL) { - tmp = SECITEM_AllocItem(it->arena, NULL, size); - binary->data = tmp->data; - binary->len = tmp->len; - index = 0; - } else { - SECITEM_ReallocItem(NULL, binary, binary->len, binary->len + size); - index = binary->len; - } - PORT_Memcpy(&binary->data[index], ibuf, size); - return binary->len; -} - -static SECStatus -atob(SECItem *ascii, SECItem *binary, PRArenaPool *arena) -{ - SECStatus status; - NSSBase64Decoder *cx; - struct item_with_arena it; - int len; - binary->data = NULL; - binary->len = 0; - it.item = binary; - it.arena = arena; - len = (strncmp(&ascii->data[ascii->len-2],"\r\n",2)) ? - ascii->len : ascii->len-2; - cx = NSSBase64Decoder_Create(get_binary, &it); - status = NSSBase64Decoder_Update(cx, (const char *)ascii->data, len); - status = NSSBase64Decoder_Destroy(cx, PR_FALSE); - return status; -} - -static PRInt32 -output_ascii(void *arg, const char *obuf, PRInt32 size) -{ - PRFileDesc *outfile = arg; - PRInt32 nb = PR_Write(outfile, obuf, size); - if (nb != size) { - PORT_SetError(SEC_ERROR_IO); - return -1; - } - return nb; -} - -static SECStatus -btoa_file(SECItem *binary, PRFileDesc *outfile) -{ - SECStatus status; - NSSBase64Encoder *cx; - SECItem ascii; - ascii.data = NULL; - ascii.len = 0; - if (binary->len == 0) - return SECSuccess; - cx = NSSBase64Encoder_Create(output_ascii, outfile); - status = NSSBase64Encoder_Update(cx, binary->data, binary->len); - status = NSSBase64Encoder_Destroy(cx, PR_FALSE); - status = PR_Write(outfile, "\r\n", 2); - return status; -} - -SECStatus -hex_from_2char(unsigned char *c2, unsigned char *byteval) -{ - int i; - unsigned char offset; - *byteval = 0; - for (i=0; i<2; i++) { - if (c2[i] >= '0' && c2[i] <= '9') { - offset = c2[i] - '0'; - *byteval |= offset << 4*(1-i); - } else if (c2[i] >= 'a' && c2[i] <= 'f') { - offset = c2[i] - 'a'; - *byteval |= (offset + 10) << 4*(1-i); - } else if (c2[i] >= 'A' && c2[i] <= 'F') { - offset = c2[i] - 'A'; - *byteval |= (offset + 10) << 4*(1-i); - } else { - return SECFailure; - } - } - return SECSuccess; -} - -SECStatus -char2_from_hex(unsigned char byteval, unsigned char *c2) -{ - int i; - unsigned char offset; - for (i=0; i<2; i++) { - offset = (byteval >> 4*(1-i)) & 0x0f; - if (offset < 10) { - c2[i] = '0' + offset; - } else { - c2[i] = 'A' + offset - 10; - } - } - return SECSuccess; -} - -void -serialize_key(SECItem *it, int ni, PRFileDesc *file) -{ - unsigned char len[4]; - int i; - SECStatus status; - NSSBase64Encoder *cx; - SECItem ascii; - ascii.data = NULL; - ascii.len = 0; - cx = NSSBase64Encoder_Create(output_ascii, file); - for (i=0; ilen >> 24) & 0xff; - len[1] = (it->len >> 16) & 0xff; - len[2] = (it->len >> 8) & 0xff; - len[3] = (it->len & 0xff); - status = NSSBase64Encoder_Update(cx, len, 4); - status = NSSBase64Encoder_Update(cx, it->data, it->len); - } - status = NSSBase64Encoder_Destroy(cx, PR_FALSE); - status = PR_Write(file, "\r\n", 2); -} - -void -key_from_filedata(PRArenaPool *arena, SECItem *it, int ns, int ni, SECItem *filedata) -{ - int fpos = 0; - int i, len; - unsigned char *buf = filedata->data; - for (i=0; i 0) { - it->len = len; - it->data = PORT_ArenaAlloc(arena, it->len); - PORT_Memcpy(it->data, &buf[fpos], it->len); - } else { - it->len = 0; - it->data = NULL; - } - it++; - } - fpos += len; - } -} - -static RSAPrivateKey * -rsakey_from_filedata(SECItem *filedata) -{ - RSAPrivateKey *key; - PRArenaPool *arena; - arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); - key = (RSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(RSAPrivateKey)); - key->arena = arena; - key_from_filedata(arena, &key->version, 0, 9, filedata); - return key; -} - -static PQGParams * -pqg_from_filedata(SECItem *filedata) -{ - PQGParams *pqg; - PRArenaPool *arena; - arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); - pqg = (PQGParams *)PORT_ArenaZAlloc(arena, sizeof(PQGParams)); - pqg->arena = arena; - key_from_filedata(arena, &pqg->prime, 0, 3, filedata); - return pqg; -} - -static DSAPrivateKey * -dsakey_from_filedata(SECItem *filedata) -{ - DSAPrivateKey *key; - PRArenaPool *arena; - arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); - key = (DSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DSAPrivateKey)); - key->params.arena = arena; - key_from_filedata(arena, &key->params.prime, 0, 5, filedata); - return key; -} - -#ifdef NSS_ENABLE_ECC -static ECPrivateKey * -eckey_from_filedata(SECItem *filedata) -{ - ECPrivateKey *key; - PRArenaPool *arena; - SECStatus rv; - ECParams *tmpECParams = NULL; - arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); - key = (ECPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(ECPrivateKey)); - /* read and convert params */ - key->ecParams.arena = arena; - key_from_filedata(arena, &key->ecParams.DEREncoding, 0, 1, filedata); - rv = SECOID_Init(); - CHECKERROR(rv, __LINE__); - rv = EC_DecodeParams(&key->ecParams.DEREncoding, &tmpECParams); - CHECKERROR(rv, __LINE__); - rv = EC_CopyParams(key->ecParams.arena, &key->ecParams, tmpECParams); - CHECKERROR(rv, __LINE__); - rv = SECOID_Shutdown(); - CHECKERROR(rv, __LINE__); - PORT_FreeArena(tmpECParams->arena, PR_TRUE); - /* read key */ - key_from_filedata(arena, &key->publicValue, 1, 3, filedata); - return key; -} - -typedef struct curveNameTagPairStr { - char *curveName; - SECOidTag curveOidTag; -} CurveNameTagPair; - -#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1 -/* #define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP160R1 */ - -static CurveNameTagPair nameTagPair[] = -{ - { "sect163k1", SEC_OID_SECG_EC_SECT163K1}, - { "nistk163", SEC_OID_SECG_EC_SECT163K1}, - { "sect163r1", SEC_OID_SECG_EC_SECT163R1}, - { "sect163r2", SEC_OID_SECG_EC_SECT163R2}, - { "nistb163", SEC_OID_SECG_EC_SECT163R2}, - { "sect193r1", SEC_OID_SECG_EC_SECT193R1}, - { "sect193r2", SEC_OID_SECG_EC_SECT193R2}, - { "sect233k1", SEC_OID_SECG_EC_SECT233K1}, - { "nistk233", SEC_OID_SECG_EC_SECT233K1}, - { "sect233r1", SEC_OID_SECG_EC_SECT233R1}, - { "nistb233", SEC_OID_SECG_EC_SECT233R1}, - { "sect239k1", SEC_OID_SECG_EC_SECT239K1}, - { "sect283k1", SEC_OID_SECG_EC_SECT283K1}, - { "nistk283", SEC_OID_SECG_EC_SECT283K1}, - { "sect283r1", SEC_OID_SECG_EC_SECT283R1}, - { "nistb283", SEC_OID_SECG_EC_SECT283R1}, - { "sect409k1", SEC_OID_SECG_EC_SECT409K1}, - { "nistk409", SEC_OID_SECG_EC_SECT409K1}, - { "sect409r1", SEC_OID_SECG_EC_SECT409R1}, - { "nistb409", SEC_OID_SECG_EC_SECT409R1}, - { "sect571k1", SEC_OID_SECG_EC_SECT571K1}, - { "nistk571", SEC_OID_SECG_EC_SECT571K1}, - { "sect571r1", SEC_OID_SECG_EC_SECT571R1}, - { "nistb571", SEC_OID_SECG_EC_SECT571R1}, - { "secp160k1", SEC_OID_SECG_EC_SECP160K1}, - { "secp160r1", SEC_OID_SECG_EC_SECP160R1}, - { "secp160r2", SEC_OID_SECG_EC_SECP160R2}, - { "secp192k1", SEC_OID_SECG_EC_SECP192K1}, - { "secp192r1", SEC_OID_SECG_EC_SECP192R1}, - { "nistp192", SEC_OID_SECG_EC_SECP192R1}, - { "secp224k1", SEC_OID_SECG_EC_SECP224K1}, - { "secp224r1", SEC_OID_SECG_EC_SECP224R1}, - { "nistp224", SEC_OID_SECG_EC_SECP224R1}, - { "secp256k1", SEC_OID_SECG_EC_SECP256K1}, - { "secp256r1", SEC_OID_SECG_EC_SECP256R1}, - { "nistp256", SEC_OID_SECG_EC_SECP256R1}, - { "secp384r1", SEC_OID_SECG_EC_SECP384R1}, - { "nistp384", SEC_OID_SECG_EC_SECP384R1}, - { "secp521r1", SEC_OID_SECG_EC_SECP521R1}, - { "nistp521", SEC_OID_SECG_EC_SECP521R1}, - - { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 }, - { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 }, - { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 }, - { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 }, - { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 }, - { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 }, - - { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 }, - { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 }, - { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 }, - { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 }, - { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 }, - { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 }, - { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 }, - { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 }, - { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 }, - { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 }, - { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 }, - { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 }, - { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 }, - { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 }, - { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 }, - { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 }, - { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 }, - { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 }, - { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 }, - { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 }, - - { "secp112r1", SEC_OID_SECG_EC_SECP112R1}, - { "secp112r2", SEC_OID_SECG_EC_SECP112R2}, - { "secp128r1", SEC_OID_SECG_EC_SECP128R1}, - { "secp128r2", SEC_OID_SECG_EC_SECP128R2}, - - { "sect113r1", SEC_OID_SECG_EC_SECT113R1}, - { "sect113r2", SEC_OID_SECG_EC_SECT113R2}, - { "sect131r1", SEC_OID_SECG_EC_SECT131R1}, - { "sect131r2", SEC_OID_SECG_EC_SECT131R2}, -}; - -static SECKEYECParams * -getECParams(const char *curve) -{ - SECKEYECParams *ecparams; - SECOidData *oidData = NULL; - SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */ - int i, numCurves; - - if (curve != NULL) { - numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair); - for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); - i++) { - if (PL_strcmp(curve, nameTagPair[i].curveName) == 0) - curveOidTag = nameTagPair[i].curveOidTag; - } - } - - /* Return NULL if curve name is not recognized */ - if ((curveOidTag == SEC_OID_UNKNOWN) || - (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) { - fprintf(stderr, "Unrecognized elliptic curve %s\n", curve); - return NULL; - } - - ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len)); - - /* - * ecparams->data needs to contain the ASN encoding of an object ID (OID) - * representing the named curve. The actual OID is in - * oidData->oid.data so we simply prepend 0x06 and OID length - */ - ecparams->data[0] = SEC_ASN1_OBJECT_ID; - ecparams->data[1] = oidData->oid.len; - memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len); - - return ecparams; -} -#endif /* NSS_ENABLE_ECC */ - -static void -dump_pqg(PQGParams *pqg) -{ - SECU_PrintInteger(stdout, &pqg->prime, "PRIME:", 0); - SECU_PrintInteger(stdout, &pqg->subPrime, "SUBPRIME:", 0); - SECU_PrintInteger(stdout, &pqg->base, "BASE:", 0); -} - -static void -dump_dsakey(DSAPrivateKey *key) -{ - dump_pqg(&key->params); - SECU_PrintInteger(stdout, &key->publicValue, "PUBLIC VALUE:", 0); - SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0); -} - -#ifdef NSS_ENABLE_ECC -static void -dump_ecp(ECParams *ecp) -{ - /* TODO other fields */ - SECU_PrintInteger(stdout, &ecp->base, "BASE POINT:", 0); -} - -static void -dump_eckey(ECPrivateKey *key) -{ - dump_ecp(&key->ecParams); - SECU_PrintInteger(stdout, &key->publicValue, "PUBLIC VALUE:", 0); - SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0); -} -#endif - -static void -dump_rsakey(RSAPrivateKey *key) -{ - SECU_PrintInteger(stdout, &key->version, "VERSION:", 0); - SECU_PrintInteger(stdout, &key->modulus, "MODULUS:", 0); - SECU_PrintInteger(stdout, &key->publicExponent, "PUBLIC EXP:", 0); - SECU_PrintInteger(stdout, &key->privateExponent, "PRIVATE EXP:", 0); - SECU_PrintInteger(stdout, &key->prime1, "CRT PRIME 1:", 0); - SECU_PrintInteger(stdout, &key->prime2, "CRT PRIME 2:", 0); - SECU_PrintInteger(stdout, &key->exponent1, "CRT EXP 1:", 0); - SECU_PrintInteger(stdout, &key->exponent2, "CRT EXP 2:", 0); - SECU_PrintInteger(stdout, &key->coefficient, "CRT COEFFICIENT:", 0); -} - -typedef enum { - bltestBase64Encoded, /* Base64 encoded ASCII */ - bltestBinary, /* straight binary */ - bltestHexSpaceDelim, /* 0x12 0x34 0xab 0xCD ... */ - bltestHexStream /* 1234abCD ... */ -} bltestIOMode; - -typedef struct -{ - SECItem buf; - SECItem pBuf; - bltestIOMode mode; - PRFileDesc* file; -} bltestIO; - -typedef SECStatus (* bltestSymmCipherFn)(void *cx, - unsigned char *output, - unsigned int *outputLen, - unsigned int maxOutputLen, - const unsigned char *input, - unsigned int inputLen); - -typedef SECStatus (* bltestPubKeyCipherFn)(void *key, - SECItem *output, - const SECItem *input); - -typedef SECStatus (* bltestHashCipherFn)(unsigned char *dest, - const unsigned char *src, - uint32 src_length); - -typedef enum { - bltestINVALID = -1, - bltestDES_ECB, /* Symmetric Key Ciphers */ - bltestDES_CBC, /* . */ - bltestDES_EDE_ECB, /* . */ - bltestDES_EDE_CBC, /* . */ - bltestRC2_ECB, /* . */ - bltestRC2_CBC, /* . */ - bltestRC4, /* . */ -#ifdef NSS_SOFTOKEN_DOES_RC5 - bltestRC5_ECB, /* . */ - bltestRC5_CBC, /* . */ -#endif - bltestAES_ECB, /* . */ - bltestAES_CBC, /* . */ - bltestCAMELLIA_ECB, /* . */ - bltestCAMELLIA_CBC, /* . */ - bltestSEED_ECB, /* SEED algorithm */ - bltestSEED_CBC, /* SEED algorithm */ - bltestRSA, /* Public Key Ciphers */ -#ifdef NSS_ENABLE_ECC - bltestECDSA, /* . (Public Key Sig.) */ -#endif - bltestDSA, /* . */ - bltestMD2, /* Hash algorithms */ - bltestMD5, /* . */ - bltestSHA1, /* . */ - bltestSHA256, /* . */ - bltestSHA384, /* . */ - bltestSHA512, /* . */ - NUMMODES -} bltestCipherMode; - -static char *mode_strings[] = -{ - "des_ecb", - "des_cbc", - "des3_ecb", - "des3_cbc", - "rc2_ecb", - "rc2_cbc", - "rc4", -#ifdef NSS_SOFTOKEN_DOES_RC5 - "rc5_ecb", - "rc5_cbc", -#endif - "aes_ecb", - "aes_cbc", - "camellia_ecb", - "camellia_cbc", - "seed_ecb", - "seed_cbc", - "rsa", -#ifdef NSS_ENABLE_ECC - "ecdsa", -#endif - /*"pqg",*/ - "dsa", - "md2", - "md5", - "sha1", - "sha256", - "sha384", - "sha512", -}; - -typedef struct -{ - bltestIO key; - bltestIO iv; -} bltestSymmKeyParams; - -typedef struct -{ - bltestIO key; - bltestIO iv; - int rounds; - int wordsize; -} bltestRC5Params; - -typedef struct -{ - bltestIO key; - int keysizeInBits; - RSAPrivateKey *rsakey; -} bltestRSAParams; - -typedef struct -{ - bltestIO key; - bltestIO pqgdata; - unsigned int j; - bltestIO keyseed; - bltestIO sigseed; - bltestIO sig; /* if doing verify, have additional input */ - PQGParams *pqg; - DSAPrivateKey *dsakey; -} bltestDSAParams; - -#ifdef NSS_ENABLE_ECC -typedef struct -{ - bltestIO key; - char *curveName; - bltestIO sigseed; - bltestIO sig; /* if doing verify, have additional input */ - ECPrivateKey *eckey; -} bltestECDSAParams; -#endif - -typedef struct -{ - bltestIO key; /* unused */ - PRBool restart; -} bltestHashParams; - -typedef union -{ - bltestIO key; - bltestSymmKeyParams sk; - bltestRC5Params rc5; - bltestRSAParams rsa; - bltestDSAParams dsa; -#ifdef NSS_ENABLE_ECC - bltestECDSAParams ecdsa; -#endif - bltestHashParams hash; -} bltestParams; - -typedef struct bltestCipherInfoStr bltestCipherInfo; - -struct bltestCipherInfoStr { - PRArenaPool *arena; - /* link to next in multithreaded test */ - bltestCipherInfo *next; - PRThread *cipherThread; - - /* MonteCarlo test flag*/ - PRBool mCarlo; - /* cipher context */ - void *cx; - /* I/O streams */ - bltestIO input; - bltestIO output; - /* Cipher-specific parameters */ - bltestParams params; - /* Cipher mode */ - bltestCipherMode mode; - /* Cipher function (encrypt/decrypt/sign/verify/hash) */ - union { - bltestSymmCipherFn symmkeyCipher; - bltestPubKeyCipherFn pubkeyCipher; - bltestHashCipherFn hashCipher; - } cipher; - /* performance testing */ - int repetitionsToPerfom; - int seconds; - int repetitions; - int cxreps; - double cxtime; - double optime; -}; - -PRBool -is_symmkeyCipher(bltestCipherMode mode) -{ - /* change as needed! */ - if (mode >= bltestDES_ECB && mode <= bltestSEED_CBC) - return PR_TRUE; - return PR_FALSE; -} - -PRBool -is_pubkeyCipher(bltestCipherMode mode) -{ - /* change as needed! */ - if (mode >= bltestRSA && mode <= bltestDSA) - return PR_TRUE; - return PR_FALSE; -} - -PRBool -is_hashCipher(bltestCipherMode mode) -{ - /* change as needed! */ - if (mode >= bltestMD2 && mode <= bltestSHA512) - return PR_TRUE; - return PR_FALSE; -} - -PRBool -is_sigCipher(bltestCipherMode mode) -{ - /* change as needed! */ -#ifdef NSS_ENABLE_ECC - if (mode >= bltestECDSA && mode <= bltestDSA) -#else - if (mode >= bltestDSA && mode <= bltestDSA) -#endif - return PR_TRUE; - return PR_FALSE; -} - -PRBool -cipher_requires_IV(bltestCipherMode mode) -{ - /* change as needed! */ - if (mode == bltestDES_CBC || mode == bltestDES_EDE_CBC || - mode == bltestRC2_CBC || -#ifdef NSS_SOFTOKEN_DOES_RC5 - mode == bltestRC5_CBC || -#endif - mode == bltestAES_CBC || mode == bltestCAMELLIA_CBC|| - mode == bltestSEED_CBC) - return PR_TRUE; - return PR_FALSE; -} - -SECStatus finishIO(bltestIO *output, PRFileDesc *file); - -SECStatus -setupIO(PRArenaPool *arena, bltestIO *input, PRFileDesc *file, - char *str, int numBytes) -{ - SECStatus rv = SECSuccess; - SECItem fileData; - SECItem *in; - unsigned char *tok; - unsigned int i, j; - - if (file && (numBytes == 0 || file == PR_STDIN)) { - /* grabbing data from a file */ - rv = SECU_FileToItem(&fileData, file); - if (rv != SECSuccess) { - PR_Close(file); - return SECFailure; - } - in = &fileData; - } else if (str) { - /* grabbing data from command line */ - fileData.data = str; - fileData.len = PL_strlen(str); - in = &fileData; - } else if (file) { - /* create nonce */ - SECITEM_AllocItem(arena, &input->buf, numBytes); - RNG_GenerateGlobalRandomBytes(input->buf.data, numBytes); - return finishIO(input, file); - } else { - return SECFailure; - } - - switch (input->mode) { - case bltestBase64Encoded: - rv = atob(in, &input->buf, arena); - break; - case bltestBinary: - if (in->data[in->len-1] == '\n') --in->len; - if (in->data[in->len-1] == '\r') --in->len; - SECITEM_CopyItem(arena, &input->buf, in); - break; - case bltestHexSpaceDelim: - SECITEM_AllocItem(arena, &input->buf, in->len/5); - for (i=0, j=0; ilen; i+=5, j++) { - tok = &in->data[i]; - if (tok[0] != '0' || tok[1] != 'x' || tok[4] != ' ') - /* bad hex token */ - break; - - rv = hex_from_2char(&tok[2], input->buf.data + j); - if (rv) - break; - } - break; - case bltestHexStream: - SECITEM_AllocItem(arena, &input->buf, in->len/2); - for (i=0, j=0; ilen; i+=2, j++) { - tok = &in->data[i]; - rv = hex_from_2char(tok, input->buf.data + j); - if (rv) - break; - } - break; - } - - if (file) - SECITEM_FreeItem(&fileData, PR_FALSE); - return rv; -} - -SECStatus -finishIO(bltestIO *output, PRFileDesc *file) -{ - SECStatus rv = SECSuccess; - PRInt32 nb; - unsigned char byteval; - SECItem *it; - char hexstr[5]; - unsigned int i; - if (output->pBuf.len > 0) { - it = &output->pBuf; - } else { - it = &output->buf; - } - switch (output->mode) { - case bltestBase64Encoded: - rv = btoa_file(it, file); - break; - case bltestBinary: - nb = PR_Write(file, it->data, it->len); - rv = (nb == (PRInt32)it->len) ? SECSuccess : SECFailure; - break; - case bltestHexSpaceDelim: - hexstr[0] = '0'; - hexstr[1] = 'x'; - hexstr[4] = ' '; - for (i=0; ilen; i++) { - byteval = it->data[i]; - rv = char2_from_hex(byteval, hexstr + 2); - nb = PR_Write(file, hexstr, 5); - if (rv) - break; - } - PR_Write(file, "\n", 1); - break; - case bltestHexStream: - for (i=0; ilen; i++) { - byteval = it->data[i]; - rv = char2_from_hex(byteval, hexstr); - if (rv) - break; - nb = PR_Write(file, hexstr, 2); - } - PR_Write(file, "\n", 1); - break; - } - return rv; -} - -void -bltestCopyIO(PRArenaPool *arena, bltestIO *dest, bltestIO *src) -{ - SECITEM_CopyItem(arena, &dest->buf, &src->buf); - if (src->pBuf.len > 0) { - dest->pBuf.len = src->pBuf.len; - dest->pBuf.data = dest->buf.data + (src->pBuf.data - src->buf.data); - } - dest->mode = src->mode; - dest->file = src->file; -} - -void -misalignBuffer(PRArenaPool *arena, bltestIO *io, int off) -{ - ptrdiff_t offset = (ptrdiff_t)io->buf.data % WORDSIZE; - int length = io->buf.len; - if (offset != off) { - SECITEM_ReallocItem(arena, &io->buf, length, length + 2*WORDSIZE); - io->buf.len = length + 2*WORDSIZE; /* why doesn't realloc do this? */ - /* offset may have changed? */ - offset = (ptrdiff_t)io->buf.data % WORDSIZE; - if (offset != off) { - memmove(io->buf.data + off, io->buf.data, length); - io->pBuf.data = io->buf.data + off; - io->pBuf.len = length; - } else { - io->pBuf.data = io->buf.data; - io->pBuf.len = length; - } - } else { - io->pBuf.data = io->buf.data; - io->pBuf.len = length; - } -} - -SECStatus -des_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return DES_Encrypt((DESContext *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -des_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return DES_Decrypt((DESContext *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -rc2_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return RC2_Encrypt((RC2Context *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -rc2_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return RC2_Decrypt((RC2Context *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -rc4_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return RC4_Encrypt((RC4Context *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -rc4_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return RC4_Decrypt((RC4Context *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -aes_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return AES_Encrypt((AESContext *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -aes_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return AES_Decrypt((AESContext *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -camellia_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return Camellia_Encrypt((CamelliaContext *)cx, output, outputLen, - maxOutputLen, - input, inputLen); -} - -SECStatus -camellia_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return Camellia_Decrypt((CamelliaContext *)cx, output, outputLen, - maxOutputLen, - input, inputLen); -} - -SECStatus -seed_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return SEED_Encrypt((SEEDContext *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -seed_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return SEED_Decrypt((SEEDContext *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -rsa_PublicKeyOp(void *key, SECItem *output, const SECItem *input) -{ - return RSA_PublicKeyOp((RSAPublicKey *)key, output->data, input->data); -} - -SECStatus -rsa_PrivateKeyOp(void *key, SECItem *output, const SECItem *input) -{ - return RSA_PrivateKeyOp((RSAPrivateKey *)key, output->data, input->data); -} - -SECStatus -dsa_signDigest(void *key, SECItem *output, const SECItem *input) -{ - return DSA_SignDigest((DSAPrivateKey *)key, output, input); -} - -SECStatus -dsa_verifyDigest(void *key, SECItem *output, const SECItem *input) -{ - return DSA_VerifyDigest((DSAPublicKey *)key, output, input); -} - -#ifdef NSS_ENABLE_ECC -SECStatus -ecdsa_signDigest(void *key, SECItem *output, const SECItem *input) -{ - return ECDSA_SignDigest((ECPrivateKey *)key, output, input); -} - -SECStatus -ecdsa_verifyDigest(void *key, SECItem *output, const SECItem *input) -{ - return ECDSA_VerifyDigest((ECPublicKey *)key, output, input); -} -#endif - -SECStatus -bltest_des_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - PRIntervalTime time1, time2; - bltestSymmKeyParams *desp = &cipherInfo->params.sk; - int minorMode; - int i; - switch (cipherInfo->mode) { - case bltestDES_ECB: minorMode = NSS_DES; break; - case bltestDES_CBC: minorMode = NSS_DES_CBC; break; - case bltestDES_EDE_ECB: minorMode = NSS_DES_EDE3; break; - case bltestDES_EDE_CBC: minorMode = NSS_DES_EDE3_CBC; break; - default: - return SECFailure; - } - cipherInfo->cx = (void*)DES_CreateContext(desp->key.buf.data, - desp->iv.buf.data, - minorMode, encrypt); - if (cipherInfo->cxreps > 0) { - DESContext **dummycx; - dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(DESContext *)); - TIMESTART(); - for (i=0; icxreps; i++) { - dummycx[i] = (void*)DES_CreateContext(desp->key.buf.data, - desp->iv.buf.data, - minorMode, encrypt); - } - TIMEFINISH(cipherInfo->cxtime, 1.0); - for (i=0; icxreps; i++) { - DES_DestroyContext(dummycx[i], PR_TRUE); - } - PORT_Free(dummycx); - } - if (encrypt) - cipherInfo->cipher.symmkeyCipher = des_Encrypt; - else - cipherInfo->cipher.symmkeyCipher = des_Decrypt; - return SECSuccess; -} - -SECStatus -bltest_rc2_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - PRIntervalTime time1, time2; - bltestSymmKeyParams *rc2p = &cipherInfo->params.sk; - int minorMode; - int i; - switch (cipherInfo->mode) { - case bltestRC2_ECB: minorMode = NSS_RC2; break; - case bltestRC2_CBC: minorMode = NSS_RC2_CBC; break; - default: - return SECFailure; - } - cipherInfo->cx = (void*)RC2_CreateContext(rc2p->key.buf.data, - rc2p->key.buf.len, - rc2p->iv.buf.data, - minorMode, - rc2p->key.buf.len); - if (cipherInfo->cxreps > 0) { - RC2Context **dummycx; - dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(RC2Context *)); - TIMESTART(); - for (i=0; icxreps; i++) { - dummycx[i] = (void*)RC2_CreateContext(rc2p->key.buf.data, - rc2p->key.buf.len, - rc2p->iv.buf.data, - minorMode, - rc2p->key.buf.len); - } - TIMEFINISH(cipherInfo->cxtime, 1.0); - for (i=0; icxreps; i++) { - RC2_DestroyContext(dummycx[i], PR_TRUE); - } - PORT_Free(dummycx); - } - if (encrypt) - cipherInfo->cipher.symmkeyCipher = rc2_Encrypt; - else - cipherInfo->cipher.symmkeyCipher = rc2_Decrypt; - return SECSuccess; -} - -SECStatus -bltest_rc4_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - PRIntervalTime time1, time2; - int i; - bltestSymmKeyParams *rc4p = &cipherInfo->params.sk; - cipherInfo->cx = (void*)RC4_CreateContext(rc4p->key.buf.data, - rc4p->key.buf.len); - if (cipherInfo->cxreps > 0) { - RC4Context **dummycx; - dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(RC4Context *)); - TIMESTART(); - for (i=0; icxreps; i++) { - dummycx[i] = (void*)RC4_CreateContext(rc4p->key.buf.data, - rc4p->key.buf.len); - } - TIMEFINISH(cipherInfo->cxtime, 1.0); - for (i=0; icxreps; i++) { - RC4_DestroyContext(dummycx[i], PR_TRUE); - } - PORT_Free(dummycx); - } - if (encrypt) - cipherInfo->cipher.symmkeyCipher = rc4_Encrypt; - else - cipherInfo->cipher.symmkeyCipher = rc4_Decrypt; - return SECSuccess; -} - -SECStatus -bltest_rc5_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ -#ifdef NSS_SOFTOKEN_DOES_RC5 - PRIntervalTime time1, time2; - bltestRC5Params *rc5p = &cipherInfo->params.rc5; - int minorMode; - switch (cipherInfo->mode) { - case bltestRC5_ECB: minorMode = NSS_RC5; break; - case bltestRC5_CBC: minorMode = NSS_RC5_CBC; break; - default: - return SECFailure; - } - TIMESTART(); - cipherInfo->cx = (void*)RC5_CreateContext(&rc5p->key.buf, - rc5p->rounds, rc5p->wordsize, - rc5p->iv.buf.data, minorMode); - TIMEFINISH(cipherInfo->cxtime, 1.0); - if (encrypt) - cipherInfo->cipher.symmkeyCipher = RC5_Encrypt; - else - cipherInfo->cipher.symmkeyCipher = RC5_Decrypt; - return SECSuccess; -#else - return SECFailure; -#endif -} - -SECStatus -bltest_aes_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - bltestSymmKeyParams *aesp = &cipherInfo->params.sk; - int minorMode; - int i; - int keylen = aesp->key.buf.len; - int blocklen = AES_BLOCK_SIZE; - PRIntervalTime time1, time2; - - switch (cipherInfo->mode) { - case bltestAES_ECB: minorMode = NSS_AES; break; - case bltestAES_CBC: minorMode = NSS_AES_CBC; break; - default: - return SECFailure; - } - cipherInfo->cx = (void*)AES_CreateContext(aesp->key.buf.data, - aesp->iv.buf.data, - minorMode, encrypt, - keylen, blocklen); - if (cipherInfo->cxreps > 0) { - AESContext **dummycx; - dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(AESContext *)); - TIMESTART(); - for (i=0; icxreps; i++) { - dummycx[i] = (void*)AES_CreateContext(aesp->key.buf.data, - aesp->iv.buf.data, - minorMode, encrypt, - keylen, blocklen); - } - TIMEFINISH(cipherInfo->cxtime, 1.0); - for (i=0; icxreps; i++) { - AES_DestroyContext(dummycx[i], PR_TRUE); - } - PORT_Free(dummycx); - } - if (encrypt) - cipherInfo->cipher.symmkeyCipher = aes_Encrypt; - else - cipherInfo->cipher.symmkeyCipher = aes_Decrypt; - return SECSuccess; -} - -SECStatus -bltest_camellia_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - bltestSymmKeyParams *camelliap = &cipherInfo->params.sk; - int minorMode; - int i; - int keylen = camelliap->key.buf.len; - int blocklen = CAMELLIA_BLOCK_SIZE; - PRIntervalTime time1, time2; - - switch (cipherInfo->mode) { - case bltestCAMELLIA_ECB: minorMode = NSS_CAMELLIA; break; - case bltestCAMELLIA_CBC: minorMode = NSS_CAMELLIA_CBC; break; - default: - return SECFailure; - } - cipherInfo->cx = (void*)Camellia_CreateContext(camelliap->key.buf.data, - camelliap->iv.buf.data, - minorMode, encrypt, - keylen); - if (cipherInfo->cxreps > 0) { - CamelliaContext **dummycx; - dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(CamelliaContext *)); - TIMESTART(); - for (i=0; icxreps; i++) { - dummycx[i] = (void*)Camellia_CreateContext(camelliap->key.buf.data, - camelliap->iv.buf.data, - minorMode, encrypt, - keylen); - } - TIMEFINISH(cipherInfo->cxtime, 1.0); - for (i=0; icxreps; i++) { - Camellia_DestroyContext(dummycx[i], PR_TRUE); - } - PORT_Free(dummycx); - } - if (encrypt) - cipherInfo->cipher.symmkeyCipher = camellia_Encrypt; - else - cipherInfo->cipher.symmkeyCipher = camellia_Decrypt; - return SECSuccess; -} - -SECStatus -bltest_seed_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - PRIntervalTime time1, time2; - bltestSymmKeyParams *seedp = &cipherInfo->params.sk; - int minorMode; - int i; - - switch (cipherInfo->mode) { - case bltestSEED_ECB: minorMode = NSS_SEED; break; - case bltestSEED_CBC: minorMode = NSS_SEED_CBC; break; - default: - return SECFailure; - } - cipherInfo->cx = (void*)SEED_CreateContext(seedp->key.buf.data, - seedp->iv.buf.data, - minorMode, encrypt); - if (cipherInfo->cxreps > 0) { - SEEDContext **dummycx; - dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(SEEDContext *)); - TIMESTART(); - for (i=0; icxreps; i++) { - dummycx[i] = (void*)SEED_CreateContext(seedp->key.buf.data, - seedp->iv.buf.data, - minorMode, encrypt); - } - TIMEFINISH(cipherInfo->cxtime, 1.0); - for (i=0; icxreps; i++) { - SEED_DestroyContext(dummycx[i], PR_TRUE); - } - PORT_Free(dummycx); - } - if (encrypt) - cipherInfo->cipher.symmkeyCipher = seed_Encrypt; - else - cipherInfo->cipher.symmkeyCipher = seed_Decrypt; - - return SECSuccess; -} - -SECStatus -bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - int i; - RSAPrivateKey **dummyKey; - PRIntervalTime time1, time2; - bltestRSAParams *rsap = &cipherInfo->params.rsa; - /* RSA key gen was done during parameter setup */ - cipherInfo->cx = cipherInfo->params.rsa.rsakey; - /* For performance testing */ - if (cipherInfo->cxreps > 0) { - /* Create space for n private key objects */ - dummyKey = (RSAPrivateKey **)PORT_Alloc(cipherInfo->cxreps * - sizeof(RSAPrivateKey *)); - /* Time n keygens, storing in the array */ - TIMESTART(); - for (i=0; icxreps; i++) - dummyKey[i] = RSA_NewKey(rsap->keysizeInBits, - &rsap->rsakey->publicExponent); - TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps); - /* Free the n key objects */ - for (i=0; icxreps; i++) - PORT_FreeArena(dummyKey[i]->arena, PR_TRUE); - PORT_Free(dummyKey); - } - if (encrypt) { - /* Have to convert private key to public key. Memory - * is freed with private key's arena */ - RSAPublicKey *pubkey; - RSAPrivateKey *key = (RSAPrivateKey *)cipherInfo->cx; - pubkey = (RSAPublicKey *)PORT_ArenaAlloc(key->arena, - sizeof(RSAPublicKey)); - pubkey->modulus.len = key->modulus.len; - pubkey->modulus.data = key->modulus.data; - pubkey->publicExponent.len = key->publicExponent.len; - pubkey->publicExponent.data = key->publicExponent.data; - cipherInfo->cx = (void *)pubkey; - cipherInfo->cipher.pubkeyCipher = rsa_PublicKeyOp; - } else { - cipherInfo->cipher.pubkeyCipher = rsa_PrivateKeyOp; - } - return SECSuccess; -} - -SECStatus -bltest_pqg_init(bltestDSAParams *dsap) -{ - SECStatus rv, res; - PQGVerify *vfy = NULL; - rv = PQG_ParamGen(dsap->j, &dsap->pqg, &vfy); - CHECKERROR(rv, __LINE__); - rv = PQG_VerifyParams(dsap->pqg, vfy, &res); - CHECKERROR(res, __LINE__); - CHECKERROR(rv, __LINE__); - return rv; -} - -SECStatus -bltest_dsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - int i; - DSAPrivateKey **dummyKey; - PQGParams *dummypqg; - PRIntervalTime time1, time2; - bltestDSAParams *dsap = &cipherInfo->params.dsa; - PQGVerify *ignore = NULL; - /* DSA key gen was done during parameter setup */ - cipherInfo->cx = cipherInfo->params.dsa.dsakey; - /* For performance testing */ - if (cipherInfo->cxreps > 0) { - /* Create space for n private key objects */ - dummyKey = (DSAPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps * - sizeof(DSAPrivateKey *)); - /* Time n keygens, storing in the array */ - TIMESTART(); - for (i=0; icxreps; i++) { - dummypqg = NULL; - PQG_ParamGen(dsap->j, &dummypqg, &ignore); - DSA_NewKey(dummypqg, &dummyKey[i]); - } - TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps); - /* Free the n key objects */ - for (i=0; icxreps; i++) - PORT_FreeArena(dummyKey[i]->params.arena, PR_TRUE); - PORT_Free(dummyKey); - } - if (!dsap->pqg && dsap->pqgdata.buf.len > 0) { - dsap->pqg = pqg_from_filedata(&dsap->pqgdata.buf); - } - if (!cipherInfo->cx && dsap->key.buf.len > 0) { - cipherInfo->cx = dsakey_from_filedata(&dsap->key.buf); - } - if (encrypt) { - cipherInfo->cipher.pubkeyCipher = dsa_signDigest; - } else { - /* Have to convert private key to public key. Memory - * is freed with private key's arena */ - DSAPublicKey *pubkey; - DSAPrivateKey *key = (DSAPrivateKey *)cipherInfo->cx; - pubkey = (DSAPublicKey *)PORT_ArenaZAlloc(key->params.arena, - sizeof(DSAPublicKey)); - pubkey->params.prime.len = key->params.prime.len; - pubkey->params.prime.data = key->params.prime.data; - pubkey->params.subPrime.len = key->params.subPrime.len; - pubkey->params.subPrime.data = key->params.subPrime.data; - pubkey->params.base.len = key->params.base.len; - pubkey->params.base.data = key->params.base.data; - pubkey->publicValue.len = key->publicValue.len; - pubkey->publicValue.data = key->publicValue.data; - cipherInfo->cipher.pubkeyCipher = dsa_verifyDigest; - } - return SECSuccess; -} - -#ifdef NSS_ENABLE_ECC -SECStatus -bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - int i; - ECPrivateKey **dummyKey; - PRIntervalTime time1, time2; - bltestECDSAParams *ecdsap = &cipherInfo->params.ecdsa; - /* ECDSA key gen was done during parameter setup */ - cipherInfo->cx = cipherInfo->params.ecdsa.eckey; - /* For performance testing */ - if (cipherInfo->cxreps > 0) { - /* Create space for n private key objects */ - dummyKey = (ECPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps * - sizeof(ECPrivateKey *)); - /* Time n keygens, storing in the array */ - TIMESTART(); - for (i=0; icxreps; i++) { - EC_NewKey(&ecdsap->eckey->ecParams, &dummyKey[i]); - } - TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps); - /* Free the n key objects */ - for (i=0; icxreps; i++) - PORT_FreeArena(dummyKey[i]->ecParams.arena, PR_TRUE); - PORT_Free(dummyKey); - } - if (!cipherInfo->cx && ecdsap->key.buf.len > 0) { - cipherInfo->cx = eckey_from_filedata(&ecdsap->key.buf); - } - if (encrypt) { - cipherInfo->cipher.pubkeyCipher = ecdsa_signDigest; - } else { - /* Have to convert private key to public key. Memory - * is freed with private key's arena */ - ECPublicKey *pubkey; - ECPrivateKey *key = (ECPrivateKey *)cipherInfo->cx; - pubkey = (ECPublicKey *)PORT_ArenaZAlloc(key->ecParams.arena, - sizeof(ECPublicKey)); - pubkey->ecParams.type = key->ecParams.type; - pubkey->ecParams.fieldID.size = key->ecParams.fieldID.size; - pubkey->ecParams.fieldID.type = key->ecParams.fieldID.type; - pubkey->ecParams.fieldID.u.prime.len = key->ecParams.fieldID.u.prime.len; - pubkey->ecParams.fieldID.u.prime.data = key->ecParams.fieldID.u.prime.data; - pubkey->ecParams.fieldID.k1 = key->ecParams.fieldID.k1; - pubkey->ecParams.fieldID.k2 = key->ecParams.fieldID.k2; - pubkey->ecParams.fieldID.k3 = key->ecParams.fieldID.k3; - pubkey->ecParams.curve.a.len = key->ecParams.curve.a.len; - pubkey->ecParams.curve.a.data = key->ecParams.curve.a.data; - pubkey->ecParams.curve.b.len = key->ecParams.curve.b.len; - pubkey->ecParams.curve.b.data = key->ecParams.curve.b.data; - pubkey->ecParams.curve.seed.len = key->ecParams.curve.seed.len; - pubkey->ecParams.curve.seed.data = key->ecParams.curve.seed.data; - pubkey->ecParams.base.len = key->ecParams.base.len; - pubkey->ecParams.base.data = key->ecParams.base.data; - pubkey->ecParams.order.len = key->ecParams.order.len; - pubkey->ecParams.order.data = key->ecParams.order.data; - pubkey->ecParams.cofactor = key->ecParams.cofactor; - pubkey->ecParams.DEREncoding.len = key->ecParams.DEREncoding.len; - pubkey->ecParams.DEREncoding.data = key->ecParams.DEREncoding.data; - pubkey->ecParams.name= key->ecParams.name; - pubkey->publicValue.len = key->publicValue.len; - pubkey->publicValue.data = key->publicValue.data; - cipherInfo->cipher.pubkeyCipher = ecdsa_verifyDigest; - } - return SECSuccess; -} -#endif - -/* XXX unfortunately, this is not defined in blapi.h */ -SECStatus -md2_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - unsigned int len; - MD2Context *cx = MD2_NewContext(); - if (cx == NULL) return SECFailure; - MD2_Begin(cx); - MD2_Update(cx, src, src_length); - MD2_End(cx, dest, &len, MD2_LENGTH); - MD2_DestroyContext(cx, PR_TRUE); - return SECSuccess; -} - -SECStatus -md2_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - MD2Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - SECStatus rv = SECSuccess; - cx = MD2_NewContext(); - MD2_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - MD2_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = MD2_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - MD2_Flatten(cx, cxbytes); - cx_cpy = MD2_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: MD2_Resurrect failed!\n", progName); - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - MD2_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: MD2_restart failed!\n", progName); - goto finish; - } - MD2_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - MD2_End(cx, dest, &len, MD2_LENGTH); -finish: - MD2_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -md5_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - SECStatus rv = SECSuccess; - MD5Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - cx = MD5_NewContext(); - MD5_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - MD5_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = MD5_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - MD5_Flatten(cx, cxbytes); - cx_cpy = MD5_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: MD5_Resurrect failed!\n", progName); - rv = SECFailure; - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - MD5_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: MD5_restart failed!\n", progName); - goto finish; - } - MD5_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - MD5_End(cx, dest, &len, MD5_LENGTH); -finish: - MD5_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -sha1_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - SECStatus rv = SECSuccess; - SHA1Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - cx = SHA1_NewContext(); - SHA1_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - SHA1_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = SHA1_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - SHA1_Flatten(cx, cxbytes); - cx_cpy = SHA1_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: SHA1_Resurrect failed!\n", progName); - rv = SECFailure; - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - SHA1_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: SHA1_restart failed!\n", progName); - goto finish; - } - SHA1_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - SHA1_End(cx, dest, &len, MD5_LENGTH); -finish: - SHA1_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -SHA256_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - SECStatus rv = SECSuccess; - SHA256Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - cx = SHA256_NewContext(); - SHA256_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - SHA256_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = SHA256_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - SHA256_Flatten(cx, cxbytes); - cx_cpy = SHA256_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: SHA256_Resurrect failed!\n", progName); - rv = SECFailure; - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - SHA256_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: SHA256_restart failed!\n", progName); - goto finish; - } - SHA256_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - SHA256_End(cx, dest, &len, MD5_LENGTH); -finish: - SHA256_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -SHA384_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - SECStatus rv = SECSuccess; - SHA384Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - cx = SHA384_NewContext(); - SHA384_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - SHA384_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = SHA384_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - SHA384_Flatten(cx, cxbytes); - cx_cpy = SHA384_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: SHA384_Resurrect failed!\n", progName); - rv = SECFailure; - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - SHA384_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: SHA384_restart failed!\n", progName); - goto finish; - } - SHA384_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - SHA384_End(cx, dest, &len, MD5_LENGTH); -finish: - SHA384_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -SHA512_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - SECStatus rv = SECSuccess; - SHA512Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - cx = SHA512_NewContext(); - SHA512_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - SHA512_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = SHA512_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - SHA512_Flatten(cx, cxbytes); - cx_cpy = SHA512_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: SHA512_Resurrect failed!\n", progName); - rv = SECFailure; - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - SHA512_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: SHA512_restart failed!\n", progName); - goto finish; - } - SHA512_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - SHA512_End(cx, dest, &len, MD5_LENGTH); -finish: - SHA512_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file, -#ifdef NSS_ENABLE_ECC - int keysize, int exponent, char *curveName) -#else - int keysize, int exponent) -#endif -{ - int i; - SECStatus rv = SECSuccess; - bltestRSAParams *rsap; - bltestDSAParams *dsap; -#ifdef NSS_ENABLE_ECC - bltestECDSAParams *ecdsap; - SECItem *tmpECParamsDER; - ECParams *tmpECParams = NULL; - SECItem ecSerialize[3]; -#endif - switch (cipherInfo->mode) { - case bltestRSA: - rsap = &cipherInfo->params.rsa; - if (keysize > 0) { - SECItem expitem = { 0, 0, 0 }; - SECITEM_AllocItem(cipherInfo->arena, &expitem, sizeof(int)); - for (i = 1; i <= sizeof(int); i++) - expitem.data[i-1] = exponent >> (8*(sizeof(int) - i)); - rsap->rsakey = RSA_NewKey(keysize * 8, &expitem); - serialize_key(&rsap->rsakey->version, 9, file); - rsap->keysizeInBits = keysize * 8; - } else { - setupIO(cipherInfo->arena, &cipherInfo->params.key, file, NULL, 0); - rsap->rsakey = rsakey_from_filedata(&cipherInfo->params.key.buf); - rsap->keysizeInBits = rsap->rsakey->modulus.len * 8; - } - break; - case bltestDSA: - dsap = &cipherInfo->params.dsa; - if (keysize > 0) { - dsap->j = PQG_PBITS_TO_INDEX(8*keysize); - if (!dsap->pqg) - bltest_pqg_init(dsap); - rv = DSA_NewKey(dsap->pqg, &dsap->dsakey); - CHECKERROR(rv, __LINE__); - serialize_key(&dsap->dsakey->params.prime, 5, file); - } else { - setupIO(cipherInfo->arena, &cipherInfo->params.key, file, NULL, 0); - dsap->dsakey = dsakey_from_filedata(&cipherInfo->params.key.buf); - dsap->j = PQG_PBITS_TO_INDEX(8*dsap->dsakey->params.prime.len); - } - break; -#ifdef NSS_ENABLE_ECC - case bltestECDSA: - ecdsap = &cipherInfo->params.ecdsa; - if (curveName != NULL) { - tmpECParamsDER = getECParams(curveName); - rv = SECOID_Init(); - CHECKERROR(rv, __LINE__); - rv = EC_DecodeParams(tmpECParamsDER, &tmpECParams) == SECFailure; - CHECKERROR(rv, __LINE__); - rv = EC_NewKey(tmpECParams, &ecdsap->eckey); - CHECKERROR(rv, __LINE__); - ecSerialize[0].type = tmpECParamsDER->type; - ecSerialize[0].data = tmpECParamsDER->data; - ecSerialize[0].len = tmpECParamsDER->len; - ecSerialize[1].type = ecdsap->eckey->publicValue.type; - ecSerialize[1].data = ecdsap->eckey->publicValue.data; - ecSerialize[1].len = ecdsap->eckey->publicValue.len; - ecSerialize[2].type = ecdsap->eckey->privateValue.type; - ecSerialize[2].data = ecdsap->eckey->privateValue.data; - ecSerialize[2].len = ecdsap->eckey->privateValue.len; - serialize_key(&(ecSerialize[0]), 3, file); - SECITEM_FreeItem(tmpECParamsDER, PR_TRUE); - PORT_FreeArena(tmpECParams->arena, PR_TRUE); - rv = SECOID_Shutdown(); - CHECKERROR(rv, __LINE__); - } else { - setupIO(cipherInfo->arena, &cipherInfo->params.key, file, NULL, 0); - ecdsap->eckey = eckey_from_filedata(&cipherInfo->params.key.buf); - } - break; -#endif - default: - return SECFailure; - } - return SECSuccess; -} - -SECStatus -cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - PRBool restart; - switch (cipherInfo->mode) { - case bltestDES_ECB: - case bltestDES_CBC: - case bltestDES_EDE_ECB: - case bltestDES_EDE_CBC: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); - return bltest_des_init(cipherInfo, encrypt); - break; - case bltestRC2_ECB: - case bltestRC2_CBC: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); - return bltest_rc2_init(cipherInfo, encrypt); - break; - case bltestRC4: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); - return bltest_rc4_init(cipherInfo, encrypt); - break; -#ifdef NSS_SOFTOKEN_DOES_RC5 - case bltestRC5_ECB: - case bltestRC5_CBC: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); -#endif - return bltest_rc5_init(cipherInfo, encrypt); - break; - case bltestAES_ECB: - case bltestAES_CBC: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); - return bltest_aes_init(cipherInfo, encrypt); - break; - case bltestCAMELLIA_ECB: - case bltestCAMELLIA_CBC: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); - return bltest_camellia_init(cipherInfo, encrypt); - break; - case bltestSEED_ECB: - case bltestSEED_CBC: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); - return bltest_seed_init(cipherInfo, encrypt); - break; - case bltestRSA: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); - return bltest_rsa_init(cipherInfo, encrypt); - break; - case bltestDSA: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - DSA_SIGNATURE_LEN); - return bltest_dsa_init(cipherInfo, encrypt); - break; -#ifdef NSS_ENABLE_ECC - case bltestECDSA: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - 2 * MAX_ECKEY_LEN); - return bltest_ecdsa_init(cipherInfo, encrypt); - break; -#endif - case bltestMD2: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - MD2_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? md2_restart : md2_HashBuf; - return SECSuccess; - break; - case bltestMD5: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - MD5_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? md5_restart : MD5_HashBuf; - return SECSuccess; - break; - case bltestSHA1: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - SHA1_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf; - return SECSuccess; - break; - case bltestSHA256: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - SHA256_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? SHA256_restart - : SHA256_HashBuf; - return SECSuccess; - break; - case bltestSHA384: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - SHA384_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? SHA384_restart - : SHA384_HashBuf; - return SECSuccess; - break; - case bltestSHA512: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - SHA512_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? SHA512_restart - : SHA512_HashBuf; - return SECSuccess; - break; - default: - return SECFailure; - } - return SECSuccess; -} - -SECStatus -dsaOp(bltestCipherInfo *cipherInfo) -{ - PRIntervalTime time1, time2; - SECStatus rv = SECSuccess; - int i; - int maxLen = cipherInfo->output.pBuf.len; - SECItem dummyOut = { 0, 0, 0 }; - SECITEM_AllocItem(NULL, &dummyOut, maxLen); - if (cipherInfo->cipher.pubkeyCipher == dsa_signDigest) { - if (cipherInfo->params.dsa.sigseed.buf.len > 0) { - bltestDSAParams *dsa = &cipherInfo->params.dsa; - DSAPrivateKey *key = (DSAPrivateKey *)cipherInfo->cx; - - TIMESTART(); - rv = DSA_SignDigestWithSeed(key, - &cipherInfo->output.pBuf, - &cipherInfo->input.pBuf, - dsa->sigseed.buf.data); - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - cipherInfo->repetitions = 0; - if (cipherInfo->repetitionsToPerfom != 0) { - TIMESTART(); - for (i=0; irepetitionsToPerfom; - i++, cipherInfo->repetitions++) { - rv = DSA_SignDigestWithSeed(key, &dummyOut, - &cipherInfo->input.pBuf, - dsa->sigseed.buf.data); - CHECKERROR(rv, __LINE__); - } - } else { - int opsBetweenChecks = 0; - TIMEMARK(cipherInfo->seconds); - while (! (TIMETOFINISH())) { - int j = 0; - for (;j < opsBetweenChecks;j++) { - rv = DSA_SignDigestWithSeed(key, &dummyOut, - &cipherInfo->input.pBuf, - dsa->sigseed.buf.data); - CHECKERROR(rv, __LINE__); - } - cipherInfo->repetitions += j; - } - } - TIMEFINISH(cipherInfo->optime, 1.0); - } else { - TIMESTART(); - rv = DSA_SignDigest((DSAPrivateKey *)cipherInfo->cx, - &cipherInfo->output.pBuf, - &cipherInfo->input.pBuf); - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - cipherInfo->repetitions = 0; - if (cipherInfo->repetitionsToPerfom != 0) { - TIMESTART(); - for (i=0; irepetitionsToPerfom; - i++, cipherInfo->repetitions++) { - rv = DSA_SignDigest((DSAPrivateKey *)cipherInfo->cx, - &dummyOut, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - } else { - int opsBetweenChecks = 0; - TIMEMARK(cipherInfo->seconds); - while (! (TIMETOFINISH())) { - int j = 0; - for (;j < opsBetweenChecks;j++) { - rv = DSA_SignDigest((DSAPrivateKey *)cipherInfo->cx, - &dummyOut, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - cipherInfo->repetitions += j; - } - } - TIMEFINISH(cipherInfo->optime, 1.0); - } - bltestCopyIO(cipherInfo->arena, &cipherInfo->params.dsa.sig, - &cipherInfo->output); - } else { - TIMESTART(); - rv = DSA_VerifyDigest((DSAPublicKey *)cipherInfo->cx, - &cipherInfo->params.dsa.sig.buf, - &cipherInfo->input.pBuf); - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - cipherInfo->repetitions = 0; - if (cipherInfo->repetitionsToPerfom != 0) { - TIMESTART(); - for (i=0; irepetitionsToPerfom; - i++, cipherInfo->repetitions++) { - rv = DSA_VerifyDigest((DSAPublicKey *)cipherInfo->cx, - &cipherInfo->params.dsa.sig.buf, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - } else { - int opsBetweenChecks = 0; - TIMEMARK(cipherInfo->seconds); - while (! (TIMETOFINISH())) { - int j = 0; - for (;j < opsBetweenChecks;j++) { - rv = DSA_VerifyDigest((DSAPublicKey *)cipherInfo->cx, - &cipherInfo->params.dsa.sig.buf, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - cipherInfo->repetitions += j; - } - } - TIMEFINISH(cipherInfo->optime, 1.0); - } - SECITEM_FreeItem(&dummyOut, PR_FALSE); - return rv; -} - -#ifdef NSS_ENABLE_ECC -SECStatus -ecdsaOp(bltestCipherInfo *cipherInfo) -{ - PRIntervalTime time1, time2; - SECStatus rv = SECSuccess; - int i; - int maxLen = cipherInfo->output.pBuf.len; - SECItem dummyOut = { 0, 0, 0 }; - SECITEM_AllocItem(NULL, &dummyOut, maxLen); - if (cipherInfo->cipher.pubkeyCipher == ecdsa_signDigest) { - if (cipherInfo->params.ecdsa.sigseed.buf.len > 0) { - ECPrivateKey *key = (ECPrivateKey *)cipherInfo->cx; - bltestECDSAParams *ecdsa = &cipherInfo->params.ecdsa; - - TIMESTART(); - rv = ECDSA_SignDigestWithSeed(key, - &cipherInfo->output.pBuf, - &cipherInfo->input.pBuf, - ecdsa->sigseed.buf.data, - ecdsa->sigseed.buf.len); - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - cipherInfo->repetitions = 0; - if (cipherInfo->repetitionsToPerfom != 0) { - TIMESTART(); - for (i=0; irepetitionsToPerfom; - i++, cipherInfo->repetitions++) { - rv = ECDSA_SignDigestWithSeed(key, &dummyOut, - &cipherInfo->input.pBuf, - ecdsa->sigseed.buf.data, - ecdsa->sigseed.buf.len); - CHECKERROR(rv, __LINE__); - } - } else { - int opsBetweenChecks = 0; - TIMEMARK(cipherInfo->seconds); - while (! (TIMETOFINISH())) { - int j = 0; - for (;j < opsBetweenChecks;j++) { - rv = ECDSA_SignDigestWithSeed(key, &dummyOut, - &cipherInfo->input.pBuf, - ecdsa->sigseed.buf.data, - ecdsa->sigseed.buf.len); - CHECKERROR(rv, __LINE__); - } - cipherInfo->repetitions += j; - } - } - TIMEFINISH(cipherInfo->optime, 1.0); - } else { - TIMESTART(); - rv = ECDSA_SignDigest((ECPrivateKey *)cipherInfo->cx, - &cipherInfo->output.pBuf, - &cipherInfo->input.pBuf); - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - cipherInfo->repetitions = 0; - if (cipherInfo->repetitionsToPerfom != 0) { - TIMESTART(); - for (i=0; irepetitionsToPerfom; - i++, cipherInfo->repetitions++) { - rv = ECDSA_SignDigest((ECPrivateKey *)cipherInfo->cx, - &dummyOut, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - } else { - int opsBetweenChecks = 0; - TIMEMARK(cipherInfo->seconds); - while (! (TIMETOFINISH())) { - int j = 0; - for (;j < opsBetweenChecks;j++) { - rv = ECDSA_SignDigest((ECPrivateKey *)cipherInfo->cx, - &dummyOut, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - cipherInfo->repetitions += j; - } - } - TIMEFINISH(cipherInfo->optime, 1.0); - } - bltestCopyIO(cipherInfo->arena, &cipherInfo->params.ecdsa.sig, - &cipherInfo->output); - } else { - TIMESTART(); - rv = ECDSA_VerifyDigest((ECPublicKey *)cipherInfo->cx, - &cipherInfo->params.ecdsa.sig.buf, - &cipherInfo->input.pBuf); - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - cipherInfo->repetitions = 0; - if (cipherInfo->repetitionsToPerfom != 0) { - TIMESTART(); - for (i=0; irepetitionsToPerfom; - i++, cipherInfo->repetitions++) { - rv = ECDSA_VerifyDigest((ECPublicKey *)cipherInfo->cx, - &cipherInfo->params.ecdsa.sig.buf, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - } else { - int opsBetweenChecks = 0; - TIMEMARK(cipherInfo->seconds); - while (! (TIMETOFINISH())) { - int j = 0; - for (;j < opsBetweenChecks;j++) { - rv = ECDSA_VerifyDigest((ECPublicKey *)cipherInfo->cx, - &cipherInfo->params.ecdsa.sig.buf, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - cipherInfo->repetitions += j; - } - } - TIMEFINISH(cipherInfo->optime, 1.0); - } - SECITEM_FreeItem(&dummyOut, PR_FALSE); - return rv; -} -#endif - -SECStatus -cipherDoOp(bltestCipherInfo *cipherInfo) -{ - PRIntervalTime time1, time2; - SECStatus rv = SECSuccess; - int i, len; - int maxLen = cipherInfo->output.pBuf.len; - unsigned char *dummyOut; - if (cipherInfo->mode == bltestDSA) - return dsaOp(cipherInfo); -#ifdef NSS_ENABLE_ECC - else if (cipherInfo->mode == bltestECDSA) - return ecdsaOp(cipherInfo); -#endif - dummyOut = PORT_Alloc(maxLen); - if (is_symmkeyCipher(cipherInfo->mode)) { - TIMESTART(); - rv = (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx, - cipherInfo->output.pBuf.data, - &len, maxLen, - cipherInfo->input.pBuf.data, - cipherInfo->input.pBuf.len); - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - cipherInfo->repetitions = 0; - if (cipherInfo->repetitionsToPerfom != 0) { - TIMESTART(); - for (i=0; irepetitionsToPerfom; i++, - cipherInfo->repetitions++) { - (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx, dummyOut, - &len, maxLen, - cipherInfo->input.pBuf.data, - cipherInfo->input.pBuf.len); - - CHECKERROR(rv, __LINE__); - } - } else { - int opsBetweenChecks = 0; - bltestIO *input = &cipherInfo->input; - TIMEMARK(cipherInfo->seconds); - while (! (TIMETOFINISH())) { - int j = 0; - for (;j < opsBetweenChecks;j++) { - (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx, - dummyOut, - &len, maxLen, - input->pBuf.data, - input->pBuf.len); - } - cipherInfo->repetitions += j; - } - } - TIMEFINISH(cipherInfo->optime, 1.0); - } else if (is_pubkeyCipher(cipherInfo->mode)) { - TIMESTART(); - rv = (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, - &cipherInfo->output.pBuf, - &cipherInfo->input.pBuf); - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - cipherInfo->repetitions = 0; - if (cipherInfo->repetitionsToPerfom != 0) { - TIMESTART(); - for (i=0; irepetitionsToPerfom; - i++, cipherInfo->repetitions++) { - SECItem dummy; - dummy.data = dummyOut; - dummy.len = maxLen; - (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, &dummy, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - } else { - int opsBetweenChecks = 0; - TIMEMARK(cipherInfo->seconds); - while (! (TIMETOFINISH())) { - int j = 0; - for (;j < opsBetweenChecks;j++) { - SECItem dummy; - dummy.data = dummyOut; - dummy.len = maxLen; - (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, &dummy, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - cipherInfo->repetitions += j; - } - } - TIMEFINISH(cipherInfo->optime, 1.0); - } else if (is_hashCipher(cipherInfo->mode)) { - TIMESTART(); - rv = (*cipherInfo->cipher.hashCipher)(cipherInfo->output.pBuf.data, - cipherInfo->input.pBuf.data, - cipherInfo->input.pBuf.len); - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - cipherInfo->repetitions = 0; - if (cipherInfo->repetitionsToPerfom != 0) { - TIMESTART(); - for (i=0; irepetitionsToPerfom; - i++, cipherInfo->repetitions++) { - (*cipherInfo->cipher.hashCipher)(dummyOut, - cipherInfo->input.pBuf.data, - cipherInfo->input.pBuf.len); - CHECKERROR(rv, __LINE__); - } - } else { - int opsBetweenChecks = 0; - TIMEMARK(cipherInfo->seconds); - while (! (TIMETOFINISH())) { - int j = 0; - for (;j < opsBetweenChecks;j++) { - bltestIO *input = &cipherInfo->input; - (*cipherInfo->cipher.hashCipher)(dummyOut, - input->pBuf.data, - input->pBuf.len); - CHECKERROR(rv, __LINE__); - } - cipherInfo->repetitions += j; - } - } - TIMEFINISH(cipherInfo->optime, 1.0); - } - PORT_Free(dummyOut); - return rv; -} - -SECStatus -cipherFinish(bltestCipherInfo *cipherInfo) -{ - switch (cipherInfo->mode) { - case bltestDES_ECB: - case bltestDES_CBC: - case bltestDES_EDE_ECB: - case bltestDES_EDE_CBC: - DES_DestroyContext((DESContext *)cipherInfo->cx, PR_TRUE); - break; - case bltestAES_ECB: - case bltestAES_CBC: - AES_DestroyContext((AESContext *)cipherInfo->cx, PR_TRUE); - break; - case bltestCAMELLIA_ECB: - case bltestCAMELLIA_CBC: - Camellia_DestroyContext((CamelliaContext *)cipherInfo->cx, PR_TRUE); - break; - case bltestSEED_ECB: - case bltestSEED_CBC: - SEED_DestroyContext((SEEDContext *)cipherInfo->cx, PR_TRUE); - break; - case bltestRC2_ECB: - case bltestRC2_CBC: - RC2_DestroyContext((RC2Context *)cipherInfo->cx, PR_TRUE); - break; - case bltestRC4: - RC4_DestroyContext((RC4Context *)cipherInfo->cx, PR_TRUE); - break; -#ifdef NSS_SOFTOKEN_DOES_RC5 - case bltestRC5_ECB: - case bltestRC5_CBC: - RC5_DestroyContext((RC5Context *)cipherInfo->cx, PR_TRUE); - break; -#endif - case bltestRSA: /* keys are alloc'ed within cipherInfo's arena, */ - case bltestDSA: /* will be freed with it. */ -#ifdef NSS_ENABLE_ECC - case bltestECDSA: -#endif - case bltestMD2: /* hash contexts are ephemeral */ - case bltestMD5: - case bltestSHA1: - case bltestSHA256: - case bltestSHA384: - case bltestSHA512: - return SECSuccess; - break; - default: - return SECFailure; - } - return SECSuccess; -} - -void -print_exponent(SECItem *exp) -{ - int i; - int e = 0; - if (exp->len <= 4) { - for (i=exp->len; i >=0; --i) e |= exp->data[exp->len-i] << 8*(i-1); - fprintf(stdout, "%12d", e); - } else { - e = 8*exp->len; - fprintf(stdout, "~2**%-8d", e); - } -} - -static void -splitToReportUnit(PRInt64 res, int *resArr, int *del, int size) -{ - PRInt64 remaining = res, tmp = 0; - PRInt64 Ldel; - int i = -1; - - while (remaining > 0 && ++i < size) { - LL_I2L(Ldel, del[i]); - LL_MOD(tmp, remaining, Ldel); - LL_L2I(resArr[i], tmp); - LL_DIV(remaining, remaining, Ldel); - } -} - -static char* -getHighUnitBytes(PRInt64 res) -{ - int spl[] = {0, 0, 0, 0}; - int del[] = {1024, 1024, 1024, 1024}; - char *marks[] = {"b", "Kb", "Mb", "Gb"}; - int i = 3; - - splitToReportUnit(res, spl, del, 4); - - for (;i>0;i--) { - if (spl[i] != 0) { - break; - } - } - - return PR_smprintf("%d%s", spl[i], marks[i]); -} - - -static void -printPR_smpString(const char *sformat, char *reportStr, - const char *nformat, PRInt64 rNum) -{ - if (reportStr) { - fprintf(stdout, sformat, reportStr); - PR_smprintf_free(reportStr); - } else { - int prnRes; - LL_L2I(prnRes, rNum); - fprintf(stdout, nformat, rNum); - } -} - -static char* -getHighUnitOps(PRInt64 res) -{ - int spl[] = {0, 0, 0, 0}; - int del[] = {1000, 1000, 1000, 1000}; - char *marks[] = {"", "T", "M", "B"}; - int i = 3; - - splitToReportUnit(res, spl, del, 4); - - for (;i>0;i--) { - if (spl[i] != 0) { - break; - } - } - - return PR_smprintf("%d%s", spl[i], marks[i]); -} - -void -dump_performance_info(bltestCipherInfo *infoList, double totalTimeInt, - PRBool encrypt, PRBool cxonly) -{ - bltestCipherInfo *info = infoList; - - PRInt64 totalIn = 0; - PRBool td = PR_TRUE; - - int repetitions = 0; - int cxreps = 0; - double cxtime = 0; - double optime = 0; - while (info != NULL) { - repetitions += info->repetitions; - cxreps += info->cxreps; - cxtime += info->cxtime; - optime += info->optime; - totalIn += (PRInt64) info->input.buf.len * (PRInt64) info->repetitions; - - info = info->next; - } - info = infoList; - - fprintf(stdout, "#%9s", "mode"); - fprintf(stdout, "%12s", "in"); -print_td: - switch (info->mode) { - case bltestDES_ECB: - case bltestDES_CBC: - case bltestDES_EDE_ECB: - case bltestDES_EDE_CBC: - case bltestAES_ECB: - case bltestAES_CBC: - case bltestCAMELLIA_ECB: - case bltestCAMELLIA_CBC: - case bltestSEED_ECB: - case bltestSEED_CBC: - case bltestRC2_ECB: - case bltestRC2_CBC: - case bltestRC4: - if (td) - fprintf(stdout, "%8s", "symmkey"); - else - fprintf(stdout, "%8d", 8*info->params.sk.key.buf.len); - break; -#ifdef NSS_SOFTOKEN_DOES_RC5 - case bltestRC5_ECB: - case bltestRC5_CBC: - if (info->params.sk.key.buf.len > 0) - printf("symmetric key(bytes)=%d,", info->params.sk.key.buf.len); - if (info->rounds > 0) - printf("rounds=%d,", info->params.rc5.rounds); - if (info->wordsize > 0) - printf("wordsize(bytes)=%d,", info->params.rc5.wordsize); - break; -#endif - case bltestRSA: - if (td) { - fprintf(stdout, "%8s", "rsa_mod"); - fprintf(stdout, "%12s", "rsa_pe"); - } else { - fprintf(stdout, "%8d", info->params.rsa.keysizeInBits); - print_exponent(&info->params.rsa.rsakey->publicExponent); - } - break; - case bltestDSA: - if (td) - fprintf(stdout, "%8s", "pqg_mod"); - else - fprintf(stdout, "%8d", PQG_INDEX_TO_PBITS(info->params.dsa.j)); - break; -#ifdef NSS_ENABLE_ECC - case bltestECDSA: - if (td) - fprintf(stdout, "%12s", "ec_curve"); - else { - ECCurveName curveName = info->params.ecdsa.eckey->ecParams.name; - fprintf(stdout, "%12s", - ecCurve_map[curveName]? ecCurve_map[curveName]->text: - "Unsupported curve"); - } - break; -#endif - case bltestMD2: - case bltestMD5: - case bltestSHA1: - case bltestSHA256: - case bltestSHA384: - case bltestSHA512: - default: - break; - } - if (!td) { - PRInt64 totalThroughPut; - - printPR_smpString("%8s", getHighUnitOps(repetitions), - "%8d", repetitions); - - printPR_smpString("%8s", getHighUnitOps(cxreps), "%8d", cxreps); - - fprintf(stdout, "%12.3f", cxtime); - fprintf(stdout, "%12.3f", optime); - fprintf(stdout, "%12.03f", totalTimeInt / 1000); - - totalThroughPut = (PRInt64)(totalIn / totalTimeInt * 1000); - printPR_smpString("%12s", getHighUnitBytes(totalThroughPut), - "%12d", totalThroughPut); - - fprintf(stdout, "\n"); - return; - } - - fprintf(stdout, "%8s", "opreps"); - fprintf(stdout, "%8s", "cxreps"); - fprintf(stdout, "%12s", "context"); - fprintf(stdout, "%12s", "op"); - fprintf(stdout, "%12s", "time(sec)"); - fprintf(stdout, "%12s", "thrgput"); - fprintf(stdout, "\n"); - fprintf(stdout, "%8s", mode_strings[info->mode]); - fprintf(stdout, "_%c", (cxonly) ? 'c' : (encrypt) ? 'e' : 'd'); - printPR_smpString("%12s", getHighUnitBytes(totalIn), "%12d", totalIn); - - td = !td; - goto print_td; -} - -void -printmodes() -{ - bltestCipherMode mode; - int nummodes = sizeof(mode_strings) / sizeof(char *); - fprintf(stderr, "%s: Available modes (specify with -m):\n", progName); - for (mode=0; modemode = ioMode; - data->file = NULL; /* don't use -- not saving anything */ - data->pBuf.data = NULL; - data->pBuf.len = 0; - file = PR_Open(fn, PR_RDONLY, 00660); - if (file) - setupIO(arena, data, file, NULL, 0); -} - -void -get_params(PRArenaPool *arena, bltestParams *params, - bltestCipherMode mode, int j) -{ - char filename[256]; - char *modestr = mode_strings[mode]; -#ifdef NSS_SOFTOKEN_DOES_RC5 - FILE *file; - char *mark, *param, *val; - int index = 0; -#endif - switch (mode) { - case bltestDES_CBC: - case bltestDES_EDE_CBC: - case bltestRC2_CBC: - case bltestAES_CBC: - case bltestCAMELLIA_CBC: - case bltestSEED_CBC: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j); - load_file_data(arena, ¶ms->sk.iv, filename, bltestBinary); - case bltestDES_ECB: - case bltestDES_EDE_ECB: - case bltestRC2_ECB: - case bltestRC4: - case bltestAES_ECB: - case bltestCAMELLIA_ECB: - case bltestSEED_ECB: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); - load_file_data(arena, ¶ms->sk.key, filename, bltestBinary); - break; -#ifdef NSS_SOFTOKEN_DOES_RC5 - case bltestRC5_ECB: - case bltestRC5_CBC: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j); - load_file_data(arena, ¶ms->sk.iv, filename, bltestBinary); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); - load_file_data(arena, ¶ms->sk.key, filename, bltestBinary); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, - "params", j); - file = fopen(filename, "r"); - if (!file) return; - param = malloc(100); - len = fread(param, 1, 100, file); - while (index < len) { - mark = PL_strchr(param, '='); - *mark = '\0'; - val = mark + 1; - mark = PL_strchr(val, '\n'); - *mark = '\0'; - if (PL_strcmp(param, "rounds") == 0) { - params->rc5.rounds = atoi(val); - } else if (PL_strcmp(param, "wordsize") == 0) { - params->rc5.wordsize = atoi(val); - } - index += PL_strlen(param) + PL_strlen(val) + 2; - param = mark + 1; - } - break; -#endif - case bltestRSA: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); - load_file_data(arena, ¶ms->rsa.key, filename, bltestBase64Encoded); - params->rsa.rsakey = rsakey_from_filedata(¶ms->key.buf); - break; - case bltestDSA: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); - load_file_data(arena, ¶ms->dsa.key, filename, bltestBase64Encoded); - params->dsa.dsakey = dsakey_from_filedata(¶ms->key.buf); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "pqg", j); - load_file_data(arena, ¶ms->dsa.pqgdata, filename, - bltestBase64Encoded); - params->dsa.pqg = pqg_from_filedata(¶ms->dsa.pqgdata.buf); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "keyseed", j); - load_file_data(arena, ¶ms->dsa.keyseed, filename, - bltestBase64Encoded); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j); - load_file_data(arena, ¶ms->dsa.sigseed, filename, - bltestBase64Encoded); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j); - load_file_data(arena, ¶ms->dsa.sig, filename, bltestBase64Encoded); - break; -#ifdef NSS_ENABLE_ECC - case bltestECDSA: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); - load_file_data(arena, ¶ms->ecdsa.key, filename, bltestBase64Encoded); - params->ecdsa.eckey = eckey_from_filedata(¶ms->key.buf); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j); - load_file_data(arena, ¶ms->ecdsa.sigseed, filename, - bltestBase64Encoded); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j); - load_file_data(arena, ¶ms->ecdsa.sig, filename, bltestBase64Encoded); - break; -#endif - case bltestMD2: - case bltestMD5: - case bltestSHA1: - case bltestSHA256: - case bltestSHA384: - case bltestSHA512: - /*params->hash.restart = PR_TRUE;*/ - params->hash.restart = PR_FALSE; - break; - default: - break; - } -} - -SECStatus -verify_self_test(bltestIO *result, bltestIO *cmp, bltestCipherMode mode, - PRBool forward, SECStatus sigstatus) -{ - int res; - char *modestr = mode_strings[mode]; - res = SECITEM_CompareItem(&result->pBuf, &cmp->buf); - if (is_sigCipher(mode)) { - if (forward) { - if (res == 0) { - printf("Signature self-test for %s passed.\n", modestr); - } else { - printf("Signature self-test for %s failed!\n", modestr); - } - } else { - if (sigstatus == SECSuccess) { - printf("Verification self-test for %s passed.\n", modestr); - } else { - printf("Verification self-test for %s failed!\n", modestr); - } - } - return sigstatus; - } else if (is_hashCipher(mode)) { - if (res == 0) { - printf("Hash self-test for %s passed.\n", modestr); - } else { - printf("Hash self-test for %s failed!\n", modestr); - } - } else { - if (forward) { - if (res == 0) { - printf("Encryption self-test for %s passed.\n", modestr); - } else { - printf("Encryption self-test for %s failed!\n", modestr); - } - } else { - if (res == 0) { - printf("Decryption self-test for %s passed.\n", modestr); - } else { - printf("Decryption self-test for %s failed!\n", modestr); - } - } - } - return (res != 0); -} - -static SECStatus -blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, - PRBool encrypt, PRBool decrypt) -{ - bltestCipherInfo cipherInfo; - bltestIO pt, ct; - bltestCipherMode mode; - bltestParams *params; - int i, j, nummodes, numtests; - char *modestr; - char filename[256]; - PRFileDesc *file; - PRArenaPool *arena; - SECItem item; - PRBool finished; - SECStatus rv = SECSuccess, srv; - - PORT_Memset(&cipherInfo, 0, sizeof(cipherInfo)); - arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); - cipherInfo.arena = arena; - - finished = PR_FALSE; - nummodes = (numModes == 0) ? NUMMODES : numModes; - for (i=0; i < nummodes && !finished; i++) { - if (numModes > 0) - mode = modes[i]; - else - mode = i; - if (mode == bltestINVALID) { - fprintf(stderr, "%s: Skipping invalid mode.\n",progName); - continue; - } - modestr = mode_strings[mode]; - cipherInfo.mode = mode; - params = &cipherInfo.params; -#ifdef TRACK_BLTEST_BUG - if (mode == bltestRSA) { - fprintf(stderr, "[%s] Self-Testing RSA\n", __bltDBG); - } -#endif - /* get the number of tests in the directory */ - sprintf(filename, "%s/tests/%s/%s", testdir, modestr, "numtests"); - file = PR_Open(filename, PR_RDONLY, 00660); - if (!file) { - fprintf(stderr, "%s: File %s does not exist.\n", progName,filename); - return SECFailure; - } - rv = SECU_FileToItem(&item, file); -#ifdef TRACK_BLTEST_BUG - if (mode == bltestRSA) { - fprintf(stderr, "[%s] Loaded data from %s\n", __bltDBG, filename); - } -#endif - PR_Close(file); - /* loop over the tests in the directory */ - numtests = 0; - for (j=0; jmCarlo == PR_TRUE) { - int mciter; - for (mciter=0; mciter<10000; mciter++) { - cipherDoOp(cipherInfo); - memcpy(cipherInfo->input.buf.data, - cipherInfo->output.buf.data, - cipherInfo->input.buf.len); - } - } else { - cipherDoOp(cipherInfo); - } - cipherFinish(cipherInfo); -} - -/* bltest commands */ -enum { - cmd_Decrypt = 0, - cmd_Encrypt, - cmd_FIPS, - cmd_Hash, - cmd_Nonce, - cmd_Dump, - cmd_Sign, - cmd_SelfTest, - cmd_Verify -}; - -/* bltest options */ -enum { - opt_B64 = 0, - opt_BufSize, - opt_Restart, - opt_SelfTestDir, - opt_Exponent, - opt_SigFile, - opt_KeySize, - opt_Hex, - opt_Input, - opt_PQGFile, - opt_Key, - opt_HexWSpc, - opt_Mode, -#ifdef NSS_ENABLE_ECC - opt_CurveName, -#endif - opt_Output, - opt_Repetitions, - opt_ZeroBuf, - opt_Rounds, - opt_Seed, - opt_SigSeedFile, - opt_CXReps, - opt_IV, - opt_WordSize, - opt_UseSeed, - opt_UseSigSeed, - opt_SeedFile, - opt_InputOffset, - opt_OutputOffset, - opt_MonteCarlo, - opt_ThreadNum, - opt_SecondsToRun, - opt_CmdLine -}; - -static secuCommandFlag bltest_commands[] = -{ - { /* cmd_Decrypt */ 'D', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Encrypt */ 'E', PR_FALSE, 0, PR_FALSE }, - { /* cmd_FIPS */ 'F', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Hash */ 'H', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Nonce */ 'N', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Dump */ 'P', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Sign */ 'S', PR_FALSE, 0, PR_FALSE }, - { /* cmd_SelfTest */ 'T', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Verify */ 'V', PR_FALSE, 0, PR_FALSE } -}; - -static secuCommandFlag bltest_options[] = -{ - { /* opt_B64 */ 'a', PR_FALSE, 0, PR_FALSE }, - { /* opt_BufSize */ 'b', PR_TRUE, 0, PR_FALSE }, - { /* opt_Restart */ 'c', PR_FALSE, 0, PR_FALSE }, - { /* opt_SelfTestDir */ 'd', PR_TRUE, 0, PR_FALSE }, - { /* opt_Exponent */ 'e', PR_TRUE, 0, PR_FALSE }, - { /* opt_SigFile */ 'f', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeySize */ 'g', PR_TRUE, 0, PR_FALSE }, - { /* opt_Hex */ 'h', PR_FALSE, 0, PR_FALSE }, - { /* opt_Input */ 'i', PR_TRUE, 0, PR_FALSE }, - { /* opt_PQGFile */ 'j', PR_TRUE, 0, PR_FALSE }, - { /* opt_Key */ 'k', PR_TRUE, 0, PR_FALSE }, - { /* opt_HexWSpc */ 'l', PR_FALSE, 0, PR_FALSE }, - { /* opt_Mode */ 'm', PR_TRUE, 0, PR_FALSE }, -#ifdef NSS_ENABLE_ECC - { /* opt_CurveName */ 'n', PR_TRUE, 0, PR_FALSE }, -#endif - { /* opt_Output */ 'o', PR_TRUE, 0, PR_FALSE }, - { /* opt_Repetitions */ 'p', PR_TRUE, 0, PR_FALSE }, - { /* opt_ZeroBuf */ 'q', PR_FALSE, 0, PR_FALSE }, - { /* opt_Rounds */ 'r', PR_TRUE, 0, PR_FALSE }, - { /* opt_Seed */ 's', PR_TRUE, 0, PR_FALSE }, - { /* opt_SigSeedFile */ 't', PR_TRUE, 0, PR_FALSE }, - { /* opt_CXReps */ 'u', PR_TRUE, 0, PR_FALSE }, - { /* opt_IV */ 'v', PR_TRUE, 0, PR_FALSE }, - { /* opt_WordSize */ 'w', PR_TRUE, 0, PR_FALSE }, - { /* opt_UseSeed */ 'x', PR_FALSE, 0, PR_FALSE }, - { /* opt_UseSigSeed */ 'y', PR_FALSE, 0, PR_FALSE }, - { /* opt_SeedFile */ 'z', PR_FALSE, 0, PR_FALSE }, - { /* opt_InputOffset */ '1', PR_TRUE, 0, PR_FALSE }, - { /* opt_OutputOffset */ '2', PR_TRUE, 0, PR_FALSE }, - { /* opt_MonteCarlo */ '3', PR_FALSE, 0, PR_FALSE }, - { /* opt_ThreadNum */ '4', PR_TRUE, 0, PR_FALSE }, - { /* opt_SecondsToRun */ '5', PR_TRUE, 0, PR_FALSE }, - { /* opt_CmdLine */ '-', PR_FALSE, 0, PR_FALSE } -}; - -int main(int argc, char **argv) -{ - char *infileName, *outfileName, *keyfileName, *ivfileName; - SECStatus rv = SECFailure; - - double totalTime; - PRIntervalTime time1, time2; - PRFileDesc *outfile = NULL; - bltestCipherInfo *cipherInfoListHead, *cipherInfo; - bltestIOMode ioMode; - int bufsize, exponent, curThrdNum; -#ifdef NSS_ENABLE_ECC - char *curveName = NULL; -#endif - int i, commandsEntered; - int inoff, outoff; - int threads = 1; - - secuCommand bltest; - bltest.numCommands = sizeof(bltest_commands) / sizeof(secuCommandFlag); - bltest.numOptions = sizeof(bltest_options) / sizeof(secuCommandFlag); - bltest.commands = bltest_commands; - bltest.options = bltest_options; - - progName = strrchr(argv[0], '/'); - if (!progName) - progName = strrchr(argv[0], '\\'); - progName = progName ? progName+1 : argv[0]; - - rv = RNG_RNGInit(); - if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - return -1; - } - rv = BL_Init(); - if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - return -1; - } - RNG_SystemInfoForRNG(); - - rv = SECU_ParseCommandLine(argc, argv, progName, &bltest); - if (rv == SECFailure) { - fprintf(stderr, "%s: command line parsing error!\n", progName); - goto print_usage; - } - rv = SECFailure; - - cipherInfo = PORT_ZNew(bltestCipherInfo); - cipherInfoListHead = cipherInfo; - /* set some defaults */ - infileName = outfileName = keyfileName = ivfileName = NULL; - - /* Check the number of commands entered on the command line. */ - commandsEntered = 0; - for (i=0; i 1 && - !(commandsEntered == 2 && bltest.commands[cmd_SelfTest].activated)) { - fprintf(stderr, "%s: one command at a time!\n", progName); - goto print_usage; - } - - if (commandsEntered == 0) { - fprintf(stderr, "%s: you must enter a command!\n", progName); - goto print_usage; - } - - if (bltest.commands[cmd_Sign].activated) - bltest.commands[cmd_Encrypt].activated = PR_TRUE; - if (bltest.commands[cmd_Verify].activated) - bltest.commands[cmd_Decrypt].activated = PR_TRUE; - if (bltest.commands[cmd_Hash].activated) - bltest.commands[cmd_Encrypt].activated = PR_TRUE; - - inoff = outoff = 0; - if (bltest.options[opt_InputOffset].activated) - inoff = PORT_Atoi(bltest.options[opt_InputOffset].arg); - if (bltest.options[opt_OutputOffset].activated) - outoff = PORT_Atoi(bltest.options[opt_OutputOffset].arg); - - testdir = (bltest.options[opt_SelfTestDir].activated) ? - strdup(bltest.options[opt_SelfTestDir].arg) : "."; - - /* - * Handle three simple cases first - */ - - /* Do BLAPI self-test */ - if (bltest.commands[cmd_SelfTest].activated) { - PRBool encrypt = PR_TRUE, decrypt = PR_TRUE; - /* user may specified a set of ciphers to test. parse them. */ - bltestCipherMode modesToTest[NUMMODES]; - int numModesToTest = 0; - char *tok, *str; - str = bltest.options[opt_Mode].arg; - while (str) { - tok = strchr(str, ','); - if (tok) *tok = '\0'; - modesToTest[numModesToTest++] = get_mode(str); - if (tok) { - *tok = ','; - str = tok + 1; - } else { - break; - } - } - if (bltest.commands[cmd_Decrypt].activated && - !bltest.commands[cmd_Encrypt].activated) - encrypt = PR_FALSE; - if (bltest.commands[cmd_Encrypt].activated && - !bltest.commands[cmd_Decrypt].activated) - decrypt = PR_FALSE; - rv = blapi_selftest(modesToTest, numModesToTest, inoff, outoff, - encrypt, decrypt); - PORT_Free(cipherInfo); - return rv; - } - - /* Do FIPS self-test */ - if (bltest.commands[cmd_FIPS].activated) { - CK_RV ckrv = sftk_fipsPowerUpSelfTest(); - fprintf(stdout, "CK_RV: %ld.\n", ckrv); - PORT_Free(cipherInfo); - if (ckrv == CKR_OK) - return SECSuccess; - return SECFailure; - } - - /* - * Check command line arguments for Encrypt/Decrypt/Hash/Sign/Verify - */ - - if ((bltest.commands[cmd_Decrypt].activated || - bltest.commands[cmd_Verify].activated) && - bltest.options[opt_BufSize].activated) { - fprintf(stderr, "%s: Cannot use a nonce as input to decrypt/verify.\n", - progName); - goto print_usage; - } - - if (bltest.options[opt_Mode].activated) { - cipherInfo->mode = get_mode(bltest.options[opt_Mode].arg); - if (cipherInfo->mode == bltestINVALID) { - goto print_usage; - } - } else { - fprintf(stderr, "%s: You must specify a cipher mode with -m.\n", - progName); - goto print_usage; - } - - - if (bltest.options[opt_Repetitions].activated && - bltest.options[opt_SecondsToRun].activated) { - fprintf(stderr, "%s: Operation time should be defined in either " - "repetitions(-p) or seconds(-5) not both", - progName); - goto print_usage; - } - - if (bltest.options[opt_Repetitions].activated) { - cipherInfo->repetitionsToPerfom = - PORT_Atoi(bltest.options[opt_Repetitions].arg); - } else { - cipherInfo->repetitionsToPerfom = 0; - } - - if (bltest.options[opt_SecondsToRun].activated) { - cipherInfo->seconds = PORT_Atoi(bltest.options[opt_SecondsToRun].arg); - } else { - cipherInfo->seconds = 0; - } - - - if (bltest.options[opt_CXReps].activated) { - cipherInfo->cxreps = PORT_Atoi(bltest.options[opt_CXReps].arg); - } else { - cipherInfo->cxreps = 0; - } - - if (bltest.options[opt_ThreadNum].activated) { - threads = PORT_Atoi(bltest.options[opt_ThreadNum].arg); - if (threads <= 0) { - threads = 1; - } - } - - /* Dump a file (rsakey, dsakey, etc.) */ - if (bltest.commands[cmd_Dump].activated) { - rv = dump_file(cipherInfo->mode, bltest.options[opt_Input].arg); - PORT_Free(cipherInfo); - return rv; - } - - /* default input mode is binary */ - ioMode = (bltest.options[opt_B64].activated) ? bltestBase64Encoded : - (bltest.options[opt_Hex].activated) ? bltestHexStream : - (bltest.options[opt_HexWSpc].activated) ? bltestHexSpaceDelim : - bltestBinary; - - if (bltest.options[opt_Exponent].activated) - exponent = PORT_Atoi(bltest.options[opt_Exponent].arg); - else - exponent = 65537; - -#ifdef NSS_ENABLE_ECC - if (bltest.options[opt_CurveName].activated) - curveName = PORT_Strdup(bltest.options[opt_CurveName].arg); - else - curveName = NULL; -#endif - - if (bltest.commands[cmd_Verify].activated && - !bltest.options[opt_SigFile].activated) { - fprintf(stderr, "%s: You must specify a signature file with -f.\n", - progName); - - print_usage: - PORT_Free(cipherInfo); - Usage(); - } - - if (bltest.options[opt_MonteCarlo].activated) { - cipherInfo->mCarlo = PR_TRUE; - } else { - cipherInfo->mCarlo = PR_FALSE; - } - - for (curThrdNum = 0;curThrdNum < threads;curThrdNum++) { - int keysize = 0; - PRFileDesc *file = NULL, *infile; - bltestParams *params; - char *instr = NULL; - PRArenaPool *arena; - - if (curThrdNum > 0) { - bltestCipherInfo *newCInfo = PORT_ZNew(bltestCipherInfo); - if (!newCInfo) { - fprintf(stderr, "%s: Can not allocate memory.\n", progName); - goto exit_point; - } - newCInfo->mode = cipherInfo->mode; - newCInfo->mCarlo = cipherInfo->mCarlo; - newCInfo->repetitionsToPerfom = - cipherInfo->repetitionsToPerfom; - newCInfo->seconds = cipherInfo->seconds; - newCInfo->cxreps = cipherInfo->cxreps; - cipherInfo->next = newCInfo; - cipherInfo = newCInfo; - } - arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); - if (!arena) { - fprintf(stderr, "%s: Can not allocate memory.\n", progName); - goto exit_point; - } - cipherInfo->arena = arena; - params = &cipherInfo->params; - - /* Set up an encryption key. */ - keysize = 0; - file = NULL; - if (is_symmkeyCipher(cipherInfo->mode)) { - char *keystr = NULL; /* if key is on command line */ - if (bltest.options[opt_Key].activated) { - if (bltest.options[opt_CmdLine].activated) { - keystr = bltest.options[opt_Key].arg; - } else { - file = PR_Open(bltest.options[opt_Key].arg, - PR_RDONLY, 00660); - } - } else { - if (bltest.options[opt_KeySize].activated) - keysize = PORT_Atoi(bltest.options[opt_KeySize].arg); - else - keysize = 8; /* use 64-bit default (DES) */ - /* save the random key for reference */ - file = PR_Open("tmp.key", PR_WRONLY|PR_CREATE_FILE, 00660); - } - params->key.mode = ioMode; - setupIO(cipherInfo->arena, ¶ms->key, file, keystr, keysize); - if (file) - PR_Close(file); - } else if (is_pubkeyCipher(cipherInfo->mode)) { - if (bltest.options[opt_Key].activated) { - file = PR_Open(bltest.options[opt_Key].arg, PR_RDONLY, 00660); - } else { - if (bltest.options[opt_KeySize].activated) - keysize = PORT_Atoi(bltest.options[opt_KeySize].arg); - else - keysize = 64; /* use 512-bit default */ - file = PR_Open("tmp.key", PR_WRONLY|PR_CREATE_FILE, 00660); - } - params->key.mode = bltestBase64Encoded; -#ifdef NSS_ENABLE_ECC - pubkeyInitKey(cipherInfo, file, keysize, exponent, curveName); -#else - pubkeyInitKey(cipherInfo, file, keysize, exponent); -#endif - PR_Close(file); - } - - /* set up an initialization vector. */ - if (cipher_requires_IV(cipherInfo->mode)) { - char *ivstr = NULL; - bltestSymmKeyParams *skp; - file = NULL; -#ifdef NSS_SOFTOKEN_DOES_RC5 - if (cipherInfo->mode == bltestRC5_CBC) - skp = (bltestSymmKeyParams *)¶ms->rc5; - else -#endif - skp = ¶ms->sk; - if (bltest.options[opt_IV].activated) { - if (bltest.options[opt_CmdLine].activated) { - ivstr = bltest.options[opt_IV].arg; - } else { - file = PR_Open(bltest.options[opt_IV].arg, - PR_RDONLY, 00660); - } - } else { - /* save the random iv for reference */ - file = PR_Open("tmp.iv", PR_WRONLY|PR_CREATE_FILE, 00660); - } - memset(&skp->iv, 0, sizeof skp->iv); - skp->iv.mode = ioMode; - setupIO(cipherInfo->arena, &skp->iv, file, ivstr, keysize); - if (file) { - PR_Close(file); - } - } - - if (bltest.commands[cmd_Verify].activated) { - file = PR_Open(bltest.options[opt_SigFile].arg, PR_RDONLY, 00660); - if (cipherInfo->mode == bltestDSA) { - memset(&cipherInfo->params.dsa.sig, 0, sizeof(bltestIO)); - cipherInfo->params.dsa.sig.mode = ioMode; - setupIO(cipherInfo->arena, &cipherInfo->params.dsa.sig, - file, NULL, 0); -#ifdef NSS_ENABLE_ECC - } else if (cipherInfo->mode == bltestECDSA) { - memset(&cipherInfo->params.ecdsa.sig, 0, sizeof(bltestIO)); - cipherInfo->params.ecdsa.sig.mode = ioMode; - setupIO(cipherInfo->arena, &cipherInfo->params.ecdsa.sig, - file, NULL, 0); -#endif - } - if (file) { - PR_Close(file); - } - } - - if (bltest.options[opt_PQGFile].activated) { - file = PR_Open(bltest.options[opt_PQGFile].arg, PR_RDONLY, 00660); - params->dsa.pqgdata.mode = bltestBase64Encoded; - setupIO(cipherInfo->arena, ¶ms->dsa.pqgdata, file, NULL, 0); - if (file) { - PR_Close(file); - } - } - - /* Set up the input buffer */ - if (bltest.options[opt_Input].activated) { - if (bltest.options[opt_CmdLine].activated) { - instr = bltest.options[opt_Input].arg; - infile = NULL; - } else { - /* form file name from testdir and input arg. */ - char * filename = bltest.options[opt_Input].arg; - if (bltest.options[opt_SelfTestDir].activated && - testdir && filename && filename[0] != '/') { - filename = PR_smprintf("%s/tests/%s/%s", testdir, - mode_strings[cipherInfo->mode], - filename); - if (!filename) { - fprintf(stderr, "%s: Can not allocate memory.\n", - progName); - goto exit_point; - } - infile = PR_Open(filename, PR_RDONLY, 00660); - PR_smprintf_free(filename); - } else { - infile = PR_Open(filename, PR_RDONLY, 00660); - } - } - } else if (bltest.options[opt_BufSize].activated) { - /* save the random plaintext for reference */ - char *tmpFName = PR_smprintf("tmp.in.%d", curThrdNum); - if (!tmpFName) { - fprintf(stderr, "%s: Can not allocate memory.\n", progName); - goto exit_point; - } - infile = PR_Open(tmpFName, PR_WRONLY|PR_CREATE_FILE, 00660); - PR_smprintf_free(tmpFName); - } else { - infile = PR_STDIN; - } - if (!infile) { - fprintf(stderr, "%s: Failed to open input file.\n", progName); - goto exit_point; - } - cipherInfo->input.mode = ioMode; - - /* Set up the output stream */ - if (bltest.options[opt_Output].activated) { - /* form file name from testdir and input arg. */ - char * filename = bltest.options[opt_Output].arg; - if (bltest.options[opt_SelfTestDir].activated && - testdir && filename && filename[0] != '/') { - filename = PR_smprintf("%s/tests/%s/%s", testdir, - mode_strings[cipherInfo->mode], - filename); - if (!filename) { - fprintf(stderr, "%s: Can not allocate memory.\n", progName); - goto exit_point; - } - outfile = PR_Open(filename, PR_WRONLY|PR_CREATE_FILE, 00660); - PR_smprintf_free(filename); - } else { - outfile = PR_Open(filename, PR_WRONLY|PR_CREATE_FILE, 00660); - } - } else { - outfile = PR_STDOUT; - } - if (!outfile) { - fprintf(stderr, "%s: Failed to open output file.\n", progName); - rv = SECFailure; - goto exit_point; - } - cipherInfo->output.mode = ioMode; - if (bltest.options[opt_SelfTestDir].activated && ioMode == bltestBinary) - cipherInfo->output.mode = bltestBase64Encoded; - - if (is_hashCipher(cipherInfo->mode)) - cipherInfo->params.hash.restart = - bltest.options[opt_Restart].activated; - - bufsize = 0; - if (bltest.options[opt_BufSize].activated) - bufsize = PORT_Atoi(bltest.options[opt_BufSize].arg); - - /*infile = NULL;*/ - setupIO(cipherInfo->arena, &cipherInfo->input, infile, instr, bufsize); - if (infile && infile != PR_STDIN) - PR_Close(infile); - misalignBuffer(cipherInfo->arena, &cipherInfo->input, inoff); - - cipherInit(cipherInfo, bltest.commands[cmd_Encrypt].activated); - misalignBuffer(cipherInfo->arena, &cipherInfo->output, outoff); - } - - if (!bltest.commands[cmd_Nonce].activated) { - TIMESTART(); - cipherInfo = cipherInfoListHead; - while (cipherInfo != NULL) { - cipherInfo->cipherThread = - PR_CreateThread(PR_USER_THREAD, - ThreadExecTest, - cipherInfo, - PR_PRIORITY_NORMAL, - PR_GLOBAL_THREAD, - PR_JOINABLE_THREAD, - 0); - cipherInfo = cipherInfo->next; - } - - cipherInfo = cipherInfoListHead; - while (cipherInfo != NULL) { - PR_JoinThread(cipherInfo->cipherThread); - finishIO(&cipherInfo->output, outfile); - cipherInfo = cipherInfo->next; - } - TIMEFINISH(totalTime, 1); - } - - cipherInfo = cipherInfoListHead; - if (cipherInfo->repetitions > 0 || cipherInfo->cxreps > 0 || - threads > 1) - dump_performance_info(cipherInfoListHead, totalTime, - bltest.commands[cmd_Encrypt].activated, - (cipherInfo->repetitions == 0)); - - rv = SECSuccess; - - exit_point: - if (outfile && outfile != PR_STDOUT) - PR_Close(outfile); - cipherInfo = cipherInfoListHead; - while (cipherInfo != NULL) { - bltestCipherInfo *tmpInfo = cipherInfo; - - if (cipherInfo->arena) - PORT_FreeArena(cipherInfo->arena, PR_TRUE); - cipherInfo = cipherInfo->next; - PORT_Free(tmpInfo); - } - - /*NSS_Shutdown();*/ - - return SECSuccess; -} - diff --git a/security/nss/cmd/bltest/manifest.mn b/security/nss/cmd/bltest/manifest.mn deleted file mode 100644 index 3c283af6d2..0000000000 --- a/security/nss/cmd/bltest/manifest.mn +++ /dev/null @@ -1,58 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** -CORE_DEPTH = ../../.. - -MODULE = nss - -REQUIRES = seccmd dbm softoken - -INCLUDES += -I$(CORE_DEPTH)/nss/lib/softoken - -PROGRAM = bltest - - USE_STATIC_LIBS = 1 - -EXPORTS = \ - $(NULL) - -PRIVATE_EXPORTS = \ - $(NULL) - -CSRCS = \ - blapitest.c \ - $(NULL) - diff --git a/security/nss/cmd/bltest/tests/README b/security/nss/cmd/bltest/tests/README deleted file mode 100644 index 9982a2f150..0000000000 --- a/security/nss/cmd/bltest/tests/README +++ /dev/null @@ -1,49 +0,0 @@ -This directory contains a set of tests for each cipher supported by -BLAPI. Each subdirectory contains known plaintext and ciphertext pairs -(and keys and/or iv's if needed). The tests can be run as a full set -with: - bltest -T -or as subsets, for example: - bltest -T -m des_ecb,md2,rsa - -In each subdirectory, the plaintext, key, and iv are ascii, and treated -as such. The ciphertext is base64-encoded to avoid the hassle of binary -files. - -To add a test, incremement the value in the numtests file. Create a -plaintext, key, and iv file, such that the name of the file is -incrememted one from the last set of tests. For example, if you are -adding the second test, put your data in files named plaintext1, key1, -and iv1 (ignoring key and iv if they are not needed, of course). Make -sure your key and iv are the correct number of bytes for your cipher (a -trailing \n is okay, but any other trailing bytes will be used!). Once -you have your input data, create output data by running bltest on a -trusted implementation. For example, for a new DES ECB test, run - bltest -E -m des_ecb -i plaintext1 -k key1 -o ciphertext1 -a in the -tests/des_ecb directory. Then run - bltest -T des_ecb from the cmd/bltest directory in the tree of the -implementation you want to test. - -Note that the -a option above is important, it tells bltest to expect -the input to be straight ASCII, and not base64 encoded binary! - -Special cases: - -RC5: -RC5 can take additional parameters, the number of rounds to perform and -the wordsize to use. The number of rounds is between is between 0 and -255, and the wordsize is either is either 16, 32, or 64 bits (at this -time only 32-bit is supported). These parameters are specified in a -paramsN file, where N is an index as above. The format of the file is -"rounds=R\nwordsize=W\n". - -public key modes (RSA and DSA): -Asymmetric key ciphers use keys with special properties, so creating a -key file with "Mozilla!" in it will not get you very far! To create a -public key, run bltest with the plaintext you want to encrypt, using a -trusted implementation. bltest will generate a key and store it in -"tmp.key", rename that file to keyN. For example: - bltest -E -m rsa -i plaintext0 -o ciphertext0 -e 65537 -g 32 -a - mv tmp.key key0 - -[note: specifying a keysize (-g) when using RSA is important!] diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext0 deleted file mode 100644 index 040a397d75..0000000000 --- a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -oJLgOzZ1GiWt3DGo2sPKaA== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv0 b/security/nss/cmd/bltest/tests/aes_cbc/iv0 deleted file mode 100644 index 4e65bc0347..0000000000 --- a/security/nss/cmd/bltest/tests/aes_cbc/iv0 +++ /dev/null @@ -1 +0,0 @@ -qwertyuiopasdfgh diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key0 b/security/nss/cmd/bltest/tests/aes_cbc/key0 deleted file mode 100644 index 13911cc29a..0000000000 --- a/security/nss/cmd/bltest/tests/aes_cbc/key0 +++ /dev/null @@ -1 +0,0 @@ -fedcba9876543210 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/numtests b/security/nss/cmd/bltest/tests/aes_cbc/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/aes_cbc/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext0 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext0 deleted file mode 100644 index 8d6a8d555b..0000000000 --- a/security/nss/cmd/bltest/tests/aes_cbc/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -0123456789abcdef diff --git a/security/nss/cmd/bltest/tests/aes_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext0 deleted file mode 100644 index d6818c1d0b..0000000000 --- a/security/nss/cmd/bltest/tests/aes_ecb/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -PVuaCIiaKQhblgFCbVMTTg== diff --git a/security/nss/cmd/bltest/tests/aes_ecb/key0 b/security/nss/cmd/bltest/tests/aes_ecb/key0 deleted file mode 100644 index 13911cc29a..0000000000 --- a/security/nss/cmd/bltest/tests/aes_ecb/key0 +++ /dev/null @@ -1 +0,0 @@ -fedcba9876543210 diff --git a/security/nss/cmd/bltest/tests/aes_ecb/numtests b/security/nss/cmd/bltest/tests/aes_ecb/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/aes_ecb/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/aes_ecb/plaintext0 b/security/nss/cmd/bltest/tests/aes_ecb/plaintext0 deleted file mode 100644 index 8d6a8d555b..0000000000 --- a/security/nss/cmd/bltest/tests/aes_ecb/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -0123456789abcdef diff --git a/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext0 deleted file mode 100644 index e7895954ab..0000000000 --- a/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -taydfPlRJe3wf8Td0xJ9Tw== diff --git a/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext1 b/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext1 deleted file mode 100644 index 7dbd9b036e..0000000000 --- a/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext1 +++ /dev/null @@ -1 +0,0 @@ -yoYCZwKnUMcS4ADHxnwObA== diff --git a/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext2 b/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext2 deleted file mode 100644 index 007a2b0faf..0000000000 --- a/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext2 +++ /dev/null @@ -1 +0,0 @@ -T+Wn4cs1Sbqrh/XtNd4vzQ== diff --git a/security/nss/cmd/bltest/tests/camellia_cbc/iv0 b/security/nss/cmd/bltest/tests/camellia_cbc/iv0 deleted file mode 100644 index 4e65bc0347..0000000000 --- a/security/nss/cmd/bltest/tests/camellia_cbc/iv0 +++ /dev/null @@ -1 +0,0 @@ -qwertyuiopasdfgh diff --git a/security/nss/cmd/bltest/tests/camellia_cbc/key0 b/security/nss/cmd/bltest/tests/camellia_cbc/key0 deleted file mode 100644 index 13911cc29a..0000000000 --- a/security/nss/cmd/bltest/tests/camellia_cbc/key0 +++ /dev/null @@ -1 +0,0 @@ -fedcba9876543210 diff --git a/security/nss/cmd/bltest/tests/camellia_cbc/key1 b/security/nss/cmd/bltest/tests/camellia_cbc/key1 deleted file mode 100644 index a9cb2f12f8..0000000000 --- a/security/nss/cmd/bltest/tests/camellia_cbc/key1 +++ /dev/null @@ -1 +0,0 @@ -fedcba9876543210fedcba98 diff --git a/security/nss/cmd/bltest/tests/camellia_cbc/key2 b/security/nss/cmd/bltest/tests/camellia_cbc/key2 deleted file mode 100644 index ab55fe2ee5..0000000000 --- a/security/nss/cmd/bltest/tests/camellia_cbc/key2 +++ /dev/null @@ -1 +0,0 @@ -fedcba9876543210fedcba9876543210 diff --git a/security/nss/cmd/bltest/tests/camellia_cbc/numtests b/security/nss/cmd/bltest/tests/camellia_cbc/numtests deleted file mode 100644 index 00750edc07..0000000000 --- a/security/nss/cmd/bltest/tests/camellia_cbc/numtests +++ /dev/null @@ -1 +0,0 @@ -3 diff --git a/security/nss/cmd/bltest/tests/camellia_cbc/plaintext0 b/security/nss/cmd/bltest/tests/camellia_cbc/plaintext0 deleted file mode 100644 index 8d6a8d555b..0000000000 --- a/security/nss/cmd/bltest/tests/camellia_cbc/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -0123456789abcdef diff --git a/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext0 deleted file mode 100644 index 084ba780ee..0000000000 --- a/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -6v0CGxSwow3AhsyhunfdbQ== diff --git a/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext1 b/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext1 deleted file mode 100644 index dbd6e5f420..0000000000 --- a/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext1 +++ /dev/null @@ -1 +0,0 @@ -Nf1GwJiBtZT+VPJp+gBhPA== diff --git a/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext2 b/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext2 deleted file mode 100644 index 0b278ce2a6..0000000000 --- a/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext2 +++ /dev/null @@ -1 +0,0 @@ -ilB/0K3SI86Oecwh7cruGA== diff --git a/security/nss/cmd/bltest/tests/camellia_ecb/key0 b/security/nss/cmd/bltest/tests/camellia_ecb/key0 deleted file mode 100644 index 13911cc29a..0000000000 --- a/security/nss/cmd/bltest/tests/camellia_ecb/key0 +++ /dev/null @@ -1 +0,0 @@ -fedcba9876543210 diff --git a/security/nss/cmd/bltest/tests/camellia_ecb/key1 b/security/nss/cmd/bltest/tests/camellia_ecb/key1 deleted file mode 100644 index a9cb2f12f8..0000000000 --- a/security/nss/cmd/bltest/tests/camellia_ecb/key1 +++ /dev/null @@ -1 +0,0 @@ -fedcba9876543210fedcba98 diff --git a/security/nss/cmd/bltest/tests/camellia_ecb/key2 b/security/nss/cmd/bltest/tests/camellia_ecb/key2 deleted file mode 100644 index ab55fe2ee5..0000000000 --- a/security/nss/cmd/bltest/tests/camellia_ecb/key2 +++ /dev/null @@ -1 +0,0 @@ -fedcba9876543210fedcba9876543210 diff --git a/security/nss/cmd/bltest/tests/camellia_ecb/numtests b/security/nss/cmd/bltest/tests/camellia_ecb/numtests deleted file mode 100644 index 00750edc07..0000000000 --- a/security/nss/cmd/bltest/tests/camellia_ecb/numtests +++ /dev/null @@ -1 +0,0 @@ -3 diff --git a/security/nss/cmd/bltest/tests/camellia_ecb/plaintext0 b/security/nss/cmd/bltest/tests/camellia_ecb/plaintext0 deleted file mode 100644 index 8d6a8d555b..0000000000 --- a/security/nss/cmd/bltest/tests/camellia_ecb/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -0123456789abcdef diff --git a/security/nss/cmd/bltest/tests/des3_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/des3_cbc/ciphertext0 deleted file mode 100644 index 61dae3192e..0000000000 --- a/security/nss/cmd/bltest/tests/des3_cbc/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -KV3MDNGKWOc= diff --git a/security/nss/cmd/bltest/tests/des3_cbc/iv0 b/security/nss/cmd/bltest/tests/des3_cbc/iv0 deleted file mode 100644 index 97b5955f78..0000000000 --- a/security/nss/cmd/bltest/tests/des3_cbc/iv0 +++ /dev/null @@ -1 +0,0 @@ -12345678 diff --git a/security/nss/cmd/bltest/tests/des3_cbc/key0 b/security/nss/cmd/bltest/tests/des3_cbc/key0 deleted file mode 100644 index 588efd1118..0000000000 --- a/security/nss/cmd/bltest/tests/des3_cbc/key0 +++ /dev/null @@ -1 +0,0 @@ -abcdefghijklmnopqrstuvwx diff --git a/security/nss/cmd/bltest/tests/des3_cbc/numtests b/security/nss/cmd/bltest/tests/des3_cbc/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/des3_cbc/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/des3_cbc/plaintext0 b/security/nss/cmd/bltest/tests/des3_cbc/plaintext0 deleted file mode 100644 index 5513e438c0..0000000000 --- a/security/nss/cmd/bltest/tests/des3_cbc/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/des3_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/des3_ecb/ciphertext0 deleted file mode 100644 index 76dc820d3b..0000000000 --- a/security/nss/cmd/bltest/tests/des3_ecb/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -RgckVNh4QcM= diff --git a/security/nss/cmd/bltest/tests/des3_ecb/key0 b/security/nss/cmd/bltest/tests/des3_ecb/key0 deleted file mode 100644 index 588efd1118..0000000000 --- a/security/nss/cmd/bltest/tests/des3_ecb/key0 +++ /dev/null @@ -1 +0,0 @@ -abcdefghijklmnopqrstuvwx diff --git a/security/nss/cmd/bltest/tests/des3_ecb/numtests b/security/nss/cmd/bltest/tests/des3_ecb/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/des3_ecb/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/des3_ecb/plaintext0 b/security/nss/cmd/bltest/tests/des3_ecb/plaintext0 deleted file mode 100644 index 5513e438c0..0000000000 --- a/security/nss/cmd/bltest/tests/des3_ecb/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/des_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/des_cbc/ciphertext0 deleted file mode 100644 index 67d2ad1aac..0000000000 --- a/security/nss/cmd/bltest/tests/des_cbc/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -Perdg9FMYQ4= diff --git a/security/nss/cmd/bltest/tests/des_cbc/iv0 b/security/nss/cmd/bltest/tests/des_cbc/iv0 deleted file mode 100644 index 97b5955f78..0000000000 --- a/security/nss/cmd/bltest/tests/des_cbc/iv0 +++ /dev/null @@ -1 +0,0 @@ -12345678 diff --git a/security/nss/cmd/bltest/tests/des_cbc/key0 b/security/nss/cmd/bltest/tests/des_cbc/key0 deleted file mode 100644 index 65513c116c..0000000000 --- a/security/nss/cmd/bltest/tests/des_cbc/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/des_cbc/numtests b/security/nss/cmd/bltest/tests/des_cbc/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/des_cbc/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/des_cbc/plaintext0 b/security/nss/cmd/bltest/tests/des_cbc/plaintext0 deleted file mode 100644 index 5513e438c0..0000000000 --- a/security/nss/cmd/bltest/tests/des_cbc/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/des_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/des_ecb/ciphertext0 deleted file mode 100644 index 8be22fa5c6..0000000000 --- a/security/nss/cmd/bltest/tests/des_ecb/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -3bNoWzzNiFc= diff --git a/security/nss/cmd/bltest/tests/des_ecb/key0 b/security/nss/cmd/bltest/tests/des_ecb/key0 deleted file mode 100644 index 65513c116c..0000000000 --- a/security/nss/cmd/bltest/tests/des_ecb/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/des_ecb/numtests b/security/nss/cmd/bltest/tests/des_ecb/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/des_ecb/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/des_ecb/plaintext0 b/security/nss/cmd/bltest/tests/des_ecb/plaintext0 deleted file mode 100644 index 5513e438c0..0000000000 --- a/security/nss/cmd/bltest/tests/des_ecb/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/dsa/ciphertext0 b/security/nss/cmd/bltest/tests/dsa/ciphertext0 deleted file mode 100644 index 8e7150562e..0000000000 --- a/security/nss/cmd/bltest/tests/dsa/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -fB0bnKWvjT6X5NIkZ5l/Y/DXZ6QNI6j0iPhR/ZERkfj67xRnTWY1cg== diff --git a/security/nss/cmd/bltest/tests/dsa/key0 b/security/nss/cmd/bltest/tests/dsa/key0 deleted file mode 100644 index e582eeb044..0000000000 --- a/security/nss/cmd/bltest/tests/dsa/key0 +++ /dev/null @@ -1,6 +0,0 @@ -AAAAQI3ypJRJInaqPSV1m7BoacvqwNg6+40M98u4Mk8NeILl0HYvxbchDq/C6a2s -Mqt6rElpPfv4NyTC7Ac27jHIApEAAAAUx3MhjHN+yO6ZO08t7TD0jtrOkV8AAABA -Ym0CeDnqChNBMWOlW0y1ACmdVSKVbO/LO/8Q85nOLC5xy53l+iS6v1jlt5Uhklyc -xC6fb0ZLCIzFcq9T5teIAgAAAEAZExhx11sWEqgZ8p140bDXNG96p3u2KoWb/WxW -ddqdIS06Nu8Wcu9mC4x8JVzA7HSFj7oz9EwGaZYwp2sDDuMzAAAAFCBwsyI9ujcv -3hwP/HsuO0mLJgYU diff --git a/security/nss/cmd/bltest/tests/dsa/keyseed0 b/security/nss/cmd/bltest/tests/dsa/keyseed0 deleted file mode 100644 index 6eea359dbd..0000000000 --- a/security/nss/cmd/bltest/tests/dsa/keyseed0 +++ /dev/null @@ -1 +0,0 @@ -AAAAAAAAAAAAAAAAAAAAAAAAAAA= diff --git a/security/nss/cmd/bltest/tests/dsa/numtests b/security/nss/cmd/bltest/tests/dsa/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/dsa/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/dsa/plaintext0 b/security/nss/cmd/bltest/tests/dsa/plaintext0 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/dsa/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/dsa/pqg0 b/security/nss/cmd/bltest/tests/dsa/pqg0 deleted file mode 100644 index f16326cccb..0000000000 --- a/security/nss/cmd/bltest/tests/dsa/pqg0 +++ /dev/null @@ -1,4 +0,0 @@ -AAAAQI3ypJRJInaqPSV1m7BoacvqwNg6+40M98u4Mk8NeILl0HYvxbchDq/C6a2s -Mqt6rElpPfv4NyTC7Ac27jHIApEAAAAUx3MhjHN+yO6ZO08t7TD0jtrOkV8AAABA -Ym0CeDnqChNBMWOlW0y1ACmdVSKVbO/LO/8Q85nOLC5xy53l+iS6v1jlt5Uhklyc -xC6fb0ZLCIzFcq9T5teIAg== diff --git a/security/nss/cmd/bltest/tests/dsa/sigseed0 b/security/nss/cmd/bltest/tests/dsa/sigseed0 deleted file mode 100644 index 05d7fd2d65..0000000000 --- a/security/nss/cmd/bltest/tests/dsa/sigseed0 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/README b/security/nss/cmd/bltest/tests/ecdsa/README deleted file mode 100644 index 764aeec810..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/README +++ /dev/null @@ -1,22 +0,0 @@ -0 secp160k1 -1 secp160r1 -2 secp160r2 -3 nistk163 -4 sect163r1 -5 nistb163 -6 secp192k1 -7 nistp192 -8 secp224k1 -9 nistp224 -10 nistk233 -11 nistb233 -12 nistp256 -13 nistk283 -14 nistb283 -15 nistp384 -16 nistk409 -17 nistb409 -18 nistk571 -19 nistb571 -# the following tests are not yet implemented -#20 nistp521 diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext0 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext0 deleted file mode 100644 index 14d8e0ece7..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -GoWqve3YezF7HOABQjioFL/3oq32oM9pHsGTQTJE7aFE62nItVqAdg== diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext1 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext1 deleted file mode 100644 index 4484aae614..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext1 +++ /dev/null @@ -1 +0,0 @@ -PM6xHbiwP6Xcb44mg7BHtaJvd8PkxgvHAB1sh2cF0so3naFf0Tj6vQ== diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext10 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext10 deleted file mode 100644 index a956d53a61..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext10 +++ /dev/null @@ -1,2 +0,0 @@ -AF3bbyED08NTrUgKmag9HiuUbaW0skXA/Bp9RPjRAD6M0rp3nvLDKozI940jxPP1 -nWpHF7VcyCVzJeV6 diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext11 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext11 deleted file mode 100644 index 8cc2c26234..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext11 +++ /dev/null @@ -1,2 +0,0 @@ -AOLrxy4FWd29ToUjOwLs6GyQ+dYZN6NkZ8oVO6dsAEXt55ePlCWZbOtmk6v9PrNG -JOsY/MHnGhDeAGRl diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext12 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext12 deleted file mode 100644 index 5a05a78637..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext12 +++ /dev/null @@ -1,2 +0,0 @@ -aQHMte9cFByD9Ff3rZOPOtPI75luPoxemmgjXIgh/9jEeoTdDk8xuAYQUkayCfs+ -DpDaGnOLkfAyZ8GcuaCujg== diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext13 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext13 deleted file mode 100644 index 690c00a715..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext13 +++ /dev/null @@ -1,2 +0,0 @@ -AaeVCRJQPbpTqa1+zLd/8xAbkz3KKTr0dlS4tuGC8hc9j5esAeEv+7IklbA3v5Jz -jC+nJy4p81iNO5E9H8nfGGckfQSiFzHG diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext14 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext14 deleted file mode 100644 index fe527c6256..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext14 +++ /dev/null @@ -1,2 +0,0 @@ -AgU0N7zJPg/1UxmCWD5Z+DqDqkRKjy4heFgayCyopb/u4XErAZArgsjashAxzMKC -PSDJasPT90T5Va8sNtjXtSpHWxc2roV9 diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext15 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext15 deleted file mode 100644 index d1090942a2..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext15 +++ /dev/null @@ -1,2 +0,0 @@ -NXo8is+7lAoOwWGt7+GBbT/UX8LGs8TXEHBI+tX9311pJ4J3pfBYobgN0ZK6ZBtp -dS6PkrPaQp0S9nrfTOS5uAH95eD1eymRfCbOnjTUKzLuIn53V17vRjdcDtLzrhzX diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext16 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext16 deleted file mode 100644 index d5fe14482a..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext16 +++ /dev/null @@ -1,3 +0,0 @@ -ADhxjBz/ACTy4GJlL0tYZpyNpC4DsXND9lJuU7x9N7g6gkpJyBPw3vBYU1olw6PH -dnegpgAm4Gh6MCsZB4KBcLwl1wjt4B3p2eqEqDYn5fiie5f4XuRomvI92jR5Sb+I -nBLCHIppt/Q= diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext17 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext17 deleted file mode 100644 index 486bf664f9..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext17 +++ /dev/null @@ -1,3 +0,0 @@ -AGhHQ6kfdZRgu1svQTXEIewvFVglnUy6ANPumyUbM14AEfRkCUNa1uzvhV1sbWYj -qT3egQCA9MTjThDNJeDOvvL6hVVOryUv4+C3RtkpQGCtdml+CSsjVTej8h9JbMds -Dme40b2G6fE= diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext18 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext18 deleted file mode 100644 index 7eeef38118..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext18 +++ /dev/null @@ -1,3 +0,0 @@ -AGBuqk48tufy0bKEWpu+xEHsmi+6KCfdwOSRwLDnpVetGe9AWknHDzeTSwe0QxcE -RsEkUZGDpxfzUlCLSSSU+ErrYY/uyLV2AJTb3prB6A2YNwdmFGeRbDoxeOu7FuQA -3gxBQhR+TGMuskeM+BdHFmFrwvTTdHCGzjTBa5S8mbgEJTfeik/it28T/9i+duZ8 diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext19 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext19 deleted file mode 100644 index ef8e5f3818..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext19 +++ /dev/null @@ -1,3 +0,0 @@ -AaiotJfCiWU1d2LFe+t0CcWHDSF7EOlApWYJ+RNRSq8TbkXJIzi6abbb7BovtRwf -i/COYwjS7OnkFQ6x5Pdrb7OZ0dTAdDRXAKtXWSKR20Y4fhnx/HUxisFwKrsCEQ3O -uVtwDG8rh5V8zjBnCEcs5Iy9CsklucibR0PIyglVmW+ZuY42YNebuOC2VUKqHNF7 diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext2 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext2 deleted file mode 100644 index a3837a4105..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext2 +++ /dev/null @@ -1 +0,0 @@ -Vli8Hau3xL8oder6ZdM9Y3fMd92jbguiMq6F+9CUjlUQXy5EwAVGeg== diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext20 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext20 deleted file mode 100644 index 67c99244a0..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext20 +++ /dev/null @@ -1,3 +0,0 @@ -ALAM5hGnex7TvBbSEzDlfv+n5g7aWyRyZsBbl2Y6wW1plSovbq2GcV6w1ZV1Vlot -70zbqkKyNApvTi3xoD4Ens6pAeLMYDILwaQhnyJZWQv3etbWqUKJZNgfH1IDj03k -n9hbjYLX3y4bc4CnrhOiv5Ab34s7M8wUYcjC+DbHwhLl/S6N diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext3 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext3 deleted file mode 100644 index e9a480882b..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext3 +++ /dev/null @@ -1 +0,0 @@ -AFohw5TN/dpmqbhp/T4z1Rl1boAUA6r9eEPJbYN0zf+eHZzyvezxqjxU diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext4 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext4 deleted file mode 100644 index 57ce239ab3..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext4 +++ /dev/null @@ -1 +0,0 @@ -AtJdCPXn5yQW34jekhsnsNmaMOeeA3KIVl1d2+7pb6QycUAzYccgwSrp diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext5 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext5 deleted file mode 100644 index e476c80bfc..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext5 +++ /dev/null @@ -1 +0,0 @@ -AzEg0sOGHwxd0o3cv+o9dsRPOzXMAdpgtI6O0uUmVN2+a5qI5FYQlItz diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext6 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext6 deleted file mode 100644 index bdea7171d0..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext6 +++ /dev/null @@ -1 +0,0 @@ -5+HDXH/ieN8Bzxd3dfxKZoqbbhsm7jyeqWdemt6Xy0kx+7zwSYsh9Ng5KRdy6wtA diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext7 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext7 deleted file mode 100644 index 3273fd9f73..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext7 +++ /dev/null @@ -1 +0,0 @@ -WcS9umnUASP0X6lHvkWJwPY37ZVvAMLBERHLjL3Vzg6QVjwcS8kDVortTFei3aTx diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext8 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext8 deleted file mode 100644 index 636392e435..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext8 +++ /dev/null @@ -1,2 +0,0 @@ -ItpmPaGAaoe2feXPbh5+EASLGnEzyYbEnwJ+JFNSOQcoY4a/cMV2rn8FYyBsEDiZ -LPDBU0i2uOg= diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext9 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext9 deleted file mode 100644 index 0c43fa3d79..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext9 +++ /dev/null @@ -1,2 +0,0 @@ -QjzCVGRUjulOLqeBqC5xpY0GWomOrmQUCtImY0czn98a/jHrdgsSRKiMHukBUxM1 -TIRGjkV2L+A= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key0 b/security/nss/cmd/bltest/tests/ecdsa/key0 deleted file mode 100644 index 7c6d61b361..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key0 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAAkAAAApBPiF0ntSFtn41JULxlA1l/lHE/zUPGJWkCqtdOryS6yD -WFCoF/IHwHsAAAAUcw+b2b1AJUlmezgu5EjmAGPC0YQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key1 b/security/nss/cmd/bltest/tests/ecdsa/key1 deleted file mode 100644 index 049aa1edbc..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key1 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAAgAAAApBI80VWK9xatmkFRiDTcdeFQ0T9h3h6iVOinMURyWZw0T -5vZqd8/gvwwAAAAUYOQMjDdtNSL5zY0nVWPWY+UJoqQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key10 b/security/nss/cmd/bltest/tests/ecdsa/key10 deleted file mode 100644 index 3e33417143..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key10 +++ /dev/null @@ -1,3 +0,0 @@ -AAAABwYFK4EEABoAAAA9BACmzalMQJBOWV2FoyV0tXSpT07Xajq4bB1SUwSY7QGn -dgGC3GBqjPs9vEpqfMMQ2M9k3+5oubWnexNFhQAAAB4BRha/6sE7VSHl92ZqCj5p -LYtBpK23jzfdVWO8SAY= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key11 b/security/nss/cmd/bltest/tests/ecdsa/key11 deleted file mode 100644 index 6111d52ad7..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key11 +++ /dev/null @@ -1,3 +0,0 @@ -AAAABwYFK4EEABsAAAA9BAD2/x9HSYYVEQ9AU4MivlIKPypJjsm0sTrp8BftlQGv -KaYrKpZCg/CEw3C2kqvke7HAu+10hafK9asRxQAAAB4AXyFCurtsXhahkyJpkb5J -LUg3xVL00vviR0KyFZY= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key12 b/security/nss/cmd/bltest/tests/ecdsa/key12 deleted file mode 100644 index 491fdba1b8..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key12 +++ /dev/null @@ -1,3 +0,0 @@ -AAAACgYIKoZIzj0DAQcAAABBBNGB7n4kH15tKA/SMpetaQVqg6WxIuuUuMQT2tDX -NN5jKZfaxD47NsTjTr3x3D5t1qRBYuL6VtdgIuxBIHGG9dcAAAAgaGjyZBL+LN3a -7NkGiHJBfqh7XKNH0AnPF3vFWpostIQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key13 b/security/nss/cmd/bltest/tests/ecdsa/key13 deleted file mode 100644 index fc8057a57e..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key13 +++ /dev/null @@ -1,3 +0,0 @@ -AAAABwYFK4EEABAAAABJBAT3klWkt7+1Pr6QGEcvEIZplopwt1alrsJUThDOxvUF -7KvBpQLVjB+DQTwYQnEREb/WFyRgUBuIbII0+zd/g0fLHE4PQ8SNlAAAACQFPsMX -mqSVRreUVasUOIZQFB2jnpwCUyoq+xa9SRril5LeOCY= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key14 b/security/nss/cmd/bltest/tests/ecdsa/key14 deleted file mode 100644 index 2e158236cb..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key14 +++ /dev/null @@ -1,3 +0,0 @@ -AAAABwYFK4EEABEAAABJBAf/ei/XCrFrMZLBp5BFkKZ3Odn+ZJu7QIAK32Ubuxmi -xgWTewf2vv+KY5kHwsBYuBXmmnKe9Ak9zGP4Lykvgk5n5J6iUz5ycQAAACQAQHXa -d29OqGxoDNCl9xETW3tAL/2hfZzstNuOPLm5kj4j1Dc= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key15 b/security/nss/cmd/bltest/tests/ecdsa/key15 deleted file mode 100644 index a062f1f67b..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key15 +++ /dev/null @@ -1,4 +0,0 @@ -AAAABwYFK4EEACIAAABhBLWMJG3t4khPYcsl3H492rAqukJ1RqJm27pqpN54rFGG -r2VDwOfqb9tMninq8IyOh42eaaVOEPXXu4Q/ATWBEfrbTRBjTpzAE2SSPuQma0lM -q0RSVECCgdBOKIhB0H6VxAAAADA3WPjUaMWCS9E5KbVDrEcf5CV5tCNNWJQkwjsA -yALMCiXJqRVXwbq42WMuaELMW+g= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key16 b/security/nss/cmd/bltest/tests/ecdsa/key16 deleted file mode 100644 index d2694ae412..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key16 +++ /dev/null @@ -1,4 +0,0 @@ -AAAABwYFK4EEACQAAABpBADkgknFgTPuirxQxFlqIK+vcARWzlpJR+qmyRyQsBiz -Nh6Ws036xUKY9M8LxMIWXFNM6aIA2wxKsBF+HHD6oy27EAJSJOGbke/9F9Kv5AiW -2RXA4mllUaxCNsuQ36PqUdqv4FeXxWTpAAAANAHTZloqhR0V4bfyaeo2hojcvY3T -NO04ewNryBpsHZ0bhID0EfewYuwQmX00GYNfuV3mJ2w= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key17 b/security/nss/cmd/bltest/tests/ecdsa/key17 deleted file mode 100644 index 30be05774d..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key17 +++ /dev/null @@ -1,4 +0,0 @@ -AAAABwYFK4EEACUAAABpBAAEE/bAmqCjO3FLvN93Q/UjDyDp2sj+F//buuf1hZ0K -1rSOGXMLcBrqVa8R6UJ57F9/Yc0BCTylpJMXjfCr4eDczG4WOQk+5x8kpKQs5Q9U -V3IolHDiQY/Nhn7o4UFn5/mF71T3qUqwAAAANAH/o7jEl9Bw+Arj9uQ7ZHkoPGgx -t92UJg1r/lxa7UUd66iJfRI8n8yQH/sw56D1+CweeII= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key18 b/security/nss/cmd/bltest/tests/ecdsa/key18 deleted file mode 100644 index bbdcb13711..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key18 +++ /dev/null @@ -1,5 +0,0 @@ -AAAABwYFK4EEACYAAACRBAffZTrfwIl0dciO2fui3UhZw6r+jnFh7gyER92gXL7+ -LzPgTHagd1vdQiIX4K8Dv76KN0BldiFuX5odP7qC26MUaiURDdWT0AWcPmumSSBH -NXZYLLx5hQjW3BTNwV7v5bmUjezfgtuOCC30dQGs2GMgExAmiWRjTkiPrHg1SFKF -3RklauOyMWauaVpEzh3c+wAAAEgAZvLs4/Rx7tS+QGH92fGGIxPWPbVYOpDKwabY -poV2i1BD5Fxvw+eHlvxVOLmRPqRCPTfOLwAeNbHyt17U/BVZ8+svTChlzuA= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key19 b/security/nss/cmd/bltest/tests/ecdsa/key19 deleted file mode 100644 index 31b4071f2e..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key19 +++ /dev/null @@ -1,5 +0,0 @@ -AAAABwYFK4EEACcAAACRBASpPvOfQVqiMD+cBL/nulFit5pk/5beJ6/KpeIltg4s -6/s7PPggJA59BP7RJwak6rgY3PsRqXVPjyM/1UkUfRUR2BJgOfNTkQe9WF7Y5zXy -TM76cWhOP+sLSoUcscy/HTLCpHqRLLvWZPDzgjrfJqSlydMEDZjWsJRVPk9IfeQ/ -amGiWOhJIQd/bSrAazZn6AAAAEgFz1qZzjHuhuP1boJ7gzndJhQslx1efbESxHSc -wbOpeBpw2MsCAwjtgo3Y8pviFIC8+5MStkFjE8uHQ0ngXc02wm3G0xj8XGQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key2 b/security/nss/cmd/bltest/tests/ecdsa/key2 deleted file mode 100644 index f4ba6f2f2b..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key2 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAB4AAAApBGouC+vgvmItzsLO4hXn+AXi3skEE+M19o/QHLfjibbA -p7av8F4tcGgAAAAUmpQDUgnIkiXPBs0moD4jEmJHato= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key20 b/security/nss/cmd/bltest/tests/ecdsa/key20 deleted file mode 100644 index c4da3486de..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key20 +++ /dev/null @@ -1,5 +0,0 @@ -AAAABwYFK4EEACMAAACFBAHLMSpMFVyG6mXE7SZ5O5Bwv4d8/QiAB3BzpXkyrU1W -jJ9O9uOYTXM+cFtF5v56+LsI4yGkaAl9+RF6lFPjrhpIswCmBmEqMBgZpjoz38my -nLHBI9MaFF8AHkRQwD3LJLo4eSZHOVkdIvDYLwicdlgr0zD3Nf76/HB1+0DkBGqE -MyG22gAAAEIAFah7z179UbqqdH68pzdZsP1ChXjtYZ11rBM0+HP7yLirxH3ahKTt -DjsY19GEjz4gKsaLfLiQ1/Dp+VKVLcBKpk0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key3 b/security/nss/cmd/bltest/tests/ecdsa/key3 deleted file mode 100644 index 689e06bda5..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key3 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAAEAAAArBAe4qW9DTVGRVIYYznwJZbn8mWXLugA2A+Mv112Bu+y7 -gxI8E4/fEdLTsQAAABUGEQDNcbxi0JhwALA8FCCxvmWYM3E= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key4 b/security/nss/cmd/bltest/tests/ecdsa/key4 deleted file mode 100644 index 90ecb72c6f..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key4 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAAIAAAArBAXw45Pc59l1QWmAB1W6M30lyFzQmAH/0FIFKYgEOYIa -dnEXMwKNwaRdsQAAABUCErj052f+Rth5OxAm376LOAQyvBY= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key5 b/security/nss/cmd/bltest/tests/ecdsa/key5 deleted file mode 100644 index b9d221f8e5..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key5 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAA8AAAArBAFhm71N2wsUOYCwDNr/6rFvNX1okAbki1SNlHq2TQDO -Bktd1M0jlApWVQAAABUCILsraWg3Qi5nBsXQ1pGmZk0YuSA= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key6 b/security/nss/cmd/bltest/tests/ecdsa/key6 deleted file mode 100644 index 92fb463dc5..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key6 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAB8AAAAxBHOYACoc9XsLk5n8NZZKV2U9CDoMj/VRDvqbf+myloR7 -uBfVNm+uVN33Sa65phAfXQAAABitxs6KZtkqU4tglcdQ1Rmk2U74vjYP0JM= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key7 b/security/nss/cmd/bltest/tests/ecdsa/key7 deleted file mode 100644 index 83fced1844..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key7 +++ /dev/null @@ -1,2 +0,0 @@ -AAAACgYIKoZIzj0DAQEAAAAxBOyOI+rIs3x+jsChxQqSVblnoZGqhIM1WX0FMfw+ -D8Dz6Y25iPcAQFpIAWh29FxnrgAAABh+uEQYXwMB783sULxE6PEd1t/MNZ9HSHI= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key8 b/security/nss/cmd/bltest/tests/ecdsa/key8 deleted file mode 100644 index cc7c6103b5..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key8 +++ /dev/null @@ -1,3 +0,0 @@ -AAAABwYFK4EEACAAAAA5BKQnZoj4VtlPqrJ5dekM4haG+7PjfgO4wNNIqD7JnrKI -gTUd+oUQ41d517xCObyBaHNzdVPty9DvAAAAHIrG9+FE+OJV5UV2l/op7PCDPI4G -qkpgzPIwe7U= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key9 b/security/nss/cmd/bltest/tests/ecdsa/key9 deleted file mode 100644 index ab8f43bae6..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key9 +++ /dev/null @@ -1,3 +0,0 @@ -AAAABwYFK4EEACEAAAA5BGCNDWldzQCbI83PMR96tqR6JnIUpvfIO8l6hIf/QfMc -rx2BbrSLoy6EJmP++Jyw5yNyaoVaNYl6AAAAHDnjgcUSIshTSLuejnSsvtvU363b -1NJv4ULUbIs= diff --git a/security/nss/cmd/bltest/tests/ecdsa/numtests b/security/nss/cmd/bltest/tests/ecdsa/numtests deleted file mode 100644 index aabe6ec390..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/numtests +++ /dev/null @@ -1 +0,0 @@ -21 diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext0 b/security/nss/cmd/bltest/tests/ecdsa/plaintext0 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext1 b/security/nss/cmd/bltest/tests/ecdsa/plaintext1 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext1 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext10 b/security/nss/cmd/bltest/tests/ecdsa/plaintext10 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext10 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext11 b/security/nss/cmd/bltest/tests/ecdsa/plaintext11 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext11 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext12 b/security/nss/cmd/bltest/tests/ecdsa/plaintext12 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext12 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext13 b/security/nss/cmd/bltest/tests/ecdsa/plaintext13 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext13 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext14 b/security/nss/cmd/bltest/tests/ecdsa/plaintext14 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext14 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext15 b/security/nss/cmd/bltest/tests/ecdsa/plaintext15 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext15 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext16 b/security/nss/cmd/bltest/tests/ecdsa/plaintext16 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext16 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext17 b/security/nss/cmd/bltest/tests/ecdsa/plaintext17 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext17 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext18 b/security/nss/cmd/bltest/tests/ecdsa/plaintext18 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext18 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext19 b/security/nss/cmd/bltest/tests/ecdsa/plaintext19 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext19 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext2 b/security/nss/cmd/bltest/tests/ecdsa/plaintext2 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext2 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext20 b/security/nss/cmd/bltest/tests/ecdsa/plaintext20 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext20 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext3 b/security/nss/cmd/bltest/tests/ecdsa/plaintext3 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext3 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext4 b/security/nss/cmd/bltest/tests/ecdsa/plaintext4 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext4 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext5 b/security/nss/cmd/bltest/tests/ecdsa/plaintext5 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext5 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext6 b/security/nss/cmd/bltest/tests/ecdsa/plaintext6 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext6 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext7 b/security/nss/cmd/bltest/tests/ecdsa/plaintext7 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext7 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext8 b/security/nss/cmd/bltest/tests/ecdsa/plaintext8 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext8 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext9 b/security/nss/cmd/bltest/tests/ecdsa/plaintext9 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext9 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed0 b/security/nss/cmd/bltest/tests/ecdsa/sigseed0 deleted file mode 100644 index 05d7fd2d65..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed0 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed1 b/security/nss/cmd/bltest/tests/ecdsa/sigseed1 deleted file mode 100644 index 05d7fd2d65..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed1 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed10 b/security/nss/cmd/bltest/tests/ecdsa/sigseed10 deleted file mode 100644 index 6983e5f7d6..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed10 +++ /dev/null @@ -1 +0,0 @@ -fjIzMWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed11 b/security/nss/cmd/bltest/tests/ecdsa/sigseed11 deleted file mode 100644 index 6983e5f7d6..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed11 +++ /dev/null @@ -1 +0,0 @@ -fjIzMWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed12 b/security/nss/cmd/bltest/tests/ecdsa/sigseed12 deleted file mode 100644 index 92aa40c82a..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed12 +++ /dev/null @@ -1 +0,0 @@ -/jI1NmJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDk= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed13 b/security/nss/cmd/bltest/tests/ecdsa/sigseed13 deleted file mode 100644 index 4ac0765848..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed13 +++ /dev/null @@ -1 +0,0 @@ -ATI4MWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBi diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed14 b/security/nss/cmd/bltest/tests/ecdsa/sigseed14 deleted file mode 100644 index 4ac0765848..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed14 +++ /dev/null @@ -1 +0,0 @@ -ATI4MWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBi diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed15 b/security/nss/cmd/bltest/tests/ecdsa/sigseed15 deleted file mode 100644 index 0975230325..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed15 +++ /dev/null @@ -1 +0,0 @@ -/jM4NGJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDEx diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed16 b/security/nss/cmd/bltest/tests/ecdsa/sigseed16 deleted file mode 100644 index 36fbf09513..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed16 +++ /dev/null @@ -1 +0,0 @@ -fjQwN2JpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDExMTIx diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed17 b/security/nss/cmd/bltest/tests/ecdsa/sigseed17 deleted file mode 100644 index 36fbf09513..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed17 +++ /dev/null @@ -1 +0,0 @@ -fjQwN2JpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDExMTIx diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed18 b/security/nss/cmd/bltest/tests/ecdsa/sigseed18 deleted file mode 100644 index 7be8ce6dd9..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed18 +++ /dev/null @@ -1,2 +0,0 @@ -PjU2NmJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz -MTQxNTE2MTcxODE5MWExYjE= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed19 b/security/nss/cmd/bltest/tests/ecdsa/sigseed19 deleted file mode 100644 index 7be8ce6dd9..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed19 +++ /dev/null @@ -1,2 +0,0 @@ -PjU2NmJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz -MTQxNTE2MTcxODE5MWExYjE= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed2 b/security/nss/cmd/bltest/tests/ecdsa/sigseed2 deleted file mode 100644 index 05d7fd2d65..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed2 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed20 b/security/nss/cmd/bltest/tests/ecdsa/sigseed20 deleted file mode 100644 index f0dddb66c7..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed20 +++ /dev/null @@ -1,2 +0,0 @@ -/jUyMGJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz -MTQxNTE2MTcxODE= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed3 b/security/nss/cmd/bltest/tests/ecdsa/sigseed3 deleted file mode 100644 index 05d7fd2d65..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed3 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed4 b/security/nss/cmd/bltest/tests/ecdsa/sigseed4 deleted file mode 100644 index 05d7fd2d65..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed4 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed5 b/security/nss/cmd/bltest/tests/ecdsa/sigseed5 deleted file mode 100644 index 05d7fd2d65..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed5 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed6 b/security/nss/cmd/bltest/tests/ecdsa/sigseed6 deleted file mode 100644 index a0687196c4..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed6 +++ /dev/null @@ -1 +0,0 @@ -/jE5MmJpdHNPZlRleHQwMDAwMDAwMDAw diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed7 b/security/nss/cmd/bltest/tests/ecdsa/sigseed7 deleted file mode 100644 index a0687196c4..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed7 +++ /dev/null @@ -1 +0,0 @@ -/jE5MmJpdHNPZlRleHQwMDAwMDAwMDAw diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed8 b/security/nss/cmd/bltest/tests/ecdsa/sigseed8 deleted file mode 100644 index 01ae265740..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed8 +++ /dev/null @@ -1 +0,0 @@ -/jIyNGJpdHNPZlRleHQwMDAwMDAwMDAwMDAwMA== diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed9 b/security/nss/cmd/bltest/tests/ecdsa/sigseed9 deleted file mode 100644 index 01ae265740..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed9 +++ /dev/null @@ -1 +0,0 @@ -/jIyNGJpdHNPZlRleHQwMDAwMDAwMDAwMDAwMA== diff --git a/security/nss/cmd/bltest/tests/md2/ciphertext0 b/security/nss/cmd/bltest/tests/md2/ciphertext0 deleted file mode 100644 index 22e1fc496c..0000000000 --- a/security/nss/cmd/bltest/tests/md2/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -CS/UNcrWhB5Knt7Gf8Tz3Q== diff --git a/security/nss/cmd/bltest/tests/md2/numtests b/security/nss/cmd/bltest/tests/md2/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/md2/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/md2/plaintext0 b/security/nss/cmd/bltest/tests/md2/plaintext0 deleted file mode 100644 index dce2994ba5..0000000000 --- a/security/nss/cmd/bltest/tests/md2/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -16-bytes to MD2. diff --git a/security/nss/cmd/bltest/tests/md5/ciphertext0 b/security/nss/cmd/bltest/tests/md5/ciphertext0 deleted file mode 100644 index ea11ee523b..0000000000 --- a/security/nss/cmd/bltest/tests/md5/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -XN8lnQuWAiMqmSGfvd8Hdw== diff --git a/security/nss/cmd/bltest/tests/md5/numtests b/security/nss/cmd/bltest/tests/md5/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/md5/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/md5/plaintext0 b/security/nss/cmd/bltest/tests/md5/plaintext0 deleted file mode 100644 index 5ae3875e2a..0000000000 --- a/security/nss/cmd/bltest/tests/md5/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -63-byte input to MD5 can be a bit tricky, but no problems here. diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/rc2_cbc/ciphertext0 deleted file mode 100644 index d964ef8644..0000000000 --- a/security/nss/cmd/bltest/tests/rc2_cbc/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -3ki6eVsWpY8= diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/iv0 b/security/nss/cmd/bltest/tests/rc2_cbc/iv0 deleted file mode 100644 index 97b5955f78..0000000000 --- a/security/nss/cmd/bltest/tests/rc2_cbc/iv0 +++ /dev/null @@ -1 +0,0 @@ -12345678 diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/key0 b/security/nss/cmd/bltest/tests/rc2_cbc/key0 deleted file mode 100644 index 65513c116c..0000000000 --- a/security/nss/cmd/bltest/tests/rc2_cbc/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/numtests b/security/nss/cmd/bltest/tests/rc2_cbc/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/rc2_cbc/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/plaintext0 b/security/nss/cmd/bltest/tests/rc2_cbc/plaintext0 deleted file mode 100644 index 5513e438c0..0000000000 --- a/security/nss/cmd/bltest/tests/rc2_cbc/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/rc2_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/rc2_ecb/ciphertext0 deleted file mode 100644 index 337d307655..0000000000 --- a/security/nss/cmd/bltest/tests/rc2_ecb/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -WT+tc4fANhQ= diff --git a/security/nss/cmd/bltest/tests/rc2_ecb/key0 b/security/nss/cmd/bltest/tests/rc2_ecb/key0 deleted file mode 100644 index 65513c116c..0000000000 --- a/security/nss/cmd/bltest/tests/rc2_ecb/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/rc2_ecb/numtests b/security/nss/cmd/bltest/tests/rc2_ecb/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/rc2_ecb/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/rc2_ecb/plaintext0 b/security/nss/cmd/bltest/tests/rc2_ecb/plaintext0 deleted file mode 100644 index 5513e438c0..0000000000 --- a/security/nss/cmd/bltest/tests/rc2_ecb/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/rc4/ciphertext0 b/security/nss/cmd/bltest/tests/rc4/ciphertext0 deleted file mode 100644 index 004f13472a..0000000000 --- a/security/nss/cmd/bltest/tests/rc4/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -34sTZJtr20k= diff --git a/security/nss/cmd/bltest/tests/rc4/ciphertext1 b/security/nss/cmd/bltest/tests/rc4/ciphertext1 deleted file mode 100644 index 6050da4c68..0000000000 --- a/security/nss/cmd/bltest/tests/rc4/ciphertext1 +++ /dev/null @@ -1 +0,0 @@ -34sTZJtr20nGP6VxS3BIBxxIYm6QGIa1rehFHn51z9M= diff --git a/security/nss/cmd/bltest/tests/rc4/key0 b/security/nss/cmd/bltest/tests/rc4/key0 deleted file mode 100644 index 65513c116c..0000000000 --- a/security/nss/cmd/bltest/tests/rc4/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/rc4/key1 b/security/nss/cmd/bltest/tests/rc4/key1 deleted file mode 100644 index 65513c116c..0000000000 --- a/security/nss/cmd/bltest/tests/rc4/key1 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/rc4/numtests b/security/nss/cmd/bltest/tests/rc4/numtests deleted file mode 100644 index 0cfbf08886..0000000000 --- a/security/nss/cmd/bltest/tests/rc4/numtests +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/security/nss/cmd/bltest/tests/rc4/plaintext0 b/security/nss/cmd/bltest/tests/rc4/plaintext0 deleted file mode 100644 index 5513e438c0..0000000000 --- a/security/nss/cmd/bltest/tests/rc4/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/rc4/plaintext1 b/security/nss/cmd/bltest/tests/rc4/plaintext1 deleted file mode 100644 index d41abc7b84..0000000000 --- a/security/nss/cmd/bltest/tests/rc4/plaintext1 +++ /dev/null @@ -1 +0,0 @@ -Mozilla!Mozilla!Mozilla!Mozilla! diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/rc5_cbc/ciphertext0 deleted file mode 100644 index 544713b339..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_cbc/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -qsv4Fn2J6d0= diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/iv0 b/security/nss/cmd/bltest/tests/rc5_cbc/iv0 deleted file mode 100644 index 97b5955f78..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_cbc/iv0 +++ /dev/null @@ -1 +0,0 @@ -12345678 diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/key0 b/security/nss/cmd/bltest/tests/rc5_cbc/key0 deleted file mode 100644 index 65513c116c..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_cbc/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/numtests b/security/nss/cmd/bltest/tests/rc5_cbc/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_cbc/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/params0 b/security/nss/cmd/bltest/tests/rc5_cbc/params0 deleted file mode 100644 index d68e0362d5..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_cbc/params0 +++ /dev/null @@ -1,2 +0,0 @@ -rounds=10 -wordsize=4 diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/plaintext0 b/security/nss/cmd/bltest/tests/rc5_cbc/plaintext0 deleted file mode 100644 index 5513e438c0..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_cbc/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/rc5_ecb/ciphertext0 deleted file mode 100644 index 133777dd08..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_ecb/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -4ZKK/1v5Ohc= diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/key0 b/security/nss/cmd/bltest/tests/rc5_ecb/key0 deleted file mode 100644 index 65513c116c..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_ecb/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/numtests b/security/nss/cmd/bltest/tests/rc5_ecb/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_ecb/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/params0 b/security/nss/cmd/bltest/tests/rc5_ecb/params0 deleted file mode 100644 index d68e0362d5..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_ecb/params0 +++ /dev/null @@ -1,2 +0,0 @@ -rounds=10 -wordsize=4 diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/plaintext0 b/security/nss/cmd/bltest/tests/rc5_ecb/plaintext0 deleted file mode 100644 index 5513e438c0..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_ecb/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/rsa/ciphertext0 b/security/nss/cmd/bltest/tests/rsa/ciphertext0 deleted file mode 100644 index 943ea599ae..0000000000 --- a/security/nss/cmd/bltest/tests/rsa/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -qPVrXv0y3SC5rY44bIi6GE4Aec8uDpHH7/cCg0FU5as= diff --git a/security/nss/cmd/bltest/tests/rsa/key0 b/security/nss/cmd/bltest/tests/rsa/key0 deleted file mode 100644 index 1352fe9866..0000000000 --- a/security/nss/cmd/bltest/tests/rsa/key0 +++ /dev/null @@ -1,4 +0,0 @@ -AAAAAAAAACC5lyu2K2ro8YGnvOCKaL1sFX1HEIblIVbuMXsa8oeFSwAAAAERAAAA -IBXVjKwFG6LvPG4WOIjBBzmxGNpkQwDs3W5qZcXVzqahAAAAEOEOH/WnhZCJyM39 -oNfhf18AAAAQ0xvmxqXXs3L62xxogUl9lQAAABAaeiHgqkvy4wiQtG1Gkv/tAAAA -EMaw2TNu6SFdKFXAYluQdjEAAAAQi0u+IlgKCt/hatGAsTrfzQ== diff --git a/security/nss/cmd/bltest/tests/rsa/numtests b/security/nss/cmd/bltest/tests/rsa/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/rsa/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/rsa/plaintext0 b/security/nss/cmd/bltest/tests/rsa/plaintext0 deleted file mode 100644 index d915bc88c4..0000000000 --- a/security/nss/cmd/bltest/tests/rsa/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -512bitsforRSAPublicKeyEncryption diff --git a/security/nss/cmd/bltest/tests/seed_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/seed_cbc/ciphertext0 deleted file mode 100644 index 97e970e1ba..0000000000 --- a/security/nss/cmd/bltest/tests/seed_cbc/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -JVdzim3if1YIcpGABasoCQ== diff --git a/security/nss/cmd/bltest/tests/seed_cbc/iv0 b/security/nss/cmd/bltest/tests/seed_cbc/iv0 deleted file mode 100644 index 2b3b07661c..0000000000 --- a/security/nss/cmd/bltest/tests/seed_cbc/iv0 +++ /dev/null @@ -1 +0,0 @@ -1234567890123456 diff --git a/security/nss/cmd/bltest/tests/seed_cbc/key0 b/security/nss/cmd/bltest/tests/seed_cbc/key0 deleted file mode 100644 index 13911cc29a..0000000000 --- a/security/nss/cmd/bltest/tests/seed_cbc/key0 +++ /dev/null @@ -1 +0,0 @@ -fedcba9876543210 diff --git a/security/nss/cmd/bltest/tests/seed_cbc/numtests b/security/nss/cmd/bltest/tests/seed_cbc/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/seed_cbc/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/seed_cbc/plaintext0 b/security/nss/cmd/bltest/tests/seed_cbc/plaintext0 deleted file mode 100644 index 8d6a8d555b..0000000000 --- a/security/nss/cmd/bltest/tests/seed_cbc/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -0123456789abcdef diff --git a/security/nss/cmd/bltest/tests/seed_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/seed_ecb/ciphertext0 deleted file mode 100644 index 314ffbd8e6..0000000000 --- a/security/nss/cmd/bltest/tests/seed_ecb/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -GX8KY3uUhAQnL6XbQhXjEw== diff --git a/security/nss/cmd/bltest/tests/seed_ecb/iv0 b/security/nss/cmd/bltest/tests/seed_ecb/iv0 deleted file mode 100644 index 2b3b07661c..0000000000 --- a/security/nss/cmd/bltest/tests/seed_ecb/iv0 +++ /dev/null @@ -1 +0,0 @@ -1234567890123456 diff --git a/security/nss/cmd/bltest/tests/seed_ecb/key0 b/security/nss/cmd/bltest/tests/seed_ecb/key0 deleted file mode 100644 index 13911cc29a..0000000000 --- a/security/nss/cmd/bltest/tests/seed_ecb/key0 +++ /dev/null @@ -1 +0,0 @@ -fedcba9876543210 diff --git a/security/nss/cmd/bltest/tests/seed_ecb/numtests b/security/nss/cmd/bltest/tests/seed_ecb/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/seed_ecb/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/seed_ecb/plaintext0 b/security/nss/cmd/bltest/tests/seed_ecb/plaintext0 deleted file mode 100644 index 8d6a8d555b..0000000000 --- a/security/nss/cmd/bltest/tests/seed_ecb/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -0123456789abcdef diff --git a/security/nss/cmd/bltest/tests/sha1/ciphertext0 b/security/nss/cmd/bltest/tests/sha1/ciphertext0 deleted file mode 100644 index 1fe4bd2bd4..0000000000 --- a/security/nss/cmd/bltest/tests/sha1/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -cDSMAygXMPIJZC5bntZ4ZhecQ9g= diff --git a/security/nss/cmd/bltest/tests/sha1/numtests b/security/nss/cmd/bltest/tests/sha1/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/sha1/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/sha1/plaintext0 b/security/nss/cmd/bltest/tests/sha1/plaintext0 deleted file mode 100644 index 863e79c65b..0000000000 --- a/security/nss/cmd/bltest/tests/sha1/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -A cage went in search of a bird. diff --git a/security/nss/cmd/bltest/tests/sha256/ciphertext0 b/security/nss/cmd/bltest/tests/sha256/ciphertext0 deleted file mode 100644 index 07e2ff14fa..0000000000 --- a/security/nss/cmd/bltest/tests/sha256/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -ungWv48Bz+pBQUDeXa4iI7ADYaOWF3qctBD/YfIAFa0= diff --git a/security/nss/cmd/bltest/tests/sha256/ciphertext1 b/security/nss/cmd/bltest/tests/sha256/ciphertext1 deleted file mode 100644 index 2ab6e1da58..0000000000 --- a/security/nss/cmd/bltest/tests/sha256/ciphertext1 +++ /dev/null @@ -1 +0,0 @@ -JI1qYdIGOLjlwCaTDD5gOaM85Flk/yFn9uzt1BnbBsE= diff --git a/security/nss/cmd/bltest/tests/sha256/numtests b/security/nss/cmd/bltest/tests/sha256/numtests deleted file mode 100644 index 0cfbf08886..0000000000 --- a/security/nss/cmd/bltest/tests/sha256/numtests +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/security/nss/cmd/bltest/tests/sha256/plaintext0 b/security/nss/cmd/bltest/tests/sha256/plaintext0 deleted file mode 100644 index 8baef1b4ab..0000000000 --- a/security/nss/cmd/bltest/tests/sha256/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -abc diff --git a/security/nss/cmd/bltest/tests/sha256/plaintext1 b/security/nss/cmd/bltest/tests/sha256/plaintext1 deleted file mode 100644 index afb5dce5d4..0000000000 --- a/security/nss/cmd/bltest/tests/sha256/plaintext1 +++ /dev/null @@ -1 +0,0 @@ -abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq diff --git a/security/nss/cmd/bltest/tests/sha384/ciphertext0 b/security/nss/cmd/bltest/tests/sha384/ciphertext0 deleted file mode 100644 index c94f91e22a..0000000000 --- a/security/nss/cmd/bltest/tests/sha384/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -ywB1P0WjXou1oD1pmsZQBycsMqsO3tFjGotgWkP/W+2AhgcroefMI1i67KE0yCWn diff --git a/security/nss/cmd/bltest/tests/sha384/ciphertext1 b/security/nss/cmd/bltest/tests/sha384/ciphertext1 deleted file mode 100644 index 833f06d844..0000000000 --- a/security/nss/cmd/bltest/tests/sha384/ciphertext1 +++ /dev/null @@ -1 +0,0 @@ -CTMMM/cRR+g9GS/Hgs0bR1MRGxc7OwXSL6CAhuOw9xL8x8caVX4tuWbD6fqRdGA5 diff --git a/security/nss/cmd/bltest/tests/sha384/numtests b/security/nss/cmd/bltest/tests/sha384/numtests deleted file mode 100644 index 0cfbf08886..0000000000 --- a/security/nss/cmd/bltest/tests/sha384/numtests +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/security/nss/cmd/bltest/tests/sha384/plaintext0 b/security/nss/cmd/bltest/tests/sha384/plaintext0 deleted file mode 100644 index 8baef1b4ab..0000000000 --- a/security/nss/cmd/bltest/tests/sha384/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -abc diff --git a/security/nss/cmd/bltest/tests/sha384/plaintext1 b/security/nss/cmd/bltest/tests/sha384/plaintext1 deleted file mode 100644 index 94fcc2b297..0000000000 --- a/security/nss/cmd/bltest/tests/sha384/plaintext1 +++ /dev/null @@ -1 +0,0 @@ -abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu diff --git a/security/nss/cmd/bltest/tests/sha512/ciphertext0 b/security/nss/cmd/bltest/tests/sha512/ciphertext0 deleted file mode 100644 index 8b626e2379..0000000000 --- a/security/nss/cmd/bltest/tests/sha512/ciphertext0 +++ /dev/null @@ -1,2 +0,0 @@ -3a81oZNherrMQXNJriBBMRLm+k6JqX6iCp7u5ktV05ohkpkqJ0/BqDa6PCOj/uu9 -RU1EI2Q86A4qmslPpUyknw== diff --git a/security/nss/cmd/bltest/tests/sha512/ciphertext1 b/security/nss/cmd/bltest/tests/sha512/ciphertext1 deleted file mode 100644 index c02d1752d0..0000000000 --- a/security/nss/cmd/bltest/tests/sha512/ciphertext1 +++ /dev/null @@ -1,2 +0,0 @@ -jpWbddrjE9qM9PcoFPwUP493ecbrn3+hcpmurbaIkBhQHSieSQD35DMbmd7EtUM6 -x9Mp7rbdJlReluVbh0vpCQ== diff --git a/security/nss/cmd/bltest/tests/sha512/numtests b/security/nss/cmd/bltest/tests/sha512/numtests deleted file mode 100644 index 0cfbf08886..0000000000 --- a/security/nss/cmd/bltest/tests/sha512/numtests +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/security/nss/cmd/bltest/tests/sha512/plaintext0 b/security/nss/cmd/bltest/tests/sha512/plaintext0 deleted file mode 100644 index 8baef1b4ab..0000000000 --- a/security/nss/cmd/bltest/tests/sha512/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -abc diff --git a/security/nss/cmd/bltest/tests/sha512/plaintext1 b/security/nss/cmd/bltest/tests/sha512/plaintext1 deleted file mode 100644 index 94fcc2b297..0000000000 --- a/security/nss/cmd/bltest/tests/sha512/plaintext1 +++ /dev/null @@ -1 +0,0 @@ -abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu diff --git a/security/nss/cmd/btoa/Makefile b/security/nss/cmd/btoa/Makefile deleted file mode 100644 index 6eb6e71da2..0000000000 --- a/security/nss/cmd/btoa/Makefile +++ /dev/null @@ -1,79 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/btoa/btoa.c b/security/nss/cmd/btoa/btoa.c deleted file mode 100644 index f140bddf8d..0000000000 --- a/security/nss/cmd/btoa/btoa.c +++ /dev/null @@ -1,213 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include "plgetopt.h" -#include "secutil.h" -#include "nssb64.h" -#include - -#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4)) -#if !defined(WIN32) -extern int fread(char *, size_t, size_t, FILE*); -extern int fwrite(char *, size_t, size_t, FILE*); -extern int fprintf(FILE *, char *, ...); -#endif -#endif - -#if defined(WIN32) -#include "fcntl.h" -#include "io.h" -#endif - -static PRInt32 -output_ascii (void *arg, const char *obuf, PRInt32 size) -{ - FILE *outFile = arg; - int nb; - - nb = fwrite(obuf, 1, size, outFile); - if (nb != size) { - PORT_SetError(SEC_ERROR_IO); - return -1; - } - - return nb; -} - -static SECStatus -encode_file(FILE *outFile, FILE *inFile) -{ - NSSBase64Encoder *cx; - int nb; - SECStatus status = SECFailure; - unsigned char ibuf[4096]; - - cx = NSSBase64Encoder_Create(output_ascii, outFile); - if (!cx) { - return -1; - } - - for (;;) { - if (feof(inFile)) break; - nb = fread(ibuf, 1, sizeof(ibuf), inFile); - if (nb != sizeof(ibuf)) { - if (nb == 0) { - if (ferror(inFile)) { - PORT_SetError(SEC_ERROR_IO); - goto loser; - } - /* eof */ - break; - } - } - - status = NSSBase64Encoder_Update(cx, ibuf, nb); - if (status != SECSuccess) goto loser; - } - - status = NSSBase64Encoder_Destroy(cx, PR_FALSE); - if (status != SECSuccess) - return status; - - /* - * Add a trailing CRLF. Note this must be done *after* the call - * to Destroy above (because only then are we sure all data has - * been written out). - */ - fwrite("\r\n", 1, 2, outFile); - return SECSuccess; - - loser: - (void) NSSBase64Encoder_Destroy(cx, PR_TRUE); - return status; -} - -static void Usage(char *progName) -{ - fprintf(stderr, - "Usage: %s [-i input] [-o output]\n", - progName); - fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n", - "-i input"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", - "-o output"); - exit(-1); -} - -int main(int argc, char **argv) -{ - char *progName; - SECStatus rv; - FILE *inFile, *outFile; - PLOptState *optstate; - PLOptStatus status; - - inFile = 0; - outFile = 0; - progName = strrchr(argv[0], '/'); - if (!progName) - progName = strrchr(argv[0], '\\'); - progName = progName ? progName+1 : argv[0]; - - /* Parse command line arguments */ - optstate = PL_CreateOptState(argc, argv, "i:o:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - default: - Usage(progName); - break; - - case 'i': - inFile = fopen(optstate->value, "rb"); - if (!inFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - return -1; - } - break; - - case 'o': - outFile = fopen(optstate->value, "wb"); - if (!outFile) { - fprintf(stderr, "%s: unable to open \"%s\" for writing\n", - progName, optstate->value); - return -1; - } - break; - } - } - if (status == PL_OPT_BAD) - Usage(progName); - if (!inFile) { -#if defined(WIN32) - /* If we're going to read binary data from stdin, we must put stdin - ** into O_BINARY mode or else incoming \r\n's will become \n's. - */ - - int smrv = _setmode(_fileno(stdin), _O_BINARY); - if (smrv == -1) { - fprintf(stderr, - "%s: Cannot change stdin to binary mode. Use -i option instead.\n", - progName); - return smrv; - } -#endif - inFile = stdin; - } - if (!outFile) { -#if defined(WIN32) - /* We're going to write binary data to stdout. We must put stdout - ** into O_BINARY mode or else outgoing \r\n's will become \r\r\n's. - */ - - int smrv = _setmode(_fileno(stdout), _O_BINARY); - if (smrv == -1) { - fprintf(stderr, - "%s: Cannot change stdout to binary mode. Use -o option instead.\n", - progName); - return smrv; - } -#endif - outFile = stdout; - } - rv = encode_file(outFile, inFile); - if (rv != SECSuccess) { - fprintf(stderr, "%s: lossage: error=%d errno=%d\n", - progName, PORT_GetError(), errno); - return -1; - } - return 0; -} diff --git a/security/nss/cmd/btoa/manifest.mn b/security/nss/cmd/btoa/manifest.mn deleted file mode 100644 index 394c661beb..0000000000 --- a/security/nss/cmd/btoa/manifest.mn +++ /dev/null @@ -1,53 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -# MODULE is implicitly REQUIRED, doesn't need to be listed below. -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = btoa.c - -PROGRAM = btoa - diff --git a/security/nss/cmd/certcgi/HOWTO.txt b/security/nss/cmd/certcgi/HOWTO.txt deleted file mode 100644 index f02ad32fd4..0000000000 --- a/security/nss/cmd/certcgi/HOWTO.txt +++ /dev/null @@ -1,168 +0,0 @@ - How to setup your very own Cert-O-Matic Root CA server - -***** BEGIN LICENSE BLOCK ***** -Version: MPL 1.1/GPL 2.0/LGPL 2.1 - -The contents of this file are subject to the Mozilla Public License Version -1.1 (the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at -http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS IS" basis, -WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -for the specific language governing rights and limitations under the -License. - -The Original Code is Netscape security libraries. - -The Initial Developer of the Original Code is Netscape Communications -Corporation. Portions created by the Initial Developer are -Copyright (C) 2001 the Initial Developer. All Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the terms of -either the GNU General Public License Version 2 or later (the "GPL"), or -the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -in which case the provisions of the GPL or the LGPL are applicable instead -of those above. If you wish to allow use of your version of this file only -under the terms of either the GPL or the LGPL, and not to allow others to -use your version of this file under the terms of the MPL, indicate your -decision by deleting the provisions above and replace them with the notice -and other provisions required by the GPL or the LGPL. If you do not delete -the provisions above, a recipient may use your version of this file under -the terms of any one of the MPL, the GPL or the LGPL. - -***** END LICENSE BLOCK ***** - - How to setup your very own Cert-O-Matic Root CA server - -The program certcgi is part of a small test CA that is used inside -Netscape by the NSS development team. That CA is affectionately known -as "Cert-O-Matic" or "Cert-O-Matic II". It presently runs on a server -named interzone.mcom.com inside Netscape's firewall. - -If you wish to setup your own Cert-O-Matic, here are directions. - -Disclaimer: This program does not follow good practices for root CAs. -It should be used only for playing/testing and never for production use. -Remember, you've been warned! - -Cert-O-Matic consists of some html files, shell scripts, one executable -program that uses NSS and NSPR, the usual set of NSS .db files, and a file -in which to remember the serial number of the last cert issued. The -html files and the source to the executable program are in this directory. -Sample shell scripts are shown below. - -The shell scripts and executable program run as CGI "scripts". The -entire thing runs on an ordinary http web server. It would also run on -an https web server. The shell scripts and html files must be -customized for the server on which they run. - -The package assumes you have a "document root" directory $DOCROOT, and a -"cgi-bin" directory $CGIBIN. In this example, the document root is -assumed to be located in /var/www/htdocs, and the cgi-bin directory in -/var/www/cgi-bin. - -The server is assumed to run all cgi scripts as the user "nobody". -The names of the cgi scripts run directly by the server all end in .cgi -because some servers like it that way. - -Instructions: - -- Create directory $DOCROOT/certomatic -- Copy the following files from nss/cmd/certcgi to $DOCROOT/certomatic - ca.html index.html main.html nscp_ext_form.html stnd_ext_form.html -- Edit the html files, substituting the name of your own server for the - server named in those files. -- In some web page (e.g. your server's home page), provide an html link to - $DOCROOT/certomatic/index.html. This is where users start to get their - own certs from certomatic. -- give these files and directories appropriate permissions. - -- Create directories $CGIBIN/certomatic and $CGIBIN/certomatic/bin - make sure that $CGIBIN/certomatic is writable by "nobody" - -- Create a new set of NSS db files there with the following command: - - certutil -N -d $CGIBIN/certomatic - -- when certutil prompts you for the password, enter the word foo - because that is compiled into the certcgi program. - -- Create the new Root CA cert with this command - - certutil -S -x -d $CGIBIN/certomatic -n "Cert-O-Matic II" \ - -s "CN=Cert-O-Matic II, O=Cert-O-Matic II" -t TCu,cu,cu -k rsa \ - -g 1024 -m 10001 -v 60 - - (adjust the -g, -m and -v parameters to taste. -s and -x must be as -shown.) - -- dump out the new root CA cert in base64 encoding: - - certutil -d $CGIBIN/certomatic -L -n "Cert-O-Matic II" -a > \ - $CGIBIN/certomatic/root.cacert - -- In $CGIBIN/certomatic/bin add two shell scripts - one to download the - root CA cert on demand, and one to run the certcgi program. - -download.cgi, the script to install the root CA cert into a browser on -demand, is this: - -#!/bin/sh -echo "Content-type: application/x-x509-ca-cert" -echo -cat $CGIBIN/certomatic/root.cacert - -You'll have to put the real path into that cat command because CGIBIN -won't be defined when this script is run by the server. - -certcgi.cgi, the script to run the certcgi program is similar to this: - -#!/bin/sh -cd $CGIBIN/certomatic/bin -LD_LIBRARY_PATH=$PLATFORM/lib -export LD_LIBRARY_PATH -$PLATFORM/bin/certcgi $* 2>&1 - -Where $PLATFORM/lib is where the NSPR nad NSS DSOs are located, and -$PLATFORM/bin is where certcgi is located. PLATFORM is not defined when -the server runs this script, so you'll have to substitute the right value -in your script. certcgi requires that the working directory be one level -below the NSS DBs, that is, the DBs are accessed in the directory "..". - -You'll want to provide an html link somewhere to the script that downloads -the root.cacert file. You'll probably want to put that next to the link -that loads the index.html page. On interzone, this is done with the -following html: - -Cert-O-Matic II Root CA server -

-Download and trust Root CA -certificate - -The index.html file in this directory invokes the certcgi.cgi script with -the form post method, so if you change the name of the certcgi.cgi script, -you'll also have to change the index.html file in $DOCROOT/certomatic - -The 4 files used by the certcgi program (the 3 NSS DBs, and the serial -number file) are not required to live in $CGIBIN/certomatic, but they are -required to live in $CWD/.. when certcgi starts. - -Known bugs: - -1. Because multiple of these CAs exist simultaneously, it would be best if -they didn't all have to be called "Cert-O-Matic II", but that string is -presently hard coded into certcgi.c. - -2. the html files in this directory contain numerous extraneous

tags -which appear to use the post method and have action URLS that are never -actually used. burp.cgi and echoform.cgi are never actually used. This -should be cleaned up. - -3. The html files use tags which are supported only in Netscape -Navigator and Netscape Communication 4.x browsers. The html files do -not work as intended with Netscape 6.x, Mozilla or Microsoft IE browsers. -The html files should be fixed to work with all those named browsers. - diff --git a/security/nss/cmd/certcgi/Makefile b/security/nss/cmd/certcgi/Makefile deleted file mode 100644 index 140b4191ff..0000000000 --- a/security/nss/cmd/certcgi/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - -include ../platrules.mk - diff --git a/security/nss/cmd/certcgi/ca.html b/security/nss/cmd/certcgi/ca.html deleted file mode 100644 index 5525b382a4..0000000000 --- a/security/nss/cmd/certcgi/ca.html +++ /dev/null @@ -1,51 +0,0 @@ - - - - - Use the Cert-O-matic certificate to issue the cert

- Use a - CA long - automatically generated chain ending with the Cert-O-Matic Cert - (18 maximum)

- Use a - CA long - user input chain ending in the Cert-O-Matic Cert.

- diff --git a/security/nss/cmd/certcgi/ca_form.html b/security/nss/cmd/certcgi/ca_form.html deleted file mode 100644 index cb3e195eae..0000000000 --- a/security/nss/cmd/certcgi/ca_form.html +++ /dev/null @@ -1,388 +0,0 @@ - - -
- - - - - - - - - - - - - -
- Common Name:

- 		- Mail:

- RFC 1274 - e-mail
- Organization:

- Organizational Unit:

- RFC 1274 UID:

- Locality:

- State or Province:

- Country:

- - - - - - - -
- Serial Number:

-
- Auto Generate

-
- - Use this value:

-
- X.509 version:

-
- Version 1

-
- Version 3

 - Key Type:

-
- RSA

-
- DSA

- DN:

- -

-
-

- - - - - - - - - - - - - - - - - -
- Netscape Certificate Type:

- Activate extension:

- Critical: - 		- SSL Client

- SSL Server

- S/MIME

- Object Signing

- Reserved for future use (bit 4)

- SSL CA

- S/MIME CA

- Object Signing CA

-
- Netscape Base URL:

- Activate extension:

- Critical: - 		- -
- Netscape Revocation URL:

- Activate extension:

- Critical: - 		- -
- Netscape CA Revocation URL:

- Activate extension:

- Critical: - 		- -
- Netscape Certificate Renewal URL:

- Activate extension:

- Critical: - 		- -
- Netscape CA Policy URL:

- Activate extension:

- Critical: - 		- -
- Netscape SSL Server Name:

- Activate extension:

- Critical: - 		- -
- Netscape Comment:

- Activate extension:

- Critical: - 		- -
-

-
-

- - - - - - - - - - - - - - - - - - - - - - - -
- Key Usage:

- Activate extension:

- Critical: - 		- Digital Signature

- Non Repudiation

- Key Encipherment

- Data Encipherment

- Key Agreement

- Key Certificate Signing

- CRL Signing

-
- Extended Key Usage:

- Activate extension:

- Critical: - 		- Server Auth

- Client Auth

- Code Signing

- Email Protection

- Timestamp

- OCSP Responder

- Step-up

-
- Basic Constraints:

- Activate extension:

- Critical: - 		- CA:

-
True

-
False

- - Include Path length:

-
- Authority Key Identifier:

- Activate extension: - 		- Key Identider

- Issuer Name and Serial number

-
- Subject Key Identifier:

- Activate extension: - 		- Key Identifier: -

- This is an:

-

ascii text value

-

hex value

-

- Private Key Usage Period:

- Activate extension:

- Critical: - 		- Use:

-
Not Before

-
Not After

-
Both

- Not to be used to sign before:

-
Set to time of certificate issue

-
Use This value

-
(YYYY/MM/DD HH:MM:SS): - / - / - - : - : -

- Not to be used to sign after:

-
(YYYY/MM/DD HH:MM:SS): - / - / - - : - : -

-
- Subject Alternative Name:

- Activate extension:

- Critical: - 		- - - -
- General Names:

-

- - - 		- -
- Name Type:
- Other Name, - OID: - RFC 822 Name
- DNS Name - X400 Address
- Directory Name - EDI Party Name
- Uniform Resource Locator - IP Address
- Registered ID - Netscape Certificate Nickname
- Name: - Binary Encoded:

-
-
- Issuer Alternative Name:

- Activate extension:

- Critical: - 		- Use the Subject Alternative Name from the Issuers Certificate

- Use this Name: - - - -
- General Names:

-

- - - 		- -
- Name Type:
- Other Name, - OID: - RFC 822 Name
- DNS Name - X400 Address
- Directory Name - EDI Party Name
- Uniform Resource Locator - IP Address
- Registered ID
- Name: - Binary Encoded:

-
-
- Name Constraints:

- Activate extension:

- 		- - - -
- Name Constraints:

- - -

- - - 		- -
- Name Type:
- Other Name, - OID: - RFC 822 Name
- DNS Name - X400 Address
- Directory Name - EDI Party Name
- Uniform Resource Locator - IP Address
- Registered ID
- Name: - Binary Encoded:

- Constraint type:

-

permited

-

excluded

- Minimum:

- Maximum:

- - - -
-
-
- - - - - - - - - - diff --git a/security/nss/cmd/certcgi/certcgi.c b/security/nss/cmd/certcgi/certcgi.c deleted file mode 100644 index 038b55f98a..0000000000 --- a/security/nss/cmd/certcgi/certcgi.c +++ /dev/null @@ -1,2408 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* Cert-O-Matic CGI */ - - -#include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" - -#include "pk11func.h" -#include "cert.h" -#include "cryptohi.h" -#include "secoid.h" -#include "secder.h" -#include "genname.h" -#include "xconst.h" -#include "secutil.h" -#include "pk11pqg.h" -#include "certxutl.h" -#include "nss.h" - - -/* #define TEST 1 */ -/* #define FILEOUT 1 */ -/* #define OFFLINE 1 */ -#define START_FIELDS 100 -#define PREFIX_LEN 6 -#define SERIAL_FILE "../serial" -#define DB_DIRECTORY ".." - -static char *progName; - -typedef struct PairStr Pair; - -struct PairStr { - char *name; - char *data; -}; - - -char prefix[PREFIX_LEN]; - - -const SEC_ASN1Template CERTIA5TypeTemplate[] = { - { SEC_ASN1_IA5_STRING } -}; - - - -SECKEYPrivateKey *privkeys[9] = {NULL, NULL, NULL, NULL, NULL, NULL, NULL, - NULL, NULL}; - - -#ifdef notdef -const SEC_ASN1Template CERT_GeneralNameTemplate[] = { - { SEC_ASN1_SEQUENCE_OF, 0, SEC_AnyTemplate } -}; -#endif - - -static void -error_out(char *error_string) -{ - printf("Content-type: text/plain\n\n"); - printf(error_string); - fflush(stderr); - fflush(stdout); - exit(1); -} - -static void -error_allocate(void) -{ - error_out("ERROR: Unable to allocate memory"); -} - - -static char * -make_copy_string(char *read_pos, - int length, - char sentinal_value) - /* copys string from to a new string it creates and - returns a pointer to the new string */ -{ - int remaining = length; - char *write_pos; - char *new; - - new = write_pos = (char *) PORT_Alloc (length); - if (new == NULL) { - error_allocate(); - } - while (*read_pos != sentinal_value) { - if (remaining == 1) { - remaining += length; - length = length * 2; - new = PORT_Realloc(new,length); - if (new == NULL) { - error_allocate(); - } - write_pos = new + length - remaining; - } - *write_pos = *read_pos; - ++write_pos; - ++read_pos; - remaining = remaining - 1; - } - *write_pos = '\0'; - return new; -} - - -static SECStatus -clean_input(Pair *data) - /* converts the non-alphanumeric characters in a form post - from hex codes back to characters */ -{ - int length; - int hi_digit; - int low_digit; - char character; - char *begin_pos; - char *read_pos; - char *write_pos; - PRBool name = PR_TRUE; - - begin_pos = data->name; - while (begin_pos != NULL) { - length = strlen(begin_pos); - read_pos = write_pos = begin_pos; - while ((read_pos - begin_pos) < length) { - if (*read_pos == '+') { - *read_pos = ' '; - } - if (*read_pos == '%') { - hi_digit = *(read_pos + 1); - low_digit = *(read_pos +2); - read_pos += 3; - if (isdigit(hi_digit)){ - hi_digit = hi_digit - '0'; - } else { - hi_digit = toupper(hi_digit); - if (isxdigit(hi_digit)) { - hi_digit = (hi_digit - 'A') + 10; - } else { - error_out("ERROR: Form data incorrectly formated"); - } - } - if (isdigit(low_digit)){ - low_digit = low_digit - '0'; - } else { - low_digit = toupper(low_digit); - if ((low_digit >='A') && (low_digit <= 'F')) { - low_digit = (low_digit - 'A') + 10; - } else { - error_out("ERROR: Form data incorrectly formated"); - } - } - character = (hi_digit << 4) | low_digit; - if (character != 10) { - *write_pos = character; - ++write_pos; - } - } else { - *write_pos = *read_pos; - ++write_pos; - ++read_pos; - } - } - *write_pos = '\0'; - if (name == PR_TRUE) { - begin_pos = data->data; - name = PR_FALSE; - } else { - data++; - begin_pos = data->name; - name = PR_TRUE; - } - } - return SECSuccess; -} - -static char * -make_name(char *new_data) - /* gets the next field name in the input string and returns - a pointer to a string containing a copy of it */ -{ - int length = 20; - char *name; - - name = make_copy_string(new_data, length, '='); - return name; -} - -static char * -make_data(char *new_data) - /* gets the data for the next field in the input string - and returns a pointer to a string containing it */ -{ - int length = 100; - char *data; - char *read_pos; - - read_pos = new_data; - while (*(read_pos - 1) != '=') { - ++read_pos; - } - data = make_copy_string(read_pos, length, '&'); - return data; -} - - -static Pair -make_pair(char *new_data) - /* makes a pair name/data pair from the input string */ -{ - Pair temp; - - temp.name = make_name(new_data); - temp.data = make_data(new_data); - return temp; -} - - - -static Pair * -make_datastruct(char *data, int len) - /* parses the input from the form post into a data - structure of field name/data pairs */ -{ - Pair *datastruct; - Pair *current; - char *curr_pos; - int fields = START_FIELDS; - int remaining = START_FIELDS; - - curr_pos = data; - datastruct = current = (Pair *) PORT_Alloc(fields * sizeof(Pair)); - if (datastruct == NULL) { - error_allocate(); - } - while (curr_pos - data < len) { - if (remaining == 1) { - remaining += fields; - fields = fields * 2; - datastruct = (Pair *) PORT_Realloc - (datastruct, fields * sizeof(Pair)); - if (datastruct == NULL) { - error_allocate(); - } - current = datastruct + (fields - remaining); - } - *current = make_pair(curr_pos); - while (*curr_pos != '&') { - ++curr_pos; - } - ++curr_pos; - ++current; - remaining = remaining - 1; - } - current->name = NULL; - return datastruct; -} - -static char * -return_name(Pair *data_struct, - int n) - /* returns a pointer to the name of the nth - (starting from 0) item in the data structure */ -{ - char *name; - - if ((data_struct + n)->name != NULL) { - name = (data_struct + n)->name; - return name; - } else { - return NULL; - } -} - -static char * -return_data(Pair *data_struct,int n) - /* returns a pointer to the data of the nth (starting from 0) - itme in the data structure */ -{ - char *data; - - data = (data_struct + n)->data; - return data; -} - - -static char * -add_prefix(char *field_name) -{ - extern char prefix[PREFIX_LEN]; - int i = 0; - char *rv; - char *write; - - rv = write = PORT_Alloc(PORT_Strlen(prefix) + PORT_Strlen(field_name) + 1); - for(i = 0; i < PORT_Strlen(prefix); i++) { - *write = prefix[i]; - write++; - } - *write = '\0'; - rv = PORT_Strcat(rv,field_name); - return rv; -} - - -static char * -find_field(Pair *data, - char *field_name, - PRBool add_pre) - /* returns a pointer to the data of the first pair - thats name matches the string it is passed */ -{ - int i = 0; - char *retrieved; - int found = 0; - - if (add_pre) { - field_name = add_prefix(field_name); - } - while(return_name(data, i) != NULL) { - if (PORT_Strcmp(return_name(data, i), field_name) == 0) { - retrieved = return_data(data, i); - found = 1; - break; - } - i++; - } - if (!found) { - retrieved = NULL; - } - return retrieved; -} - -static PRBool -find_field_bool(Pair *data, - char *fieldname, - PRBool add_pre) -{ - char *rv; - - rv = find_field(data, fieldname, add_pre); - - if ((rv != NULL) && (PORT_Strcmp(rv, "true")) == 0) { - return PR_TRUE; - } else { - return PR_FALSE; - } -} - -static char * -update_data_by_name(Pair *data, - char *field_name, - char *new_data) - /* replaces the data in the data structure associated with - a name with new data, returns null if not found */ -{ - int i = 0; - int found = 0; - int length = 100; - char *new; - - while (return_name(data, i) != NULL) { - if (PORT_Strcmp(return_name(data, i), field_name) == 0) { - new = make_copy_string( new_data, length, '\0'); - PORT_Free(return_data(data, i)); - found = 1; - (*(data + i)).data = new; - break; - } - i++; - } - if (!found) { - new = NULL; - } - return new; -} - -static char * -update_data_by_index(Pair *data, - int n, - char *new_data) - /* replaces the data of a particular index in the data structure */ -{ - int length = 100; - char *new; - - new = make_copy_string(new_data, length, '\0'); - PORT_Free(return_data(data, n)); - (*(data + n)).data = new; - return new; -} - - -static Pair * -add_field(Pair *data, - char* field_name, - char* field_data) - /* adds a new name/data pair to the data structure */ -{ - int i = 0; - int j; - int name_length = 100; - int data_length = 100; - - while(return_name(data, i) != NULL) { - i++; - } - j = START_FIELDS; - while ( j < (i + 1) ) { - j = j * 2; - } - if (j == (i + 1)) { - data = (Pair *) PORT_Realloc(data, (j * 2) * sizeof(Pair)); - if (data == NULL) { - error_allocate(); - } - } - (*(data + i)).name = make_copy_string(field_name, name_length, '\0'); - (*(data + i)).data = make_copy_string(field_data, data_length, '\0'); - (data + i + 1)->name = NULL; - return data; -} - - -static CERTCertificateRequest * -makeCertReq(Pair *form_data, - int which_priv_key) - /* makes and encodes a certrequest */ -{ - - PK11SlotInfo *slot; - CERTCertificateRequest *certReq = NULL; - CERTSubjectPublicKeyInfo *spki; - SECKEYPrivateKey *privkey = NULL; - SECKEYPublicKey *pubkey = NULL; - CERTName *name; - char *key; - extern SECKEYPrivateKey *privkeys[9]; - int keySizeInBits; - char *challenge = "foo"; - SECStatus rv = SECSuccess; - PQGParams *pqgParams = NULL; - PQGVerify *pqgVfy = NULL; - - name = CERT_AsciiToName(find_field(form_data, "subject", PR_TRUE)); - if (name == NULL) { - error_out("ERROR: Unable to create Subject Name"); - } - key = find_field(form_data, "key", PR_TRUE); - if (key == NULL) { - switch (*find_field(form_data, "keysize", PR_TRUE)) { - case '0': - keySizeInBits = 2048; - break; - case '1': - keySizeInBits = 1024; - break; - case '2': - keySizeInBits = 512; - break; - default: - error_out("ERROR: Unsupported Key length selected"); - } - if (find_field_bool(form_data, "keyType-dsa", PR_TRUE)) { - rv = PK11_PQG_ParamGen(keySizeInBits, &pqgParams, &pqgVfy); - if (rv != SECSuccess) { - error_out("ERROR: Unable to generate PQG parameters"); - } - slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); - privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, - pqgParams,&pubkey, PR_FALSE, - PR_TRUE, NULL); - } else { - privkey = SECKEY_CreateRSAPrivateKey(keySizeInBits, &pubkey, NULL); - } - privkeys[which_priv_key] = privkey; - spki = SECKEY_CreateSubjectPublicKeyInfo(pubkey); - } else { - spki = SECKEY_ConvertAndDecodePublicKeyAndChallenge(key, challenge, - NULL); - if (spki == NULL) { - error_out("ERROR: Unable to decode Public Key and Challenge String"); - } - } - certReq = CERT_CreateCertificateRequest(name, spki, NULL); - if (certReq == NULL) { - error_out("ERROR: Unable to create Certificate Request"); - } - if (pubkey != NULL) { - SECKEY_DestroyPublicKey(pubkey); - } - if (spki != NULL) { - SECKEY_DestroySubjectPublicKeyInfo(spki); - } - if (pqgParams != NULL) { - PK11_PQG_DestroyParams(pqgParams); - } - if (pqgVfy != NULL) { - PK11_PQG_DestroyVerify(pqgVfy); - } - return certReq; -} - - - -static CERTCertificate * -MakeV1Cert(CERTCertDBHandle *handle, - CERTCertificateRequest *req, - char *issuerNameStr, - PRBool selfsign, - int serialNumber, - int warpmonths, - Pair *data) -{ - CERTCertificate *issuerCert = NULL; - CERTValidity *validity; - CERTCertificate *cert = NULL; - PRExplodedTime printableTime; - PRTime now, - after; - SECStatus rv; - - - - if ( !selfsign ) { - issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); - if (!issuerCert) { - error_out("ERROR: Could not find issuer's certificate"); - return NULL; - } - } - if (find_field_bool(data, "manValidity", PR_TRUE)) { - rv = DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE)); - } else { - now = PR_Now(); - } - PR_ExplodeTime (now, PR_GMTParameters, &printableTime); - if ( warpmonths ) { - printableTime.tm_month += warpmonths; - now = PR_ImplodeTime (&printableTime); - PR_ExplodeTime (now, PR_GMTParameters, &printableTime); - } - if (find_field_bool(data, "manValidity", PR_TRUE)) { - rv = DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE)); - PR_ExplodeTime (after, PR_GMTParameters, &printableTime); - } else { - printableTime.tm_month += 3; - after = PR_ImplodeTime (&printableTime); - } - /* note that the time is now in micro-second unit */ - validity = CERT_CreateValidity (now, after); - - if ( selfsign ) { - cert = CERT_CreateCertificate - (serialNumber,&(req->subject), validity, req); - } else { - cert = CERT_CreateCertificate - (serialNumber,&(issuerCert->subject), validity, req); - } - - CERT_DestroyValidity(validity); - if ( issuerCert ) { - CERT_DestroyCertificate (issuerCert); - } - return(cert); -} - -static int -get_serial_number(Pair *data) -{ - int serial = 0; - int error; - char *filename = SERIAL_FILE; - char *SN; - FILE *serialFile; - - - if (find_field_bool(data, "serial-auto", PR_TRUE)) { - serialFile = fopen(filename, "r"); - if (serialFile != NULL) { - fread(&serial, sizeof(int), 1, serialFile); - if (ferror(serialFile) != 0) { - error_out("Error: Unable to read serial number file"); - } - if (serial == 4294967295) { - serial = 21; - } - fclose(serialFile); - ++serial; - serialFile = fopen(filename,"w"); - if (serialFile == NULL) { - error_out("ERROR: Unable to open serial number file for writing"); - } - fwrite(&serial, sizeof(int), 1, serialFile); - if (ferror(serialFile) != 0) { - error_out("Error: Unable to write to serial number file"); - } - } else { - fclose(serialFile); - serialFile = fopen(filename,"w"); - if (serialFile == NULL) { - error_out("ERROR: Unable to open serial number file"); - } - serial = 21; - fwrite(&serial, sizeof(int), 1, serialFile); - if (ferror(serialFile) != 0) { - error_out("Error: Unable to write to serial number file"); - } - error = ferror(serialFile); - if (error != 0) { - error_out("ERROR: Unable to write to serial file"); - } - } - fclose(serialFile); - } else { - SN = find_field(data, "serial_value", PR_TRUE); - while (*SN != '\0') { - serial = serial * 16; - if ((*SN >= 'A') && (*SN <='F')) { - serial += *SN - 'A' + 10; - } else { - if ((*SN >= 'a') && (*SN <='f')) { - serial += *SN - 'a' + 10; - } else { - serial += *SN - '0'; - } - } - ++SN; - } - } - return serial; -} - - - -typedef SECStatus (* EXTEN_VALUE_ENCODER) - (PRArenaPool *extHandle, void *value, SECItem *encodedValue); - -static SECStatus -EncodeAndAddExtensionValue( - PRArenaPool *arena, - void *extHandle, - void *value, - PRBool criticality, - int extenType, - EXTEN_VALUE_ENCODER EncodeValueFn) -{ - SECItem encodedValue; - SECStatus rv; - - - encodedValue.data = NULL; - encodedValue.len = 0; - rv = (*EncodeValueFn)(arena, value, &encodedValue); - if (rv != SECSuccess) { - error_out("ERROR: Unable to encode extension value"); - } - rv = CERT_AddExtension - (extHandle, extenType, &encodedValue, criticality, PR_TRUE); - return (rv); -} - - - -static SECStatus -AddKeyUsage (void *extHandle, - Pair *data) -{ - SECItem bitStringValue; - unsigned char keyUsage = 0x0; - - if (find_field_bool(data,"keyUsage-digitalSignature", PR_TRUE)){ - keyUsage |= (0x80 >> 0); - } - if (find_field_bool(data,"keyUsage-nonRepudiation", PR_TRUE)){ - keyUsage |= (0x80 >> 1); - } - if (find_field_bool(data,"keyUsage-keyEncipherment", PR_TRUE)){ - keyUsage |= (0x80 >> 2); - } - if (find_field_bool(data,"keyUsage-dataEncipherment", PR_TRUE)){ - keyUsage |= (0x80 >> 3); - } - if (find_field_bool(data,"keyUsage-keyAgreement", PR_TRUE)){ - keyUsage |= (0x80 >> 4); - } - if (find_field_bool(data,"keyUsage-keyCertSign", PR_TRUE)) { - keyUsage |= (0x80 >> 5); - } - if (find_field_bool(data,"keyUsage-cRLSign", PR_TRUE)) { - keyUsage |= (0x80 >> 6); - } - - bitStringValue.data = &keyUsage; - bitStringValue.len = 1; - - return (CERT_EncodeAndAddBitStrExtension - (extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue, - (find_field_bool(data, "keyUsage-crit", PR_TRUE)))); - -} - -static CERTOidSequence * -CreateOidSequence(void) -{ - CERTOidSequence *rv = (CERTOidSequence *)NULL; - PRArenaPool *arena = (PRArenaPool *)NULL; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if( (PRArenaPool *)NULL == arena ) { - goto loser; - } - - rv = (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence)); - if( (CERTOidSequence *)NULL == rv ) { - goto loser; - } - - rv->oids = (SECItem **)PORT_ArenaZAlloc(arena, sizeof(SECItem *)); - if( (SECItem **)NULL == rv->oids ) { - goto loser; - } - - rv->arena = arena; - return rv; - - loser: - if( (PRArenaPool *)NULL != arena ) { - PORT_FreeArena(arena, PR_FALSE); - } - - return (CERTOidSequence *)NULL; -} - -static SECStatus -AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag) -{ - SECItem **oids; - PRUint32 count = 0; - SECOidData *od; - - od = SECOID_FindOIDByTag(oidTag); - if( (SECOidData *)NULL == od ) { - return SECFailure; - } - - for( oids = os->oids; (SECItem *)NULL != *oids; oids++ ) { - count++; - } - - /* ArenaZRealloc */ - - { - PRUint32 i; - - oids = (SECItem **)PORT_ArenaZAlloc(os->arena, sizeof(SECItem *) * (count+2)); - if( (SECItem **)NULL == oids ) { - return SECFailure; - } - - for( i = 0; i < count; i++ ) { - oids[i] = os->oids[i]; - } - - /* ArenaZFree(os->oids); */ - } - - os->oids = oids; - os->oids[count] = &od->oid; - - return SECSuccess; -} - -static SECItem * -EncodeOidSequence(CERTOidSequence *os) -{ - SECItem *rv; - extern const SEC_ASN1Template CERT_OidSeqTemplate[]; - - rv = (SECItem *)PORT_ArenaZAlloc(os->arena, sizeof(SECItem)); - if( (SECItem *)NULL == rv ) { - goto loser; - } - - if( !SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate) ) { - goto loser; - } - - return rv; - - loser: - return (SECItem *)NULL; -} - -static SECStatus -AddExtKeyUsage(void *extHandle, Pair *data) -{ - SECStatus rv; - CERTOidSequence *os; - SECItem *value; - PRBool crit; - - os = CreateOidSequence(); - if( (CERTOidSequence *)NULL == os ) { - return SECFailure; - } - - if( find_field_bool(data, "extKeyUsage-serverAuth", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-clientAuth", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-codeSign", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-emailProtect", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-timeStamp", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-ocspResponder", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-NS-govtApproved", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED); - if( SECSuccess != rv ) goto loser; - } - - value = EncodeOidSequence(os); - - crit = find_field_bool(data, "extKeyUsage-crit", PR_TRUE); - - rv = CERT_AddExtension(extHandle, SEC_OID_X509_EXT_KEY_USAGE, value, - crit, PR_TRUE); - /*FALLTHROUGH*/ - loser: - CERT_DestroyOidSequence(os); - return rv; -} - -static SECStatus -AddSubKeyID(void *extHandle, - Pair *data, - CERTCertificate *subjectCert) -{ - SECItem encodedValue; - SECStatus rv; - char *read; - char *write; - char *first; - char character; - int high_digit = 0, - low_digit = 0; - int len; - PRBool odd = PR_FALSE; - - - encodedValue.data = NULL; - encodedValue.len = 0; - first = read = write = find_field(data,"subjectKeyIdentifier-text", - PR_TRUE); - len = PORT_Strlen(first); - odd = ((len % 2) != 0 ) ? PR_TRUE : PR_FALSE; - if (find_field_bool(data, "subjectKeyIdentifier-radio-hex", PR_TRUE)) { - if (odd) { - error_out("ERROR: Improperly formated subject key identifier, hex values must be expressed as an octet string"); - } - while (*read != '\0') { - if (!isxdigit(*read)) { - error_out("ERROR: Improperly formated subject key identifier"); - } - *read = toupper(*read); - if ((*read >= 'A') && (*read <= 'F')) { - high_digit = *read - 'A' + 10; - } else { - high_digit = *read - '0'; - } - ++read; - if (!isxdigit(*read)) { - error_out("ERROR: Improperly formated subject key identifier"); - } - *read = toupper(*read); - if ((*read >= 'A') && (*read <= 'F')) { - low_digit = *(read) - 'A' + 10; - } else { - low_digit = *(read) - '0'; - } - character = (high_digit << 4) | low_digit; - *write = character; - ++write; - ++read; - } - *write = '\0'; - len = write - first; - } - subjectCert->subjectKeyID.data = (unsigned char *) find_field - (data,"subjectKeyIdentifier-text", PR_TRUE); - subjectCert->subjectKeyID.len = len; - rv = CERT_EncodeSubjectKeyID - (NULL, &subjectCert->subjectKeyID, &encodedValue); - if (rv) { - return (rv); - } - return (CERT_AddExtension(extHandle, SEC_OID_X509_SUBJECT_KEY_ID, - &encodedValue, PR_FALSE, PR_TRUE)); -} - - -static SECStatus -AddAuthKeyID (void *extHandle, - Pair *data, - char *issuerNameStr, - CERTCertDBHandle *handle) -{ - CERTAuthKeyID *authKeyID = NULL; - PRArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - CERTCertificate *issuerCert = NULL; - CERTGeneralName *genNames; - CERTName *directoryName = NULL; - - - issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - error_allocate(); - } - - authKeyID = PORT_ArenaZAlloc (arena, sizeof (CERTAuthKeyID)); - if (authKeyID == NULL) { - error_allocate(); - } - if (find_field_bool(data, "authorityKeyIdentifier-radio-keyIdentifier", - PR_TRUE)) { - authKeyID->keyID.data = PORT_ArenaAlloc (arena, PORT_Strlen - ((char *)issuerCert->subjectKeyID.data)); - if (authKeyID->keyID.data == NULL) { - error_allocate(); - } - PORT_Memcpy (authKeyID->keyID.data, issuerCert->subjectKeyID.data, - authKeyID->keyID.len = - PORT_Strlen((char *)issuerCert->subjectKeyID.data)); - } else { - - PORT_Assert (arena); - genNames = (CERTGeneralName *) PORT_ArenaZAlloc (arena, (sizeof(CERTGeneralName))); - if (genNames == NULL){ - error_allocate(); - } - genNames->l.next = genNames->l.prev = &(genNames->l); - genNames->type = certDirectoryName; - - directoryName = CERT_AsciiToName(issuerCert->subjectName); - if (!directoryName) { - error_out("ERROR: Unable to create Directory Name"); - } - rv = CERT_CopyName (arena, &genNames->name.directoryName, - directoryName); - CERT_DestroyName (directoryName); - if (rv != SECSuccess) { - error_out("ERROR: Unable to copy Directory Name"); - } - authKeyID->authCertIssuer = genNames; - if (authKeyID->authCertIssuer == NULL && SECFailure == - PORT_GetError ()) { - error_out("ERROR: Unable to get Issuer General Name for Authority Key ID Extension"); - } - authKeyID->authCertSerialNumber = issuerCert->serialNumber; - } - rv = EncodeAndAddExtensionValue(arena, extHandle, authKeyID, PR_FALSE, - SEC_OID_X509_AUTH_KEY_ID, - (EXTEN_VALUE_ENCODER) - CERT_EncodeAuthKeyID); - if (arena) { - PORT_FreeArena (arena, PR_FALSE); - } - return (rv); -} - - -static SECStatus -AddPrivKeyUsagePeriod(void *extHandle, - Pair *data, - CERTCertificate *cert) -{ - char *notBeforeStr; - char *notAfterStr; - PRArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - CERTPrivKeyUsagePeriod *pkup; - - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - error_allocate(); - } - pkup = PORT_ArenaZNew (arena, CERTPrivKeyUsagePeriod); - if (pkup == NULL) { - error_allocate(); - } - notBeforeStr = (char *) PORT_Alloc(16 ); - notAfterStr = (char *) PORT_Alloc(16 ); - *notBeforeStr = '\0'; - *notAfterStr = '\0'; - pkup->arena = arena; - pkup->notBefore.len = 0; - pkup->notBefore.data = NULL; - pkup->notAfter.len = 0; - pkup->notAfter.data = NULL; - if (find_field_bool(data, "privKeyUsagePeriod-radio-notBefore", PR_TRUE) || - find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) { - pkup->notBefore.len = 15; - pkup->notBefore.data = (unsigned char *)notBeforeStr; - if (find_field_bool(data, "privKeyUsagePeriod-notBefore-radio-manual", - PR_TRUE)) { - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-year", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-month", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-day", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-hour", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-minute", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-second", - PR_TRUE)); - if ((*(notBeforeStr + 14) != '\0') || - (!isdigit(*(notBeforeStr + 13))) || - (*(notBeforeStr + 12) >= '5' && *(notBeforeStr + 12) <= '0') || - (!isdigit(*(notBeforeStr + 11))) || - (*(notBeforeStr + 10) >= '5' && *(notBeforeStr + 10) <= '0') || - (!isdigit(*(notBeforeStr + 9))) || - (*(notBeforeStr + 8) >= '2' && *(notBeforeStr + 8) <= '0') || - (!isdigit(*(notBeforeStr + 7))) || - (*(notBeforeStr + 6) >= '3' && *(notBeforeStr + 6) <= '0') || - (!isdigit(*(notBeforeStr + 5))) || - (*(notBeforeStr + 4) >= '1' && *(notBeforeStr + 4) <= '0') || - (!isdigit(*(notBeforeStr + 3))) || - (!isdigit(*(notBeforeStr + 2))) || - (!isdigit(*(notBeforeStr + 1))) || - (!isdigit(*(notBeforeStr + 0))) || - (*(notBeforeStr + 8) == '2' && *(notBeforeStr + 9) >= '4') || - (*(notBeforeStr + 6) == '3' && *(notBeforeStr + 7) >= '1') || - (*(notBeforeStr + 4) == '1' && *(notBeforeStr + 5) >= '2')) { - error_out("ERROR: Improperly formated private key usage period"); - } - *(notBeforeStr + 14) = 'Z'; - *(notBeforeStr + 15) = '\0'; - } else { - if ((*(cert->validity.notBefore.data) > '5') || - ((*(cert->validity.notBefore.data) == '5') && - (*(cert->validity.notBefore.data + 1) != '0'))) { - PORT_Strcat(notBeforeStr, "19"); - } else { - PORT_Strcat(notBeforeStr, "20"); - } - PORT_Strcat(notBeforeStr, (char *)cert->validity.notBefore.data); - } - } - if (find_field_bool(data, "privKeyUsagePeriod-radio-notAfter", PR_TRUE) || - find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) { - pkup->notAfter.len = 15; - pkup->notAfter.data = (unsigned char *)notAfterStr; - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-year", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-month", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-day", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-hour", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-minute", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-second", - PR_TRUE)); - if ((*(notAfterStr + 14) != '\0') || - (!isdigit(*(notAfterStr + 13))) || - (*(notAfterStr + 12) >= '5' && *(notAfterStr + 12) <= '0') || - (!isdigit(*(notAfterStr + 11))) || - (*(notAfterStr + 10) >= '5' && *(notAfterStr + 10) <= '0') || - (!isdigit(*(notAfterStr + 9))) || - (*(notAfterStr + 8) >= '2' && *(notAfterStr + 8) <= '0') || - (!isdigit(*(notAfterStr + 7))) || - (*(notAfterStr + 6) >= '3' && *(notAfterStr + 6) <= '0') || - (!isdigit(*(notAfterStr + 5))) || - (*(notAfterStr + 4) >= '1' && *(notAfterStr + 4) <= '0') || - (!isdigit(*(notAfterStr + 3))) || - (!isdigit(*(notAfterStr + 2))) || - (!isdigit(*(notAfterStr + 1))) || - (!isdigit(*(notAfterStr + 0))) || - (*(notAfterStr + 8) == '2' && *(notAfterStr + 9) >= '4') || - (*(notAfterStr + 6) == '3' && *(notAfterStr + 7) >= '1') || - (*(notAfterStr + 4) == '1' && *(notAfterStr + 5) >= '2')) { - error_out("ERROR: Improperly formated private key usage period"); - } - *(notAfterStr + 14) = 'Z'; - *(notAfterStr + 15) = '\0'; - } - - PORT_Assert (arena); - - rv = EncodeAndAddExtensionValue(arena, extHandle, pkup, - find_field_bool(data, - "privKeyUsagePeriod-crit", - PR_TRUE), - SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD, - (EXTEN_VALUE_ENCODER) - CERT_EncodePrivateKeyUsagePeriod); - if (arena) { - PORT_FreeArena (arena, PR_FALSE); - } - if (notBeforeStr != NULL) { - PORT_Free(notBeforeStr); - } - if (notAfterStr != NULL) { - PORT_Free(notAfterStr); - } - return (rv); -} - -static SECStatus -AddBasicConstraint(void *extHandle, - Pair *data) -{ - CERTBasicConstraints basicConstraint; - SECItem encodedValue; - SECStatus rv; - - encodedValue.data = NULL; - encodedValue.len = 0; - basicConstraint.pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT; - basicConstraint.isCA = (find_field_bool(data,"basicConstraints-cA-radio-CA", - PR_TRUE)); - if (find_field_bool(data,"basicConstraints-pathLengthConstraint", PR_TRUE)){ - basicConstraint.pathLenConstraint = atoi - (find_field(data,"basicConstraints-pathLengthConstraint-text", - PR_TRUE)); - } - - rv = CERT_EncodeBasicConstraintValue (NULL, &basicConstraint, - &encodedValue); - if (rv) - return (rv); - rv = CERT_AddExtension(extHandle, SEC_OID_X509_BASIC_CONSTRAINTS, - &encodedValue, - (find_field_bool(data,"basicConstraints-crit", - PR_TRUE)), PR_TRUE); - - PORT_Free (encodedValue.data); - return (rv); -} - - - -static SECStatus -AddNscpCertType (void *extHandle, - Pair *data) -{ - SECItem bitStringValue; - unsigned char CertType = 0x0; - - if (find_field_bool(data,"netscape-cert-type-ssl-client", PR_TRUE)){ - CertType |= (0x80 >> 0); - } - if (find_field_bool(data,"netscape-cert-type-ssl-server", PR_TRUE)){ - CertType |= (0x80 >> 1); - } - if (find_field_bool(data,"netscape-cert-type-smime", PR_TRUE)){ - CertType |= (0x80 >> 2); - } - if (find_field_bool(data,"netscape-cert-type-object-signing", PR_TRUE)){ - CertType |= (0x80 >> 3); - } - if (find_field_bool(data,"netscape-cert-type-reserved", PR_TRUE)){ - CertType |= (0x80 >> 4); - } - if (find_field_bool(data,"netscape-cert-type-ssl-ca", PR_TRUE)) { - CertType |= (0x80 >> 5); - } - if (find_field_bool(data,"netscape-cert-type-smime-ca", PR_TRUE)) { - CertType |= (0x80 >> 6); - } - if (find_field_bool(data,"netscape-cert-type-object-signing-ca", PR_TRUE)) { - CertType |= (0x80 >> 7); - } - - bitStringValue.data = &CertType; - bitStringValue.len = 1; - - return (CERT_EncodeAndAddBitStrExtension - (extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue, - (find_field_bool(data, "netscape-cert-type-crit", PR_TRUE)))); -} - - -static SECStatus -add_IA5StringExtension(void *extHandle, - char *string, - PRBool crit, - int idtag) -{ - SECItem encodedValue; - SECStatus rv; - - encodedValue.data = NULL; - encodedValue.len = 0; - - rv = CERT_EncodeIA5TypeExtension(NULL, string, &encodedValue); - if (rv) { - return (rv); - } - return (CERT_AddExtension(extHandle, idtag, &encodedValue, crit, PR_TRUE)); -} - -static SECItem * -string_to_oid(char *string) -{ - int i; - int length = 20; - int remaining; - int first_value; - int second_value; - int value; - int oidLength; - unsigned char *oidString; - unsigned char *write; - unsigned char *read; - unsigned char *temp; - SECItem *oid; - - - remaining = length; - i = 0; - while (*string == ' ') { - string++; - } - while (isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '.') { - *(string + i) = '\0'; - } else { - error_out("ERROR: Improperly formated OID"); - } - first_value = atoi(string); - if (first_value < 0 || first_value > 2) { - error_out("ERROR: Improperly formated OID"); - } - string += i + 1; - i = 0; - while (isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '.') { - *(string + i) = '\0'; - } else { - error_out("ERROR: Improperly formated OID"); - } - second_value = atoi(string); - if (second_value < 0 || second_value > 39) { - error_out("ERROR: Improperly formated OID"); - } - oidString = PORT_ZAlloc(2); - *oidString = (first_value * 40) + second_value; - *(oidString + 1) = '\0'; - oidLength = 1; - string += i + 1; - i = 0; - temp = write = PORT_ZAlloc(length); - while (*string != '\0') { - value = 0; - while(isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '\0') { - value = atoi(string); - string += i; - } else { - if (*(string + i) == '.') { - *(string + i) = '\0'; - value = atoi(string); - string += i + 1; - } else { - *(string + i) = '\0'; - i++; - value = atoi(string); - while (*(string + i) == ' ') - i++; - if (*(string + i) != '\0') { - error_out("ERROR: Improperly formated OID"); - } - } - } - i = 0; - while (value != 0) { - if (remaining < 1) { - remaining += length; - length = length * 2; - temp = PORT_Realloc(temp, length); - write = temp + length - remaining; - } - *write = (value & 0x7f) | (0x80); - write++; - remaining--; - value = value >> 7; - } - *temp = *temp & (0x7f); - oidLength += write - temp; - oidString = PORT_Realloc(oidString, (oidLength + 1)); - read = write - 1; - write = oidLength + oidString - 1; - for (i = 0; i < (length - remaining); i++) { - *write = *read; - write--; - read++; - } - write = temp; - remaining = length; - } - *(oidString + oidLength) = '\0'; - oid = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); - oid->data = oidString; - oid->len = oidLength; - PORT_Free(temp); - return oid; -} - -static SECItem * -string_to_ipaddress(char *string) -{ - int i = 0; - int value; - int j = 0; - SECItem *ipaddress; - - - while (*string == ' ') { - string++; - } - ipaddress = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); - ipaddress->data = PORT_ZAlloc(9); - while (*string != '\0' && j < 8) { - while (isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '.') { - *(string + i) = '\0'; - value = atoi(string); - string = string + i + 1; - i = 0; - } else { - if (*(string + i) == '\0') { - value = atoi(string); - string = string + i; - i = 0; - } else { - *(string + i) = '\0'; - while (*(string + i) == ' ') { - i++; - } - if (*(string + i) == '\0') { - value = atoi(string); - string = string + i; - i = 0; - } else { - error_out("ERROR: Improperly formated IP Address"); - } - } - } - if (value >= 0 || value < 256) { - *(ipaddress->data + j) = value; - } else { - error_out("ERROR: Improperly formated IP Address"); - } - j++; - } - *(ipaddress->data + j) = '\0'; - if (j != 4 && j != 8) { - error_out("ERROR: Improperly formated IP Address"); - } - ipaddress->len = j; - return ipaddress; -} - -static SECItem * -string_to_binary(char *string) -{ - SECItem *rv; - int high_digit; - int low_digit; - - rv = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); - if (rv == NULL) { - error_allocate(); - } - rv->data = (unsigned char *) PORT_ZAlloc((PORT_Strlen(string))/3 + 2); - while (!isxdigit(*string)) { - string++; - } - rv->len = 0; - while (*string != '\0') { - if (isxdigit(*string)) { - if (*string >= '0' && *string <= '9') { - high_digit = *string - '0'; - } else { - *string = toupper(*string); - high_digit = *string - 'A'; - } - string++; - if (*string >= '0' && *string <= '9') { - low_digit = *string - '0'; - } else { - *string = toupper(*string); - low_digit = *string = 'A'; - } - (rv->len)++; - } else { - if (*string == ':') { - string++; - } else { - if (*string == ' ') { - while (*string == ' ') { - string++; - } - } - if (*string != '\0') { - error_out("ERROR: Improperly formated binary encoding"); - } - } - } - } - - return rv; -} - -static SECStatus -MakeGeneralName(char *name, - CERTGeneralName *genName, - PRArenaPool *arena) -{ - SECItem *oid; - SECOidData *oidData; - SECItem *ipaddress; - SECItem *temp = NULL; - int i; - int nameType; - PRBool binary = PR_FALSE; - SECStatus rv = SECSuccess; - PRBool nickname = PR_FALSE; - - PORT_Assert(genName); - PORT_Assert(arena); - nameType = *(name + PORT_Strlen(name) - 1) - '0'; - if (nameType == 0 && *(name +PORT_Strlen(name) - 2) == '1') { - nickname = PR_TRUE; - nameType = certOtherName; - } - if (nameType < 1 || nameType > 9) { - error_out("ERROR: Unknown General Name Type"); - } - *(name + PORT_Strlen(name) - 4) = '\0'; - genName->type = nameType; - - switch (genName->type) { - case certURI: - case certRFC822Name: - case certDNSName: { - genName->name.other.data = (unsigned char *)name; - genName->name.other.len = PORT_Strlen(name); - break; - } - - case certIPAddress: { - ipaddress = string_to_ipaddress(name); - genName->name.other.data = ipaddress->data; - genName->name.other.len = ipaddress->len; - break; - } - - case certRegisterID: { - oid = string_to_oid(name); - genName->name.other.data = oid->data; - genName->name.other.len = oid->len; - break; - } - - case certEDIPartyName: - case certX400Address: { - - genName->name.other.data = PORT_ArenaAlloc (arena, - PORT_Strlen (name) + 2); - if (genName->name.other.data == NULL) { - error_allocate(); - } - - PORT_Memcpy (genName->name.other.data + 2, name, PORT_Strlen (name)); - /* This may not be accurate for all cases. - For now, use this tag type */ - genName->name.other.data[0] = (char)(((genName->type - 1) & - 0x1f)| 0x80); - genName->name.other.data[1] = (char)PORT_Strlen (name); - genName->name.other.len = PORT_Strlen (name) + 2; - break; - } - - case certOtherName: { - i = 0; - if (!nickname) { - while (!isdigit(*(name + PORT_Strlen(name) - i))) { - i++; - } - if (*(name + PORT_Strlen(name) - i) == '1') { - binary = PR_TRUE; - } else { - binary = PR_FALSE; - } - while (*(name + PORT_Strlen(name) - i) != '-') { - i++; - } - *(name + PORT_Strlen(name) - i - 1) = '\0'; - i = 0; - while (*(name + i) != '-') { - i++; - } - *(name + i - 1) = '\0'; - oid = string_to_oid(name + i + 2); - } else { - oidData = SECOID_FindOIDByTag(SEC_OID_NETSCAPE_NICKNAME); - oid = &oidData->oid; - while (*(name + PORT_Strlen(name) - i) != '-') { - i++; - } - *(name + PORT_Strlen(name) - i) = '\0'; - } - genName->name.OthName.oid.data = oid->data; - genName->name.OthName.oid.len = oid->len; - if (binary) { - temp = string_to_binary(name); - genName->name.OthName.name.data = temp->data; - genName->name.OthName.name.len = temp->len; - } else { - temp = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); - if (temp == NULL) { - error_allocate(); - } - temp->data = (unsigned char *)name; - temp->len = PORT_Strlen(name); - SEC_ASN1EncodeItem (arena, &(genName->name.OthName.name), temp, - CERTIA5TypeTemplate); - } - PORT_Free(temp); - break; - } - - case certDirectoryName: { - CERTName *directoryName = NULL; - - directoryName = CERT_AsciiToName (name); - if (!directoryName) { - error_out("ERROR: Improperly formated alternative name"); - break; - } - rv = CERT_CopyName (arena, &genName->name.directoryName, - directoryName); - CERT_DestroyName (directoryName); - - break; - } - } - genName->l.next = &(genName->l); - genName->l.prev = &(genName->l); - return rv; -} - - -static CERTGeneralName * -MakeAltName(Pair *data, - char *which, - PRArenaPool *arena) -{ - CERTGeneralName *SubAltName; - CERTGeneralName *current; - CERTGeneralName *newname; - char *name = NULL; - SECStatus rv = SECSuccess; - int len; - - - len = PORT_Strlen(which); - name = find_field(data, which, PR_TRUE); - SubAltName = current = (CERTGeneralName *) PORT_ZAlloc - (sizeof(CERTGeneralName)); - if (current == NULL) { - error_allocate(); - } - while (name != NULL) { - - rv = MakeGeneralName(name, current, arena); - - if (rv != SECSuccess) { - break; - } - if (*(which + len -1) < '9') { - *(which + len - 1) = *(which + len - 1) + 1; - } else { - if (isdigit(*(which + len - 2) )) { - *(which + len - 2) = *(which + len - 2) + 1; - *(which + len - 1) = '0'; - } else { - *(which + len - 1) = '1'; - *(which + len) = '0'; - *(which + len + 1) = '\0'; - len++; - } - } - len = PORT_Strlen(which); - name = find_field(data, which, PR_TRUE); - if (name != NULL) { - newname = (CERTGeneralName *) PORT_ZAlloc(sizeof(CERTGeneralName)); - if (newname == NULL) { - error_allocate(); - } - current->l.next = &(newname->l); - newname->l.prev = &(current->l); - current = newname; - newname = NULL; - } else { - current->l.next = &(SubAltName->l); - SubAltName->l.prev = &(current->l); - } - } - if (rv == SECFailure) { - return NULL; - } - return SubAltName; -} - -static CERTNameConstraints * -MakeNameConstraints(Pair *data, - PRArenaPool *arena) -{ - CERTNameConstraints *NameConstraints; - CERTNameConstraint *current = NULL; - CERTNameConstraint *last_permited = NULL; - CERTNameConstraint *last_excluded = NULL; - char *constraint = NULL; - char *which; - SECStatus rv = SECSuccess; - int len; - int i; - long max; - long min; - PRBool permited; - - - NameConstraints = (CERTNameConstraints *) PORT_ZAlloc - (sizeof(CERTNameConstraints)); - which = make_copy_string("NameConstraintSelect0", 25,'\0'); - len = PORT_Strlen(which); - constraint = find_field(data, which, PR_TRUE); - NameConstraints->permited = NameConstraints->excluded = NULL; - while (constraint != NULL) { - current = (CERTNameConstraint *) PORT_ZAlloc - (sizeof(CERTNameConstraint)); - if (current == NULL) { - error_allocate(); - } - i = 0; - while (*(constraint + PORT_Strlen(constraint) - i) != '-') { - i++; - } - *(constraint + PORT_Strlen(constraint) - i - 1) = '\0'; - max = (long) atoi(constraint + PORT_Strlen(constraint) + 3); - if (max > 0) { - (void) SEC_ASN1EncodeInteger(arena, ¤t->max, max); - } - i = 0; - while (*(constraint + PORT_Strlen(constraint) - i) != '-') { - i++; - } - *(constraint + PORT_Strlen(constraint) - i - 1) = '\0'; - min = (long) atoi(constraint + PORT_Strlen(constraint) + 3); - (void) SEC_ASN1EncodeInteger(arena, ¤t->min, min); - while (*(constraint + PORT_Strlen(constraint) - i) != '-') { - i++; - } - *(constraint + PORT_Strlen(constraint) - i - 1) = '\0'; - if (*(constraint + PORT_Strlen(constraint) + 3) == 'p') { - permited = PR_TRUE; - } else { - permited = PR_FALSE; - } - rv = MakeGeneralName(constraint, &(current->name), arena); - - if (rv != SECSuccess) { - break; - } - if (*(which + len - 1) < '9') { - *(which + len - 1) = *(which + len - 1) + 1; - } else { - if (isdigit(*(which + len - 2) )) { - *(which + len - 2) = *(which + len - 2) + 1; - *(which + len - 1) = '0'; - } else { - *(which + len - 1) = '1'; - *(which + len) = '0'; - *(which + len + 1) = '\0'; - len++; - } - } - len = PORT_Strlen(which); - if (permited) { - if (NameConstraints->permited == NULL) { - NameConstraints->permited = last_permited = current; - } - last_permited->l.next = &(current->l); - current->l.prev = &(last_permited->l); - last_permited = current; - } else { - if (NameConstraints->excluded == NULL) { - NameConstraints->excluded = last_excluded = current; - } - last_excluded->l.next = &(current->l); - current->l.prev = &(last_excluded->l); - last_excluded = current; - } - constraint = find_field(data, which, PR_TRUE); - if (constraint != NULL) { - current = (CERTNameConstraint *) PORT_ZAlloc(sizeof(CERTNameConstraint)); - if (current == NULL) { - error_allocate(); - } - } - } - if (NameConstraints->permited != NULL) { - last_permited->l.next = &(NameConstraints->permited->l); - NameConstraints->permited->l.prev = &(last_permited->l); - } - if (NameConstraints->excluded != NULL) { - last_excluded->l.next = &(NameConstraints->excluded->l); - NameConstraints->excluded->l.prev = &(last_excluded->l); - } - if (which != NULL) { - PORT_Free(which); - } - if (rv == SECFailure) { - return NULL; - } - return NameConstraints; -} - - - -static SECStatus -AddAltName(void *extHandle, - Pair *data, - char *issuerNameStr, - CERTCertDBHandle *handle, - int type) -{ - PRBool autoIssuer = PR_FALSE; - PRArenaPool *arena = NULL; - CERTGeneralName *genName = NULL; - char *which = NULL; - char *name = NULL; - SECStatus rv = SECSuccess; - SECItem *issuersAltName = NULL; - CERTCertificate *issuerCert = NULL; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - error_allocate(); - } - if (type == 0) { - which = make_copy_string("SubAltNameSelect0", 20,'\0'); - genName = MakeAltName(data, which, arena); - } else { - if (autoIssuer) { - autoIssuer = find_field_bool(data,"IssuerAltNameSourceRadio-auto", - PR_TRUE); - issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); - rv = cert_FindExtension((*issuerCert).extensions, - SEC_OID_X509_SUBJECT_ALT_NAME, - issuersAltName); - if (issuersAltName == NULL) { - name = PORT_Alloc(PORT_Strlen((*issuerCert).subjectName) + 4); - PORT_Strcpy(name, (*issuerCert).subjectName); - PORT_Strcat(name, " - 5"); - } - } else { - which = make_copy_string("IssuerAltNameSelect0", 20,'\0'); - genName = MakeAltName(data, which, arena); - } - } - if (type == 0) { - EncodeAndAddExtensionValue(arena, extHandle, genName, - find_field_bool(data, "SubAltName-crit", - PR_TRUE), - SEC_OID_X509_SUBJECT_ALT_NAME, - (EXTEN_VALUE_ENCODER) - CERT_EncodeAltNameExtension); - - } else { - if (autoIssuer && (name == NULL)) { - rv = CERT_AddExtension - (extHandle, SEC_OID_X509_ISSUER_ALT_NAME, issuersAltName, - find_field_bool(data, "IssuerAltName-crit", PR_TRUE), PR_TRUE); - } else { - EncodeAndAddExtensionValue(arena, extHandle, genName, - find_field_bool(data, - "IssuerAltName-crit", - PR_TRUE), - SEC_OID_X509_ISSUER_ALT_NAME, - (EXTEN_VALUE_ENCODER) - CERT_EncodeAltNameExtension); - } - } - if (which != NULL) { - PORT_Free(which); - } - if (issuerCert != NULL) { - CERT_DestroyCertificate(issuerCert); - } - return rv; -} - - -static SECStatus -AddNameConstraints(void *extHandle, - Pair *data) -{ - PRArenaPool *arena = NULL; - CERTNameConstraints *constraints = NULL; - SECStatus rv = SECSuccess; - - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - error_allocate(); - } - constraints = MakeNameConstraints(data, arena); - if (constraints != NULL) { - EncodeAndAddExtensionValue(arena, extHandle, constraints, PR_TRUE, - SEC_OID_X509_NAME_CONSTRAINTS, - (EXTEN_VALUE_ENCODER) - CERT_EncodeNameConstraintsExtension); - } - if (arena != NULL) { - PORT_ArenaRelease (arena, NULL); - } - return rv; -} - - -static SECStatus -add_extensions(CERTCertificate *subjectCert, - Pair *data, - char *issuerNameStr, - CERTCertDBHandle *handle) -{ - void *extHandle; - SECStatus rv = SECSuccess; - - - extHandle = CERT_StartCertExtensions (subjectCert); - if (extHandle == NULL) { - error_out("ERROR: Unable to get certificates extension handle"); - } - if (find_field_bool(data, "keyUsage", PR_TRUE)) { - rv = AddKeyUsage(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Key Usage extension"); - } - } - - if( find_field_bool(data, "extKeyUsage", PR_TRUE) ) { - rv = AddExtKeyUsage(extHandle, data); - if( SECSuccess != rv ) { - error_out("ERROR: Unable to add Extended Key Usage extension"); - } - } - - if (find_field_bool(data, "basicConstraints", PR_TRUE)) { - rv = AddBasicConstraint(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Basic Constraint extension"); - } - } - if (find_field_bool(data, "subjectKeyIdentifier", PR_TRUE)) { - rv = AddSubKeyID(extHandle, data, subjectCert); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Subject Key Identifier Extension"); - } - } - if (find_field_bool(data, "authorityKeyIdentifier", PR_TRUE)) { - rv = AddAuthKeyID (extHandle, data, issuerNameStr, handle); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Authority Key Identifier extension"); - } - } - if (find_field_bool(data, "privKeyUsagePeriod", PR_TRUE)) { - rv = AddPrivKeyUsagePeriod (extHandle, data, subjectCert); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Private Key Usage Period extension"); - } - } - if (find_field_bool(data, "SubAltName", PR_TRUE)) { - rv = AddAltName (extHandle, data, NULL, NULL, 0); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Subject Alternative Name extension"); - } - } - if (find_field_bool(data, "IssuerAltName", PR_TRUE)) { - rv = AddAltName (extHandle, data, issuerNameStr, handle, 1); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Issuer Alternative Name Extension"); - } - } - if (find_field_bool(data, "NameConstraints", PR_TRUE)) { - rv = AddNameConstraints(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Name Constraints Extension"); - } - } - if (find_field_bool(data, "netscape-cert-type", PR_TRUE)) { - rv = AddNscpCertType(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Certificate Type Extension"); - } - } - if (find_field_bool(data, "netscape-base-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, "netscape-base-url-text", - PR_TRUE), - find_field_bool(data, - "netscape-base-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_BASE_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Base URL Extension"); - } - } - if (find_field_bool(data, "netscape-revocation-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-revocation-url-text", - PR_TRUE), - find_field_bool - (data, "netscape-revocation-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_REVOCATION_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Revocation URL Extension"); - } - } - if (find_field_bool(data, "netscape-ca-revocation-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-ca-revocation-url-text", - PR_TRUE), - find_field_bool - (data, "netscape-ca-revocation-url-crit" - , PR_TRUE), - SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape CA Revocation URL Extension"); - } - } - if (find_field_bool(data, "netscape-cert-renewal-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-cert-renewal-url-text", - PR_TRUE), - find_field_bool - (data, "netscape-cert-renewal-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Certificate Renewal URL Extension"); - } - } - if (find_field_bool(data, "netscape-ca-policy-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-ca-policy-url-text", - PR_TRUE), - find_field_bool - (data, "netscape-ca-policy-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_CA_POLICY_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape CA Policy URL Extension"); - } - } - if (find_field_bool(data, "netscape-ssl-server-name", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-ssl-server-name-text", - PR_TRUE), - find_field_bool - (data, "netscape-ssl-server-name-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape SSL Server Name Extension"); - } - } - if (find_field_bool(data, "netscape-comment", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, "netscape-comment-text", - PR_TRUE), - find_field_bool(data, - "netscape-comment-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_COMMENT); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Comment Extension"); - } - } - CERT_FinishExtensions(extHandle); - return (rv); -} - - - -char * -return_dbpasswd(PK11SlotInfo *slot, PRBool retry, void *data) -{ - char *rv; - - /* don't clobber our poor smart card */ - if (retry == PR_TRUE) { - return NULL; - } - rv = PORT_Alloc(4); - PORT_Strcpy(rv, "foo"); - return rv; -} - - -SECKEYPrivateKey * -FindPrivateKeyFromNameStr(char *name, - CERTCertDBHandle *certHandle) -{ - SECKEYPrivateKey *key; - CERTCertificate *cert; - CERTCertificate *p11Cert; - - - /* We don't presently have a PK11 function to find a cert by - ** subject name. - ** We do have a function to find a cert in the internal slot's - ** cert db by subject name, but it doesn't setup the slot info. - ** So, this HACK works, but should be replaced as soon as we - ** have a function to search for certs accross slots by subject name. - */ - cert = CERT_FindCertByNameString(certHandle, name); - if (cert == NULL || cert->nickname == NULL) { - error_out("ERROR: Unable to retrieve issuers certificate"); - } - p11Cert = PK11_FindCertFromNickname(cert->nickname, NULL); - if (p11Cert == NULL) { - error_out("ERROR: Unable to retrieve issuers certificate"); - } - key = PK11_FindKeyByAnyCert(p11Cert, NULL); - return key; -} - -static SECItem * -SignCert(CERTCertificate *cert, - char *issuerNameStr, - Pair *data, - CERTCertDBHandle *handle, - int which_key) -{ - SECItem der; - SECKEYPrivateKey *caPrivateKey = NULL; - SECStatus rv; - PRArenaPool *arena; - SECOidTag algID; - - if (which_key == 0) { - caPrivateKey = FindPrivateKeyFromNameStr(issuerNameStr, handle); - } else { - caPrivateKey = privkeys[which_key - 1]; - } - if (caPrivateKey == NULL) { - error_out("ERROR: unable to retrieve issuers key"); - } - - arena = cert->arena; - - algID = SEC_GetSignatureAlgorithmOidTag(caPrivateKey->keyType, - SEC_OID_UNKNOWN); - if (algID == SEC_OID_UNKNOWN) { - error_out("ERROR: Unknown key type for issuer."); - goto done; - } - - rv = SECOID_SetAlgorithmID(arena, &cert->signature, algID, 0); - if (rv != SECSuccess) { - error_out("ERROR: Could not set signature algorithm id."); - } - - if (find_field_bool(data,"ver-1", PR_TRUE)) { - *(cert->version.data) = 0; - cert->version.len = 1; - } else { - *(cert->version.data) = 2; - cert->version.len = 1; - } - der.data = NULL; - der.len = 0; - (void) SEC_ASN1EncodeItem (arena, &der, cert, CERT_CertificateTemplate); - if (der.data == NULL) { - error_out("ERROR: Could not encode certificate.\n"); - } - rv = SEC_DerSignData (arena, &(cert->derCert), der.data, der.len, caPrivateKey, - algID); - if (rv != SECSuccess) { - error_out("ERROR: Could not sign encoded certificate data.\n"); - } -done: - SECKEY_DestroyPrivateKey(caPrivateKey); - return &(cert->derCert); -} - - -int -main(int argc, char **argv) -{ - int length = 500; - int remaining = 500; - int n; - int i; - int serial; - int chainLen; - int which_key; - char *pos; -#ifdef OFFLINE - char *form_output = "key=MIIBPTCBpzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7SLqjWBL9Wl11Vlg%0AaMqZCvcQOL%2FnvSqYPPRP0XZy9SoAeyWzQnBOiCm2t8H5mK7r2jnKdAQOmfhjaJil%0A3hNVu3SekHOXF6Ze7bkWa6%2FSGVcY%2FojkydxFSgY43nd1iydzPQDp8WWLL%2BpVpt%2B%2B%0ATRhFtVXbF0fQI03j9h3BoTgP2lkCAwEAARYDZm9vMA0GCSqGSIb3DQEBBAUAA4GB%0AAJ8UfRKJ0GtG%2B%2BufCC6tAfTzKrq3CTBHnom55EyXcsAsv6WbDqI%2F0rLAPkn2Xo1r%0AnNhtMxIuj441blMt%2Fa3AGLOy5zmC7Qawt8IytvQikQ1XTpTBCXevytrmLjCmlURr%0ANJryTM48WaMQHiMiJpbXCqVJC1d%2FpEWBtqvALzZaOOIy&subject=CN%3D%22test%22%26serial-auto%3Dtrue%26serial_value%3D%26ver-1%3Dtrue%26ver-3%3Dfalse%26caChoiceradio-SignWithDefaultkey%3Dtrue%26caChoiceradio-SignWithRandomChain%3Dfalse%26autoCAs%3D%26caChoiceradio-SignWithSpecifiedChain%3Dfalse%26manCAs%3D%26%24"; -#else - char *form_output; -#endif - char *issuerNameStr; - char *certName; - char *DBdir = DB_DIRECTORY; - char *prefixs[10] = {"CA#1-", "CA#2-", "CA#3-", - "CA#4-", "CA#5-", "CA#6-", - "CA#7-", "CA#8-", "CA#9-", ""}; - Pair *form_data; - CERTCertificate *cert; - CERTCertDBHandle *handle; - CERTCertificateRequest *certReq = NULL; - int warpmonths = 0; - SECItem *certDER; -#ifdef FILEOUT - FILE *outfile; -#endif - SECStatus status = SECSuccess; - extern char prefix[PREFIX_LEN]; - SEC_PKCS7ContentInfo *certChain; - SECItem *encodedCertChain; - PRBool UChain = PR_FALSE; - - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - -#ifdef TEST - sleep(20); -#endif - SECU_ConfigDirectory(DBdir); - - PK11_SetPasswordFunc(return_dbpasswd); - status = NSS_InitReadWrite(DBdir); - if (status != SECSuccess) { - SECU_PrintPRandOSError(progName); - return -1; - } - handle = CERT_GetDefaultCertDB(); - - prefix[0]= '\0'; -#if !defined(OFFLINE) - form_output = (char*) PORT_Alloc(length); - if (form_output == NULL) { - error_allocate(); - } - pos = form_output; - while (feof(stdin) == 0 ) { - if (remaining <= 1) { - remaining += length; - length = length * 2; - form_output = PORT_Realloc(form_output, (length)); - if (form_output == NULL) { - error_allocate(); - } - pos = form_output + length - remaining; - } - n = fread(pos, 1, (size_t) (remaining - 1), stdin); - pos += n; - remaining -= n; - } - *pos = '&'; - pos++; - length = pos - form_output; -#else - length = PORT_Strlen(form_output); -#endif -#ifdef FILEOUT - printf("Content-type: text/plain\n\n"); - fwrite(form_output, 1, (size_t)length, stdout); - printf("\n"); -#endif -#ifdef FILEOUT - fwrite(form_output, 1, (size_t)length, stdout); - printf("\n"); - fflush(stdout); -#endif - form_data = make_datastruct(form_output, length); - status = clean_input(form_data); -#if !defined(OFFLINE) - PORT_Free(form_output); -#endif -#ifdef FILEOUT - i = 0; - while(return_name(form_data, i) != NULL) { - printf("%s",return_name(form_data,i)); - printf("=\n"); - printf("%s",return_data(form_data,i)); - printf("\n"); - i++; - } - printf("I got that done, woo hoo\n"); - fflush(stdout); -#endif - issuerNameStr = PORT_Alloc(200); - if (find_field_bool(form_data, "caChoiceradio-SignWithSpecifiedChain", - PR_FALSE)) { - UChain = PR_TRUE; - chainLen = atoi(find_field(form_data, "manCAs", PR_FALSE)); - PORT_Strcpy(prefix, prefixs[0]); - issuerNameStr = PORT_Strcpy(issuerNameStr, - "CN=Cert-O-Matic II, O=Cert-O-Matic II"); - if (chainLen == 0) { - UChain = PR_FALSE; - } - } else { - if (find_field_bool(form_data, "caChoiceradio-SignWithRandomChain", - PR_FALSE)) { - PORT_Strcpy(prefix,prefixs[9]); - chainLen = atoi(find_field(form_data, "autoCAs", PR_FALSE)); - if (chainLen < 1 || chainLen > 18) { - issuerNameStr = PORT_Strcpy(issuerNameStr, - "CN=CA18, O=Cert-O-Matic II"); - } - issuerNameStr = PORT_Strcpy(issuerNameStr, "CN=CA"); - issuerNameStr = PORT_Strcat(issuerNameStr, - find_field(form_data,"autoCAs", PR_FALSE)); - issuerNameStr = PORT_Strcat(issuerNameStr,", O=Cert-O-Matic II"); - } else { - issuerNameStr = PORT_Strcpy(issuerNameStr, - "CN=Cert-O-Matic II, O=Cert-O-Matic II"); - } - chainLen = 0; - } - - i = -1; - which_key = 0; - do { - extern SECStatus cert_GetKeyID(CERTCertificate *cert); - i++; - if (i != 0 && UChain) { - PORT_Strcpy(prefix, prefixs[i]); - } - /* find_field(form_data,"subject", PR_TRUE); */ - certReq = makeCertReq(form_data, which_key); -#ifdef OFFLINE - serial = 900; -#else - serial = get_serial_number(form_data); -#endif - cert = MakeV1Cert(handle, certReq, issuerNameStr, PR_FALSE, - serial, warpmonths, form_data); - if (certReq != NULL) { - CERT_DestroyCertificateRequest(certReq); - } - if (find_field_bool(form_data,"ver-3", PR_TRUE)) { - status = add_extensions(cert, form_data, issuerNameStr, handle); - if (status != SECSuccess) { - error_out("ERROR: Unable to add extensions"); - } - } - status = cert_GetKeyID(cert); - if (status == SECFailure) { - error_out("ERROR: Unable to get Key ID."); - } - certDER = SignCert(cert, issuerNameStr, form_data, handle, which_key); - CERT_NewTempCertificate(handle, certDER, NULL, PR_FALSE, PR_TRUE); - issuerNameStr = find_field(form_data, "subject", PR_TRUE); - /* SECITEM_FreeItem(certDER, PR_TRUE); */ - CERT_DestroyCertificate(cert); - if (i == (chainLen - 1)) { - i = 8; - } - ++which_key; - } while (i < 9 && UChain); - - - -#ifdef FILEOUT - outfile = fopen("../certout", "wb"); -#endif - certName = find_field(form_data, "subject", PR_FALSE); - cert = CERT_FindCertByNameString(handle, certName); - certChain = SEC_PKCS7CreateCertsOnly (cert, PR_TRUE, handle); - if (certChain == NULL) { - error_out("ERROR: No certificates in cert chain"); - } - encodedCertChain = SEC_PKCS7EncodeItem (NULL, NULL, certChain, NULL, NULL, - NULL); - if (encodedCertChain) { -#if !defined(FILEOUT) - printf("Content-type: application/x-x509-user-cert\r\n"); - printf("Content-length: %d\r\n\r\n", encodedCertChain->len); - fwrite (encodedCertChain->data, 1, encodedCertChain->len, stdout); -#else - fwrite (encodedCertChain->data, 1, encodedCertChain->len, outfile); -#endif - - } else { - error_out("Error: Unable to DER encode certificate"); - } -#ifdef FILEOUT - printf("\nI got here!\n"); - fflush(outfile); - fclose(outfile); -#endif - fflush(stdout); - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - return 0; -} - diff --git a/security/nss/cmd/certcgi/index.html b/security/nss/cmd/certcgi/index.html deleted file mode 100644 index 2909dd0cf8..0000000000 --- a/security/nss/cmd/certcgi/index.html +++ /dev/null @@ -1,821 +0,0 @@ - - - - - - - -Cert-O-Matic - - - - - diff --git a/security/nss/cmd/certcgi/main.html b/security/nss/cmd/certcgi/main.html deleted file mode 100644 index 8a04ef9d61..0000000000 --- a/security/nss/cmd/certcgi/main.html +++ /dev/null @@ -1,108 +0,0 @@ - - - - Main Layer for CertOMatic - - -
- - - - - - - - - - - - - - - - - - - - - - -
- Common Name:

- 		- Organization:

- MAIL= - - E= - - - - Organizational Unit:

- UID=

- Locality:

- State or Province:

- Country:

- Serial Number: -
Auto Generate -
- Use this hex value: 

-
- X.509 version: -
Version 1 -
Version 3

- Key Type: -
RSA -
DSA

- Intermediate CA Key Sizes: -
-
- Validity: -
- Generate Automatically -
Use these values: -
Not Before:  -
Not After:    -
         - YYMMDDhhmm[ss]{Z|+hhmm|-hhmm} -
- DN:

-
- diff --git a/security/nss/cmd/certcgi/manifest.mn b/security/nss/cmd/certcgi/manifest.mn deleted file mode 100644 index 057f2596d1..0000000000 --- a/security/nss/cmd/certcgi/manifest.mn +++ /dev/null @@ -1,54 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIREd. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = certcgi.c - -PROGRAM = certcgi - -USE_STATIC_LIBS = 1 - diff --git a/security/nss/cmd/certcgi/nscp_ext_form.html b/security/nss/cmd/certcgi/nscp_ext_form.html deleted file mode 100644 index bc94ab3a2d..0000000000 --- a/security/nss/cmd/certcgi/nscp_ext_form.html +++ /dev/null @@ -1,116 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - -
- Netscape Certificate Type:

- Activate extension:

- Critical: - 		- SSL Client

- SSL Server

- S/MIME

- Object Signing

- Reserved for future use (bit 4)

- SSL CA

- S/MIME CA

- Object Signing CA

-
- Netscape Base URL:

- Activate extension:

- Critical: - 		- -
- Netscape Revocation URL:

- Activate extension:

- Critical: - 		- -
- Netscape CA Revocation URL:

- Activate extension:

- Critical: - 		- -
- Netscape Certificate Renewal URL:

- Activate extension:

- Critical: - 		- -
- Netscape CA Policy URL:

- Activate extension:

- Critical: - 		- -
- Netscape SSL Server Name:

- Activate extension:

- Critical: - 		- -
- Netscape Comment:

- Activate extension:

- Critical: - 		- -
- - diff --git a/security/nss/cmd/certcgi/stnd_ext_form.html b/security/nss/cmd/certcgi/stnd_ext_form.html deleted file mode 100644 index de5d795ba2..0000000000 --- a/security/nss/cmd/certcgi/stnd_ext_form.html +++ /dev/null @@ -1,250 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Key Usage:

- Activate extension:

- Critical: - 		- Digital Signature

- Non Repudiation

- Key Encipherment

- Data Encipherment

- Key Agreement

- Key Certificate Signing

- CRL Signing

-
- Extended Key Usage:

- Activate extension:

- Critical: - 		- Server Auth

- Client Auth

- Code Signing

- Email Protection

- Timestamp

- OCSP Responder

- Step-up

-
- Basic Constraints:

- Activate extension:

- Critical: - 		- CA:

-
True

-
False

- - Include Path length:

-
- Authority Key Identifier:

- Activate extension: - 		- Key Identider

- Issuer Name and Serial number

-
- Subject Key Identifier:

- Activate extension: - 		- Key Identifier: -

- This is an:

-

ascii text value

-

hex value

-

- Private Key Usage Period:

- Activate extension:

- Critical: - 		- Use:

-
Not Before

-
Not After

-
Both

- Not to be used to sign before:

-
Set to time of certificate issue

-
Use This value

-
(YYYY/MM/DD HH:MM:SS): - / - / - - : - : -

- Not to be used to sign after:

-
(YYYY/MM/DD HH:MM:SS): - / - / - - : - : -

-
- Subject Alternative Name:

- Activate extension:

- Critical: - 		- - - -
- General Names:

-

- - - 		- -
- Name Type:
- Other Name, - OID: - RFC 822 Name
- DNS Name - X400 Address
- Directory Name - EDI Party Name
- Uniform Resource Locator - IP Address
- Registered ID - Netscape Certificate Nickname
- Name: - Binary Encoded:

-
-
- Issuer Alternative Name:

- Activate extension:

- Critical: - 		- Use the Subject Alternative Name from the Issuers Certificate

- Use this Name: - - - -
- General Names:

-

- - - 		- -
- Name Type:
- Other Name, - OID: - RFC 822 Name
- DNS Name - X400 Address
- Directory Name - EDI Party Name
- Uniform Resource Locator - IP Address
- Registered ID
- Name: - Binary Encoded:

-
-
- Name Constraints:

- Activate extension:

- 		- - - -
- Name Constraints:

-

- - - 		- -
- Name Type:
- Other Name, - OID: - RFC 822 Name
- DNS Name - X400 Address
- Directory Name - EDI Party Name
- Uniform Resource Locator - IP Address
- Registered ID
- Name: - Binary Encoded:

- Constraint type:

-

permited

-

excluded

- Minimum:

- Maximum:

-
-
- - - - - - - - - - diff --git a/security/nss/cmd/certutil/Makefile b/security/nss/cmd/certutil/Makefile deleted file mode 100644 index fe7991878f..0000000000 --- a/security/nss/cmd/certutil/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/certutil/certext.c b/security/nss/cmd/certutil/certext.c deleted file mode 100644 index 97399c7503..0000000000 --- a/security/nss/cmd/certutil/certext.c +++ /dev/null @@ -1,1817 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * Dr Vipul Gupta , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* -** certext.c -** -** part of certutil for managing certificates extensions -** -*/ -#include -#include -#include - -#if defined(WIN32) -#include "fcntl.h" -#include "io.h" -#endif - -#include "secutil.h" - -#if defined(XP_UNIX) -#include -#endif - -#include "cert.h" -#include "xconst.h" -#include "prprf.h" -#include "certutil.h" - -#define GEN_BREAK(e) rv=e; break; - -static char * -Gets_s(char *buff, size_t size) { - char *str; - - if (buff == NULL || size < 1) { - PORT_Assert(0); - return NULL; - } - if ((str = fgets(buff, size, stdin)) != NULL) { - int len = PORT_Strlen(str); - /* - * fgets() automatically converts native text file - * line endings to '\n'. As defensive programming - * (just in case fgets has a bug or we put stdin in - * binary mode by mistake), we handle three native - * text file line endings here: - * '\n' Unix (including Linux and Mac OS X) - * '\r''\n' DOS/Windows & OS/2 - * '\r' Mac OS Classic - * len can not be less then 1, since in case with - * empty string it has at least '\n' in the buffer - */ - if (buff[len - 1] == '\n' || buff[len - 1] == '\r') { - buff[len - 1] = '\0'; - if (len > 1 && buff[len - 2] == '\r') - buff[len - 2] = '\0'; - } - } else { - buff[0] = '\0'; - } - return str; -} - - -static SECStatus -PrintChoicesAndGetAnswer(char* str, char* rBuff, int rSize) -{ - fprintf(stdout, str); - fprintf(stdout, " > "); - fflush (stdout); - if (Gets_s(rBuff, rSize) == NULL) { - PORT_SetError(SEC_ERROR_INPUT_LEN); - return SECFailure; - } - return SECSuccess; -} - -static CERTGeneralName * -GetGeneralName (PRArenaPool *arena) -{ - CERTGeneralName *namesList = NULL; - CERTGeneralName *current; - CERTGeneralName *tail = NULL; - SECStatus rv = SECSuccess; - int intValue; - char buffer[512]; - void *mark; - - PORT_Assert (arena); - mark = PORT_ArenaMark (arena); - do { - if (PrintChoicesAndGetAnswer( - "\nSelect one of the following general name type: \n" - "\t2 - rfc822Name\n" - "\t3 - dnsName\n" - "\t5 - directoryName\n" - "\t7 - uniformResourceidentifier\n" - "\t8 - ipAddress\n" - "\t9 - registerID\n" - "\tAny other number to finish\n" - "\t\tChoice:", buffer, sizeof(buffer)) == SECFailure) { - GEN_BREAK (SECFailure); - } - intValue = PORT_Atoi (buffer); - /* - * Should use ZAlloc instead of Alloc to avoid problem with garbage - * initialized pointers in CERT_CopyName - */ - switch (intValue) { - case certRFC822Name: - case certDNSName: - case certDirectoryName: - case certURI: - case certIPAddress: - case certRegisterID: - break; - default: - intValue = 0; /* force a break for anything else */ - } - - if (intValue == 0) - break; - - if (namesList == NULL) { - namesList = current = tail = - PORT_ArenaZNew(arena, CERTGeneralName); - } else { - current = PORT_ArenaZNew(arena, CERTGeneralName); - } - if (current == NULL) { - GEN_BREAK (SECFailure); - } - - current->type = intValue; - puts ("\nEnter data:"); - fflush (stdout); - if (Gets_s (buffer, sizeof(buffer)) == NULL) { - PORT_SetError(SEC_ERROR_INPUT_LEN); - GEN_BREAK (SECFailure); - } - switch (current->type) { - case certURI: - case certDNSName: - case certRFC822Name: - current->name.other.data = - PORT_ArenaAlloc (arena, strlen (buffer)); - if (current->name.other.data == NULL) { - GEN_BREAK (SECFailure); - } - PORT_Memcpy(current->name.other.data, buffer, - current->name.other.len = strlen(buffer)); - break; - - case certEDIPartyName: - case certIPAddress: - case certOtherName: - case certRegisterID: - case certX400Address: { - - current->name.other.data = - PORT_ArenaAlloc (arena, strlen (buffer) + 2); - if (current->name.other.data == NULL) { - GEN_BREAK (SECFailure); - } - - PORT_Memcpy (current->name.other.data + 2, buffer, - strlen (buffer)); - /* This may not be accurate for all cases. For now, - * use this tag type */ - current->name.other.data[0] = - (char)(((current->type - 1) & 0x1f)| 0x80); - current->name.other.data[1] = (char)strlen (buffer); - current->name.other.len = strlen (buffer) + 2; - break; - } - - case certDirectoryName: { - CERTName *directoryName = NULL; - - directoryName = CERT_AsciiToName (buffer); - if (!directoryName) { - fprintf(stderr, "certutil: improperly formatted name: " - "\"%s\"\n", buffer); - break; - } - - rv = CERT_CopyName (arena, ¤t->name.directoryName, - directoryName); - CERT_DestroyName (directoryName); - - break; - } - } - if (rv != SECSuccess) - break; - current->l.next = &(namesList->l); - current->l.prev = &(tail->l); - tail->l.next = &(current->l); - tail = current; - - }while (1); - - if (rv != SECSuccess) { - PORT_ArenaRelease (arena, mark); - namesList = NULL; - } - return (namesList); -} - -static SECStatus -GetString(PRArenaPool *arena, char *prompt, SECItem *value) -{ - char buffer[251]; - char *buffPrt; - - buffer[0] = '\0'; - value->data = NULL; - value->len = 0; - - puts (prompt); - buffPrt = Gets_s (buffer, sizeof(buffer)); - /* returned NULL here treated the same way as empty string */ - if (buffPrt && strlen (buffer) > 0) { - value->data = PORT_ArenaAlloc (arena, strlen (buffer)); - if (value->data == NULL) { - PORT_SetError (SEC_ERROR_NO_MEMORY); - return (SECFailure); - } - PORT_Memcpy (value->data, buffer, value->len = strlen(buffer)); - } - return (SECSuccess); -} - -static PRBool -GetYesNo(char *prompt) -{ - char buf[3]; - char *buffPrt; - - buf[0] = 'n'; - puts(prompt); - buffPrt = Gets_s(buf, sizeof(buf)); - return (buffPrt && (buf[0] == 'y' || buf[0] == 'Y')) ? PR_TRUE : PR_FALSE; -} - -/* Parses comma separated values out of the string pointed by nextPos. - * Parsed value is compared to an array of possible values(valueArray). - * If match is found, a value index is returned, otherwise returns SECFailue. - * nextPos is set to the token after found comma separator or to NULL. - * NULL in nextPos should be used as indication of the last parsed token. - * A special value "critical" can be parsed out from the supplied sting.*/ - -static SECStatus -parseNextCmdInput(const char * const *valueArray, int *value, char **nextPos, - PRBool *critical) -{ - char *thisPos = *nextPos; - int keyLen = 0; - int arrIndex = 0; - - if (!valueArray || !value || !nextPos || !critical) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - while (1) { - if ((*nextPos = strchr(thisPos, ',')) == NULL) { - keyLen = strlen(thisPos); - } else { - keyLen = *nextPos - thisPos; - *nextPos += 1; - } - /* if critical keyword is found, go for another loop, - * but check, if it is the last keyword of - * the string.*/ - if (!strncmp("critical", thisPos, keyLen)) { - *critical = PR_TRUE; - if (*nextPos == NULL) { - return SECSuccess; - } - thisPos = *nextPos; - continue; - } - break; - } - for (arrIndex = 0; valueArray[arrIndex]; arrIndex++) { - if (!strncmp(valueArray[arrIndex], thisPos, keyLen)) { - *value = arrIndex; - return SECSuccess; - } - } - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; -} - -static const char * const -keyUsageKeyWordArray[] = { "digitalSignature", - "nonRepudiation", - "keyEncipherment", - "dataEncipherment", - "keyAgreement", - "certSigning", - "crlSigning", - NULL}; - -static SECStatus -AddKeyUsage (void *extHandle, const char *userSuppliedValue) -{ - SECItem bitStringValue; - unsigned char keyUsage = 0x0; - char buffer[5]; - int value; - char *nextPos = (char*)userSuppliedValue; - PRBool isCriticalExt = PR_FALSE; - - if (!userSuppliedValue) { - while (1) { - if (PrintChoicesAndGetAnswer( - "\t\t0 - Digital Signature\n" - "\t\t1 - Non-repudiation\n" - "\t\t2 - Key encipherment\n" - "\t\t3 - Data encipherment\n" - "\t\t4 - Key agreement\n" - "\t\t5 - Cert signing key\n" - "\t\t6 - CRL signing key\n" - "\t\tOther to finish\n", - buffer, sizeof(buffer)) == SECFailure) { - return SECFailure; - } - value = PORT_Atoi (buffer); - if (value < 0 || value > 6) - break; - if (value == 0) { - /* Checking that zero value of variable 'value' - * corresponds to '0' input made by user */ - char *chPtr = strchr(buffer, '0'); - if (chPtr == NULL) { - continue; - } - } - keyUsage |= (0x80 >> value); - } - isCriticalExt = GetYesNo("Is this a critical extension [y/N]?"); - } else { - while (1) { - if (parseNextCmdInput(keyUsageKeyWordArray, &value, &nextPos, - &isCriticalExt) == SECFailure) { - return SECFailure; - } - keyUsage |= (0x80 >> value); - if (!nextPos) - break; - } - } - - bitStringValue.data = &keyUsage; - bitStringValue.len = 1; - - return (CERT_EncodeAndAddBitStrExtension - (extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue, - isCriticalExt)); - -} - - -static CERTOidSequence * -CreateOidSequence(void) -{ - CERTOidSequence *rv = (CERTOidSequence *)NULL; - PRArenaPool *arena = (PRArenaPool *)NULL; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if( (PRArenaPool *)NULL == arena ) { - goto loser; - } - - rv = (CERTOidSequence *)PORT_ArenaZNew(arena, CERTOidSequence); - if( (CERTOidSequence *)NULL == rv ) { - goto loser; - } - - rv->oids = (SECItem **)PORT_ArenaZNew(arena, SECItem *); - if( (SECItem **)NULL == rv->oids ) { - goto loser; - } - - rv->arena = arena; - return rv; - -loser: - if( (PRArenaPool *)NULL != arena ) { - PORT_FreeArena(arena, PR_FALSE); - } - - return (CERTOidSequence *)NULL; -} - -static void -DestroyOidSequence(CERTOidSequence *os) -{ - if (os->arena) { - PORT_FreeArena(os->arena, PR_FALSE); - } -} - -static SECStatus -AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag) -{ - SECItem **oids; - PRUint32 count = 0; - SECOidData *od; - - od = SECOID_FindOIDByTag(oidTag); - if( (SECOidData *)NULL == od ) { - return SECFailure; - } - - for( oids = os->oids; (SECItem *)NULL != *oids; oids++ ) { - if (*oids == &od->oid) { - /* We already have this oid */ - return SECSuccess; - } - count++; - } - - /* ArenaZRealloc */ - - { - PRUint32 i; - - oids = (SECItem **)PORT_ArenaZNewArray(os->arena, SECItem *, count + 2); - if( (SECItem **)NULL == oids ) { - return SECFailure; - } - - for( i = 0; i < count; i++ ) { - oids[i] = os->oids[i]; - } - - /* ArenaZFree(os->oids); */ - } - - os->oids = oids; - os->oids[count] = &od->oid; - - return SECSuccess; -} - -SEC_ASN1_MKSUB(SEC_ObjectIDTemplate) - -const SEC_ASN1Template CERT_OidSeqTemplate[] = { - { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, offsetof(CERTOidSequence, oids), - SEC_ASN1_SUB(SEC_ObjectIDTemplate) } -}; - - -static SECItem * -EncodeOidSequence(CERTOidSequence *os) -{ - SECItem *rv; - - rv = (SECItem *)PORT_ArenaZNew(os->arena, SECItem); - if( (SECItem *)NULL == rv ) { - goto loser; - } - - if( !SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate) ) { - goto loser; - } - - return rv; - -loser: - return (SECItem *)NULL; -} - -static const char * const -extKeyUsageKeyWordArray[] = { "serverAuth", - "clientAuth", - "codeSigning", - "emailProtection", - "timeStamp", - "ocspResponder", - "stepUp", - NULL}; - -static SECStatus -AddExtKeyUsage (void *extHandle, const char *userSuppliedValue) -{ - char buffer[5]; - int value; - CERTOidSequence *os; - SECStatus rv; - SECItem *item; - PRBool isCriticalExt = PR_FALSE; - char *nextPos = (char*)userSuppliedValue; - - os = CreateOidSequence(); - if( (CERTOidSequence *)NULL == os ) { - return SECFailure; - } - - while (1) { - if (!userSuppliedValue) { - if (PrintChoicesAndGetAnswer( - "\t\t0 - Server Auth\n" - "\t\t1 - Client Auth\n" - "\t\t2 - Code Signing\n" - "\t\t3 - Email Protection\n" - "\t\t4 - Timestamp\n" - "\t\t5 - OCSP Responder\n" - "\t\t6 - Step-up\n" - "\t\tOther to finish\n", - buffer, sizeof(buffer)) == SECFailure) { - GEN_BREAK(SECFailure); - } - value = PORT_Atoi(buffer); - - if (value == 0) { - /* Checking that zero value of variable 'value' - * corresponds to '0' input made by user */ - char *chPtr = strchr(buffer, '0'); - if (chPtr == NULL) { - continue; - } - } - } else { - if (parseNextCmdInput(extKeyUsageKeyWordArray, &value, &nextPos, - &isCriticalExt) == SECFailure) { - return SECFailure; - } - } - - switch( value ) { - case 0: - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH); - break; - case 1: - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH); - break; - case 2: - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN); - break; - case 3: - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT); - break; - case 4: - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP); - break; - case 5: - rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER); - break; - case 6: - rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED); - break; - default: - goto endloop; - } - - if (userSuppliedValue && !nextPos) - break; - if( SECSuccess != rv ) - goto loser; - } - -endloop: - item = EncodeOidSequence(os); - - if (!userSuppliedValue) { - isCriticalExt = GetYesNo("Is this a critical extension [y/N]?"); - } - - rv = CERT_AddExtension(extHandle, SEC_OID_X509_EXT_KEY_USAGE, item, - isCriticalExt, PR_TRUE); - /*FALLTHROUGH*/ -loser: - DestroyOidSequence(os); - return rv; -} - -static const char * const -nsCertTypeKeyWordArray[] = { "sslClient", - "sslServer", - "smime", - "objectSigning", - "Not!Used", - "sslCA", - "smimeCA", - "objectSigningCA", - NULL }; - -static SECStatus -AddNscpCertType (void *extHandle, const char *userSuppliedValue) -{ - SECItem bitStringValue; - unsigned char keyUsage = 0x0; - char buffer[5]; - int value; - char *nextPos = (char*)userSuppliedValue; - PRBool isCriticalExt = PR_FALSE; - - if (!userSuppliedValue) { - while (1) { - if (PrintChoicesAndGetAnswer( - "\t\t0 - SSL Client\n" - "\t\t1 - SSL Server\n" - "\t\t2 - S/MIME\n" - "\t\t3 - Object Signing\n" - "\t\t4 - Reserved for future use\n" - "\t\t5 - SSL CA\n" - "\t\t6 - S/MIME CA\n" - "\t\t7 - Object Signing CA\n" - "\t\tOther to finish\n", - buffer, sizeof(buffer)) == SECFailure) { - return SECFailure; - } - value = PORT_Atoi (buffer); - if (value < 0 || value > 7) - break; - if (value == 0) { - /* Checking that zero value of variable 'value' - * corresponds to '0' input made by user */ - char *chPtr = strchr(buffer, '0'); - if (chPtr == NULL) { - continue; - } - } - keyUsage |= (0x80 >> value); - } - isCriticalExt = GetYesNo("Is this a critical extension [y/N]?"); - } else { - while (1) { - if (parseNextCmdInput(nsCertTypeKeyWordArray, &value, &nextPos, - &isCriticalExt) == SECFailure) { - return SECFailure; - } - keyUsage |= (0x80 >> value); - if (!nextPos) - break; - } - } - - bitStringValue.data = &keyUsage; - bitStringValue.len = 1; - - return (CERT_EncodeAndAddBitStrExtension - (extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue, - isCriticalExt)); - -} - -static SECStatus -AddSubjectAltNames(PRArenaPool *arena, CERTGeneralName **existingListp, - const char *names, CERTGeneralNameType type) -{ - CERTGeneralName *nameList = NULL; - CERTGeneralName *current = NULL; - PRCList *prev = NULL; - const char *cp; - char *tbuf; - SECStatus rv = SECSuccess; - - /* - * walk down the comma separated list of names. NOTE: there is - * no sanity checks to see if the email address look like - * email addresses. - */ - for (cp=names; cp; cp = PORT_Strchr(cp,',')) { - int len; - char *end; - - if (*cp == ',') { - cp++; - } - end = PORT_Strchr(cp,','); - len = end ? end-cp : PORT_Strlen(cp); - if (len <= 0) { - continue; - } - tbuf = PORT_ArenaAlloc(arena,len+1); - PORT_Memcpy(tbuf,cp,len); - tbuf[len] = 0; - current = (CERTGeneralName *) PORT_ZAlloc(sizeof(CERTGeneralName)); - if (!current) { - rv = SECFailure; - break; - } - if (prev) { - current->l.prev = prev; - prev->next = &(current->l); - } else { - nameList = current; - } - current->type = type; - current->name.other.data = (unsigned char *)tbuf; - current->name.other.len = PORT_Strlen(tbuf); - prev = &(current->l); - } - /* at this point nameList points to the head of a doubly linked, - * but not yet circular, list and current points to its tail. */ - if (rv == SECSuccess && nameList) { - if (*existingListp != NULL) { - PRCList *existingprev; - /* add nameList to the end of the existing list */ - existingprev = (*existingListp)->l.prev; - (*existingListp)->l.prev = &(current->l); - nameList->l.prev = existingprev; - existingprev->next = &(nameList->l); - current->l.next = &((*existingListp)->l); - } - else { - /* make nameList circular and set it as the new existingList */ - nameList->l.prev = prev; - current->l.next = &(nameList->l); - *existingListp = nameList; - } - } - return rv; -} - -static SECStatus -AddEmailSubjectAlt(PRArenaPool *arena, CERTGeneralName **existingListp, - const char *emailAddrs) -{ - return AddSubjectAltNames(arena, existingListp, emailAddrs, - certRFC822Name); -} - -static SECStatus -AddDNSSubjectAlt(PRArenaPool *arena, CERTGeneralName **existingListp, - const char *dnsNames) -{ - return AddSubjectAltNames(arena, existingListp, dnsNames, certDNSName); -} - - -static SECStatus -AddBasicConstraint(void *extHandle) -{ - CERTBasicConstraints basicConstraint; - SECStatus rv; - char buffer[10]; - PRBool yesNoAns; - - do { - basicConstraint.pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT; - basicConstraint.isCA = GetYesNo ("Is this a CA certificate [y/N]?"); - - buffer[0] = '\0'; - if (PrintChoicesAndGetAnswer("Enter the path length constraint, " - "enter to skip [<0 for unlimited path]:", - buffer, sizeof(buffer)) == SECFailure) { - GEN_BREAK(SECFailure); - } - if (PORT_Strlen (buffer) > 0) - basicConstraint.pathLenConstraint = PORT_Atoi (buffer); - - yesNoAns = GetYesNo ("Is this a critical extension [y/N]?"); - - rv = SECU_EncodeAndAddExtensionValue(NULL, extHandle, - &basicConstraint, yesNoAns, SEC_OID_X509_BASIC_CONSTRAINTS, - (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeBasicConstraintValue); - } while (0); - - return (rv); -} - -static SECStatus -AddAuthKeyID (void *extHandle) -{ - CERTAuthKeyID *authKeyID = NULL; - PRArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - PRBool yesNoAns; - - do { - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - SECU_PrintError(progName, "out of memory"); - GEN_BREAK (SECFailure); - } - - if (GetYesNo ("Enter value for the authKeyID extension [y/N]?") == 0) - break; - - authKeyID = PORT_ArenaZNew(arena, CERTAuthKeyID); - if (authKeyID == NULL) { - GEN_BREAK (SECFailure); - } - - rv = GetString (arena, "Enter value for the key identifier fields," - "enter to omit:", &authKeyID->keyID); - if (rv != SECSuccess) - break; - - SECU_SECItemHexStringToBinary(&authKeyID->keyID); - - authKeyID->authCertIssuer = GetGeneralName (arena); - if (authKeyID->authCertIssuer == NULL && - SECFailure == PORT_GetError ()) - break; - - - rv = GetString (arena, "Enter value for the authCertSerial field, " - "enter to omit:", &authKeyID->authCertSerialNumber); - - yesNoAns = GetYesNo ("Is this a critical extension [y/N]?"); - - rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, - authKeyID, yesNoAns, SEC_OID_X509_AUTH_KEY_ID, - (EXTEN_EXT_VALUE_ENCODER) CERT_EncodeAuthKeyID); - if (rv) - break; - - } while (0); - if (arena) - PORT_FreeArena (arena, PR_FALSE); - return (rv); -} - -static SECStatus -AddSubjKeyID (void *extHandle) -{ - SECItem keyID; - PRArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - PRBool yesNoAns; - - do { - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - SECU_PrintError(progName, "out of memory"); - GEN_BREAK (SECFailure); - } - printf("Adding Subject Key ID extension.\n"); - - rv = GetString (arena, "Enter value for the key identifier fields," - "enter to omit:", &keyID); - if (rv != SECSuccess) - break; - - SECU_SECItemHexStringToBinary(&keyID); - - yesNoAns = GetYesNo ("Is this a critical extension [y/N]?"); - - rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, - &keyID, yesNoAns, SEC_OID_X509_SUBJECT_KEY_ID, - (EXTEN_EXT_VALUE_ENCODER) CERT_EncodeSubjectKeyID); - if (rv) - break; - - } while (0); - if (arena) - PORT_FreeArena (arena, PR_FALSE); - return (rv); -} - -static SECStatus -AddCrlDistPoint(void *extHandle) -{ - PRArenaPool *arena = NULL; - CERTCrlDistributionPoints *crlDistPoints = NULL; - CRLDistributionPoint *current; - SECStatus rv = SECSuccess; - int count = 0, intValue; - char buffer[512]; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) - return (SECFailure); - - do { - current = NULL; - - current = PORT_ArenaZNew(arena, CRLDistributionPoint); - if (current == NULL) { - GEN_BREAK (SECFailure); - } - - /* Get the distributionPointName fields - this field is optional */ - if (PrintChoicesAndGetAnswer( - "Enter the type of the distribution point name:\n" - "\t1 - Full Name\n\t2 - Relative Name\n\tAny other " - "number to finish\n\t\tChoice: ", - buffer, sizeof(buffer)) == SECFailure) { - GEN_BREAK (SECFailure); - } - intValue = PORT_Atoi (buffer); - switch (intValue) { - case generalName: - current->distPointType = intValue; - current->distPoint.fullName = GetGeneralName (arena); - rv = PORT_GetError(); - break; - - case relativeDistinguishedName: { - CERTName *name; - - current->distPointType = intValue; - puts ("Enter the relative name: "); - fflush (stdout); - if (Gets_s (buffer, sizeof(buffer)) == NULL) { - GEN_BREAK (SECFailure); - } - /* For simplicity, use CERT_AsciiToName to converse from a string - to NAME, but we only interest in the first RDN */ - name = CERT_AsciiToName (buffer); - if (!name) { - GEN_BREAK (SECFailure); - } - rv = CERT_CopyRDN (arena, ¤t->distPoint.relativeName, - name->rdns[0]); - CERT_DestroyName (name); - break; - } - } - if (rv != SECSuccess) - break; - - /* Get the reason flags */ - if (PrintChoicesAndGetAnswer( - "\nSelect one of the following for the reason flags\n" - "\t0 - unused\n\t1 - keyCompromise\n" - "\t2 - caCompromise\n\t3 - affiliationChanged\n" - "\t4 - superseded\n\t5 - cessationOfOperation\n" - "\t6 - certificateHold\n" - "\tAny other number to finish\t\tChoice: ", - buffer, sizeof(buffer)) == SECFailure) { - GEN_BREAK(SECFailure); - } - intValue = PORT_Atoi (buffer); - if (intValue == 0) { - /* Checking that zero value of variable 'value' - * corresponds to '0' input made by user */ - char *chPtr = strchr(buffer, '0'); - if (chPtr == NULL) { - intValue = -1; - } - } - if (intValue >= 0 && intValue <8) { - current->reasons.data = PORT_ArenaAlloc (arena, sizeof(char)); - if (current->reasons.data == NULL) { - GEN_BREAK (SECFailure); - } - *current->reasons.data = (char)(0x80 >> intValue); - current->reasons.len = 1; - } - puts ("Enter value for the CRL Issuer name:\n"); - current->crlIssuer = GetGeneralName (arena); - if (current->crlIssuer == NULL && (rv = PORT_GetError()) == SECFailure) - break; - - if (crlDistPoints == NULL) { - crlDistPoints = PORT_ArenaZNew(arena, CERTCrlDistributionPoints); - if (crlDistPoints == NULL) { - GEN_BREAK (SECFailure); - } - } - - crlDistPoints->distPoints = - PORT_ArenaGrow (arena, crlDistPoints->distPoints, - sizeof (*crlDistPoints->distPoints) * count, - sizeof (*crlDistPoints->distPoints) *(count + 1)); - if (crlDistPoints->distPoints == NULL) { - GEN_BREAK (SECFailure); - } - - crlDistPoints->distPoints[count] = current; - ++count; - if (GetYesNo("Enter another value for the CRLDistributionPoint " - "extension [y/N]?") == 0) { - /* Add null to the end to mark end of data */ - crlDistPoints->distPoints = - PORT_ArenaGrow(arena, crlDistPoints->distPoints, - sizeof (*crlDistPoints->distPoints) * count, - sizeof (*crlDistPoints->distPoints) *(count + 1)); - crlDistPoints->distPoints[count] = NULL; - break; - } - - - } while (1); - - if (rv == SECSuccess) { - PRBool yesNoAns = GetYesNo ("Is this a critical extension [y/N]?"); - - rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, - crlDistPoints, yesNoAns, SEC_OID_X509_CRL_DIST_POINTS, - (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCRLDistributionPoints); - } - if (arena) - PORT_FreeArena (arena, PR_FALSE); - return (rv); -} - - - -static SECStatus -AddPolicyConstraints(void *extHandle) -{ - CERTCertificatePolicyConstraints *policyConstr; - PRArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - SECItem *item, *dummy; - char buffer[512]; - int value; - PRBool yesNoAns; - PRBool skipExt = PR_TRUE; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - SECU_PrintError(progName, "out of memory"); - return SECFailure; - } - - policyConstr = PORT_ArenaZNew(arena, CERTCertificatePolicyConstraints); - if (policyConstr == NULL) { - SECU_PrintError(progName, "out of memory"); - goto loser; - } - - if (PrintChoicesAndGetAnswer("for requireExplicitPolicy enter the number " - "of certs in path\nbefore explicit policy is required\n" - "(press Enter to omit)", buffer, sizeof(buffer)) == SECFailure) { - goto loser; - } - - if (PORT_Strlen(buffer)) { - value = PORT_Atoi(buffer); - if (value < 0) { - goto loser; - } - item = &policyConstr->explicitPolicySkipCerts; - dummy = SEC_ASN1EncodeInteger(arena, item, value); - if (!dummy) { - goto loser; - } - skipExt = PR_FALSE; - } - - if (PrintChoicesAndGetAnswer("for inihibitPolicyMapping enter " - "the number of certs in path\n" - "after which policy mapping is not allowed\n" - "(press Enter to omit)", buffer, sizeof(buffer)) == SECFailure) { - goto loser; - } - - if (PORT_Strlen(buffer)) { - value = PORT_Atoi(buffer); - if (value < 0) { - goto loser; - } - item = &policyConstr->inhibitMappingSkipCerts; - dummy = SEC_ASN1EncodeInteger(arena, item, value); - if (!dummy) { - goto loser; - } - skipExt = PR_FALSE; - } - - - if (!skipExt) { - yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); - - rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, policyConstr, - yesNoAns, SEC_OID_X509_POLICY_CONSTRAINTS, - (EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyConstraintsExtension); - } else { - fprintf(stdout, "Policy Constraint extensions must contain " - "at least one policy field\n"); - rv = SECFailure; - } - -loser: - if (arena) { - PORT_FreeArena (arena, PR_FALSE); - } - return (rv); -} - - -static SECStatus -AddInhibitAnyPolicy(void *extHandle) -{ - CERTCertificateInhibitAny certInhibitAny; - PRArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - SECItem *item, *dummy; - char buffer[10]; - int value; - PRBool yesNoAns; - - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - SECU_PrintError(progName, "out of memory"); - return SECFailure; - } - - if (PrintChoicesAndGetAnswer("Enter the number of certs in the path " - "permitted to use anyPolicy.\n" - "(press Enter for 0)", - buffer, sizeof(buffer)) == SECFailure) { - goto loser; - } - - item = &certInhibitAny.inhibitAnySkipCerts; - value = PORT_Atoi(buffer); - if (value < 0) { - goto loser; - } - dummy = SEC_ASN1EncodeInteger(arena, item, value); - if (!dummy) { - goto loser; - } - - yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); - - rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &certInhibitAny, - yesNoAns, SEC_OID_X509_INHIBIT_ANY_POLICY, - (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInhibitAnyExtension); -loser: - if (arena) { - PORT_FreeArena (arena, PR_FALSE); - } - return (rv); -} - - -static SECStatus -AddPolicyMappings(void *extHandle) -{ - CERTPolicyMap **policyMapArr = NULL; - CERTPolicyMap *current; - PRArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - int count = 0; - char buffer[512]; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - SECU_PrintError(progName, "out of memory"); - return SECFailure; - } - - do { - if (PrintChoicesAndGetAnswer("Enter an Object Identifier (dotted " - "decimal format) for Issuer Domain Policy", - buffer, sizeof(buffer)) == SECFailure) { - GEN_BREAK (SECFailure); - } - - current = PORT_ArenaZNew(arena, CERTPolicyMap); - if (current == NULL) { - GEN_BREAK(SECFailure); - } - - rv = SEC_StringToOID(arena, ¤t->issuerDomainPolicy, buffer, 0); - if (rv == SECFailure) { - GEN_BREAK(SECFailure); - } - - if (PrintChoicesAndGetAnswer("Enter an Object Identifier for " - "Subject Domain Policy", - buffer, sizeof(buffer)) == SECFailure) { - GEN_BREAK (SECFailure); - } - - rv = SEC_StringToOID(arena, ¤t->subjectDomainPolicy, buffer, 0); - if (rv == SECFailure) { - GEN_BREAK(SECFailure); - } - - if (policyMapArr == NULL) { - policyMapArr = PORT_ArenaZNew(arena, CERTPolicyMap *); - if (policyMapArr == NULL) { - GEN_BREAK (SECFailure); - } - } - - policyMapArr = PORT_ArenaGrow(arena, policyMapArr, - sizeof (current) * count, - sizeof (current) *(count + 1)); - if (policyMapArr == NULL) { - GEN_BREAK (SECFailure); - } - - policyMapArr[count] = current; - ++count; - - if (!GetYesNo("Enter another Policy Mapping [y/N]")) { - /* Add null to the end to mark end of data */ - policyMapArr = PORT_ArenaGrow (arena, policyMapArr, - sizeof (current) * count, - sizeof (current) *(count + 1)); - if (policyMapArr == NULL) { - GEN_BREAK (SECFailure); - } - policyMapArr[count] = NULL; - break; - } - - } while (1); - - if (rv == SECSuccess) { - CERTCertificatePolicyMappings mappings; - PRBool yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); - - mappings.arena = arena; - mappings.policyMaps = policyMapArr; - rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &mappings, - yesNoAns, SEC_OID_X509_POLICY_MAPPINGS, - (EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyMappingExtension); - } - if (arena) - PORT_FreeArena (arena, PR_FALSE); - return (rv); -} - -enum PoliciQualifierEnum { - cpsPointer = 1, - userNotice = 2 -}; - - -static CERTPolicyQualifier ** -RequestPolicyQualifiers(PRArenaPool *arena, SECItem *policyID) -{ - CERTPolicyQualifier **policyQualifArr = NULL; - CERTPolicyQualifier *current; - SECStatus rv = SECSuccess; - int count = 0; - char buffer[512]; - void *mark; - SECOidData *oid = NULL; - int intValue = 0; - int inCount = 0; - - PORT_Assert(arena); - mark = PORT_ArenaMark(arena); - do { - current = PORT_ArenaZNew(arena, CERTPolicyQualifier); - if (current == NULL) { - GEN_BREAK(SECFailure); - } - - /* Get the accessMethod fields */ - SECU_PrintObjectID(stdout, policyID, - "Choose the type of qualifier for policy" , 0); - - if (PrintChoicesAndGetAnswer( - "\t1 - CPS Pointer qualifier\n" - "\t2 - User notice qualifier\n" - "\tAny other number to finish\n" - "\t\tChoice: ", buffer, sizeof(buffer)) == SECFailure) { - GEN_BREAK (SECFailure); - } - intValue = PORT_Atoi(buffer); - switch (intValue) { - case cpsPointer: { - SECItem input; - - oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CPS_POINTER_QUALIFIER); - if (PrintChoicesAndGetAnswer("Enter CPS pointer URI: ", - buffer, sizeof(buffer)) == SECFailure) { - GEN_BREAK (SECFailure); - } - input.len = PORT_Strlen(buffer); - input.data = (void*)PORT_ArenaStrdup(arena, buffer); - if (input.data == NULL || - SEC_ASN1EncodeItem(arena, ¤t->qualifierValue, &input, - SEC_ASN1_GET(SEC_IA5StringTemplate)) == NULL) { - GEN_BREAK (SECFailure); - } - break; - } - case userNotice: { - SECItem **noticeNumArr; - CERTUserNotice *notice = PORT_ArenaZNew(arena, CERTUserNotice); - if (!notice) { - GEN_BREAK(SECFailure); - } - - oid = SECOID_FindOIDByTag(SEC_OID_PKIX_USER_NOTICE_QUALIFIER); - - if (GetYesNo("\t add a User Notice reference? [y/N]")) { - - if (PrintChoicesAndGetAnswer("Enter user organization string: ", - buffer, sizeof(buffer)) == SECFailure) { - GEN_BREAK (SECFailure); - } - - notice->noticeReference.organization.type = siAsciiString; - notice->noticeReference.organization.len = - PORT_Strlen(buffer); - notice->noticeReference.organization.data = - (void*)PORT_ArenaStrdup(arena, buffer); - - - noticeNumArr = PORT_ArenaZNewArray(arena, SECItem *, 2); - if (!noticeNumArr) { - GEN_BREAK (SECFailure); - } - - do { - SECItem *noticeNum; - - noticeNum = PORT_ArenaZNew(arena, SECItem); - - if (PrintChoicesAndGetAnswer( - "Enter User Notice reference number " - "(or -1 to quit): ", - buffer, sizeof(buffer)) == SECFailure) { - GEN_BREAK (SECFailure); - } - - intValue = PORT_Atoi(buffer); - if (noticeNum == NULL) { - if (intValue < 0) { - fprintf(stdout, "a noticeReference must have at " - "least one reference number\n"); - GEN_BREAK (SECFailure); - } - } else { - if (intValue >= 0) { - noticeNumArr = PORT_ArenaGrow(arena, noticeNumArr, - sizeof (current) * inCount, - sizeof (current) *(inCount + 1)); - if (noticeNumArr == NULL) { - GEN_BREAK (SECFailure); - } - } else { - break; - } - } - if (!SEC_ASN1EncodeInteger(arena, noticeNum, intValue)) { - GEN_BREAK (SECFailure); - } - noticeNumArr[inCount++] = noticeNum; - noticeNumArr[inCount] = NULL; - - } while (1); - if (rv == SECFailure) { - GEN_BREAK(SECFailure); - } - notice->noticeReference.noticeNumbers = noticeNumArr; - rv = CERT_EncodeNoticeReference(arena, ¬ice->noticeReference, - ¬ice->derNoticeReference); - if (rv == SECFailure) { - GEN_BREAK(SECFailure); - } - } - if (GetYesNo("\t EnterUser Notice explicit text? [y/N]")) { - /* Getting only 200 bytes - RFC limitation */ - if (PrintChoicesAndGetAnswer( - "\t", buffer, 200) == SECFailure) { - GEN_BREAK (SECFailure); - } - notice->displayText.type = siAsciiString; - notice->displayText.len = PORT_Strlen(buffer); - notice->displayText.data = - (void*)PORT_ArenaStrdup(arena, buffer); - if (notice->displayText.data == NULL) { - GEN_BREAK(SECFailure); - } - } - - rv = CERT_EncodeUserNotice(arena, notice, ¤t->qualifierValue); - if (rv == SECFailure) { - GEN_BREAK(SECFailure); - } - - break; - } - } - if (rv == SECFailure || oid == NULL || - SECITEM_CopyItem(arena, ¤t->qualifierID, &oid->oid) - == SECFailure) { - GEN_BREAK (SECFailure); - } - - if (!policyQualifArr) { - policyQualifArr = PORT_ArenaZNew(arena, CERTPolicyQualifier *); - } else { - policyQualifArr = PORT_ArenaGrow (arena, policyQualifArr, - sizeof (current) * count, - sizeof (current) *(count + 1)); - } - if (policyQualifArr == NULL) { - GEN_BREAK (SECFailure); - } - - policyQualifArr[count] = current; - ++count; - - if (!GetYesNo ("Enter another policy qualifier [y/N]")) { - /* Add null to the end to mark end of data */ - policyQualifArr = PORT_ArenaGrow(arena, policyQualifArr, - sizeof (current) * count, - sizeof (current) *(count + 1)); - if (policyQualifArr == NULL) { - GEN_BREAK (SECFailure); - } - policyQualifArr[count] = NULL; - break; - } - - } while (1); - - if (rv != SECSuccess) { - PORT_ArenaRelease (arena, mark); - policyQualifArr = NULL; - } - return (policyQualifArr); -} - -static SECStatus -AddCertPolicies(void *extHandle) -{ - CERTPolicyInfo **certPoliciesArr = NULL; - CERTPolicyInfo *current; - PRArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - int count = 0; - char buffer[512]; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - SECU_PrintError(progName, "out of memory"); - return SECFailure; - } - - do { - current = PORT_ArenaZNew(arena, CERTPolicyInfo); - if (current == NULL) { - GEN_BREAK(SECFailure); - } - - if (PrintChoicesAndGetAnswer("Enter a CertPolicy Object Identifier " - "(dotted decimal format)\n" - "or \"any\" for AnyPolicy:", - buffer, sizeof(buffer)) == SECFailure) { - GEN_BREAK (SECFailure); - } - - if (strncmp(buffer, "any", 3) == 0) { - /* use string version of X509_CERTIFICATE_POLICIES.anyPolicy */ - strcpy(buffer, "OID.2.5.29.32.0"); - } - rv = SEC_StringToOID(arena, ¤t->policyID, buffer, 0); - - if (rv == SECFailure) { - GEN_BREAK(SECFailure); - } - - current->policyQualifiers = - RequestPolicyQualifiers(arena, ¤t->policyID); - - if (!certPoliciesArr) { - certPoliciesArr = PORT_ArenaZNew(arena, CERTPolicyInfo *); - } else { - certPoliciesArr = PORT_ArenaGrow(arena, certPoliciesArr, - sizeof (current) * count, - sizeof (current) *(count + 1)); - } - if (certPoliciesArr == NULL) { - GEN_BREAK (SECFailure); - } - - certPoliciesArr[count] = current; - ++count; - - if (!GetYesNo ("Enter another PolicyInformation field [y/N]?")) { - /* Add null to the end to mark end of data */ - certPoliciesArr = PORT_ArenaGrow(arena, certPoliciesArr, - sizeof (current) * count, - sizeof (current) *(count + 1)); - if (certPoliciesArr == NULL) { - GEN_BREAK (SECFailure); - } - certPoliciesArr[count] = NULL; - break; - } - - } while (1); - - if (rv == SECSuccess) { - CERTCertificatePolicies policies; - PRBool yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); - - policies.arena = arena; - policies.policyInfos = certPoliciesArr; - - rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &policies, - yesNoAns, SEC_OID_X509_CERTIFICATE_POLICIES, - (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCertPoliciesExtension); - } - if (arena) - PORT_FreeArena(arena, PR_FALSE); - return (rv); -} - -enum AuthInfoAccessTypesEnum { - caIssuers = 1, - ocsp = 2 -}; - -enum SubjInfoAccessTypesEnum { - caRepository = 1, - timeStamping = 2 -}; - -/* Encode and add an AIA or SIA extension */ -static SECStatus -AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert) -{ - CERTAuthInfoAccess **infoAccArr = NULL; - CERTAuthInfoAccess *current; - PRArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - int count = 0; - char buffer[512]; - SECOidData *oid = NULL; - int intValue = 0; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - SECU_PrintError(progName, "out of memory"); - return SECFailure; - } - - do { - current = NULL; - current = PORT_ArenaZNew(arena, CERTAuthInfoAccess); - if (current == NULL) { - GEN_BREAK(SECFailure); - } - - /* Get the accessMethod fields */ - if (addSIAExt) { - if (isCACert) { - puts("Adding \"CA Repository\" access method type for " - "Subject Information Access extension:\n"); - intValue = caRepository; - } else { - puts("Adding \"Time Stamping Services\" access method type for " - "Subject Information Access extension:\n"); - intValue = timeStamping; - } - } else { - PrintChoicesAndGetAnswer("Enter access method type " - "for Authority Information Access extension:\n" - "\t1 - CA Issuers\n\t2 - OCSP\n\tAny" - "other number to finish\n\tChoice", - buffer, sizeof(buffer)); - intValue = PORT_Atoi(buffer); - } - if (addSIAExt) { - switch (intValue) { - case caRepository: - oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CA_REPOSITORY); - break; - - case timeStamping: - oid = SECOID_FindOIDByTag(SEC_OID_PKIX_TIMESTAMPING); - break; - } - } else { - switch (intValue) { - case caIssuers: - oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CA_ISSUERS); - break; - - case ocsp: - oid = SECOID_FindOIDByTag(SEC_OID_PKIX_OCSP); - break; - } - } - if (oid == NULL || - SECITEM_CopyItem(arena, ¤t->method, &oid->oid) - == SECFailure) { - GEN_BREAK (SECFailure); - } - - current->location = GetGeneralName(arena); - if (!current->location) { - GEN_BREAK(SECFailure); - } - - if (infoAccArr == NULL) { - infoAccArr = PORT_ArenaZNew(arena, CERTAuthInfoAccess *); - } else { - infoAccArr = PORT_ArenaGrow(arena, infoAccArr, - sizeof (current) * count, - sizeof (current) *(count + 1)); - } - if (infoAccArr == NULL) { - GEN_BREAK (SECFailure); - } - - infoAccArr[count] = current; - ++count; - - PR_snprintf(buffer, sizeof(buffer), "Add another location to the %s" - " Information Access extension [y/N]", - (addSIAExt) ? "Subject" : "Authority"); - - if (GetYesNo (buffer) == 0) { - /* Add null to the end to mark end of data */ - infoAccArr = PORT_ArenaGrow(arena, infoAccArr, - sizeof (current) * count, - sizeof (current) *(count + 1)); - if (infoAccArr == NULL) { - GEN_BREAK (SECFailure); - } - infoAccArr[count] = NULL; - break; - } - - } while (1); - - if (rv == SECSuccess) { - int oidIdent = SEC_OID_X509_AUTH_INFO_ACCESS; - - PRBool yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); - - if (addSIAExt) { - oidIdent = SEC_OID_X509_SUBJECT_INFO_ACCESS; - } - rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, infoAccArr, - yesNoAns, oidIdent, - (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInfoAccessExtension); - } - if (arena) - PORT_FreeArena(arena, PR_FALSE); - return (rv); -} - -SECStatus -AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, - certutilExtnList extList) -{ - SECStatus rv = SECSuccess; - char *errstring = NULL; - - do { - /* Add key usage extension */ - if (extList[ext_keyUsage].activated) { - rv = AddKeyUsage(extHandle, extList[ext_keyUsage].arg); - if (rv) { - errstring = "KeyUsage"; - break; - } - } - - /* Add extended key usage extension */ - if (extList[ext_extKeyUsage].activated) { - rv = AddExtKeyUsage(extHandle, extList[ext_extKeyUsage].arg); - if (rv) { - errstring = "ExtendedKeyUsage"; - break; - } - } - - /* Add basic constraint extension */ - if (extList[ext_basicConstraint].activated) { - rv = AddBasicConstraint(extHandle); - if (rv) { - errstring = "BasicConstraint"; - break; - } - } - - if (extList[ext_authorityKeyID].activated) { - rv = AddAuthKeyID(extHandle); - if (rv) { - errstring = "AuthorityKeyID"; - break; - } - } - - if (extList[ext_subjectKeyID].activated) { - rv = AddSubjKeyID(extHandle); - if (rv) { - errstring = "SubjectKeyID"; - break; - } - } - - if (extList[ext_CRLDistPts].activated) { - rv = AddCrlDistPoint(extHandle); - if (rv) { - errstring = "CRLDistPoints"; - break; - } - } - - if (extList[ext_NSCertType].activated) { - rv = AddNscpCertType(extHandle, extList[ext_NSCertType].arg); - if (rv) { - errstring = "NSCertType"; - break; - } - } - - if (extList[ext_authInfoAcc].activated || - extList[ext_subjInfoAcc].activated) { - rv = AddInfoAccess(extHandle, extList[ext_subjInfoAcc].activated, - extList[ext_basicConstraint].activated); - if (rv) { - errstring = "InformationAccess"; - break; - } - } - - if (extList[ext_certPolicies].activated) { - rv = AddCertPolicies(extHandle); - if (rv) { - errstring = "Policies"; - break; - } - } - - if (extList[ext_policyMappings].activated) { - rv = AddPolicyMappings(extHandle); - if (rv) { - errstring = "PolicyMappings"; - break; - } - } - - if (extList[ext_policyConstr].activated) { - rv = AddPolicyConstraints(extHandle); - if (rv) { - errstring = "PolicyConstraints"; - break; - } - } - - if (extList[ext_inhibitAnyPolicy].activated) { - rv = AddInhibitAnyPolicy(extHandle); - if (rv) { - errstring = "InhibitAnyPolicy"; - break; - } - } - - if (emailAddrs || dnsNames) { - PRArenaPool *arena; - CERTGeneralName *namelist = NULL; - SECItem item = { 0, NULL, 0 }; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - rv = SECFailure; - break; - } - - rv = AddEmailSubjectAlt(arena, &namelist, emailAddrs); - - rv |= AddDNSSubjectAlt(arena, &namelist, dnsNames); - - if (rv == SECSuccess) { - rv = CERT_EncodeAltNameExtension(arena, namelist, &item); - if (rv == SECSuccess) { - rv = CERT_AddExtension(extHandle, - SEC_OID_X509_SUBJECT_ALT_NAME, - &item, PR_FALSE, PR_TRUE); - } - } - PORT_FreeArena(arena, PR_FALSE); - if (rv) { - errstring = "SubjectAltName"; - break; - } - } - } while (0); - - if (rv != SECSuccess) { - SECU_PrintError(progName, "Problem creating %s extension", errstring); - } - return rv; -} diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c deleted file mode 100644 index f6e7dd6a6f..0000000000 --- a/security/nss/cmd/certutil/certutil.c +++ /dev/null @@ -1,2986 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * Dr Vipul Gupta , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* -** certutil.c -** -** utility for managing certificates and the cert database -** -*/ -#include -#include -#include - -#if defined(WIN32) -#include "fcntl.h" -#include "io.h" -#endif - -#include "secutil.h" - -#if defined(XP_UNIX) -#include -#endif - -#include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" - -#include "pk11func.h" -#include "secasn1.h" -#include "cert.h" -#include "cryptohi.h" -#include "secoid.h" -#include "certdb.h" -#include "nss.h" -#include "certutil.h" - -#define MIN_KEY_BITS 512 -/* MAX_KEY_BITS should agree with MAX_RSA_MODULUS in freebl */ -#define MAX_KEY_BITS 8192 -#define DEFAULT_KEY_BITS 1024 - -#define GEN_BREAK(e) rv=e; break; - -char *progName; - -static CERTCertificateRequest * -GetCertRequest(PRFileDesc *inFile, PRBool ascii) -{ - CERTCertificateRequest *certReq = NULL; - CERTSignedData signedData; - PRArenaPool *arena = NULL; - SECItem reqDER; - SECStatus rv; - - reqDER.data = NULL; - do { - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - GEN_BREAK (SECFailure); - } - - rv = SECU_ReadDERFromFile(&reqDER, inFile, ascii); - if (rv) { - break; - } - certReq = (CERTCertificateRequest*) PORT_ArenaZAlloc - (arena, sizeof(CERTCertificateRequest)); - if (!certReq) { - GEN_BREAK(SECFailure); - } - certReq->arena = arena; - - /* Since cert request is a signed data, must decode to get the inner - data - */ - PORT_Memset(&signedData, 0, sizeof(signedData)); - rv = SEC_ASN1DecodeItem(arena, &signedData, - SEC_ASN1_GET(CERT_SignedDataTemplate), &reqDER); - if (rv) { - break; - } - rv = SEC_ASN1DecodeItem(arena, certReq, - SEC_ASN1_GET(CERT_CertificateRequestTemplate), &signedData.data); - if (rv) { - break; - } - rv = CERT_VerifySignedDataWithPublicKeyInfo(&signedData, - &certReq->subjectPublicKeyInfo, NULL /* wincx */); - } while (0); - - if (reqDER.data) { - SECITEM_FreeItem(&reqDER, PR_FALSE); - } - - if (rv) { - SECU_PrintError(progName, "bad certificate request\n"); - if (arena) { - PORT_FreeArena(arena, PR_FALSE); - } - certReq = NULL; - } - - return certReq; -} - -static SECStatus -AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts, - PRFileDesc *inFile, PRBool ascii, PRBool emailcert, void *pwdata) -{ - CERTCertTrust *trust = NULL; - CERTCertificate *cert = NULL; - SECItem certDER; - SECStatus rv; - - certDER.data = NULL; - do { - /* Read in the entire file specified with the -i argument */ - rv = SECU_ReadDERFromFile(&certDER, inFile, ascii); - if (rv != SECSuccess) { - SECU_PrintError(progName, "unable to read input file"); - break; - } - - /* Read in an ASCII cert and return a CERTCertificate */ - cert = CERT_DecodeCertFromPackage((char *)certDER.data, certDER.len); - if (!cert) { - SECU_PrintError(progName, "could not obtain certificate from file"); - GEN_BREAK(SECFailure); - } - - /* Create a cert trust */ - trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust)); - if (!trust) { - SECU_PrintError(progName, "unable to allocate cert trust"); - GEN_BREAK(SECFailure); - } - - rv = CERT_DecodeTrustString(trust, trusts); - if (rv) { - SECU_PrintError(progName, "unable to decode trust string"); - GEN_BREAK(SECFailure); - } - - rv = PK11_ImportCert(slot, cert, CK_INVALID_HANDLE, name, PR_FALSE); - if (rv != SECSuccess) { - /* sigh, PK11_Import Cert and CERT_ChangeCertTrust should have - * been coded to take a password arg. */ - if (PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) { - rv = PK11_Authenticate(slot, PR_TRUE, pwdata); - if (rv != SECSuccess) { - SECU_PrintError(progName, - "could not authenticate to token %s.", - PK11_GetTokenName(slot)); - GEN_BREAK(SECFailure); - } - rv = PK11_ImportCert(slot, cert, CK_INVALID_HANDLE, - name, PR_FALSE); - } - if (rv != SECSuccess) { - SECU_PrintError(progName, - "could not add certificate to token or database"); - GEN_BREAK(SECFailure); - } - } - - rv = CERT_ChangeCertTrust(handle, cert, trust); - if (rv != SECSuccess) { - if (PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) { - rv = PK11_Authenticate(slot, PR_TRUE, pwdata); - if (rv != SECSuccess) { - SECU_PrintError(progName, - "could not authenticate to token %s.", - PK11_GetTokenName(slot)); - GEN_BREAK(SECFailure); - } - rv = CERT_ChangeCertTrust(handle, cert, trust); - } - if (rv != SECSuccess) { - SECU_PrintError(progName, - "could not change trust on certificate"); - GEN_BREAK(SECFailure); - } - } - - if ( emailcert ) { - CERT_SaveSMimeProfile(cert, NULL, pwdata); - } - - } while (0); - - CERT_DestroyCertificate (cert); - PORT_Free(trust); - PORT_Free(certDER.data); - - return rv; -} - -static SECStatus -CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, - SECOidTag hashAlgTag, CERTName *subject, char *phone, int ascii, - const char *emailAddrs, const char *dnsNames, - certutilExtnList extnList, - PRFileDesc *outFile) -{ - CERTSubjectPublicKeyInfo *spki; - CERTCertificateRequest *cr; - SECItem *encoding; - SECOidTag signAlgTag; - SECItem result; - SECStatus rv; - PRArenaPool *arena; - PRInt32 numBytes; - void *extHandle; - - /* Create info about public key */ - spki = SECKEY_CreateSubjectPublicKeyInfo(pubk); - if (!spki) { - SECU_PrintError(progName, "unable to create subject public key"); - return SECFailure; - } - - /* Generate certificate request */ - cr = CERT_CreateCertificateRequest(subject, spki, NULL); - SECKEY_DestroySubjectPublicKeyInfo(spki); - if (!cr) { - SECU_PrintError(progName, "unable to make certificate request"); - return SECFailure; - } - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - SECU_PrintError(progName, "out of memory"); - return SECFailure; - } - - extHandle = CERT_StartCertificateRequestAttributes(cr); - if (extHandle == NULL) { - PORT_FreeArena (arena, PR_FALSE); - return SECFailure; - } - if (AddExtensions(extHandle, emailAddrs, dnsNames, extnList) - != SECSuccess) { - PORT_FreeArena (arena, PR_FALSE); - return SECFailure; - } - CERT_FinishExtensions(extHandle); - CERT_FinishCertificateRequestAttributes(cr); - - /* Der encode the request */ - encoding = SEC_ASN1EncodeItem(arena, NULL, cr, - SEC_ASN1_GET(CERT_CertificateRequestTemplate)); - if (encoding == NULL) { - SECU_PrintError(progName, "der encoding of request failed"); - return SECFailure; - } - - /* Sign the request */ - signAlgTag = SEC_GetSignatureAlgorithmOidTag(keyType, hashAlgTag); - if (signAlgTag == SEC_OID_UNKNOWN) { - SECU_PrintError(progName, "unknown Key or Hash type"); - return SECFailure; - } - rv = SEC_DerSignData(arena, &result, encoding->data, encoding->len, - privk, signAlgTag); - if (rv) { - SECU_PrintError(progName, "signing of data failed"); - return SECFailure; - } - - /* Encode request in specified format */ - if (ascii) { - char *obuf; - char *name, *email, *org, *state, *country; - SECItem *it; - int total; - - it = &result; - - obuf = BTOA_ConvertItemToAscii(it); - total = PL_strlen(obuf); - - name = CERT_GetCommonName(subject); - if (!name) { - name = strdup("(not specified)"); - } - - if (!phone) - phone = strdup("(not specified)"); - - email = CERT_GetCertEmailAddress(subject); - if (!email) - email = strdup("(not specified)"); - - org = CERT_GetOrgName(subject); - if (!org) - org = strdup("(not specified)"); - - state = CERT_GetStateName(subject); - if (!state) - state = strdup("(not specified)"); - - country = CERT_GetCountryName(subject); - if (!country) - country = strdup("(not specified)"); - - PR_fprintf(outFile, - "\nCertificate request generated by Netscape certutil\n"); - PR_fprintf(outFile, "Phone: %s\n\n", phone); - PR_fprintf(outFile, "Common Name: %s\n", name); - PR_fprintf(outFile, "Email: %s\n", email); - PR_fprintf(outFile, "Organization: %s\n", org); - PR_fprintf(outFile, "State: %s\n", state); - PR_fprintf(outFile, "Country: %s\n\n", country); - - PR_fprintf(outFile, "%s\n", NS_CERTREQ_HEADER); - numBytes = PR_Write(outFile, obuf, total); - if (numBytes != total) { - SECU_PrintSystemError(progName, "write error"); - return SECFailure; - } - PR_fprintf(outFile, "\n%s\n", NS_CERTREQ_TRAILER); - } else { - numBytes = PR_Write(outFile, result.data, result.len); - if (numBytes != (int)result.len) { - SECU_PrintSystemError(progName, "write error"); - return SECFailure; - } - } - return SECSuccess; -} - -static SECStatus -ChangeTrustAttributes(CERTCertDBHandle *handle, PK11SlotInfo *slot, - char *name, char *trusts, void *pwdata) -{ - SECStatus rv; - CERTCertificate *cert; - CERTCertTrust *trust; - - cert = CERT_FindCertByNicknameOrEmailAddr(handle, name); - if (!cert) { - SECU_PrintError(progName, "could not find certificate named \"%s\"", - name); - return SECFailure; - } - - trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust)); - if (!trust) { - SECU_PrintError(progName, "unable to allocate cert trust"); - return SECFailure; - } - - /* This function only decodes these characters: pPwcTCu, */ - rv = CERT_DecodeTrustString(trust, trusts); - if (rv) { - SECU_PrintError(progName, "unable to decode trust string"); - return SECFailure; - } - - /* CERT_ChangeCertTrust API does not have a way to pass in - * a context, so NSS can't prompt for the password if it needs to. - * check to see if the failure was token not logged in and - * log in if need be. */ - rv = CERT_ChangeCertTrust(handle, cert, trust); - if (rv != SECSuccess) { - if (PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) { - rv = PK11_Authenticate(slot, PR_TRUE, pwdata); - if (rv != SECSuccess) { - SECU_PrintError(progName, "could not authenticate to token %s.", - PK11_GetTokenName(slot)); - return SECFailure; - } - rv = CERT_ChangeCertTrust(handle, cert, trust); - } - if (rv != SECSuccess) { - SECU_PrintError(progName, "unable to modify trust attributes"); - return SECFailure; - } - } - CERT_DestroyCertificate(cert); - - return SECSuccess; -} - -static SECStatus -DumpChain(CERTCertDBHandle *handle, char *name) -{ - CERTCertificate *the_cert; - CERTCertificateList *chain; - int i, j; - the_cert = PK11_FindCertFromNickname(name, NULL); - if (!the_cert) { - SECU_PrintError(progName, "Could not find: %s\n", name); - return SECFailure; - } - chain = CERT_CertChainFromCert(the_cert, 0, PR_TRUE); - CERT_DestroyCertificate(the_cert); - if (!chain) { - SECU_PrintError(progName, "Could not obtain chain for: %s\n", name); - return SECFailure; - } - for (i=chain->len-1; i>=0; i--) { - CERTCertificate *c; - c = CERT_FindCertByDERCert(handle, &chain->certs[i]); - for (j=i; jlen-1; j++) printf(" "); - printf("\"%s\" [%s]\n\n", c->nickname, c->subjectName); - CERT_DestroyCertificate(c); - } - CERT_DestroyCertificateList(chain); - return SECSuccess; -} - -static SECStatus -listCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot, - PRBool raw, PRBool ascii, PRFileDesc *outfile, void *pwarg) -{ - SECItem data; - PRInt32 numBytes; - SECStatus rv = SECFailure; - CERTCertList *certs; - CERTCertListNode *node; - - /* List certs on a non-internal slot. */ - if (!PK11_IsFriendly(slot) && PK11_NeedLogin(slot)) { - SECStatus newrv = PK11_Authenticate(slot, PR_TRUE, pwarg); - if (newrv != SECSuccess) { - SECU_PrintError(progName, "could not authenticate to token %s.", - PK11_GetTokenName(slot)); - return SECFailure; - } - } - if (name) { - CERTCertificate *the_cert; - the_cert = CERT_FindCertByNicknameOrEmailAddr(handle, name); - if (!the_cert) { - the_cert = PK11_FindCertFromNickname(name, NULL); - if (!the_cert) { - SECU_PrintError(progName, "Could not find: %s\n", name); - return SECFailure; - } - } - /* Here, we have one cert with the desired nickname or email - * address. Now, we will attempt to get a list of ALL certs - * with the same subject name as the cert we have. That list - * should contain, at a minimum, the one cert we have already found. - * If the list of certs is empty (NULL), the libraries have failed. - */ - certs = CERT_CreateSubjectCertList(NULL, handle, &the_cert->derSubject, - PR_Now(), PR_FALSE); - CERT_DestroyCertificate(the_cert); - if (!certs) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - SECU_PrintError(progName, "problem printing certificates"); - return SECFailure; - } - for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs); - node = CERT_LIST_NEXT(node)) { - the_cert = node->cert; - /* now get the subjectList that matches this cert */ - data.data = the_cert->derCert.data; - data.len = the_cert->derCert.len; - if (ascii) { - PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER, - BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER); - rv = SECSuccess; - } else if (raw) { - numBytes = PR_Write(outfile, data.data, data.len); - if (numBytes != (PRInt32) data.len) { - SECU_PrintSystemError(progName, "error writing raw cert"); - rv = SECFailure; - } - rv = SECSuccess; - } else { - rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", - the_cert->trust); - if (rv != SECSuccess) { - SECU_PrintError(progName, "problem printing certificate"); - } - - } - if (rv != SECSuccess) { - break; - } - } - } else { - - certs = PK11_ListCertsInSlot(slot); - if (certs) { - for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs); - node = CERT_LIST_NEXT(node)) { - SECU_PrintCertNickname(node,stdout); - } - rv = SECSuccess; - } - } - if (certs) { - CERT_DestroyCertList(certs); - } - if (rv) { - SECU_PrintError(progName, "problem printing certificate nicknames"); - return SECFailure; - } - - return SECSuccess; /* not rv ?? */ -} - -static SECStatus -ListCerts(CERTCertDBHandle *handle, char *nickname, PK11SlotInfo *slot, - PRBool raw, PRBool ascii, PRFileDesc *outfile, secuPWData *pwdata) -{ - SECStatus rv; - - if (!ascii && !raw && !nickname) { - PR_fprintf(outfile, "\n%-60s %-5s\n%-60s %-5s\n\n", - "Certificate Nickname", "Trust Attributes", "", - "SSL,S/MIME,JAR/XPI"); - } - if (slot == NULL) { - CERTCertList *list; - CERTCertListNode *node; - - list = PK11_ListCerts(PK11CertListAll, pwdata); - for (node = CERT_LIST_HEAD(list); !CERT_LIST_END(node, list); - node = CERT_LIST_NEXT(node)) - { - SECU_PrintCertNickname(node, stdout); - } - CERT_DestroyCertList(list); - return SECSuccess; - } else { - rv = listCerts(handle,nickname,slot,raw,ascii,outfile,pwdata); - } - return rv; -} - -static SECStatus -DeleteCert(CERTCertDBHandle *handle, char *name) -{ - SECStatus rv; - CERTCertificate *cert; - - cert = CERT_FindCertByNicknameOrEmailAddr(handle, name); - if (!cert) { - SECU_PrintError(progName, "could not find certificate named \"%s\"", - name); - return SECFailure; - } - - rv = SEC_DeletePermCertificate(cert); - CERT_DestroyCertificate(cert); - if (rv) { - SECU_PrintError(progName, "unable to delete certificate"); - return SECFailure; - } - - return SECSuccess; -} - -static SECStatus -ValidateCert(CERTCertDBHandle *handle, char *name, char *date, - char *certUsage, PRBool checkSig, PRBool logit, secuPWData *pwdata) -{ - SECStatus rv; - CERTCertificate *cert = NULL; - int64 timeBoundary; - SECCertificateUsage usage; - CERTVerifyLog reallog; - CERTVerifyLog *log = NULL; - - if (!certUsage) { - PORT_SetError (SEC_ERROR_INVALID_ARGS); - return (SECFailure); - } - - switch (*certUsage) { - case 'O': - usage = certificateUsageStatusResponder; - break; - case 'C': - usage = certificateUsageSSLClient; - break; - case 'V': - usage = certificateUsageSSLServer; - break; - case 'S': - usage = certificateUsageEmailSigner; - break; - case 'R': - usage = certificateUsageEmailRecipient; - break; - case 'J': - usage = certificateUsageObjectSigner; - break; - default: - PORT_SetError (SEC_ERROR_INVALID_ARGS); - return (SECFailure); - } - do { - cert = CERT_FindCertByNicknameOrEmailAddr(handle, name); - if (!cert) { - SECU_PrintError(progName, "could not find certificate named \"%s\"", - name); - GEN_BREAK (SECFailure) - } - - if (date != NULL) { - rv = DER_AsciiToTime(&timeBoundary, date); - if (rv) { - SECU_PrintError(progName, "invalid input date"); - GEN_BREAK (SECFailure) - } - } else { - timeBoundary = PR_Now(); - } - - if ( logit ) { - log = &reallog; - - log->count = 0; - log->head = NULL; - log->tail = NULL; - log->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( log->arena == NULL ) { - SECU_PrintError(progName, "out of memory"); - GEN_BREAK (SECFailure) - } - } - - rv = CERT_VerifyCertificate(handle, cert, checkSig, usage, - timeBoundary, pwdata, log, &usage); - if ( log ) { - if ( log->head == NULL ) { - fprintf(stdout, "%s: certificate is valid\n", progName); - GEN_BREAK (SECSuccess) - } else { - char *name; - CERTVerifyLogNode *node; - - node = log->head; - while ( node ) { - if ( node->cert->nickname != NULL ) { - name = node->cert->nickname; - } else { - name = node->cert->subjectName; - } - fprintf(stderr, "%s : %s\n", name, - SECU_Strerror(node->error)); - CERT_DestroyCertificate(node->cert); - node = node->next; - } - } - } else { - if (rv != SECSuccess) { - PRErrorCode perr = PORT_GetError(); - fprintf(stdout, "%s: certificate is invalid: %s\n", - progName, SECU_Strerror(perr)); - GEN_BREAK (SECFailure) - } - fprintf(stdout, "%s: certificate is valid\n", progName); - GEN_BREAK (SECSuccess) - } - } while (0); - - if (cert) { - CERT_DestroyCertificate(cert); - } - - return (rv); -} - -static PRBool -ItemIsPrintableASCII(const SECItem * item) -{ - unsigned char *src = item->data; - unsigned int len = item->len; - while (len-- > 0) { - unsigned char uc = *src++; - if (uc < 0x20 || uc > 0x7e) - return PR_FALSE; - } - return PR_TRUE; -} - -/* Caller ensures that dst is at least item->len*2+1 bytes long */ -static void -SECItemToHex(const SECItem * item, char * dst) -{ - if (dst && item && item->data) { - unsigned char * src = item->data; - unsigned int len = item->len; - for (; len > 0; --len, dst += 2) { - sprintf(dst, "%02x", *src++); - } - *dst = '\0'; - } -} - -static const char * const keyTypeName[] = { - "null", "rsa", "dsa", "fortezza", "dh", "kea", "ec" }; - -#define MAX_CKA_ID_BIN_LEN 20 -#define MAX_CKA_ID_STR_LEN 40 - -/* print key number, key ID (in hex or ASCII), key label (nickname) */ -static SECStatus -PrintKey(PRFileDesc *out, const char *nickName, int count, - SECKEYPrivateKey *key, void *pwarg) -{ - SECItem * ckaID; - char ckaIDbuf[MAX_CKA_ID_STR_LEN + 4]; - - pwarg = NULL; - ckaID = PK11_GetLowLevelKeyIDForPrivateKey(key); - if (!ckaID) { - strcpy(ckaIDbuf, "(no CKA_ID)"); - } else if (ItemIsPrintableASCII(ckaID)) { - int len = PR_MIN(MAX_CKA_ID_STR_LEN, ckaID->len); - ckaIDbuf[0] = '"'; - memcpy(ckaIDbuf + 1, ckaID->data, len); - ckaIDbuf[1 + len] = '"'; - ckaIDbuf[2 + len] = '\0'; - } else { - /* print ckaid in hex */ - SECItem idItem = *ckaID; - if (idItem.len > MAX_CKA_ID_BIN_LEN) - idItem.len = MAX_CKA_ID_BIN_LEN; - SECItemToHex(&idItem, ckaIDbuf); - } - - PR_fprintf(out, "<%2d> %-8.8s %-42.42s %s\n", count, - keyTypeName[key->keyType], ckaIDbuf, nickName); - SECITEM_ZfreeItem(ckaID, PR_TRUE); - - return SECSuccess; -} - -/* returns SECSuccess if ANY keys are found, SECFailure otherwise. */ -static SECStatus -ListKeysInSlot(PK11SlotInfo *slot, const char *nickName, KeyType keyType, - void *pwarg) -{ - SECKEYPrivateKeyList *list; - SECKEYPrivateKeyListNode *node; - int count = 0; - - if (PK11_NeedLogin(slot)) { - SECStatus rv = PK11_Authenticate(slot, PR_TRUE, pwarg); - if (rv != SECSuccess) { - SECU_PrintError(progName, "could not authenticate to token %s.", - PK11_GetTokenName(slot)); - return SECFailure; - } - } - - if (nickName && nickName[0]) - list = PK11_ListPrivKeysInSlot(slot, (char *)nickName, pwarg); - else - list = PK11_ListPrivateKeysInSlot(slot); - if (list == NULL) { - SECU_PrintError(progName, "problem listing keys"); - return SECFailure; - } - for (node=PRIVKEY_LIST_HEAD(list); - !PRIVKEY_LIST_END(node,list); - node=PRIVKEY_LIST_NEXT(node)) { - char * keyName; - static const char orphan[] = { "(orphan)" }; - - if (keyType != nullKey && keyType != node->key->keyType) - continue; - keyName = PK11_GetPrivateKeyNickname(node->key); - if (!keyName || !keyName[0]) { - /* Try extra hard to find nicknames for keys that lack them. */ - CERTCertificate * cert; - PORT_Free((void *)keyName); - keyName = NULL; - cert = PK11_GetCertFromPrivateKey(node->key); - if (cert) { - if (cert->nickname && cert->nickname[0]) { - keyName = PORT_Strdup(cert->nickname); - } else if (cert->emailAddr && cert->emailAddr[0]) { - keyName = PORT_Strdup(cert->emailAddr); - } - CERT_DestroyCertificate(cert); - } - } - if (nickName) { - if (!keyName || PL_strcmp(keyName,nickName)) { - /* PKCS#11 module returned unwanted keys */ - PORT_Free((void *)keyName); - continue; - } - } - if (!keyName) - keyName = (char *)orphan; - - PrintKey(PR_STDOUT, keyName, count, node->key, pwarg); - - if (keyName != (char *)orphan) - PORT_Free((void *)keyName); - count++; - } - SECKEY_DestroyPrivateKeyList(list); - - if (count == 0) { - PR_fprintf(PR_STDOUT, "%s: no keys found\n", progName); - return SECFailure; - } - return SECSuccess; -} - -/* returns SECSuccess if ANY keys are found, SECFailure otherwise. */ -static SECStatus -ListKeys(PK11SlotInfo *slot, const char *nickName, int index, - KeyType keyType, PRBool dopriv, secuPWData *pwdata) -{ - SECStatus rv = SECFailure; - static const char fmt[] = \ - "%s: Checking token \"%.33s\" in slot \"%.65s\"\n"; - - if (slot == NULL) { - PK11SlotList *list; - PK11SlotListElement *le; - - list= PK11_GetAllTokens(CKM_INVALID_MECHANISM,PR_FALSE,PR_FALSE,pwdata); - if (list) { - for (le = list->head; le; le = le->next) { - PR_fprintf(PR_STDOUT, fmt, progName, - PK11_GetTokenName(le->slot), - PK11_GetSlotName(le->slot)); - rv &= ListKeysInSlot(le->slot,nickName,keyType,pwdata); - } - PK11_FreeSlotList(list); - } - } else { - PR_fprintf(PR_STDOUT, fmt, progName, PK11_GetTokenName(slot), - PK11_GetSlotName(slot)); - rv = ListKeysInSlot(slot,nickName,keyType,pwdata); - } - return rv; -} - -static SECStatus -DeleteKey(char *nickname, secuPWData *pwdata) -{ - SECStatus rv; - CERTCertificate *cert; - PK11SlotInfo *slot; - - slot = PK11_GetInternalKeySlot(); - if (PK11_NeedLogin(slot)) { - SECStatus rv = PK11_Authenticate(slot, PR_TRUE, pwdata); - if (rv != SECSuccess) { - SECU_PrintError(progName, "could not authenticate to token %s.", - PK11_GetTokenName(slot)); - return SECFailure; - } - } - cert = PK11_FindCertFromNickname(nickname, pwdata); - if (!cert) { - PK11_FreeSlot(slot); - return SECFailure; - } - rv = PK11_DeleteTokenCertAndKey(cert, pwdata); - if (rv != SECSuccess) { - SECU_PrintError("problem deleting private key \"%s\"\n", nickname); - } - CERT_DestroyCertificate(cert); - PK11_FreeSlot(slot); - return rv; -} - - -/* - * L i s t M o d u l e s - * - * Print a list of the PKCS11 modules that are - * available. This is useful for smartcard people to - * make sure they have the drivers loaded. - * - */ -static SECStatus -ListModules(void) -{ - PK11SlotList *list; - PK11SlotListElement *le; - - /* get them all! */ - list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,PR_FALSE,PR_FALSE,NULL); - if (list == NULL) return SECFailure; - - /* look at each slot*/ - for (le = list->head ; le; le = le->next) { - printf ("\n"); - printf (" slot: %s\n", PK11_GetSlotName(le->slot)); - printf (" token: %s\n", PK11_GetTokenName(le->slot)); - } - PK11_FreeSlotList(list); - - return SECSuccess; -} - -static void -Usage(char *progName) -{ -#define FPS fprintf(stderr, - FPS "Type %s -H for more detailed descriptions\n", progName); - FPS "Usage: %s -N [-d certdir] [-P dbprefix] [-f pwfile]\n", progName); - FPS "Usage: %s -T [-d certdir] [-P dbprefix] [-h token-name]\n" - "\t\t [-f pwfile] [-0 SSO-password]\n", progName); - FPS "\t%s -A -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", - progName); - FPS "\t%s -B -i batch-file\n", progName); - FPS "\t%s -C [-c issuer-name | -x] -i cert-request-file -o cert-file\n" - "\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n" - "\t\t [-f pwfile] [-d certdir] [-P dbprefix]\n" - "\t\t [-1 | --keyUsage [keyUsageKeyword,..]] [-2] [-3] [-4]\n" - "\t\t [-5 | --nsCertType [nsCertTypeKeyword,...]]\n" - "\t\t [-6 | --extKeyUsage [extKeyUsageKeyword,...]] [-7 emailAddrs]\n" - "\t\t [-8 dns-names] [-a]\n", - progName); - FPS "\t%s -D -n cert-name [-d certdir] [-P dbprefix]\n", progName); - FPS "\t%s -E -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", - progName); - FPS "\t%s -G -n key-name [-h token-name] [-k rsa] [-g key-size] [-y exp]\n" - "\t\t [-f pwfile] [-z noisefile] [-d certdir] [-P dbprefix]\n", progName); - FPS "\t%s -G [-h token-name] -k dsa [-q pqgfile -g key-size] [-f pwfile]\n" - "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName); -#ifdef NSS_ENABLE_ECC - FPS "\t%s -G [-h token-name] -k ec -q curve [-f pwfile]\n" - "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName); - FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|ec|rsa|all]\n", - progName); -#else - FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|rsa|all]\n", - progName); -#endif /* NSS_ENABLE_ECC */ - FPS "\t\t [-f pwfile] [-X] [-d certdir] [-P dbprefix]\n"); - FPS "\t%s --upgrade-merge --source-dir upgradeDir --upgrade-id uniqueID\n", - progName); - FPS "\t\t [--upgrade-token-name tokenName] [-d targetDBDir]\n"); - FPS "\t\t [-P targetDBPrefix] [--source-prefix upgradeDBPrefix]\n"); - FPS "\t\t [-f targetPWfile] [-@ upgradePWFile]\n"); - FPS "\t%s --merge --source-dir sourceDBDir [-d targetDBdir]\n", - progName); - FPS "\t\t [-P targetDBPrefix] [--source-prefix sourceDBPrefix]\n"); - FPS "\t\t [-f targetPWfile] [-@ sourcePWFile]\n"); - FPS "\t%s -L [-n cert-name] [-X] [-d certdir] [-P dbprefix] [-r] [-a]\n", progName); - FPS "\t%s -M -n cert-name -t trustargs [-d certdir] [-P dbprefix]\n", - progName); - FPS "\t%s -O -n cert-name [-X] [-d certdir] [-P dbprefix]\n", progName); - FPS "\t%s -R -s subj -o cert-request-file [-d certdir] [-P dbprefix] [-p phone] [-a]\n" - "\t\t [-7 emailAddrs] [-k key-type-or-id] [-h token-name] [-f pwfile] [-g key-size]\n", - progName); - FPS "\t%s -V -n cert-name -u usage [-b time] [-e] \n" - "\t\t[-X] [-d certdir] [-P dbprefix]\n", - progName); - FPS "\t%s -S -n cert-name -s subj [-c issuer-name | -x] -t trustargs\n" - "\t\t [-k key-type-or-id] [-q key-params] [-h token-name] [-g key-size]\n" - "\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n" - "\t\t [-f pwfile] [-d certdir] [-P dbprefix]\n" - "\t\t [-p phone] [-1] [-2] [-3] [-4] [-5] [-6] [-7 emailAddrs]\n" - "\t\t [-8 DNS-names]\n" - "\t\t [--extAIA] [--extSIA] [--extCP] [--extPM] [--extPC] [--extIA]\n" - "\t\t [--extSKID]\n", progName); - FPS "\t%s -U [-X] [-d certdir] [-P dbprefix]\n", progName); - exit(1); -} - -static void LongUsage(char *progName) -{ - - FPS "%-15s Add a certificate to the database (create if needed)\n", - "-A"); - FPS "%-20s\n", " All options under -E apply"); - FPS "%-15s Run a series of certutil commands from a batch file\n", "-B"); - FPS "%-20s Specify the batch file\n", " -i batch-file"); - FPS "%-15s Add an Email certificate to the database (create if needed)\n", - "-E"); - FPS "%-20s Specify the nickname of the certificate to add\n", - " -n cert-name"); - FPS "%-20s Set the certificate trust attributes:\n", - " -t trustargs"); - FPS "%-25s trustargs is of the form x,y,z where x is for SSL, y is for S/MIME,\n", ""); - FPS "%-25s and z is for code signing\n", ""); - FPS "%-25s p \t valid peer\n", ""); - FPS "%-25s P \t trusted peer (implies p)\n", ""); - FPS "%-25s c \t valid CA\n", ""); - FPS "%-25s T \t trusted CA to issue client certs (implies c)\n", ""); - FPS "%-25s C \t trusted CA to issue server certs (implies c)\n", ""); - FPS "%-25s u \t user cert\n", ""); - FPS "%-25s w \t send warning\n", ""); - FPS "%-25s g \t make step-up cert\n", ""); - FPS "%-20s Specify the password file\n", - " -f pwfile"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s The input certificate is encoded in ASCII (RFC1113)\n", - " -a"); - FPS "%-20s Specify the certificate file (default is stdin)\n", - " -i input"); - FPS "\n"); - - FPS "%-15s Create a new binary certificate from a BINARY cert request\n", - "-C"); - FPS "%-20s The nickname of the issuer cert\n", - " -c issuer-name"); - FPS "%-20s The BINARY certificate request file\n", - " -i cert-request "); - FPS "%-20s Output binary cert to this file (default is stdout)\n", - " -o output-cert"); - FPS "%-20s Self sign\n", - " -x"); - FPS "%-20s Cert serial number\n", - " -m serial-number"); - FPS "%-20s Time Warp\n", - " -w warp-months"); - FPS "%-20s Months valid (default is 3)\n", - " -v months-valid"); - FPS "%-20s Specify the password file\n", - " -f pwfile"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s \n" - "%-20s Create key usage extension. Possible keywords:\n" - "%-20s \"digitalSignature\", \"nonRepudiation\", \"keyEncipherment\",\n" - "%-20s \"dataEncipherment\", \"keyAgreement\", \"certSigning\",\n" - "%-20s \"crlSigning\", \"critical\"\n", - " -1 | --keyUsage keyword,keyword,...", "", "", "", ""); - FPS "%-20s Create basic constraint extension\n", - " -2 "); - FPS "%-20s Create authority key ID extension\n", - " -3 "); - FPS "%-20s Create crl distribution point extension\n", - " -4 "); - FPS "%-20s \n" - "%-20s Create netscape cert type extension. Possible keywords:\n" - "%-20s \"sslClient\", \"sslServer\", \"smime\", \"objectSigning\",\n" - "%-20s \"sslCA\", \"smimeCA\", \"objectSigningCA\", \"critical\".\n", - " -5 | -nsCertType keyword,keyword,... ", "", "", ""); - FPS "%-20s \n" - "%-20s Create extended key usage extension. Possible keywords:\n" - "%-20s \"serverAuth\", \"clientAuth\",\"codeSigning\",\n" - "%-20s \"emailProtection\", \"timeStamp\",\"ocspResponder\",\n" - "%-20s \"stepUp\", \"critical\"\n", - " -6 | --extKeyUsage keyword,keyword,...", "", "", "", ""); - FPS "%-20s Create an email subject alt name extension\n", - " -7 emailAddrs"); - FPS "%-20s Create an dns subject alt name extension\n", - " -8 dnsNames"); - FPS "%-20s The input certificate request is encoded in ASCII (RFC1113)\n", - " -a"); - FPS "\n"); - - FPS "%-15s Generate a new key pair\n", - "-G"); - FPS "%-20s Name of token in which to generate key (default is internal)\n", - " -h token-name"); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n", - " -k key-type"); - FPS "%-20s Key size in bits, (min %d, max %d, default %d) (not for ec)\n", - " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); -#else - FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n", - " -k key-type"); - FPS "%-20s Key size in bits, (min %d, max %d, default %d)\n", - " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); -#endif /* NSS_ENABLE_ECC */ - FPS "%-20s Set the public exponent value (3, 17, 65537) (rsa only)\n", - " -y exp"); - FPS "%-20s Specify the password file\n", - " -f password-file"); - FPS "%-20s Specify the noise file to be used\n", - " -z noisefile"); - FPS "%-20s read PQG value from pqgfile (dsa only)\n", - " -q pqgfile"); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Elliptic curve name (ec only)\n", - " -q curve-name"); - FPS "%-20s One of nistp256, nistp384, nistp521\n", ""); -#ifdef NSS_ECC_MORE_THAN_SUITE_B - FPS "%-20s sect163k1, nistk163, sect163r1, sect163r2,\n", ""); - FPS "%-20s nistb163, sect193r1, sect193r2, sect233k1, nistk233,\n", ""); - FPS "%-20s sect233r1, nistb233, sect239k1, sect283k1, nistk283,\n", ""); - FPS "%-20s sect283r1, nistb283, sect409k1, nistk409, sect409r1,\n", ""); - FPS "%-20s nistb409, sect571k1, nistk571, sect571r1, nistb571,\n", ""); - FPS "%-20s secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,\n", ""); - FPS "%-20s nistp192, secp224k1, secp224r1, nistp224, secp256k1,\n", ""); - FPS "%-20s secp256r1, secp384r1, secp521r1,\n", ""); - FPS "%-20s prime192v1, prime192v2, prime192v3, \n", ""); - FPS "%-20s prime239v1, prime239v2, prime239v3, c2pnb163v1, \n", ""); - FPS "%-20s c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1, \n", ""); - FPS "%-20s c2tnb191v2, c2tnb191v3, \n", ""); - FPS "%-20s c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, \n", ""); - FPS "%-20s c2pnb272w1, c2pnb304w1, \n", ""); - FPS "%-20s c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, \n", ""); - FPS "%-20s secp112r2, secp128r1, secp128r2, sect113r1, sect113r2\n", ""); - FPS "%-20s sect131r1, sect131r2\n", ""); -#endif /* NSS_ECC_MORE_THAN_SUITE_B */ -#endif - FPS "%-20s Key database directory (default is ~/.netscape)\n", - " -d keydir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "\n"); - - FPS "%-15s Delete a certificate from the database\n", - "-D"); - FPS "%-20s The nickname of the cert to delete\n", - " -n cert-name"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "\n"); - - FPS "%-15s List all modules\n", /*, or print out a single named module\n",*/ - "-U"); - FPS "%-20s Module database directory (default is '~/.netscape')\n", - " -d moddir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s force the database to open R/W\n", - " -X"); - FPS "\n"); - - FPS "%-15s List all private keys\n", - "-K"); - FPS "%-20s Name of token to search (\"all\" for all tokens)\n", - " -h token-name "); - - FPS "%-20s Key type (\"all\" (default), \"dsa\"," -#ifdef NSS_ENABLE_ECC - " \"ec\"," -#endif - " \"rsa\")\n", - " -k key-type"); - FPS "%-20s The nickname of the key or associated certificate\n", - " -n name"); - FPS "%-20s Specify the password file\n", - " -f password-file"); - FPS "%-20s Key database directory (default is ~/.netscape)\n", - " -d keydir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s force the database to open R/W\n", - " -X"); - FPS "\n"); - - FPS "%-15s List all certs, or print out a single named cert\n", - "-L"); - FPS "%-20s Pretty print named cert (list all if unspecified)\n", - " -n cert-name"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s force the database to open R/W\n", - " -X"); - FPS "%-20s For single cert, print binary DER encoding\n", - " -r"); - FPS "%-20s For single cert, print ASCII encoding (RFC1113)\n", - " -a"); - FPS "\n"); - - FPS "%-15s Modify trust attributes of certificate\n", - "-M"); - FPS "%-20s The nickname of the cert to modify\n", - " -n cert-name"); - FPS "%-20s Set the certificate trust attributes (see -A above)\n", - " -t trustargs"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "\n"); - - FPS "%-15s Create a new certificate database\n", - "-N"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "\n"); - FPS "%-15s Reset the Key database or token\n", - "-T"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s Token to reset (default is internal)\n", - " -h token-name"); - FPS "%-20s Set token's Site Security Officer password\n", - " -0 SSO-password"); - FPS "\n"); - - FPS "\n"); - FPS "%-15s Print the chain of a certificate\n", - "-O"); - FPS "%-20s The nickname of the cert to modify\n", - " -n cert-name"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s force the database to open R/W\n", - " -X"); - FPS "\n"); - - FPS "%-15s Generate a certificate request (stdout)\n", - "-R"); - FPS "%-20s Specify the subject name (using RFC1485)\n", - " -s subject"); - FPS "%-20s Output the cert request to this file\n", - " -o output-req"); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n", -#else - FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n", -#endif /* NSS_ENABLE_ECC */ - " -k key-type-or-id"); - FPS "%-20s or nickname of the cert key to use \n", - ""); - FPS "%-20s Name of token in which to generate key (default is internal)\n", - " -h token-name"); - FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n", - " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); - FPS "%-20s Name of file containing PQG parameters (dsa only)\n", - " -q pqgfile"); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Elliptic curve name (ec only)\n", - " -q curve-name"); - FPS "%-20s See the \"-G\" option for a full list of supported names.\n", - ""); -#endif /* NSS_ENABLE_ECC */ - FPS "%-20s Specify the password file\n", - " -f pwfile"); - FPS "%-20s Key database directory (default is ~/.netscape)\n", - " -d keydir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s Specify the contact phone number (\"123-456-7890\")\n", - " -p phone"); - FPS "%-20s Output the cert request in ASCII (RFC1113); default is binary\n", - " -a"); - FPS "%-20s \n", - " See -S for available extension options"); - FPS "\n"); - - FPS "%-15s Validate a certificate\n", - "-V"); - FPS "%-20s The nickname of the cert to Validate\n", - " -n cert-name"); - FPS "%-20s validity time (\"YYMMDDHHMMSS[+HHMM|-HHMM|Z]\")\n", - " -b time"); - FPS "%-20s Check certificate signature \n", - " -e "); - FPS "%-20s Specify certificate usage:\n", " -u certusage"); - FPS "%-25s C \t SSL Client\n", ""); - FPS "%-25s V \t SSL Server\n", ""); - FPS "%-25s S \t Email signer\n", ""); - FPS "%-25s R \t Email Recipient\n", ""); - FPS "%-25s O \t OCSP status responder\n", ""); - FPS "%-25s J \t Object signer\n", ""); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s force the database to open R/W\n", - " -X"); - FPS "\n"); - - FPS "%-15s Upgrade an old database and merge it into a new one\n", - "--upgrade-merge"); - FPS "%-20s Cert database directory to merge into (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix of the target database\n", - " -P dbprefix"); - FPS "%-20s Specify the password file for the target database\n", - " -f pwfile"); - FPS "%-20s \n%-20s Cert database directory to upgrade from\n", - " --source-dir certdir", ""); - FPS "%-20s \n%-20s Cert & Key database prefix of the upgrade database\n", - " --soruce-prefix dbprefix", ""); - FPS "%-20s \n%-20s Unique identifier for the upgrade database\n", - " --upgrade-id uniqueID", ""); - FPS "%-20s \n%-20s Name of the token while it is in upgrade state\n", - " --upgrade-token-name name", ""); - FPS "%-20s Specify the password file for the upgrade database\n", - " -@ pwfile"); - FPS "\n"); - - FPS "%-15s Merge source database into the target database\n", - "--merge"); - FPS "%-20s Cert database directory of target (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix of the target database\n", - " -P dbprefix"); - FPS "%-20s Specify the password file for the target database\n", - " -f pwfile"); - FPS "%-20s \n%-20s Cert database directory of the source database\n", - " --source-dir certdir", ""); - FPS "%-20s \n%-20s Cert & Key database prefix of the source database\n", - " --source-prefix dbprefix", ""); - FPS "%-20s Specify the password file for the source database\n", - " -@ pwfile"); - FPS "\n"); - - FPS "%-15s Make a certificate and add to database\n", - "-S"); - FPS "%-20s Specify the nickname of the cert\n", - " -n key-name"); - FPS "%-20s Specify the subject name (using RFC1485)\n", - " -s subject"); - FPS "%-20s The nickname of the issuer cert\n", - " -c issuer-name"); - FPS "%-20s Set the certificate trust attributes (see -A above)\n", - " -t trustargs"); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n", -#else - FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n", -#endif /* NSS_ENABLE_ECC */ - " -k key-type-or-id"); - FPS "%-20s Name of token in which to generate key (default is internal)\n", - " -h token-name"); - FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n", - " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); - FPS "%-20s Name of file containing PQG parameters (dsa only)\n", - " -q pqgfile"); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Elliptic curve name (ec only)\n", - " -q curve-name"); - FPS "%-20s See the \"-G\" option for a full list of supported names.\n", - ""); -#endif /* NSS_ENABLE_ECC */ - FPS "%-20s Self sign\n", - " -x"); - FPS "%-20s Cert serial number\n", - " -m serial-number"); - FPS "%-20s Time Warp\n", - " -w warp-months"); - FPS "%-20s Months valid (default is 3)\n", - " -v months-valid"); - FPS "%-20s Specify the password file\n", - " -f pwfile"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s Specify the contact phone number (\"123-456-7890\")\n", - " -p phone"); - FPS "%-20s Create key usage extension\n", - " -1 "); - FPS "%-20s Create basic constraint extension\n", - " -2 "); - FPS "%-20s Create authority key ID extension\n", - " -3 "); - FPS "%-20s Create crl distribution point extension\n", - " -4 "); - FPS "%-20s Create netscape cert type extension\n", - " -5 "); - FPS "%-20s Create extended key usage extension\n", - " -6 "); - FPS "%-20s Create an email subject alt name extension\n", - " -7 emailAddrs "); - FPS "%-20s Create a DNS subject alt name extension\n", - " -8 DNS-names"); - FPS "%-20s Create an Authority Information Access extension\n", - " --extAIA "); - FPS "%-20s Create a Subject Information Access extension\n", - " --extSIA "); - FPS "%-20s Create a Certificate Policies extension\n", - " --extCP "); - FPS "%-20s Create a Policy Mappings extension\n", - " --extPM "); - FPS "%-20s Create a Policy Constraints extension\n", - " --extPC "); - FPS "%-20s Create an Inhibit Any Policy extension\n", - " --extIA "); - FPS "%-20s Create a subject key ID extension\n", - " --extSKID "); - FPS "\n"); - - exit(1); -#undef FPS -} - - -static CERTCertificate * -MakeV1Cert( CERTCertDBHandle * handle, - CERTCertificateRequest *req, - char * issuerNickName, - PRBool selfsign, - unsigned int serialNumber, - int warpmonths, - int validityMonths) -{ - CERTCertificate *issuerCert = NULL; - CERTValidity *validity; - CERTCertificate *cert = NULL; - PRExplodedTime printableTime; - PRTime now, after; - - if ( !selfsign ) { - issuerCert = CERT_FindCertByNicknameOrEmailAddr(handle, issuerNickName); - if (!issuerCert) { - SECU_PrintError(progName, "could not find certificate named \"%s\"", - issuerNickName); - return NULL; - } - } - - now = PR_Now(); - PR_ExplodeTime (now, PR_GMTParameters, &printableTime); - if ( warpmonths ) { - printableTime.tm_month += warpmonths; - now = PR_ImplodeTime (&printableTime); - PR_ExplodeTime (now, PR_GMTParameters, &printableTime); - } - printableTime.tm_month += validityMonths; - after = PR_ImplodeTime (&printableTime); - - /* note that the time is now in micro-second unit */ - validity = CERT_CreateValidity (now, after); - if (validity) { - cert = CERT_CreateCertificate(serialNumber, - (selfsign ? &req->subject - : &issuerCert->subject), - validity, req); - - CERT_DestroyValidity(validity); - } - if ( issuerCert ) { - CERT_DestroyCertificate (issuerCert); - } - - return(cert); -} - -static SECItem * -SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign, - SECOidTag hashAlgTag, - SECKEYPrivateKey *privKey, char *issuerNickName, void *pwarg) -{ - SECItem der; - SECItem *result = NULL; - SECKEYPrivateKey *caPrivateKey = NULL; - SECStatus rv; - PRArenaPool *arena; - SECOidTag algID; - void *dummy; - - if( !selfsign ) { - CERTCertificate *issuer = PK11_FindCertFromNickname(issuerNickName, pwarg); - if( (CERTCertificate *)NULL == issuer ) { - SECU_PrintError(progName, "unable to find issuer with nickname %s", - issuerNickName); - return (SECItem *)NULL; - } - - privKey = caPrivateKey = PK11_FindKeyByAnyCert(issuer, pwarg); - CERT_DestroyCertificate(issuer); - if (caPrivateKey == NULL) { - SECU_PrintError(progName, "unable to retrieve key %s", issuerNickName); - return NULL; - } - } - - arena = cert->arena; - - algID = SEC_GetSignatureAlgorithmOidTag(privKey->keyType, hashAlgTag); - if (algID == SEC_OID_UNKNOWN) { - fprintf(stderr, "Unknown key or hash type for issuer."); - goto done; - } - - rv = SECOID_SetAlgorithmID(arena, &cert->signature, algID, 0); - if (rv != SECSuccess) { - fprintf(stderr, "Could not set signature algorithm id."); - goto done; - } - - /* we only deal with cert v3 here */ - *(cert->version.data) = 2; - cert->version.len = 1; - - der.len = 0; - der.data = NULL; - dummy = SEC_ASN1EncodeItem (arena, &der, cert, - SEC_ASN1_GET(CERT_CertificateTemplate)); - if (!dummy) { - fprintf (stderr, "Could not encode certificate.\n"); - goto done; - } - - result = (SECItem *) PORT_ArenaZAlloc (arena, sizeof (SECItem)); - if (result == NULL) { - fprintf (stderr, "Could not allocate item for certificate data.\n"); - goto done; - } - - rv = SEC_DerSignData(arena, result, der.data, der.len, privKey, algID); - if (rv != SECSuccess) { - fprintf (stderr, "Could not sign encoded certificate data.\n"); - /* result allocated out of the arena, it will be freed - * when the arena is freed */ - result = NULL; - goto done; - } - cert->derCert = *result; -done: - if (caPrivateKey) { - SECKEY_DestroyPrivateKey(caPrivateKey); - } - return result; -} - -static SECStatus -CreateCert( - CERTCertDBHandle *handle, - PK11SlotInfo *slot, - char * issuerNickName, - PRFileDesc *inFile, - PRFileDesc *outFile, - SECKEYPrivateKey **selfsignprivkey, - void *pwarg, - SECOidTag hashAlgTag, - unsigned int serialNumber, - int warpmonths, - int validityMonths, - const char *emailAddrs, - const char *dnsNames, - PRBool ascii, - PRBool selfsign, - certutilExtnList extnList) -{ - void * extHandle; - SECItem * certDER; - CERTCertificate *subjectCert = NULL; - CERTCertificateRequest *certReq = NULL; - SECStatus rv = SECSuccess; - SECItem reqDER; - CERTCertExtension **CRexts; - - reqDER.data = NULL; - do { - /* Create a certrequest object from the input cert request der */ - certReq = GetCertRequest(inFile, ascii); - if (certReq == NULL) { - GEN_BREAK (SECFailure) - } - - subjectCert = MakeV1Cert (handle, certReq, issuerNickName, selfsign, - serialNumber, warpmonths, validityMonths); - if (subjectCert == NULL) { - GEN_BREAK (SECFailure) - } - - - extHandle = CERT_StartCertExtensions (subjectCert); - if (extHandle == NULL) { - GEN_BREAK (SECFailure) - } - - rv = AddExtensions(extHandle, emailAddrs, dnsNames, extnList); - if (rv != SECSuccess) { - GEN_BREAK (SECFailure) - } - - if (certReq->attributes != NULL && - certReq->attributes[0] != NULL && - certReq->attributes[0]->attrType.data != NULL && - certReq->attributes[0]->attrType.len > 0 && - SECOID_FindOIDTag(&certReq->attributes[0]->attrType) - == SEC_OID_PKCS9_EXTENSION_REQUEST) { - rv = CERT_GetCertificateRequestExtensions(certReq, &CRexts); - if (rv != SECSuccess) - break; - rv = CERT_MergeExtensions(extHandle, CRexts); - if (rv != SECSuccess) - break; - } - - CERT_FinishExtensions(extHandle); - - /* self-signing a cert request, find the private key */ - if (selfsign && *selfsignprivkey == NULL) { - *selfsignprivkey = PK11_FindKeyByDERCert(slot, subjectCert, pwarg); - if (!*selfsignprivkey) { - fprintf(stderr, "Failed to locate private key.\n"); - rv = SECFailure; - break; - } - } - - certDER = SignCert(handle, subjectCert, selfsign, hashAlgTag, - *selfsignprivkey, issuerNickName,pwarg); - - if (certDER) { - if (ascii) { - PR_fprintf(outFile, "%s\n%s\n%s\n", NS_CERT_HEADER, - BTOA_DataToAscii(certDER->data, certDER->len), - NS_CERT_TRAILER); - } else { - PR_Write(outFile, certDER->data, certDER->len); - } - } - - } while (0); - CERT_DestroyCertificateRequest (certReq); - CERT_DestroyCertificate (subjectCert); - if (rv != SECSuccess) { - PRErrorCode perr = PR_GetError(); - fprintf(stderr, "%s: unable to create cert (%s)\n", progName, - SECU_Strerror(perr)); - } - return (rv); -} - - -/* - * map a class to a user presentable string - */ -static const char *objClassArray[] = { - "Data", - "Certificate", - "Public Key", - "Private Key", - "Secret Key", - "Hardware Feature", - "Domain Parameters", - "Mechanism" -}; - -static const char *objNSSClassArray[] = { - "CKO_NSS", - "Crl", - "SMIME Record", - "Trust", - "Builtin Root List" -}; - - -const char * -getObjectClass(CK_ULONG classType) -{ - static char buf[sizeof(CK_ULONG)*2+3]; - - if (classType <= CKO_MECHANISM) { - return objClassArray[classType]; - } - if (classType >= CKO_NSS && classType <= CKO_NSS_BUILTIN_ROOT_LIST) { - return objNSSClassArray[classType - CKO_NSS]; - } - sprintf(buf, "0x%lx", classType); - return buf; -} - -char *mkNickname(unsigned char *data, int len) -{ - char *nick = PORT_Alloc(len+1); - if (!nick) { - return nick; - } - PORT_Memcpy(nick, data, len); - nick[len] = 0; - return nick; -} - -/* - * dump a PK11_MergeTokens error log to the console - */ -void -DumpMergeLog(const char *progname, PK11MergeLog *log) -{ - PK11MergeLogNode *node; - - for (node = log->head; node; node = node->next) { - SECItem attrItem; - char *nickname = NULL; - const char *objectClass = NULL; - SECStatus rv; - - attrItem.data = NULL; - rv = PK11_ReadRawAttribute(PK11_TypeGeneric, node->object, - CKA_LABEL, &attrItem); - if (rv == SECSuccess) { - nickname = mkNickname(attrItem.data, attrItem.len); - PORT_Free(attrItem.data); - } - attrItem.data = NULL; - rv = PK11_ReadRawAttribute(PK11_TypeGeneric, node->object, - CKA_CLASS, &attrItem); - if (rv == SECSuccess) { - if (attrItem.len == sizeof(CK_ULONG)) { - objectClass = getObjectClass(*(CK_ULONG *)attrItem.data); - } - PORT_Free(attrItem.data); - } - - fprintf(stderr, "%s: Could not merge object %s (type %s): %s\n", - progName, - nickname ? nickname : "unnamed", - objectClass ? objectClass : "unknown", - SECU_Strerror(node->error)); - - if (nickname) { - PORT_Free(nickname); - } - } -} - -/* Certutil commands */ -enum { - cmd_AddCert = 0, - cmd_CreateNewCert, - cmd_DeleteCert, - cmd_AddEmailCert, - cmd_DeleteKey, - cmd_GenKeyPair, - cmd_PrintHelp, - cmd_ListKeys, - cmd_ListCerts, - cmd_ModifyCertTrust, - cmd_NewDBs, - cmd_DumpChain, - cmd_CertReq, - cmd_CreateAndAddCert, - cmd_TokenReset, - cmd_ListModules, - cmd_CheckCertValidity, - cmd_ChangePassword, - cmd_Version, - cmd_Batch, - cmd_Merge, - cmd_UpgradeMerge /* test only */ -}; - -/* Certutil options */ -enum certutilOpts { - opt_SSOPass = 0, - opt_AddKeyUsageExt, - opt_AddBasicConstraintExt, - opt_AddAuthorityKeyIDExt, - opt_AddCRLDistPtsExt, - opt_AddNSCertTypeExt, - opt_AddExtKeyUsageExt, - opt_ExtendedEmailAddrs, - opt_ExtendedDNSNames, - opt_ASCIIForIO, - opt_ValidityTime, - opt_IssuerName, - opt_CertDir, - opt_VerifySig, - opt_PasswordFile, - opt_KeySize, - opt_TokenName, - opt_InputFile, - opt_KeyIndex, - opt_KeyType, - opt_DetailedInfo, - opt_SerialNumber, - opt_Nickname, - opt_OutputFile, - opt_PhoneNumber, - opt_DBPrefix, - opt_PQGFile, - opt_BinaryDER, - opt_Subject, - opt_Trust, - opt_Usage, - opt_Validity, - opt_OffsetMonths, - opt_SelfSign, - opt_RW, - opt_Exponent, - opt_NoiseFile, - opt_Hash, - opt_NewPasswordFile, - opt_AddAuthInfoAccExt, - opt_AddSubjInfoAccExt, - opt_AddCertPoliciesExt, - opt_AddPolicyMapExt, - opt_AddPolicyConstrExt, - opt_AddInhibAnyExt, - opt_AddSubjectKeyIDExt, - opt_AddCmdKeyUsageExt, - opt_AddCmdNSCertTypeExt, - opt_AddCmdExtKeyUsageExt, - opt_SourceDir, - opt_SourcePrefix, - opt_UpgradeID, - opt_UpgradeTokenName -}; - -static const -secuCommandFlag commands_init[] = -{ - { /* cmd_AddCert */ 'A', PR_FALSE, 0, PR_FALSE }, - { /* cmd_CreateNewCert */ 'C', PR_FALSE, 0, PR_FALSE }, - { /* cmd_DeleteCert */ 'D', PR_FALSE, 0, PR_FALSE }, - { /* cmd_AddEmailCert */ 'E', PR_FALSE, 0, PR_FALSE }, - { /* cmd_DeleteKey */ 'F', PR_FALSE, 0, PR_FALSE }, - { /* cmd_GenKeyPair */ 'G', PR_FALSE, 0, PR_FALSE }, - { /* cmd_PrintHelp */ 'H', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ListKeys */ 'K', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ListCerts */ 'L', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ModifyCertTrust */ 'M', PR_FALSE, 0, PR_FALSE }, - { /* cmd_NewDBs */ 'N', PR_FALSE, 0, PR_FALSE }, - { /* cmd_DumpChain */ 'O', PR_FALSE, 0, PR_FALSE }, - { /* cmd_CertReq */ 'R', PR_FALSE, 0, PR_FALSE }, - { /* cmd_CreateAndAddCert */ 'S', PR_FALSE, 0, PR_FALSE }, - { /* cmd_TokenReset */ 'T', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ListModules */ 'U', PR_FALSE, 0, PR_FALSE }, - { /* cmd_CheckCertValidity */ 'V', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ChangePassword */ 'W', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Version */ 'Y', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Batch */ 'B', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Merge */ 0, PR_FALSE, 0, PR_FALSE, "merge" }, - { /* cmd_UpgradeMerge */ 0, PR_FALSE, 0, PR_FALSE, - "upgrade-merge" } -}; -#define NUM_COMMANDS ((sizeof commands_init) / (sizeof commands_init[0])) - -static const -secuCommandFlag options_init[] = -{ - { /* opt_SSOPass */ '0', PR_TRUE, 0, PR_FALSE }, - { /* opt_AddKeyUsageExt */ '1', PR_FALSE, 0, PR_FALSE }, - { /* opt_AddBasicConstraintExt*/ '2', PR_FALSE, 0, PR_FALSE }, - { /* opt_AddAuthorityKeyIDExt*/ '3', PR_FALSE, 0, PR_FALSE }, - { /* opt_AddCRLDistPtsExt */ '4', PR_FALSE, 0, PR_FALSE }, - { /* opt_AddNSCertTypeExt */ '5', PR_FALSE, 0, PR_FALSE }, - { /* opt_AddExtKeyUsageExt */ '6', PR_FALSE, 0, PR_FALSE }, - { /* opt_ExtendedEmailAddrs */ '7', PR_TRUE, 0, PR_FALSE }, - { /* opt_ExtendedDNSNames */ '8', PR_TRUE, 0, PR_FALSE }, - { /* opt_ASCIIForIO */ 'a', PR_FALSE, 0, PR_FALSE }, - { /* opt_ValidityTime */ 'b', PR_TRUE, 0, PR_FALSE }, - { /* opt_IssuerName */ 'c', PR_TRUE, 0, PR_FALSE }, - { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE }, - { /* opt_VerifySig */ 'e', PR_FALSE, 0, PR_FALSE }, - { /* opt_PasswordFile */ 'f', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeySize */ 'g', PR_TRUE, 0, PR_FALSE }, - { /* opt_TokenName */ 'h', PR_TRUE, 0, PR_FALSE }, - { /* opt_InputFile */ 'i', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeyIndex */ 'j', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeyType */ 'k', PR_TRUE, 0, PR_FALSE }, - { /* opt_DetailedInfo */ 'l', PR_FALSE, 0, PR_FALSE }, - { /* opt_SerialNumber */ 'm', PR_TRUE, 0, PR_FALSE }, - { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE }, - { /* opt_OutputFile */ 'o', PR_TRUE, 0, PR_FALSE }, - { /* opt_PhoneNumber */ 'p', PR_TRUE, 0, PR_FALSE }, - { /* opt_DBPrefix */ 'P', PR_TRUE, 0, PR_FALSE }, - { /* opt_PQGFile */ 'q', PR_TRUE, 0, PR_FALSE }, - { /* opt_BinaryDER */ 'r', PR_FALSE, 0, PR_FALSE }, - { /* opt_Subject */ 's', PR_TRUE, 0, PR_FALSE }, - { /* opt_Trust */ 't', PR_TRUE, 0, PR_FALSE }, - { /* opt_Usage */ 'u', PR_TRUE, 0, PR_FALSE }, - { /* opt_Validity */ 'v', PR_TRUE, 0, PR_FALSE }, - { /* opt_OffsetMonths */ 'w', PR_TRUE, 0, PR_FALSE }, - { /* opt_SelfSign */ 'x', PR_FALSE, 0, PR_FALSE }, - { /* opt_RW */ 'X', PR_FALSE, 0, PR_FALSE }, - { /* opt_Exponent */ 'y', PR_TRUE, 0, PR_FALSE }, - { /* opt_NoiseFile */ 'z', PR_TRUE, 0, PR_FALSE }, - { /* opt_Hash */ 'Z', PR_TRUE, 0, PR_FALSE }, - { /* opt_NewPasswordFile */ '@', PR_TRUE, 0, PR_FALSE }, - { /* opt_AddAuthInfoAccExt */ 0, PR_FALSE, 0, PR_FALSE, "extAIA" }, - { /* opt_AddSubjInfoAccExt */ 0, PR_FALSE, 0, PR_FALSE, "extSIA" }, - { /* opt_AddCertPoliciesExt */ 0, PR_FALSE, 0, PR_FALSE, "extCP" }, - { /* opt_AddPolicyMapExt */ 0, PR_FALSE, 0, PR_FALSE, "extPM" }, - { /* opt_AddPolicyConstrExt */ 0, PR_FALSE, 0, PR_FALSE, "extPC" }, - { /* opt_AddInhibAnyExt */ 0, PR_FALSE, 0, PR_FALSE, "extIA" }, - { /* opt_AddSubjectKeyIDExt */ 0, PR_FALSE, 0, PR_FALSE, - "extSKID" }, - { /* opt_AddCmdKeyUsageExt */ 0, PR_TRUE, 0, PR_FALSE, - "keyUsage" }, - { /* opt_AddCmdNSCertTypeExt */ 0, PR_TRUE, 0, PR_FALSE, - "nsCertType" }, - { /* opt_AddCmdExtKeyUsageExt*/ 0, PR_TRUE, 0, PR_FALSE, - "extKeyUsage" }, - - { /* opt_SourceDir */ 0, PR_TRUE, 0, PR_FALSE, - "source-dir"}, - { /* opt_SourcePrefix */ 0, PR_TRUE, 0, PR_FALSE, - "source-prefix"}, - { /* opt_UpgradeID */ 0, PR_TRUE, 0, PR_FALSE, - "upgrade-id"}, - { /* opt_UpgradeTokenName */ 0, PR_TRUE, 0, PR_FALSE, - "upgrade-token-name"}, -}; -#define NUM_OPTIONS ((sizeof options_init) / (sizeof options_init[0])) - -static secuCommandFlag certutil_commands[NUM_COMMANDS]; -static secuCommandFlag certutil_options [NUM_OPTIONS ]; - -static const secuCommand certutil = { - NUM_COMMANDS, - NUM_OPTIONS, - certutil_commands, - certutil_options -}; - -static certutilExtnList certutil_extns; - -static int -certutil_main(int argc, char **argv, PRBool initialize) -{ - CERTCertDBHandle *certHandle; - PK11SlotInfo *slot = NULL; - CERTName * subject = 0; - PRFileDesc *inFile = PR_STDIN; - PRFileDesc *outFile = NULL; - char * certfile = "tempcert"; - char * certreqfile = "tempcertreq"; - char * slotname = "internal"; - char * certPrefix = ""; - char * sourceDir = ""; - char * srcCertPrefix = ""; - char * upgradeID = ""; - char * upgradeTokenName = ""; - KeyType keytype = rsaKey; - char * name = NULL; - char * keysource = NULL; - SECOidTag hashAlgTag = SEC_OID_UNKNOWN; - int keysize = DEFAULT_KEY_BITS; - int publicExponent = 0x010001; - unsigned int serialNumber = 0; - int warpmonths = 0; - int validityMonths = 3; - int commandsEntered = 0; - char commandToRun = '\0'; - secuPWData pwdata = { PW_NONE, 0 }; - secuPWData pwdata2 = { PW_NONE, 0 }; - PRBool readOnly = PR_FALSE; - PRBool initialized = PR_FALSE; - - SECKEYPrivateKey *privkey = NULL; - SECKEYPublicKey *pubkey = NULL; - - int i; - SECStatus rv; - - progName = PORT_Strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - memcpy(certutil_commands, commands_init, sizeof commands_init); - memcpy(certutil_options, options_init, sizeof options_init); - - rv = SECU_ParseCommandLine(argc, argv, progName, &certutil); - - if (rv != SECSuccess) - Usage(progName); - - if (certutil.commands[cmd_PrintHelp].activated) - LongUsage(progName); - - if (certutil.options[opt_PasswordFile].arg) { - pwdata.source = PW_FROMFILE; - pwdata.data = certutil.options[opt_PasswordFile].arg; - } - if (certutil.options[opt_NewPasswordFile].arg) { - pwdata2.source = PW_FROMFILE; - pwdata2.data = certutil.options[opt_NewPasswordFile].arg; - } - - if (certutil.options[opt_CertDir].activated) - SECU_ConfigDirectory(certutil.options[opt_CertDir].arg); - - if (certutil.options[opt_SourceDir].activated) - sourceDir = certutil.options[opt_SourceDir].arg; - - if (certutil.options[opt_UpgradeID].activated) - upgradeID = certutil.options[opt_UpgradeID].arg; - - if (certutil.options[opt_UpgradeTokenName].activated) - upgradeTokenName = certutil.options[opt_UpgradeTokenName].arg; - - if (certutil.options[opt_KeySize].activated) { - keysize = PORT_Atoi(certutil.options[opt_KeySize].arg); - if ((keysize < MIN_KEY_BITS) || (keysize > MAX_KEY_BITS)) { - PR_fprintf(PR_STDERR, - "%s -g: Keysize must be between %d and %d.\n", - progName, MIN_KEY_BITS, MAX_KEY_BITS); - return 255; - } -#ifdef NSS_ENABLE_ECC - if (keytype == ecKey) { - PR_fprintf(PR_STDERR, "%s -g: Not for ec keys.\n", progName); - return 255; - } -#endif /* NSS_ENABLE_ECC */ - - } - - /* -h specify token name */ - if (certutil.options[opt_TokenName].activated) { - if (PL_strcmp(certutil.options[opt_TokenName].arg, "all") == 0) - slotname = NULL; - else - slotname = PL_strdup(certutil.options[opt_TokenName].arg); - } - - /* -Z hash type */ - if (certutil.options[opt_Hash].activated) { - char * arg = certutil.options[opt_Hash].arg; - hashAlgTag = SECU_StringToSignatureAlgTag(arg); - if (hashAlgTag == SEC_OID_UNKNOWN) { - PR_fprintf(PR_STDERR, "%s -Z: %s is not a recognized type.\n", - progName, arg); - return 255; - } - } - - /* -k key type */ - if (certutil.options[opt_KeyType].activated) { - char * arg = certutil.options[opt_KeyType].arg; - if (PL_strcmp(arg, "rsa") == 0) { - keytype = rsaKey; - } else if (PL_strcmp(arg, "dsa") == 0) { - keytype = dsaKey; -#ifdef NSS_ENABLE_ECC - } else if (PL_strcmp(arg, "ec") == 0) { - keytype = ecKey; -#endif /* NSS_ENABLE_ECC */ - } else if (PL_strcmp(arg, "all") == 0) { - keytype = nullKey; - } else { - /* use an existing private/public key pair */ - keysource = arg; - } - } else if (certutil.commands[cmd_ListKeys].activated) { - keytype = nullKey; - } - - /* -m serial number */ - if (certutil.options[opt_SerialNumber].activated) { - int sn = PORT_Atoi(certutil.options[opt_SerialNumber].arg); - if (sn < 0) { - PR_fprintf(PR_STDERR, "%s -m: %s is not a valid serial number.\n", - progName, certutil.options[opt_SerialNumber].arg); - return 255; - } - serialNumber = sn; - } - - /* -P certdb name prefix */ - if (certutil.options[opt_DBPrefix].activated) { - if (certutil.options[opt_DBPrefix].arg) { - certPrefix = strdup(certutil.options[opt_DBPrefix].arg); - } else { - Usage(progName); - } - } - - /* --source-prefix certdb name prefix */ - if (certutil.options[opt_SourcePrefix].activated) { - if (certutil.options[opt_SourcePrefix].arg) { - srcCertPrefix = strdup(certutil.options[opt_SourcePrefix].arg); - } else { - Usage(progName); - } - } - - /* -q PQG file or curve name */ - if (certutil.options[opt_PQGFile].activated) { -#ifdef NSS_ENABLE_ECC - if ((keytype != dsaKey) && (keytype != ecKey)) { - PR_fprintf(PR_STDERR, "%s -q: specifies a PQG file for DSA keys" \ - " (-k dsa) or a named curve for EC keys (-k ec)\n)", - progName); -#else /* } */ - if (keytype != dsaKey) { - PR_fprintf(PR_STDERR, "%s -q: PQG file is for DSA key (-k dsa).\n)", - progName); -#endif /* NSS_ENABLE_ECC */ - return 255; - } - } - - /* -s subject name */ - if (certutil.options[opt_Subject].activated) { - subject = CERT_AsciiToName(certutil.options[opt_Subject].arg); - if (!subject) { - PR_fprintf(PR_STDERR, "%s -s: improperly formatted name: \"%s\"\n", - progName, certutil.options[opt_Subject].arg); - return 255; - } - } - - /* -v validity period */ - if (certutil.options[opt_Validity].activated) { - validityMonths = PORT_Atoi(certutil.options[opt_Validity].arg); - if (validityMonths < 0) { - PR_fprintf(PR_STDERR, "%s -v: incorrect validity period: \"%s\"\n", - progName, certutil.options[opt_Validity].arg); - return 255; - } - } - - /* -w warp months */ - if (certutil.options[opt_OffsetMonths].activated) - warpmonths = PORT_Atoi(certutil.options[opt_OffsetMonths].arg); - - /* -y public exponent (for RSA) */ - if (certutil.options[opt_Exponent].activated) { - publicExponent = PORT_Atoi(certutil.options[opt_Exponent].arg); - if ((publicExponent != 3) && - (publicExponent != 17) && - (publicExponent != 65537)) { - PR_fprintf(PR_STDERR, "%s -y: incorrect public exponent %d.", - progName, publicExponent); - PR_fprintf(PR_STDERR, "Must be 3, 17, or 65537.\n"); - return 255; - } - } - - /* Check number of commands entered. */ - commandsEntered = 0; - for (i=0; i< certutil.numCommands; i++) { - if (certutil.commands[i].activated) { - commandToRun = certutil.commands[i].flag; - commandsEntered++; - } - if (commandsEntered > 1) - break; - } - if (commandsEntered > 1) { - PR_fprintf(PR_STDERR, "%s: only one command at a time!\n", progName); - PR_fprintf(PR_STDERR, "You entered: "); - for (i=0; i< certutil.numCommands; i++) { - if (certutil.commands[i].activated) - PR_fprintf(PR_STDERR, " -%c", certutil.commands[i].flag); - } - PR_fprintf(PR_STDERR, "\n"); - return 255; - } - if (commandsEntered == 0) { - PR_fprintf(PR_STDERR, "%s: you must enter a command!\n", progName); - Usage(progName); - } - - if (certutil.commands[cmd_ListCerts].activated || - certutil.commands[cmd_PrintHelp].activated || - certutil.commands[cmd_ListKeys].activated || - certutil.commands[cmd_ListModules].activated || - certutil.commands[cmd_CheckCertValidity].activated || - certutil.commands[cmd_Version].activated ) { - readOnly = !certutil.options[opt_RW].activated; - } - - /* -A, -D, -F, -M, -S, -V, and all require -n */ - if ((certutil.commands[cmd_AddCert].activated || - certutil.commands[cmd_DeleteCert].activated || - certutil.commands[cmd_DeleteKey].activated || - certutil.commands[cmd_DumpChain].activated || - certutil.commands[cmd_ModifyCertTrust].activated || - certutil.commands[cmd_CreateAndAddCert].activated || - certutil.commands[cmd_CheckCertValidity].activated) && - !certutil.options[opt_Nickname].activated) { - PR_fprintf(PR_STDERR, - "%s -%c: nickname is required for this command (-n).\n", - progName, commandToRun); - return 255; - } - - /* -A, -E, -M, -S require trust */ - if ((certutil.commands[cmd_AddCert].activated || - certutil.commands[cmd_AddEmailCert].activated || - certutil.commands[cmd_ModifyCertTrust].activated || - certutil.commands[cmd_CreateAndAddCert].activated) && - !certutil.options[opt_Trust].activated) { - PR_fprintf(PR_STDERR, - "%s -%c: trust is required for this command (-t).\n", - progName, commandToRun); - return 255; - } - - /* if -L is given raw or ascii mode, it must be for only one cert. */ - if (certutil.commands[cmd_ListCerts].activated && - (certutil.options[opt_ASCIIForIO].activated || - certutil.options[opt_BinaryDER].activated) && - !certutil.options[opt_Nickname].activated) { - PR_fprintf(PR_STDERR, - "%s: nickname is required to dump cert in raw or ascii mode.\n", - progName); - return 255; - } - - /* -L can only be in (raw || ascii). */ - if (certutil.commands[cmd_ListCerts].activated && - certutil.options[opt_ASCIIForIO].activated && - certutil.options[opt_BinaryDER].activated) { - PR_fprintf(PR_STDERR, - "%s: cannot specify both -r and -a when dumping cert.\n", - progName); - return 255; - } - - /* If making a cert request, need a subject. */ - if ((certutil.commands[cmd_CertReq].activated || - certutil.commands[cmd_CreateAndAddCert].activated) && - !(certutil.options[opt_Subject].activated || keysource)) { - PR_fprintf(PR_STDERR, - "%s -%c: subject is required to create a cert request.\n", - progName, commandToRun); - return 255; - } - - /* If making a cert, need a serial number. */ - if ((certutil.commands[cmd_CreateNewCert].activated || - certutil.commands[cmd_CreateAndAddCert].activated) && - !certutil.options[opt_SerialNumber].activated) { - /* Make a default serial number from the current time. */ - PRTime now = PR_Now(); - LL_USHR(now, now, 19); - LL_L2UI(serialNumber, now); - } - - /* Validation needs the usage to validate for. */ - if (certutil.commands[cmd_CheckCertValidity].activated && - !certutil.options[opt_Usage].activated) { - PR_fprintf(PR_STDERR, - "%s -V: specify a usage to validate the cert for (-u).\n", - progName); - return 255; - } - - /* Upgrade/Merge needs a source database and a upgrade id. */ - if (certutil.commands[cmd_UpgradeMerge].activated && - !(certutil.options[opt_SourceDir].activated && - certutil.options[opt_UpgradeID].activated)) { - - PR_fprintf(PR_STDERR, - "%s --upgrade-merge: specify an upgrade database directory " - "(--source-dir) and\n" - " an upgrade ID (--upgrade-id).\n", - progName); - return 255; - } - - /* Merge needs a source database */ - if (certutil.commands[cmd_Merge].activated && - !certutil.options[opt_SourceDir].activated) { - - - PR_fprintf(PR_STDERR, - "%s --merge: specify an source database directory " - "(--source-dir)\n", - progName); - return 255; - } - - - /* To make a cert, need either a issuer or to self-sign it. */ - if (certutil.commands[cmd_CreateAndAddCert].activated && - !(certutil.options[opt_IssuerName].activated || - certutil.options[opt_SelfSign].activated)) { - PR_fprintf(PR_STDERR, - "%s -S: must specify issuer (-c) or self-sign (-x).\n", - progName); - return 255; - } - - /* Using slotname == NULL for listing keys and certs on all slots, - * but only that. */ - if (!(certutil.commands[cmd_ListKeys].activated || - certutil.commands[cmd_DumpChain].activated || - certutil.commands[cmd_ListCerts].activated) && slotname == NULL) { - PR_fprintf(PR_STDERR, - "%s -%c: cannot use \"-h all\" for this command.\n", - progName, commandToRun); - return 255; - } - - /* Using keytype == nullKey for list all key types, but only that. */ - if (!certutil.commands[cmd_ListKeys].activated && keytype == nullKey) { - PR_fprintf(PR_STDERR, - "%s -%c: cannot use \"-k all\" for this command.\n", - progName, commandToRun); - return 255; - } - - /* -S open outFile, temporary file for cert request. */ - if (certutil.commands[cmd_CreateAndAddCert].activated) { - outFile = PR_Open(certreqfile, - PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 00660); - if (!outFile) { - PR_fprintf(PR_STDERR, - "%s -o: unable to open \"%s\" for writing (%ld, %ld)\n", - progName, certreqfile, - PR_GetError(), PR_GetOSError()); - return 255; - } - } - - /* Open the input file. */ - if (certutil.options[opt_InputFile].activated) { - inFile = PR_Open(certutil.options[opt_InputFile].arg, PR_RDONLY, 0); - if (!inFile) { - PR_fprintf(PR_STDERR, - "%s: unable to open \"%s\" for reading (%ld, %ld).\n", - progName, certutil.options[opt_InputFile].arg, - PR_GetError(), PR_GetOSError()); - return 255; - } - } - - /* Open the output file. */ - if (certutil.options[opt_OutputFile].activated && !outFile) { - outFile = PR_Open(certutil.options[opt_OutputFile].arg, - PR_CREATE_FILE | PR_RDWR | PR_TRUNCATE, 00660); - if (!outFile) { - PR_fprintf(PR_STDERR, - "%s: unable to open \"%s\" for writing (%ld, %ld).\n", - progName, certutil.options[opt_OutputFile].arg, - PR_GetError(), PR_GetOSError()); - return 255; - } - } - - name = SECU_GetOptionArg(&certutil, opt_Nickname); - - PK11_SetPasswordFunc(SECU_GetModulePassword); - - if (PR_TRUE == initialize) { - /* Initialize NSPR and NSS. */ - PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - if (!certutil.commands[cmd_UpgradeMerge].activated) { - rv = NSS_Initialize(SECU_ConfigDirectory(NULL), - certPrefix, certPrefix, - "secmod.db", readOnly ? NSS_INIT_READONLY: 0); - } else { - rv = NSS_InitWithMerge(SECU_ConfigDirectory(NULL), - certPrefix, certPrefix, "secmod.db", - sourceDir, srcCertPrefix, srcCertPrefix, - upgradeID, upgradeTokenName, - readOnly ? NSS_INIT_READONLY: 0); - } - if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - rv = SECFailure; - goto shutdown; - } - initialized = PR_TRUE; - SECU_RegisterDynamicOids(); - } - certHandle = CERT_GetDefaultCertDB(); - - if (certutil.commands[cmd_Version].activated) { - printf("Certificate database content version: command not implemented.\n"); - } - - if (PL_strcmp(slotname, "internal") == 0) - slot = PK11_GetInternalKeySlot(); - else if (slotname != NULL) - slot = PK11_FindSlotByName(slotname); - - - - - if ( !slot && (certutil.commands[cmd_NewDBs].activated || - certutil.commands[cmd_ModifyCertTrust].activated || - certutil.commands[cmd_ChangePassword].activated || - certutil.commands[cmd_TokenReset].activated || - certutil.commands[cmd_CreateAndAddCert].activated || - certutil.commands[cmd_AddCert].activated || - certutil.commands[cmd_Merge].activated || - certutil.commands[cmd_UpgradeMerge].activated || - certutil.commands[cmd_AddEmailCert].activated)) { - - SECU_PrintError(progName, "could not find the slot %s",slotname); - rv = SECFailure; - goto shutdown; - } - - /* If creating new database, initialize the password. */ - if (certutil.commands[cmd_NewDBs].activated) { - SECU_ChangePW2(slot, 0, 0, certutil.options[opt_PasswordFile].arg, - certutil.options[opt_NewPasswordFile].arg); - } - - /* walk through the upgrade merge if necessary. - * This option is more to test what some applications will want to do - * to do an automatic upgrade. The --merge command is more useful for - * the general case where 2 database need to be merged together. - */ - if (certutil.commands[cmd_UpgradeMerge].activated) { - if (*upgradeTokenName == 0) { - upgradeTokenName = upgradeID; - } - if (!PK11_IsInternal(slot)) { - fprintf(stderr, "Only internal DB's can be upgraded\n"); - rv = SECSuccess; - goto shutdown; - } - if (!PK11_IsRemovable(slot)) { - printf("database already upgraded.\n"); - rv = SECSuccess; - goto shutdown; - } - if (!PK11_NeedLogin(slot)) { - printf("upgrade complete!\n"); - rv = SECSuccess; - goto shutdown; - } - /* authenticate to the old DB if necessary */ - if (PORT_Strcmp(PK11_GetTokenName(slot), upgradeTokenName) == 0) { - /* if we need a password, supply it. This will be the password - * for the old database */ - rv = PK11_Authenticate(slot, PR_FALSE, &pwdata2); - if (rv != SECSuccess) { - SECU_PrintError(progName, "Could not get password for %s", - upgradeTokenName); - goto shutdown; - } - /* - * if we succeeded above, but still aren't logged in, that means - * we just supplied the password for the old database. We may - * need the password for the new database. NSS will automatically - * change the token names at this point - */ - if (PK11_IsLoggedIn(slot, &pwdata)) { - printf("upgrade complete!\n"); - rv = SECSuccess; - goto shutdown; - } - } - - /* call PK11_IsPresent to update our cached token information */ - if (!PK11_IsPresent(slot)) { - /* this shouldn't happen. We call isPresent to force a token - * info update */ - fprintf(stderr, "upgrade/merge internal error\n"); - rv = SECFailure; - goto shutdown; - } - - /* the token is now set to the state of the source database, - * if we need a password for it, PK11_Authenticate will - * automatically prompt us */ - rv = PK11_Authenticate(slot, PR_FALSE, &pwdata); - if (rv == SECSuccess) { - printf("upgrade complete!\n"); - } else { - SECU_PrintError(progName, "Could not get password for %s", - PK11_GetTokenName(slot)); - } - goto shutdown; - } - - /* - * merge 2 databases. - */ - if (certutil.commands[cmd_Merge].activated) { - PK11SlotInfo *sourceSlot = NULL; - PK11MergeLog *log; - char *modspec = PR_smprintf( - "configDir='%s' certPrefix='%s' tokenDescription='%s'", - sourceDir, srcCertPrefix, - *upgradeTokenName ? upgradeTokenName : "Source Database"); - - if (!modspec) { - rv = SECFailure; - goto shutdown; - } - - sourceSlot = SECMOD_OpenUserDB(modspec); - PR_smprintf_free(modspec); - if (!sourceSlot) { - SECU_PrintError(progName, "couldn't open source database"); - rv = SECFailure; - goto shutdown; - } - - rv = PK11_Authenticate(slot, PR_FALSE, &pwdata); - if (rv != SECSuccess) { - SECU_PrintError(progName, "Couldn't get password for %s", - PK11_GetTokenName(slot)); - goto merge_fail; - } - - rv = PK11_Authenticate(sourceSlot, PR_FALSE, &pwdata2); - if (rv != SECSuccess) { - SECU_PrintError(progName, "Couldn't get password for %s", - PK11_GetTokenName(sourceSlot)); - goto merge_fail; - } - - log = PK11_CreateMergeLog(); - if (!log) { - rv = SECFailure; - SECU_PrintError(progName, "couldn't create error log"); - goto merge_fail; - } - - rv = PK11_MergeTokens(slot, sourceSlot, log, &pwdata, &pwdata2); - if (rv != SECSuccess) { - DumpMergeLog(progName, log); - } - PK11_DestroyMergeLog(log); - -merge_fail: - SECMOD_CloseUserDB(sourceSlot); - PK11_FreeSlot(sourceSlot); - goto shutdown; - } - - /* The following 8 options are mutually exclusive with all others. */ - - /* List certs (-L) */ - if (certutil.commands[cmd_ListCerts].activated) { - rv = ListCerts(certHandle, name, slot, - certutil.options[opt_BinaryDER].activated, - certutil.options[opt_ASCIIForIO].activated, - (outFile) ? outFile : PR_STDOUT, &pwdata); - goto shutdown; - } - if (certutil.commands[cmd_DumpChain].activated) { - rv = DumpChain(certHandle, name); - goto shutdown; - } - /* XXX needs work */ - /* List keys (-K) */ - if (certutil.commands[cmd_ListKeys].activated) { - rv = ListKeys(slot, name, 0 /*keyindex*/, keytype, PR_FALSE /*dopriv*/, - &pwdata); - goto shutdown; - } - /* List modules (-U) */ - if (certutil.commands[cmd_ListModules].activated) { - rv = ListModules(); - goto shutdown; - } - /* Delete cert (-D) */ - if (certutil.commands[cmd_DeleteCert].activated) { - rv = DeleteCert(certHandle, name); - goto shutdown; - } - /* Delete key (-F) */ - if (certutil.commands[cmd_DeleteKey].activated) { - rv = DeleteKey(name, &pwdata); - goto shutdown; - } - /* Modify trust attribute for cert (-M) */ - if (certutil.commands[cmd_ModifyCertTrust].activated) { - rv = ChangeTrustAttributes(certHandle, slot, name, - certutil.options[opt_Trust].arg, &pwdata); - goto shutdown; - } - /* Change key db password (-W) (future - change pw to slot?) */ - if (certutil.commands[cmd_ChangePassword].activated) { - rv = SECU_ChangePW2(slot, 0, 0, certutil.options[opt_PasswordFile].arg, - certutil.options[opt_NewPasswordFile].arg); - goto shutdown; - } - /* Reset the a token */ - if (certutil.commands[cmd_TokenReset].activated) { - char *sso_pass = ""; - - if (certutil.options[opt_SSOPass].activated) { - sso_pass = certutil.options[opt_SSOPass].arg; - } - rv = PK11_ResetToken(slot,sso_pass); - - goto shutdown; - } - /* Check cert validity against current time (-V) */ - if (certutil.commands[cmd_CheckCertValidity].activated) { - /* XXX temporary hack for fips - must log in to get priv key */ - if (certutil.options[opt_VerifySig].activated) { - if (slot && PK11_NeedLogin(slot)) { - SECStatus newrv = PK11_Authenticate(slot, PR_TRUE, &pwdata); - if (newrv != SECSuccess) { - SECU_PrintError(progName, "could not authenticate to token %s.", - PK11_GetTokenName(slot)); - goto shutdown; - } - } - } - rv = ValidateCert(certHandle, name, - certutil.options[opt_ValidityTime].arg, - certutil.options[opt_Usage].arg, - certutil.options[opt_VerifySig].activated, - certutil.options[opt_DetailedInfo].activated, - &pwdata); - if (rv != SECSuccess && PR_GetError() == SEC_ERROR_INVALID_ARGS) - SECU_PrintError(progName, "validation failed"); - goto shutdown; - } - - /* - * Key generation - */ - - /* These commands may require keygen. */ - if (certutil.commands[cmd_CertReq].activated || - certutil.commands[cmd_CreateAndAddCert].activated || - certutil.commands[cmd_GenKeyPair].activated) { - if (keysource) { - CERTCertificate *keycert; - keycert = CERT_FindCertByNicknameOrEmailAddr(certHandle, keysource); - if (!keycert) { - keycert = PK11_FindCertFromNickname(keysource, NULL); - if (!keycert) { - SECU_PrintError(progName, - "%s is neither a key-type nor a nickname", keysource); - return SECFailure; - } - } - privkey = PK11_FindKeyByDERCert(slot, keycert, &pwdata); - if (privkey) - pubkey = CERT_ExtractPublicKey(keycert); - if (!pubkey) { - SECU_PrintError(progName, - "Could not get keys from cert %s", keysource); - rv = SECFailure; - CERT_DestroyCertificate(keycert); - goto shutdown; - } - keytype = privkey->keyType; - /* On CertReq for renewal if no subject has been - * specified obtain it from the certificate. - */ - if (certutil.commands[cmd_CertReq].activated && !subject) { - subject = CERT_AsciiToName(keycert->subjectName); - if (!subject) { - SECU_PrintError(progName, - "Could not get subject from certificate %s", keysource); - CERT_DestroyCertificate(keycert); - rv = SECFailure; - goto shutdown; - } - } - CERT_DestroyCertificate(keycert); - } else { - privkey = - CERTUTIL_GeneratePrivateKey(keytype, slot, keysize, - publicExponent, - certutil.options[opt_NoiseFile].arg, - &pubkey, - certutil.options[opt_PQGFile].arg, - &pwdata); - if (privkey == NULL) { - SECU_PrintError(progName, "unable to generate key(s)\n"); - rv = SECFailure; - goto shutdown; - } - } - privkey->wincx = &pwdata; - PORT_Assert(pubkey != NULL); - - /* If all that was needed was keygen, exit. */ - if (certutil.commands[cmd_GenKeyPair].activated) { - rv = SECSuccess; - goto shutdown; - } - } - - /* If we need a list of extensions convert the flags into list format */ - if (certutil.commands[cmd_CertReq].activated || - certutil.commands[cmd_CreateAndAddCert].activated || - certutil.commands[cmd_CreateNewCert].activated) { - certutil_extns[ext_keyUsage].activated = - certutil.options[opt_AddCmdKeyUsageExt].activated; - if (!certutil_extns[ext_keyUsage].activated) { - certutil_extns[ext_keyUsage].activated = - certutil.options[opt_AddKeyUsageExt].activated; - } else { - certutil_extns[ext_keyUsage].arg = - certutil.options[opt_AddCmdKeyUsageExt].arg; - } - certutil_extns[ext_basicConstraint].activated = - certutil.options[opt_AddBasicConstraintExt].activated; - certutil_extns[ext_authorityKeyID].activated = - certutil.options[opt_AddAuthorityKeyIDExt].activated; - certutil_extns[ext_subjectKeyID].activated = - certutil.options[opt_AddSubjectKeyIDExt].activated; - certutil_extns[ext_CRLDistPts].activated = - certutil.options[opt_AddCRLDistPtsExt].activated; - certutil_extns[ext_NSCertType].activated = - certutil.options[opt_AddCmdNSCertTypeExt].activated; - if (!certutil_extns[ext_NSCertType].activated) { - certutil_extns[ext_NSCertType].activated = - certutil.options[opt_AddNSCertTypeExt].activated; - } else { - certutil_extns[ext_NSCertType].arg = - certutil.options[opt_AddCmdNSCertTypeExt].arg; - } - - certutil_extns[ext_extKeyUsage].activated = - certutil.options[opt_AddCmdExtKeyUsageExt].activated; - if (!certutil_extns[ext_extKeyUsage].activated) { - certutil_extns[ext_extKeyUsage].activated = - certutil.options[opt_AddExtKeyUsageExt].activated; - } else { - certutil_extns[ext_extKeyUsage].arg = - certutil.options[opt_AddCmdExtKeyUsageExt].arg; - } - - certutil_extns[ext_authInfoAcc].activated = - certutil.options[opt_AddAuthInfoAccExt].activated; - certutil_extns[ext_subjInfoAcc].activated = - certutil.options[opt_AddSubjInfoAccExt].activated; - certutil_extns[ext_certPolicies].activated = - certutil.options[opt_AddCertPoliciesExt].activated; - certutil_extns[ext_policyMappings].activated = - certutil.options[opt_AddPolicyMapExt].activated; - certutil_extns[ext_policyConstr].activated = - certutil.options[opt_AddPolicyConstrExt].activated; - certutil_extns[ext_inhibitAnyPolicy].activated = - certutil.options[opt_AddInhibAnyExt].activated; - } - /* - * Certificate request - */ - - /* Make a cert request (-R). */ - if (certutil.commands[cmd_CertReq].activated) { - rv = CertReq(privkey, pubkey, keytype, hashAlgTag, subject, - certutil.options[opt_PhoneNumber].arg, - certutil.options[opt_ASCIIForIO].activated, - certutil.options[opt_ExtendedEmailAddrs].arg, - certutil.options[opt_ExtendedDNSNames].arg, - certutil_extns, - outFile ? outFile : PR_STDOUT); - if (rv) - goto shutdown; - privkey->wincx = &pwdata; - } - - /* - * Certificate creation - */ - - /* If making and adding a cert, create a cert request file first without - * any extensions, then load it with the command line extensions - * and output the cert to another file. - */ - if (certutil.commands[cmd_CreateAndAddCert].activated) { - static certutilExtnList nullextnlist = {{PR_FALSE, NULL}}; - rv = CertReq(privkey, pubkey, keytype, hashAlgTag, subject, - certutil.options[opt_PhoneNumber].arg, - certutil.options[opt_ASCIIForIO].activated, - NULL, - NULL, - nullextnlist, - outFile ? outFile : PR_STDOUT); - if (rv) - goto shutdown; - privkey->wincx = &pwdata; - PR_Close(outFile); - inFile = PR_Open(certreqfile, PR_RDONLY, 0); - if (!inFile) { - PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld).\n", - certreqfile, PR_GetError(), PR_GetOSError()); - rv = SECFailure; - goto shutdown; - } - outFile = PR_Open(certfile, - PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 00660); - if (!outFile) { - PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld).\n", - certfile, PR_GetError(), PR_GetOSError()); - rv = SECFailure; - goto shutdown; - } - } - - /* Create a certificate (-C or -S). */ - if (certutil.commands[cmd_CreateAndAddCert].activated || - certutil.commands[cmd_CreateNewCert].activated) { - rv = CreateCert(certHandle, slot, - certutil.options[opt_IssuerName].arg, - inFile, outFile, &privkey, &pwdata, hashAlgTag, - serialNumber, warpmonths, validityMonths, - certutil.options[opt_ExtendedEmailAddrs].arg, - certutil.options[opt_ExtendedDNSNames].arg, - certutil.options[opt_ASCIIForIO].activated, - certutil.options[opt_SelfSign].activated, - certutil_extns); - if (rv) - goto shutdown; - } - - /* - * Adding a cert to the database (or slot) - */ - - if (certutil.commands[cmd_CreateAndAddCert].activated) { - PORT_Assert(inFile != PR_STDIN); - PR_Close(inFile); - PR_Close(outFile); - inFile = PR_Open(certfile, PR_RDONLY, 0); - if (!inFile) { - PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld).\n", - certfile, PR_GetError(), PR_GetOSError()); - rv = SECFailure; - goto shutdown; - } - } - - /* -A -E or -S Add the cert to the DB */ - if (certutil.commands[cmd_CreateAndAddCert].activated || - certutil.commands[cmd_AddCert].activated || - certutil.commands[cmd_AddEmailCert].activated) { - rv = AddCert(slot, certHandle, name, - certutil.options[opt_Trust].arg, - inFile, - certutil.options[opt_ASCIIForIO].activated, - certutil.commands[cmd_AddEmailCert].activated,&pwdata); - if (rv) - goto shutdown; - } - - if (certutil.commands[cmd_CreateAndAddCert].activated) { - PORT_Assert(inFile != PR_STDIN); - PR_Close(inFile); - PR_Delete(certfile); - PR_Delete(certreqfile); - } - -shutdown: - if (slot) { - PK11_FreeSlot(slot); - } - if (privkey) { - SECKEY_DestroyPrivateKey(privkey); - } - if (pubkey) { - SECKEY_DestroyPublicKey(pubkey); - } - - /* Open the batch command file. - * - * - If -B option is specified, the contents in the - * command file will be interpreted as subsequent certutil - * commands to be executed in the current certutil process - * context after the current certutil command has been executed. - * - Each line in the command file consists of the command - * line arguments for certutil. - * - The -d option will be ignored if specified in the - * command file. - * - Quoting with double quote characters ("...") is supported - * to allow white space in a command line argument. The - * double quote character cannot be escaped and quoting cannot - * be nested in this version. - * - each line in the batch file is limited to 512 characters - */ - - if ((SECSuccess == rv) && certutil.commands[cmd_Batch].activated) { - FILE* batchFile = NULL; - char nextcommand[512]; - if (!certutil.options[opt_InputFile].activated || - !certutil.options[opt_InputFile].arg) { - PR_fprintf(PR_STDERR, - "%s: no batch input file specified.\n", - progName); - return 255; - } - batchFile = fopen(certutil.options[opt_InputFile].arg, "r"); - if (!batchFile) { - PR_fprintf(PR_STDERR, - "%s: unable to open \"%s\" for reading (%ld, %ld).\n", - progName, certutil.options[opt_InputFile].arg, - PR_GetError(), PR_GetOSError()); - return 255; - } - /* read and execute command-lines in a loop */ - while ( (SECSuccess == rv ) && - fgets(nextcommand, sizeof(nextcommand), batchFile)) { - /* we now need to split the command into argc / argv format */ - char* commandline = PORT_Strdup(nextcommand); - PRBool invalid = PR_FALSE; - int newargc = 2; - char* space = NULL; - char* nextarg = NULL; - char** newargv = NULL; - char* crlf = PORT_Strrchr(commandline, '\n'); - if (crlf) { - *crlf = '\0'; - } - - newargv = PORT_Alloc(sizeof(char*)*(newargc+1)); - newargv[0] = progName; - newargv[1] = commandline; - nextarg = commandline; - while ((space = PORT_Strpbrk(nextarg, " \f\n\r\t\v")) ) { - while (isspace(*space) ) { - *space = '\0'; - space ++; - } - if (*space == '\0') { - break; - } else if (*space != '\"') { - nextarg = space; - } else { - char* closingquote = strchr(space+1, '\"'); - if (closingquote) { - *closingquote = '\0'; - space++; - nextarg = closingquote+1; - } else { - invalid = PR_TRUE; - nextarg = space; - } - } - newargc++; - newargv = PORT_Realloc(newargv, sizeof(char*)*(newargc+1)); - newargv[newargc-1] = space; - } - newargv[newargc] = NULL; - - /* invoke next command */ - if (PR_TRUE == invalid) { - PR_fprintf(PR_STDERR, "Missing closing quote in batch command :\n%s\nNot executed.\n", - nextcommand); - rv = SECFailure; - } else { - if (0 != certutil_main(newargc, newargv, PR_FALSE) ) - rv = SECFailure; - } - PORT_Free(newargv); - PORT_Free(commandline); - } - fclose(batchFile); - } - - if ((initialized == PR_TRUE) && NSS_Shutdown() != SECSuccess) { - exit(1); - } - if (rv == SECSuccess) { - return 0; - } else { - return 255; - } -} - -int -main(int argc, char **argv) -{ - int rv = certutil_main(argc, argv, PR_TRUE); - PR_Cleanup(); - return rv; -} - diff --git a/security/nss/cmd/certutil/certutil.h b/security/nss/cmd/certutil/certutil.h deleted file mode 100644 index 0f9470d6f3..0000000000 --- a/security/nss/cmd/certutil/certutil.h +++ /dev/null @@ -1,82 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * Dr Vipul Gupta , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#ifndef _CERTUTIL_H -#define _CERTUTIL_H - -extern SECKEYPrivateKey * -CERTUTIL_GeneratePrivateKey(KeyType keytype, - PK11SlotInfo *slot, - int rsasize, - int publicExponent, - char *noise, - SECKEYPublicKey **pubkeyp, - char *pqgFile, - secuPWData *pwdata); - -extern char *progName; - -enum certutilExtns { - ext_keyUsage = 0, - ext_basicConstraint, - ext_authorityKeyID, - ext_CRLDistPts, - ext_NSCertType, - ext_extKeyUsage, - ext_authInfoAcc, - ext_subjInfoAcc, - ext_certPolicies, - ext_policyMappings, - ext_policyConstr, - ext_inhibitAnyPolicy, - ext_subjectKeyID, - ext_End -}; - -typedef struct ExtensionEntryStr { - PRBool activated; - const char *arg; -} ExtensionEntry; - -typedef ExtensionEntry certutilExtnList[ext_End]; - -extern SECStatus -AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, - certutilExtnList extList); - -#endif /* _CERTUTIL_H */ - diff --git a/security/nss/cmd/certutil/keystuff.c b/security/nss/cmd/certutil/keystuff.c deleted file mode 100644 index 1b1852d273..0000000000 --- a/security/nss/cmd/certutil/keystuff.c +++ /dev/null @@ -1,610 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * Dr Vipul Gupta , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include -#include -#include "secutil.h" - -#if defined(XP_UNIX) -#include -#include -#include -#endif - -#if defined(XP_WIN) || defined (XP_PC) -#include -#ifndef WINCE -#include -#endif -#endif - -#if defined(__sun) && !defined(SVR4) -extern int fclose(FILE*); -extern int fprintf(FILE *, char *, ...); -extern int isatty(int); -extern char *sys_errlist[]; -#define strerror(errno) sys_errlist[errno] -#endif - -#include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" - -#include "pk11func.h" - -#define NUM_KEYSTROKES 120 -#define RAND_BUF_SIZE 60 - -#define ERROR_BREAK rv = SECFailure;break; - -const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) }, - { 0, } -}; - -/* returns 0 for success, -1 for failure (EOF encountered) */ -static int -UpdateRNG(void) -{ - char randbuf[RAND_BUF_SIZE]; - int fd, count; - int c; - int rv = 0; -#ifdef XP_UNIX - cc_t orig_cc_min; - cc_t orig_cc_time; - tcflag_t orig_lflag; - struct termios tio; -#endif - char meter[] = { - "\r| |" }; - -#define FPS fprintf(stderr, - FPS "\n"); - FPS "A random seed must be generated that will be used in the\n"); - FPS "creation of your key. One of the easiest ways to create a\n"); - FPS "random seed is to use the timing of keystrokes on a keyboard.\n"); - FPS "\n"); - FPS "To begin, type keys on the keyboard until this progress meter\n"); - FPS "is full. DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!\n"); - FPS "\n"); - FPS "\n"); - FPS "Continue typing until the progress meter is full:\n\n"); - FPS meter); - FPS "\r|"); - - /* turn off echo on stdin & return on 1 char instead of NL */ - fd = fileno(stdin); - -#if defined(XP_UNIX) - tcgetattr(fd, &tio); - orig_lflag = tio.c_lflag; - orig_cc_min = tio.c_cc[VMIN]; - orig_cc_time = tio.c_cc[VTIME]; - tio.c_lflag &= ~ECHO; - tio.c_lflag &= ~ICANON; - tio.c_cc[VMIN] = 1; - tio.c_cc[VTIME] = 0; - tcsetattr(fd, TCSAFLUSH, &tio); -#endif - - /* Get random noise from keyboard strokes */ - count = 0; - while (count < sizeof randbuf) { -#if defined(XP_UNIX) || defined(WINCE) - c = getc(stdin); -#else - c = getch(); -#endif - if (c == EOF) { - rv = -1; - break; - } - randbuf[count] = c; - if (count == 0 || c != randbuf[count-1]) { - count++; - FPS "*"); - } - } - PK11_RandomUpdate(randbuf, sizeof randbuf); - memset(randbuf, 0, sizeof randbuf); - - FPS "\n\n"); - FPS "Finished. Press enter to continue: "); - while ((c = getc(stdin)) != '\n' && c != EOF) - ; - if (c == EOF) - rv = -1; - FPS "\n"); - -#undef FPS - -#if defined(XP_UNIX) - /* set back termio the way it was */ - tio.c_lflag = orig_lflag; - tio.c_cc[VMIN] = orig_cc_min; - tio.c_cc[VTIME] = orig_cc_time; - tcsetattr(fd, TCSAFLUSH, &tio); -#endif - return rv; -} - -static const unsigned char P[] = { 0, - 0x98, 0xef, 0x3a, 0xae, 0x70, 0x98, 0x9b, 0x44, - 0xdb, 0x35, 0x86, 0xc1, 0xb6, 0xc2, 0x47, 0x7c, - 0xb4, 0xff, 0x99, 0xe8, 0xae, 0x44, 0xf2, 0xeb, - 0xc3, 0xbe, 0x23, 0x0f, 0x65, 0xd0, 0x4c, 0x04, - 0x82, 0x90, 0xa7, 0x9d, 0x4a, 0xc8, 0x93, 0x7f, - 0x41, 0xdf, 0xf8, 0x80, 0x6b, 0x0b, 0x68, 0x7f, - 0xaf, 0xe4, 0xa8, 0xb5, 0xb2, 0x99, 0xc3, 0x69, - 0xfb, 0x3f, 0xe7, 0x1b, 0xd0, 0x0f, 0xa9, 0x7a, - 0x4a, 0x04, 0xbf, 0x50, 0x9e, 0x22, 0x33, 0xb8, - 0x89, 0x53, 0x24, 0x10, 0xf9, 0x68, 0x77, 0xad, - 0xaf, 0x10, 0x68, 0xb8, 0xd3, 0x68, 0x5d, 0xa3, - 0xc3, 0xeb, 0x72, 0x3b, 0xa0, 0x0b, 0x73, 0x65, - 0xc5, 0xd1, 0xfa, 0x8c, 0xc0, 0x7d, 0xaa, 0x52, - 0x29, 0x34, 0x44, 0x01, 0xbf, 0x12, 0x25, 0xfe, - 0x18, 0x0a, 0xc8, 0x3f, 0xc1, 0x60, 0x48, 0xdb, - 0xad, 0x93, 0xb6, 0x61, 0x67, 0xd7, 0xa8, 0x2d }; -static const unsigned char Q[] = { 0, - 0xb5, 0xb0, 0x84, 0x8b, 0x44, 0x29, 0xf6, 0x33, - 0x59, 0xa1, 0x3c, 0xbe, 0xd2, 0x7f, 0x35, 0xa1, - 0x76, 0x27, 0x03, 0x81 }; -static const unsigned char G[] = { - 0x04, 0x0e, 0x83, 0x69, 0xf1, 0xcd, 0x7d, 0xe5, - 0x0c, 0x78, 0x93, 0xd6, 0x49, 0x6f, 0x00, 0x04, - 0x4e, 0x0e, 0x6c, 0x37, 0xaa, 0x38, 0x22, 0x47, - 0xd2, 0x58, 0xec, 0x83, 0x12, 0x95, 0xf9, 0x9c, - 0xf1, 0xf4, 0x27, 0xff, 0xd7, 0x99, 0x57, 0x35, - 0xc6, 0x64, 0x4c, 0xc0, 0x47, 0x12, 0x31, 0x50, - 0x82, 0x3c, 0x2a, 0x07, 0x03, 0x01, 0xef, 0x30, - 0x09, 0x89, 0x82, 0x41, 0x76, 0x71, 0xda, 0x9e, - 0x57, 0x8b, 0x76, 0x38, 0x37, 0x5f, 0xa5, 0xcd, - 0x32, 0x84, 0x45, 0x8d, 0x4c, 0x17, 0x54, 0x2b, - 0x5d, 0xc2, 0x6b, 0xba, 0x3e, 0xa0, 0x7b, 0x95, - 0xd7, 0x00, 0x42, 0xf7, 0x08, 0xb8, 0x83, 0x87, - 0x60, 0xe1, 0xe5, 0xf4, 0x1a, 0x54, 0xc2, 0x20, - 0xda, 0x38, 0x3a, 0xd1, 0xb6, 0x10, 0xf4, 0xcb, - 0x35, 0xda, 0x97, 0x92, 0x87, 0xd6, 0xa5, 0x37, - 0x62, 0xb4, 0x93, 0x4a, 0x15, 0x21, 0xa5, 0x10 }; - -/* h: - * 4a:76:30:89:eb:e1:81:7c:99:0b:39:7f:95:4a:65:72: - * c6:b4:05:92:48:6c:3c:b2:7e:e7:39:f3:92:7d:c1:3f: - * bf:e1:fd:b3:4a:46:3e:ce:29:80:e3:d6:f4:59:c6:92: - * 16:2b:0e:d7:d6:bb:ef:94:36:31:c2:66:46:c5:4a:77: - * aa:95:84:ef:99:7e:e3:9c:d9:a0:32:42:09:b6:4e:d0: - * b3:c8:5e:06:df:a1:ac:4d:2d:f9:08:c2:cb:4b:a4:42: - * db:8a:5b:de:25:6e:2b:5b:ca:00:75:2c:57:00:18:aa: - * 68:59:a1:94:03:07:94:78:38:bc:f8:7c:1e:1c:a3:2e - * SEED: - * b5:44:66:c9:0f:f1:ca:1c:95:45:ce:90:74:89:14:f2: - * 13:3e:23:5a:b0:6a:bf:86:ad:cb:a0:7d:ce:3b:c8:16: - * 7f:2d:a2:1a:cb:33:7d:c1:e7:d7:07:aa:1b:a2:d7:89: - * f5:a4:db:f7:8b:50:00:cd:b4:7d:25:81:3f:f8:a8:dd: - * 6c:46:e5:77:b5:60:7e:75:79:b8:99:57:c1:c4:f3:f7: - * 17:ca:43:00:b8:33:b6:06:8f:4d:91:ed:23:a5:66:1b: - * ef:14:d7:bc:21:2b:82:d8:ab:fa:fd:a7:c3:4d:bf:52: - * af:8e:57:59:61:1a:4e:65:c6:90:d6:a6:ff:0b:15:b1 - * g: 1024 - * counter: 1003 - */ - -static const SECKEYPQGParams default_pqg_params = { - NULL, - { 0, (unsigned char *)P, sizeof(P) }, - { 0, (unsigned char *)Q, sizeof(Q) }, - { 0, (unsigned char *)G, sizeof(G) } -}; - -static SECKEYPQGParams * -decode_pqg_params(const char *str) -{ - char *buf; - unsigned int len; - PRArenaPool *arena; - SECKEYPQGParams *params; - SECStatus status; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) - return NULL; - - params = PORT_ArenaZAlloc(arena, sizeof(SECKEYPQGParams)); - if (params == NULL) - goto loser; - params->arena = arena; - - buf = (char *)ATOB_AsciiToData(str, &len); - if ((buf == NULL) || (len == 0)) - goto loser; - - status = SEC_ASN1Decode(arena, params, SECKEY_PQGParamsTemplate, buf, len); - if (status != SECSuccess) - goto loser; - - return params; - -loser: - if (arena != NULL) - PORT_FreeArena(arena, PR_FALSE); - return NULL; -} - -void -CERTUTIL_DestroyParamsPQG(SECKEYPQGParams *params) -{ - if (params->arena) { - PORT_FreeArena(params->arena, PR_FALSE); - } -} - -static int -pqg_prime_bits(const SECKEYPQGParams *params) -{ - int primeBits = 0; - - if (params != NULL) { - int i; - for (i = 0; params->prime.data[i] == 0; i++) { - /* empty */; - } - primeBits = (params->prime.len - i) * 8; - } - - return primeBits; -} - -static char * -getPQGString(const char *filename) -{ - unsigned char *buf = NULL; - PRFileDesc *src; - PRInt32 numBytes; - PRStatus prStatus; - PRFileInfo info; - - src = PR_Open(filename, PR_RDONLY, 0); - if (!src) { - fprintf(stderr, "Failed to open PQG file %s\n", filename); - return NULL; - } - - prStatus = PR_GetOpenFileInfo(src, &info); - - if (prStatus == PR_SUCCESS) { - buf = (unsigned char*)PORT_Alloc(info.size + 1); - } - if (!buf) { - PR_Close(src); - fprintf(stderr, "Failed to read PQG file %s\n", filename); - return NULL; - } - - numBytes = PR_Read(src, buf, info.size); - PR_Close(src); - if (numBytes != info.size) { - PORT_Free(buf); - fprintf(stderr, "Failed to read PQG file %s\n", filename); - PORT_SetError(SEC_ERROR_IO); - return NULL; - } - - if (buf[numBytes-1] == '\n') - numBytes--; - if (buf[numBytes-1] == '\r') - numBytes--; - buf[numBytes] = 0; - - return (char *)buf; -} - -static SECKEYPQGParams* -getpqgfromfile(int keyBits, const char *pqgFile) -{ - char *end, *str, *pqgString; - SECKEYPQGParams* params = NULL; - - str = pqgString = getPQGString(pqgFile); - if (!str) - return NULL; - - do { - end = PORT_Strchr(str, ','); - if (end) - *end = '\0'; - params = decode_pqg_params(str); - if (params) { - int primeBits = pqg_prime_bits(params); - if (keyBits == primeBits) - break; - CERTUTIL_DestroyParamsPQG(params); - params = NULL; - } - if (end) - str = end + 1; - } while (end); - - PORT_Free(pqgString); - return params; -} - -static SECStatus -CERTUTIL_FileForRNG(const char *noise) -{ - char buf[2048]; - PRFileDesc *fd; - PRInt32 count; - - fd = PR_Open(noise,PR_RDONLY,0); - if (!fd) { - fprintf(stderr, "failed to open noise file."); - return SECFailure; - } - - do { - count = PR_Read(fd,buf,sizeof(buf)); - if (count > 0) { - PK11_RandomUpdate(buf,count); - } - } while (count > 0); - - PR_Close(fd); - return SECSuccess; -} - -#ifdef NSS_ENABLE_ECC -typedef struct curveNameTagPairStr { - char *curveName; - SECOidTag curveOidTag; -} CurveNameTagPair; - -#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1 -/* #define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP160R1 */ - -static CurveNameTagPair nameTagPair[] = -{ - { "sect163k1", SEC_OID_SECG_EC_SECT163K1}, - { "nistk163", SEC_OID_SECG_EC_SECT163K1}, - { "sect163r1", SEC_OID_SECG_EC_SECT163R1}, - { "sect163r2", SEC_OID_SECG_EC_SECT163R2}, - { "nistb163", SEC_OID_SECG_EC_SECT163R2}, - { "sect193r1", SEC_OID_SECG_EC_SECT193R1}, - { "sect193r2", SEC_OID_SECG_EC_SECT193R2}, - { "sect233k1", SEC_OID_SECG_EC_SECT233K1}, - { "nistk233", SEC_OID_SECG_EC_SECT233K1}, - { "sect233r1", SEC_OID_SECG_EC_SECT233R1}, - { "nistb233", SEC_OID_SECG_EC_SECT233R1}, - { "sect239k1", SEC_OID_SECG_EC_SECT239K1}, - { "sect283k1", SEC_OID_SECG_EC_SECT283K1}, - { "nistk283", SEC_OID_SECG_EC_SECT283K1}, - { "sect283r1", SEC_OID_SECG_EC_SECT283R1}, - { "nistb283", SEC_OID_SECG_EC_SECT283R1}, - { "sect409k1", SEC_OID_SECG_EC_SECT409K1}, - { "nistk409", SEC_OID_SECG_EC_SECT409K1}, - { "sect409r1", SEC_OID_SECG_EC_SECT409R1}, - { "nistb409", SEC_OID_SECG_EC_SECT409R1}, - { "sect571k1", SEC_OID_SECG_EC_SECT571K1}, - { "nistk571", SEC_OID_SECG_EC_SECT571K1}, - { "sect571r1", SEC_OID_SECG_EC_SECT571R1}, - { "nistb571", SEC_OID_SECG_EC_SECT571R1}, - { "secp160k1", SEC_OID_SECG_EC_SECP160K1}, - { "secp160r1", SEC_OID_SECG_EC_SECP160R1}, - { "secp160r2", SEC_OID_SECG_EC_SECP160R2}, - { "secp192k1", SEC_OID_SECG_EC_SECP192K1}, - { "secp192r1", SEC_OID_SECG_EC_SECP192R1}, - { "nistp192", SEC_OID_SECG_EC_SECP192R1}, - { "secp224k1", SEC_OID_SECG_EC_SECP224K1}, - { "secp224r1", SEC_OID_SECG_EC_SECP224R1}, - { "nistp224", SEC_OID_SECG_EC_SECP224R1}, - { "secp256k1", SEC_OID_SECG_EC_SECP256K1}, - { "secp256r1", SEC_OID_SECG_EC_SECP256R1}, - { "nistp256", SEC_OID_SECG_EC_SECP256R1}, - { "secp384r1", SEC_OID_SECG_EC_SECP384R1}, - { "nistp384", SEC_OID_SECG_EC_SECP384R1}, - { "secp521r1", SEC_OID_SECG_EC_SECP521R1}, - { "nistp521", SEC_OID_SECG_EC_SECP521R1}, - - { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 }, - { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 }, - { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 }, - { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 }, - { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 }, - { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 }, - - { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 }, - { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 }, - { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 }, - { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 }, - { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 }, - { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 }, - { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 }, - { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 }, - { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 }, - { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 }, - { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 }, - { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 }, - { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 }, - { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 }, - { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 }, - { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 }, - { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 }, - { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 }, - { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 }, - { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 }, - - { "secp112r1", SEC_OID_SECG_EC_SECP112R1}, - { "secp112r2", SEC_OID_SECG_EC_SECP112R2}, - { "secp128r1", SEC_OID_SECG_EC_SECP128R1}, - { "secp128r2", SEC_OID_SECG_EC_SECP128R2}, - - { "sect113r1", SEC_OID_SECG_EC_SECT113R1}, - { "sect113r2", SEC_OID_SECG_EC_SECT113R2}, - { "sect131r1", SEC_OID_SECG_EC_SECT131R1}, - { "sect131r2", SEC_OID_SECG_EC_SECT131R2}, -}; - -static SECKEYECParams * -getECParams(const char *curve) -{ - SECKEYECParams *ecparams; - SECOidData *oidData = NULL; - SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */ - int i, numCurves; - - if (curve != NULL) { - numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair); - for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); - i++) { - if (PL_strcmp(curve, nameTagPair[i].curveName) == 0) - curveOidTag = nameTagPair[i].curveOidTag; - } - } - - /* Return NULL if curve name is not recognized */ - if ((curveOidTag == SEC_OID_UNKNOWN) || - (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) { - fprintf(stderr, "Unrecognized elliptic curve %s\n", curve); - return NULL; - } - - ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len)); - - /* - * ecparams->data needs to contain the ASN encoding of an object ID (OID) - * representing the named curve. The actual OID is in - * oidData->oid.data so we simply prepend 0x06 and OID length - */ - ecparams->data[0] = SEC_ASN1_OBJECT_ID; - ecparams->data[1] = oidData->oid.len; - memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len); - - return ecparams; -} -#endif /* NSS_ENABLE_ECC */ - -SECKEYPrivateKey * -CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, - int publicExponent, const char *noise, - SECKEYPublicKey **pubkeyp, const char *pqgFile, - secuPWData *pwdata) -{ - CK_MECHANISM_TYPE mechanism; - SECOidTag algtag; - PK11RSAGenParams rsaparams; - SECKEYPQGParams * dsaparams = NULL; - void * params; - SECKEYPrivateKey * privKey = NULL; - - if (slot == NULL) - return NULL; - - if (PK11_Authenticate(slot, PR_TRUE, pwdata) != SECSuccess) - return NULL; - - /* - * Do some random-number initialization. - */ - - if (noise) { - SECStatus rv = CERTUTIL_FileForRNG(noise); - if (rv != SECSuccess) { - PORT_SetError(PR_END_OF_FILE_ERROR); /* XXX */ - return NULL; - } - } else { - int rv = UpdateRNG(); - if (rv) { - PORT_SetError(PR_END_OF_FILE_ERROR); - return NULL; - } - } - - switch (keytype) { - case rsaKey: - rsaparams.keySizeInBits = size; - rsaparams.pe = publicExponent; - mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; - algtag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; - params = &rsaparams; - break; - case dsaKey: - mechanism = CKM_DSA_KEY_PAIR_GEN; - algtag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; - if (pqgFile) { - dsaparams = getpqgfromfile(size, pqgFile); - if (dsaparams == NULL) - return NULL; - params = dsaparams; - } else { - /* cast away const, and don't set dsaparams */ - params = (void *)&default_pqg_params; - } - break; -#ifdef NSS_ENABLE_ECC - case ecKey: - mechanism = CKM_EC_KEY_PAIR_GEN; - /* For EC keys, PQGFile determines EC parameters */ - if ((params = (void *) getECParams(pqgFile)) == NULL) - return NULL; - break; -#endif /* NSS_ENABLE_ECC */ - default: - return NULL; - } - - fprintf(stderr, "\n\n"); - fprintf(stderr, "Generating key. This may take a few moments...\n\n"); - - privKey = PK11_GenerateKeyPair(slot, mechanism, params, pubkeyp, - PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/, - pwdata /*wincx*/); - /* free up the params */ - switch (keytype) { - case dsaKey: if (dsaparams) CERTUTIL_DestroyParamsPQG(dsaparams); - break; -#ifdef NSS_ENABLE_ECC - case ecKey: SECITEM_FreeItem((SECItem *)params, PR_TRUE); break; -#endif - default: /* nothing to free */ break; - } - return privKey; -} diff --git a/security/nss/cmd/certutil/manifest.mn b/security/nss/cmd/certutil/manifest.mn deleted file mode 100644 index d8c755dc11..0000000000 --- a/security/nss/cmd/certutil/manifest.mn +++ /dev/null @@ -1,57 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -DEFINES += -DNSPR20 - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = \ - certext.c \ - certutil.c \ - keystuff.c \ - $(NULL) - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = dbm seccmd - -PROGRAM = certutil - -#USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/checkcert/Makefile b/security/nss/cmd/checkcert/Makefile deleted file mode 100644 index 140b4191ff..0000000000 --- a/security/nss/cmd/checkcert/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - -include ../platrules.mk - diff --git a/security/nss/cmd/checkcert/checkcert.c b/security/nss/cmd/checkcert/checkcert.c deleted file mode 100644 index 27c201e1b0..0000000000 --- a/security/nss/cmd/checkcert/checkcert.c +++ /dev/null @@ -1,591 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include "secutil.h" -#include "plgetopt.h" -#include "cert.h" -#include "secoid.h" -#include "cryptohi.h" - -/* maximum supported modulus length in bits (indicate problem if over this) */ -#define MAX_MODULUS (1024) - - -static void Usage(char *progName) -{ - fprintf(stderr, "Usage: %s [aAvf] [certtocheck] [issuingcert]\n", - progName); - fprintf(stderr, "%-20s Cert to check is base64 encoded\n", - "-a"); - fprintf(stderr, "%-20s Issuer's cert is base64 encoded\n", - "-A"); - fprintf(stderr, "%-20s Verbose (indicate decoding progress etc.)\n", - "-v"); - fprintf(stderr, "%-20s Force sanity checks even if pretty print fails.\n", - "-f"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", - "-o output"); - fprintf(stderr, "%-20s Specify the input type (no default)\n", - "-t type"); - exit(-1); -} - - -/* - * Check integer field named fieldName, printing out results and - * returning the length of the integer in bits - */ - -static -int checkInteger(SECItem *intItem, char *fieldName, int verbose) -{ - int len, bitlen; - if (verbose) { - printf("Checking %s\n", fieldName); - } - - len = intItem->len; - - if (len && (intItem->data[0] & 0x80)) { - printf("PROBLEM: %s is NEGATIVE 2's-complement integer.\n", - fieldName); - } - - - /* calculate bit length and check for unnecessary leading zeros */ - bitlen = len << 3; - if (len > 1 && intItem->data[0] == 0) { - /* leading zero byte(s) */ - if (!(intItem->data[1] & 0x80)) { - printf("PROBLEM: %s has unneeded leading zeros. Violates DER.\n", - fieldName); - } - /* strip leading zeros in length calculation */ - { - int i=0; - while (bitlen > 8 && intItem->data[i] == 0) { - bitlen -= 8; - i++; - } - } - } - return bitlen; -} - - - - -static -void checkName(CERTName *n, char *fieldName, int verbose) -{ - char *v=0; - if (verbose) { - printf("Checking %s\n", fieldName); - } - - v = CERT_GetCountryName(n); - if (!v) { - printf("PROBLEM: %s lacks Country Name (C)\n", - fieldName); - } - PORT_Free(v); - - v = CERT_GetOrgName(n); - if (!v) { - printf("PROBLEM: %s lacks Organization Name (O)\n", - fieldName); - } - PORT_Free(v); - - v = CERT_GetOrgUnitName(n); - if (!v) { - printf("WARNING: %s lacks Organization Unit Name (OU)\n", - fieldName); - } - PORT_Free(v); - - v = CERT_GetCommonName(n); - if (!v) { - printf("PROBLEM: %s lacks Common Name (CN)\n", - fieldName); - } - PORT_Free(v); -} - - -static -SECStatus -OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key, - SECItem *sig, SECAlgorithmID *sigAlgorithm) -{ - SECStatus rv; - VFYContext *cx; - SECOidData *sigAlgOid, *oiddata; - SECOidTag sigAlgTag; - SECOidTag hashAlgTag; - int showDigestOid=0; - - cx = VFY_CreateContextWithAlgorithmID(key, sig, sigAlgorithm, &hashAlgTag, - NULL); - if (cx == NULL) - return SECFailure; - - sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm); - if (sigAlgOid == 0) - return SECFailure; - sigAlgTag = sigAlgOid->offset; - - - if (showDigestOid) { - oiddata = SECOID_FindOIDByTag(hashAlgTag); - if ( oiddata ) { - printf("PROBLEM: (cont) Digest OID is %s\n", oiddata->desc); - } else { - SECU_PrintAsHex(stdout, - &oiddata->oid, "PROBLEM: UNKNOWN OID", 0); - } - } - - rv = VFY_Begin(cx); - if (rv == SECSuccess) { - rv = VFY_Update(cx, buf, len); - if (rv == SECSuccess) - rv = VFY_End(cx); - } - - VFY_DestroyContext(cx, PR_TRUE); - return rv; -} - - - -static -SECStatus -OurVerifySignedData(CERTSignedData *sd, CERTCertificate *cert) -{ - SECItem sig; - SECKEYPublicKey *pubKey = 0; - SECStatus rv; - - /* check the certificate's validity */ - rv = CERT_CertTimesValid(cert); - if ( rv ) { - return(SECFailure); - } - - /* get cert's public key */ - pubKey = CERT_ExtractPublicKey(cert); - if ( !pubKey ) { - return(SECFailure); - } - - /* check the signature */ - sig = sd->signature; - DER_ConvertBitString(&sig); - rv = OurVerifyData(sd->data.data, sd->data.len, pubKey, &sig, - &sd->signatureAlgorithm); - - SECKEY_DestroyPublicKey(pubKey); - - if ( rv ) { - return(SECFailure); - } - - return(SECSuccess); -} - - - - -static -CERTCertificate *createEmptyCertificate(void) -{ - PRArenaPool *arena = 0; - CERTCertificate *c = 0; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - return 0; - } - - - c = (CERTCertificate *) PORT_ArenaZAlloc(arena, sizeof(CERTCertificate)); - - if (c) { - c->referenceCount = 1; - c->arena = arena; - } else { - PORT_FreeArena(arena,PR_TRUE); - } - - return c; -} - - - - -int main(int argc, char **argv) -{ - int rv, verbose=0, force=0; - int ascii=0, issuerAscii=0; - char *progName=0; - PRFileDesc *inFile=0, *issuerCertFile=0; - SECItem derCert, derIssuerCert; - PRArenaPool *arena=0; - CERTSignedData *signedData=0; - CERTCertificate *cert=0, *issuerCert=0; - SECKEYPublicKey *rsapubkey=0; - SECAlgorithmID md5WithRSAEncryption, md2WithRSAEncryption; - SECAlgorithmID sha1WithRSAEncryption, rsaEncryption; - SECItem spk; - int selfSigned=0; - int invalid=0; - char *inFileName = NULL, *issuerCertFileName = NULL; - PLOptState *optstate; - PLOptStatus status; - - PORT_Memset(&md5WithRSAEncryption, 0, sizeof(md5WithRSAEncryption)); - PORT_Memset(&md2WithRSAEncryption, 0, sizeof(md2WithRSAEncryption)); - PORT_Memset(&sha1WithRSAEncryption, 0, sizeof(sha1WithRSAEncryption)); - PORT_Memset(&rsaEncryption, 0, sizeof(rsaEncryption)); - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - optstate = PL_CreateOptState(argc, argv, "aAvf"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case 'v': - verbose = 1; - break; - - case 'f': - force = 1; - break; - - case 'a': - ascii = 1; - break; - - case 'A': - issuerAscii = 1; - break; - - case '\0': - if (!inFileName) - inFileName = PL_strdup(optstate->value); - else if (!issuerCertFileName) - issuerCertFileName = PL_strdup(optstate->value); - else - Usage(progName); - break; - } - } - - if (!inFileName || !issuerCertFileName || status == PL_OPT_BAD) { - /* insufficient or excess args */ - Usage(progName); - } - - inFile = PR_Open(inFileName, PR_RDONLY, 0); - if (!inFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, inFileName); - exit(1); - } - - issuerCertFile = PR_Open(issuerCertFileName, PR_RDONLY, 0); - if (!issuerCertFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, issuerCertFileName); - exit(1); - } - - if (SECU_ReadDERFromFile(&derCert, inFile, ascii) != SECSuccess) { - printf("Couldn't read input certificate as DER binary or base64\n"); - exit(1); - } - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == 0) { - fprintf(stderr,"%s: can't allocate scratch arena!", progName); - exit(1); - } - - if (issuerCertFile) { - CERTSignedData *issuerCertSD=0; - if (SECU_ReadDERFromFile(&derIssuerCert, issuerCertFile, issuerAscii) - != SECSuccess) { - printf("Couldn't read issuer certificate as DER binary or base64.\n"); - exit(1); - } - issuerCertSD = PORT_ArenaZNew(arena, CERTSignedData); - if (!issuerCertSD) { - fprintf(stderr,"%s: can't allocate issuer signed data!", progName); - exit(1); - } - rv = SEC_ASN1DecodeItem(arena, issuerCertSD, - SEC_ASN1_GET(CERT_SignedDataTemplate), - &derIssuerCert); - if (rv) { - fprintf(stderr, "%s: Issuer cert isn't X509 SIGNED Data?\n", - progName); - exit(1); - } - issuerCert = createEmptyCertificate(); - if (!issuerCert) { - printf("%s: can't allocate space for issuer cert.", progName); - exit(1); - } - rv = SEC_ASN1DecodeItem(arena, issuerCert, - SEC_ASN1_GET(CERT_CertificateTemplate), - &issuerCertSD->data); - if (rv) { - printf("%s: Does not appear to be an X509 Certificate.\n", - progName); - exit(1); - } - } - - signedData = PORT_ArenaZNew(arena,CERTSignedData); - if (!signedData) { - fprintf(stderr,"%s: can't allocate signedData!", progName); - exit(1); - } - - rv = SEC_ASN1DecodeItem(arena, signedData, - SEC_ASN1_GET(CERT_SignedDataTemplate), - &derCert); - if (rv) { - fprintf(stderr, "%s: Does not appear to be X509 SIGNED Data.\n", - progName); - exit(1); - } - - if (verbose) { - printf("Decoded ok as X509 SIGNED data.\n"); - } - - cert = createEmptyCertificate(); - if (!cert) { - fprintf(stderr, "%s: can't allocate cert", progName); - exit(1); - } - - rv = SEC_ASN1DecodeItem(arena, cert, - SEC_ASN1_GET(CERT_CertificateTemplate), - &signedData->data); - if (rv) { - fprintf(stderr, "%s: Does not appear to be an X509 Certificate.\n", - progName); - exit(1); - } - - - if (verbose) { - printf("Decoded ok as an X509 certificate.\n"); - } - - SECU_RegisterDynamicOids(); - rv = SECU_PrintSignedData(stdout, &derCert, "Certificate", 0, - SECU_PrintCertificate); - - if (rv) { - fprintf(stderr, "%s: Unable to pretty print cert. Error: %d\n", - progName, PORT_GetError()); - if (!force) { - exit(1); - } - } - - - /* Do various checks on the cert */ - - printf("\n"); - - /* Check algorithms */ - SECOID_SetAlgorithmID(arena, &md5WithRSAEncryption, - SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, NULL); - - SECOID_SetAlgorithmID(arena, &md2WithRSAEncryption, - SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NULL); - - SECOID_SetAlgorithmID(arena, &sha1WithRSAEncryption, - SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION, NULL); - - SECOID_SetAlgorithmID(arena, &rsaEncryption, - SEC_OID_PKCS1_RSA_ENCRYPTION, NULL); - - { - int isMD5RSA = (SECOID_CompareAlgorithmID(&cert->signature, - &md5WithRSAEncryption) == 0); - int isMD2RSA = (SECOID_CompareAlgorithmID(&cert->signature, - &md2WithRSAEncryption) == 0); - int isSHA1RSA = (SECOID_CompareAlgorithmID(&cert->signature, - &sha1WithRSAEncryption) == 0); - - if (verbose) { - printf("\nDoing algorithm checks.\n"); - } - - if (!(isMD5RSA || isMD2RSA || isSHA1RSA)) { - printf("PROBLEM: Signature not PKCS1 MD5, MD2, or SHA1 + RSA.\n"); - } else if (!isMD5RSA) { - printf("WARNING: Signature not PKCS1 MD5 with RSA Encryption\n"); - } - - if (SECOID_CompareAlgorithmID(&cert->signature, - &signedData->signatureAlgorithm)) { - printf("PROBLEM: Algorithm in sig and certInfo don't match.\n"); - } - } - - if (SECOID_CompareAlgorithmID(&cert->subjectPublicKeyInfo.algorithm, - &rsaEncryption)) { - printf("PROBLEM: Public key algorithm is not PKCS1 RSA Encryption.\n"); - } - - /* Check further public key properties */ - spk = cert->subjectPublicKeyInfo.subjectPublicKey; - DER_ConvertBitString(&spk); - - if (verbose) { - printf("\nsubjectPublicKey DER\n"); - rv = DER_PrettyPrint(stdout, &spk, PR_FALSE); - printf("\n"); - } - - rsapubkey = (SECKEYPublicKey *) - PORT_ArenaZAlloc(arena,sizeof(SECKEYPublicKey)); - if (!rsapubkey) { - fprintf(stderr, "%s: rsapubkey allocation failed.\n", progName); - exit(1); - } - - rv = SEC_ASN1DecodeItem(arena, rsapubkey, - SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), &spk); - if (rv) { - printf("PROBLEM: subjectPublicKey is not a DER PKCS1 RSAPublicKey.\n"); - } else { - int mlen; - int pubexp; - if (verbose) { - printf("Decoded RSA Public Key ok. Doing key checks.\n"); - } - PORT_Assert(rsapubkey->keyType == rsaKey); /* XXX RSA */ - mlen = checkInteger(&rsapubkey->u.rsa.modulus, "Modulus", verbose); - printf("INFO: Public Key modulus length in bits: %d\n", mlen); - if (mlen > MAX_MODULUS) { - printf("PROBLEM: Modulus length exceeds %d bits.\n", - MAX_MODULUS); - } - if (mlen < 512) { - printf("WARNING: Short modulus.\n"); - } - if (mlen != (1 << (ffs(mlen)-1))) { - printf("WARNING: Unusual modulus length (not a power of two).\n"); - } - checkInteger(&rsapubkey->u.rsa.publicExponent, "Public Exponent", - verbose); - pubexp = DER_GetInteger(&rsapubkey->u.rsa.publicExponent); - if (pubexp != 17 && pubexp != 3 && pubexp != 65537) { - printf("WARNING: Public exponent not any of: 3, 17, 65537\n"); - } - } - - - /* Name checks */ - checkName(&cert->issuer, "Issuer Name", verbose); - checkName(&cert->subject, "Subject Name", verbose); - - if (issuerCert) { - SECComparison c = - CERT_CompareName(&cert->issuer, &issuerCert->subject); - if (c) { - printf("PROBLEM: Issuer Name and Subject in Issuing Cert differ\n"); - } - } - - /* Check if self-signed */ - selfSigned = (CERT_CompareName(&cert->issuer, &cert->subject) == 0); - if (selfSigned) { - printf("INFO: Certificate is self signed.\n"); - } else { - printf("INFO: Certificate is NOT self-signed.\n"); - } - - - /* Validity time check */ - if (CERT_CertTimesValid(cert) == SECSuccess) { - printf("INFO: Inside validity period of certificate.\n"); - } else { - printf("PROBLEM: Not in validity period of certificate.\n"); - invalid = 1; - } - - /* Signature check if self-signed */ - if (selfSigned && !invalid) { - if (rsapubkey->u.rsa.modulus.len) { - SECStatus ver; - if (verbose) { - printf("Checking self signature.\n"); - } - ver = OurVerifySignedData(signedData, cert); - if (ver != SECSuccess) { - printf("PROBLEM: Verification of self-signature failed!\n"); - } else { - printf("INFO: Self-signature verifies ok.\n"); - } - } else { - printf("INFO: Not checking signature due to key problems.\n"); - } - } else if (!selfSigned && !invalid && issuerCert) { - SECStatus ver; - ver = OurVerifySignedData(signedData, issuerCert); - if (ver != SECSuccess) { - printf("PROBLEM: Verification of issuer's signature failed!\n"); - } else { - printf("INFO: Issuer's signature verifies ok.\n"); - } - } else { - printf("INFO: Not checking signature.\n"); - } - - return 0; -} - - - diff --git a/security/nss/cmd/checkcert/manifest.mn b/security/nss/cmd/checkcert/manifest.mn deleted file mode 100644 index 91cbf1f4c7..0000000000 --- a/security/nss/cmd/checkcert/manifest.mn +++ /dev/null @@ -1,51 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = checkcert.c - -PROGRAM = checkcert diff --git a/security/nss/cmd/crlutil/Makefile b/security/nss/cmd/crlutil/Makefile deleted file mode 100644 index 0f01f4c47f..0000000000 --- a/security/nss/cmd/crlutil/Makefile +++ /dev/null @@ -1,85 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -# -# crlgen_lex can be generated on linux by flex or solaris by lex -# -crlgen_lex: - ${LEX} -t crlgen_lex_orig.l > crlgen_lex_fix.c - sed -f crlgen_lex_fix.sed < crlgen_lex_fix.c > crlgen_lex.c - rm -f crlgen_lex_fix.c - -include ../platrules.mk diff --git a/security/nss/cmd/crlutil/crlgen.c b/security/nss/cmd/crlutil/crlgen.c deleted file mode 100644 index 5f86766831..0000000000 --- a/security/nss/cmd/crlutil/crlgen.c +++ /dev/null @@ -1,1589 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* -** crlgen.c -** -** utility for managing certificates revocation lists generation -** -*/ - - -#include -#include - -#include "nspr.h" -#include "plgetopt.h" -#include "nss.h" -#include "secutil.h" -#include "cert.h" -#include "certi.h" -#include "certdb.h" -#include "pk11func.h" -#include "crlgen.h" - - -/* Destroys extHandle and data. data was create on heap. - * extHandle creaded by CERT_StartCRLEntryExtensions. entry - * was allocated on arena.*/ -static void -destroyEntryData(CRLGENEntryData *data) -{ - if (!data) - return; - PORT_Assert(data->entry); - if (data->extHandle) - CERT_FinishExtensions(data->extHandle); - PORT_Free(data); -} - - -/* Prints error messages along with line number */ -void -crlgen_PrintError(int line, char *msg, ...) -{ - va_list args; - - va_start(args, msg); - - fprintf(stderr, "crlgen: (line: %d) ", line); - vfprintf(stderr, msg, args); - - va_end(args); -} -/* Finds CRLGENEntryData in hashtable according PRUint64 value - * - certId : cert serial number*/ -static CRLGENEntryData* -crlgen_FindEntry(CRLGENGeneratorData *crlGenData, SECItem *certId) -{ - if (!crlGenData->entryDataHashTable || !certId) - return NULL; - return (CRLGENEntryData*) - PL_HashTableLookup(crlGenData->entryDataHashTable, - certId); -} - - -/* Removes CRLGENEntryData from hashtable according to certId - * - certId : cert serial number*/ -static SECStatus -crlgen_RmEntry(CRLGENGeneratorData *crlGenData, SECItem *certId) -{ - CRLGENEntryData *data = NULL; - - if (!crlGenData->entryDataHashTable) - return SECSuccess; - data = crlgen_FindEntry(crlGenData, certId); - if (!data) - return SECSuccess; - if (PL_HashTableRemove(crlGenData->entryDataHashTable, certId)) - return SECSuccess; - destroyEntryData(data); - return SECFailure; -} - - -/* Stores CRLGENEntryData in hashtable according to certId - * - certId : cert serial number*/ -static CRLGENEntryData* -crlgen_PlaceAnEntry(CRLGENGeneratorData *crlGenData, - CERTCrlEntry *entry, SECItem *certId) -{ - CRLGENEntryData *newData = NULL; - - PORT_Assert(crlGenData && crlGenData->entryDataHashTable && - entry); - if (!crlGenData || !crlGenData->entryDataHashTable || !entry) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } - - newData = PORT_ZNew(CRLGENEntryData); - if (!newData) { - return NULL; - } - newData->entry = entry; - newData->certId = certId; - if (!PL_HashTableAdd(crlGenData->entryDataHashTable, - newData->certId, newData)) { - crlgen_PrintError(crlGenData->parsedLineNum, - "Can not add entryData structure\n"); - return NULL; - } - return newData; -} - -/* Use this structure to keep pointer when commiting entries extensions */ -struct commitData { - int pos; - CERTCrlEntry **entries; -}; - -/* HT PL_HashTableEnumerateEntries callback. Sorts hashtable entries of the - * table he. Returns value through arg parameter*/ -static PRIntn PR_CALLBACK -crlgen_CommitEntryData(PLHashEntry *he, PRIntn i, void *arg) -{ - CRLGENEntryData *data = NULL; - - PORT_Assert(he); - if (!he) { - return HT_ENUMERATE_NEXT; - } - data = (CRLGENEntryData*)he->value; - - PORT_Assert(data); - PORT_Assert(arg); - - if (data) { - struct commitData *dt = (struct commitData*)arg; - dt->entries[dt->pos++] = data->entry; - destroyEntryData(data); - } - return HT_ENUMERATE_NEXT; -} - - - -/* Copy char * datainto allocated in arena SECItem */ -static SECStatus -crlgen_SetString(PRArenaPool *arena, const char *dataIn, SECItem *value) -{ - SECItem item; - - PORT_Assert(arena && dataIn); - if (!arena || !dataIn) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - item.data = (void*)dataIn; - item.len = PORT_Strlen(dataIn); - - return SECITEM_CopyItem(arena, value, &item); -} - -/* Creates CERTGeneralName from parsed data for the Authority Key Extension */ -static CERTGeneralName * -crlgen_GetGeneralName (PRArenaPool *arena, CRLGENGeneratorData *crlGenData, - const char *data) -{ - CERTGeneralName *namesList = NULL; - CERTGeneralName *current; - CERTGeneralName *tail = NULL; - SECStatus rv = SECSuccess; - const char *nextChunk = NULL; - const char *currData = NULL; - int intValue; - char buffer[512]; - void *mark; - - if (!data) - return NULL; - PORT_Assert (arena); - if (!arena) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } - - mark = PORT_ArenaMark (arena); - - nextChunk = data; - currData = data; - do { - int nameLen = 0; - char name[128]; - const char *sepPrt = NULL; - nextChunk = PORT_Strchr(currData, '|'); - if (!nextChunk) - nextChunk = data + strlen(data); - sepPrt = PORT_Strchr(currData, ':'); - if (sepPrt == NULL || sepPrt >= nextChunk) { - *buffer = '\0'; - sepPrt = nextChunk; - } else { - PORT_Memcpy(buffer, sepPrt + 1, - (nextChunk - sepPrt - 1)); - buffer[nextChunk - sepPrt - 1] = '\0'; - } - nameLen = PR_MIN(sepPrt - currData, sizeof(name) - 1 ); - PORT_Memcpy(name, currData, nameLen); - name[nameLen] = '\0'; - currData = nextChunk + 1; - - if (!PORT_Strcmp(name, "otherName")) - intValue = certOtherName; - else if (!PORT_Strcmp(name, "rfc822Name")) - intValue = certRFC822Name; - else if (!PORT_Strcmp(name, "dnsName")) - intValue = certDNSName; - else if (!PORT_Strcmp(name, "x400Address")) - intValue = certX400Address; - else if (!PORT_Strcmp(name, "directoryName")) - intValue = certDirectoryName; - else if (!PORT_Strcmp(name, "ediPartyName")) - intValue = certEDIPartyName; - else if (!PORT_Strcmp(name, "URI")) - intValue = certURI; - else if (!PORT_Strcmp(name, "ipAddress")) - intValue = certIPAddress; - else if (!PORT_Strcmp(name, "registerID")) - intValue = certRegisterID; - else intValue = -1; - - if (intValue >= certOtherName && intValue <= certRegisterID) { - if (namesList == NULL) { - namesList = current = tail = PORT_ArenaZNew(arena, - CERTGeneralName); - } else { - current = PORT_ArenaZNew(arena, CERTGeneralName); - } - if (current == NULL) { - rv = SECFailure; - break; - } - } else { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - break; - } - current->type = intValue; - switch (current->type) { - case certURI: - case certDNSName: - case certRFC822Name: - current->name.other.data = PORT_ArenaAlloc (arena, strlen (buffer)); - if (current->name.other.data == NULL) { - rv = SECFailure; - break; - } - PORT_Memcpy(current->name.other.data, buffer, - current->name.other.len = strlen(buffer)); - break; - - case certEDIPartyName: - case certIPAddress: - case certOtherName: - case certRegisterID: - case certX400Address: { - - current->name.other.data = PORT_ArenaAlloc (arena, strlen (buffer) + 2); - if (current->name.other.data == NULL) { - rv = SECFailure; - break; - } - - PORT_Memcpy (current->name.other.data + 2, buffer, strlen (buffer)); -/* This may not be accurate for all cases.For now, use this tag type */ - current->name.other.data[0] = (char)(((current->type - 1) & 0x1f)| 0x80); - current->name.other.data[1] = (char)strlen (buffer); - current->name.other.len = strlen (buffer) + 2; - break; - } - - case certDirectoryName: { - CERTName *directoryName = NULL; - - directoryName = CERT_AsciiToName (buffer); - if (!directoryName) { - rv = SECFailure; - break; - } - - rv = CERT_CopyName (arena, ¤t->name.directoryName, directoryName); - CERT_DestroyName (directoryName); - - break; - } - } - if (rv != SECSuccess) - break; - current->l.next = &(namesList->l); - current->l.prev = &(tail->l); - tail->l.next = &(current->l); - tail = current; - - } while(nextChunk != data + strlen(data)); - - if (rv != SECSuccess) { - PORT_ArenaRelease (arena, mark); - namesList = NULL; - } - return (namesList); -} - -/* Creates CERTGeneralName from parsed data for the Authority Key Extension */ -static CERTGeneralName * -crlgen_DistinguishedName (PRArenaPool *arena, CRLGENGeneratorData *crlGenData, - const char *data) -{ - CERTName *directoryName = NULL; - CERTGeneralName *current; - SECStatus rv = SECFailure; - void *mark; - - if (!data) - return NULL; - PORT_Assert (arena); - if (!arena) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } - - mark = PORT_ArenaMark (arena); - - current = PORT_ArenaZNew(arena, CERTGeneralName); - if (current == NULL) { - goto loser; - } - current->type = certDirectoryName; - current->l.next = ¤t->l; - current->l.prev = ¤t->l; - - directoryName = CERT_AsciiToName ((char*)data); - if (!directoryName) { - goto loser; - } - - rv = CERT_CopyName (arena, ¤t->name.directoryName, directoryName); - CERT_DestroyName (directoryName); - - loser: - if (rv != SECSuccess) { - PORT_SetError (rv); - PORT_ArenaRelease (arena, mark); - current = NULL; - } - return (current); -} - - -/* Adding Authority Key ID extension to extension handle. */ -static SECStatus -crlgen_AddAuthKeyID (CRLGENGeneratorData *crlGenData, - const char **dataArr) -{ - void *extHandle = NULL; - CERTAuthKeyID *authKeyID = NULL; - PRArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - - PORT_Assert(dataArr && crlGenData); - if (!crlGenData || !dataArr) { - return SECFailure; - } - - extHandle = crlGenData->crlExtHandle; - - if (!dataArr[0] || !dataArr[1] || !dataArr[2]) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of parameters.\n"); - return SECFailure; - } - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (!arena) { - return SECFailure; - } - - authKeyID = PORT_ArenaZNew(arena, CERTAuthKeyID); - if (authKeyID == NULL) { - rv = SECFailure; - goto loser; - } - - if (dataArr[3] == NULL) { - rv = crlgen_SetString (arena, dataArr[2], &authKeyID->keyID); - if (rv != SECSuccess) - goto loser; - } else { - rv = crlgen_SetString (arena, dataArr[3], - &authKeyID->authCertSerialNumber); - if (rv != SECSuccess) - goto loser; - - authKeyID->authCertIssuer = - crlgen_DistinguishedName (arena, crlGenData, dataArr[2]); - if (authKeyID->authCertIssuer == NULL && SECFailure == PORT_GetError ()){ - crlgen_PrintError(crlGenData->parsedLineNum, "syntax error.\n"); - rv = SECFailure; - goto loser; - } - } - - rv = - SECU_EncodeAndAddExtensionValue(arena, extHandle, authKeyID, - (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE, - SEC_OID_X509_AUTH_KEY_ID, - (EXTEN_EXT_VALUE_ENCODER) CERT_EncodeAuthKeyID); - loser: - if (arena) - PORT_FreeArena (arena, PR_FALSE); - return rv; -} - -/* Creates and add Subject Alternative Names extension */ -static SECStatus -crlgen_AddIssuerAltNames(CRLGENGeneratorData *crlGenData, - const char **dataArr) -{ - CERTGeneralName *nameList = NULL; - PRArenaPool *arena = NULL; - void *extHandle = NULL; - SECStatus rv = SECSuccess; - - - PORT_Assert(dataArr && crlGenData); - if (!crlGenData || !dataArr) { - return SECFailure; - } - - if (!dataArr || !dataArr[0] || !dataArr[1] || !dataArr[2]) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of arguments.\n"); - return SECFailure; - } - - PORT_Assert(dataArr && crlGenData); - if (!crlGenData || !dataArr) { - return SECFailure; - } - - extHandle = crlGenData->crlExtHandle; - - if (!dataArr[0] || !dataArr[1] || !dataArr[2]) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of parameters.\n"); - return SECFailure; - } - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (!arena) { - return SECFailure; - } - - nameList = crlgen_GetGeneralName(arena, crlGenData, dataArr[2]); - if (nameList == NULL) { - crlgen_PrintError(crlGenData->parsedLineNum, "syntax error.\n"); - rv = SECFailure; - goto loser; - } - - rv = - SECU_EncodeAndAddExtensionValue(arena, extHandle, nameList, - (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE, - SEC_OID_X509_ISSUER_ALT_NAME, - (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeAltNameExtension); - loser: - if (arena) - PORT_FreeArena (arena, PR_FALSE); - return rv; -} - -/* Creates and adds CRLNumber extension to extension handle. - * Since, this is CRL extension, extension handle is the one - * related to CRL extensions */ -static SECStatus -crlgen_AddCrlNumber(CRLGENGeneratorData *crlGenData, const char **dataArr) -{ - PRArenaPool *arena = NULL; - SECItem encodedItem; - void *extHandle = crlGenData->crlExtHandle; - void *dummy; - SECStatus rv = SECFailure; - int code = 0; - - PORT_Assert(dataArr && crlGenData); - if (!crlGenData || !dataArr) { - goto loser; - } - - if (!dataArr[0] || !dataArr[1] || !dataArr[2]) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of arguments.\n"); - goto loser; - } - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - goto loser; - } - - code = atoi(dataArr[2]); - if (code == 0 && *dataArr[2] != '0') { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - goto loser; - } - - dummy = SEC_ASN1EncodeInteger(arena, &encodedItem, code); - if (!dummy) { - rv = SECFailure; - goto loser; - } - - rv = CERT_AddExtension (extHandle, SEC_OID_X509_CRL_NUMBER, &encodedItem, - (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE, - PR_TRUE); - - loser: - if (arena) - PORT_FreeArena(arena, PR_FALSE); - return rv; - -} - - -/* Creates Cert Revocation Reason code extension. Encodes it and - * returns as SECItem structure */ -static SECItem* -crlgen_CreateReasonCode(PRArenaPool *arena, const char **dataArr, - int *extCode) -{ - SECItem *encodedItem; - void *dummy; - void *mark; - int code = 0; - - PORT_Assert(arena && dataArr); - if (!arena || !dataArr) { - goto loser; - } - - mark = PORT_ArenaMark(arena); - - encodedItem = PORT_ArenaZNew (arena, SECItem); - if (encodedItem == NULL) { - goto loser; - } - - if (dataArr[2] == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - goto loser; - } - - code = atoi(dataArr[2]); - /* aACompromise(10) is the last possible of the values - * for the Reason Core Extension */ - if ((code == 0 && *dataArr[2] != '0') || code > 10) { - - PORT_SetError(SEC_ERROR_INVALID_ARGS); - goto loser; - } - - dummy = SEC_ASN1EncodeInteger(arena, encodedItem, code); - if (!dummy) { - goto loser; - } - - *extCode = SEC_OID_X509_REASON_CODE; - return encodedItem; - - loser: - PORT_ArenaRelease (arena, mark); - return NULL; -} - -/* Creates Cert Invalidity Date extension. Encodes it and - * returns as SECItem structure */ -static SECItem* -crlgen_CreateInvalidityDate(PRArenaPool *arena, const char **dataArr, - int *extCode) -{ - SECItem *encodedItem; - int length = 0; - void *mark; - - PORT_Assert(arena && dataArr); - if (!arena || !dataArr) { - goto loser; - } - - mark = PORT_ArenaMark(arena); - - encodedItem = PORT_ArenaZNew(arena, SECItem); - if (encodedItem == NULL) { - goto loser; - } - - length = PORT_Strlen(dataArr[2]); - - encodedItem->type = siGeneralizedTime; - encodedItem->data = PORT_ArenaAlloc(arena, length); - if (!encodedItem->data) { - goto loser; - } - - PORT_Memcpy(encodedItem->data, dataArr[2], (encodedItem->len = length) * - sizeof(char)); - - *extCode = SEC_OID_X509_INVALID_DATE; - return encodedItem; - - loser: - PORT_ArenaRelease(arena, mark); - return NULL; -} - -/* Creates(by calling extCreator function) and adds extension to a set - * of already added certs. Uses values of rangeFrom and rangeTo from - * CRLGENCrlGenCtl structure for identifying the inclusive set of certs */ -static SECStatus -crlgen_AddEntryExtension(CRLGENGeneratorData *crlGenData, - const char **dataArr, char *extName, - SECItem* (*extCreator)(PRArenaPool *arena, - const char **dataArr, - int *extCode)) -{ - PRUint64 i = 0; - SECStatus rv = SECFailure; - int extCode = 0; - PRUint64 lastRange ; - SECItem *ext = NULL; - PRArenaPool *arena = NULL; - - - PORT_Assert(crlGenData && dataArr); - if (!crlGenData || !dataArr) { - goto loser; - } - - if (!dataArr[0] || !dataArr[1]) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of arguments.\n"); - } - - lastRange = crlGenData->rangeTo - crlGenData->rangeFrom + 1; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - goto loser; - } - - ext = extCreator(arena, dataArr, &extCode); - if (ext == NULL) { - crlgen_PrintError(crlGenData->parsedLineNum, - "got error while creating extension: %s\n", - extName); - goto loser; - } - - for (i = 0;i < lastRange;i++) { - CRLGENEntryData * extData = NULL; - void *extHandle = NULL; - SECItem * certIdItem = - SEC_ASN1EncodeInteger(arena, NULL, - crlGenData->rangeFrom + i); - if (!certIdItem) { - rv = SECFailure; - goto loser; - } - - extData = crlgen_FindEntry(crlGenData, certIdItem); - if (!extData) { - crlgen_PrintError(crlGenData->parsedLineNum, - "can not add extension: crl entry " - "(serial number: %d) is not in the list yet.\n", - crlGenData->rangeFrom + i); - continue; - } - - extHandle = extData->extHandle; - if (extHandle == NULL) { - extHandle = extData->extHandle = - CERT_StartCRLEntryExtensions(&crlGenData->signCrl->crl, - (CERTCrlEntry*)extData->entry); - } - rv = CERT_AddExtension (extHandle, extCode, ext, - (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE, - PR_TRUE); - if (rv == SECFailure) { - goto loser; - } - } - - loser: - if (arena) - PORT_FreeArena(arena, PR_FALSE); - return rv; -} - - -/* Commits all added entries and their's extensions into CRL. */ -SECStatus -CRLGEN_CommitExtensionsAndEntries(CRLGENGeneratorData *crlGenData) -{ - int size = 0; - CERTCrl *crl; - PRArenaPool *arena; - SECStatus rv = SECSuccess; - void *mark; - - PORT_Assert(crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena); - if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - arena = crlGenData->signCrl->arena; - crl = &crlGenData->signCrl->crl; - - mark = PORT_ArenaMark(arena); - - if (crlGenData->crlExtHandle) - CERT_FinishExtensions(crlGenData->crlExtHandle); - - size = crlGenData->entryDataHashTable->nentries; - crl->entries = NULL; - if (size) { - crl->entries = PORT_ArenaZNewArray(arena, CERTCrlEntry*, size + 1); - if (!crl->entries) { - rv = SECFailure; - } else { - struct commitData dt; - dt.entries = crl->entries; - dt.pos = 0; - PL_HashTableEnumerateEntries(crlGenData->entryDataHashTable, - &crlgen_CommitEntryData, &dt); - /* Last should be NULL */ - crl->entries[size] = NULL; - } - } - - if (rv != SECSuccess) - PORT_ArenaRelease(arena, mark); - return rv; -} - -/* Initializes extHandle with data from extensions array */ -static SECStatus -crlgen_InitExtensionHandle(void *extHandle, - CERTCertExtension **extensions) -{ - CERTCertExtension *extension = NULL; - - if (!extensions) - return SECSuccess; - - PORT_Assert(extHandle != NULL); - if (!extHandle) { - return SECFailure; - } - - extension = *extensions; - while (extension) { - SECOidTag oidTag = SECOID_FindOIDTag (&extension->id); -/* shell we skip unknown extensions? */ - CERT_AddExtension (extHandle, oidTag, &extension->value, - (extension->critical.len != 0) ? PR_TRUE : PR_FALSE, - PR_FALSE); - extension = *(++extensions); - } - return SECSuccess; -} - -/* Used for initialization of extension handles for crl and certs - * extensions from existing CRL data then modifying existing CRL.*/ -SECStatus -CRLGEN_ExtHandleInit(CRLGENGeneratorData *crlGenData) -{ - CERTCrl *crl = NULL; - PRUint64 maxSN = 0; - - PORT_Assert(crlGenData && crlGenData->signCrl && - crlGenData->entryDataHashTable); - if (!crlGenData || !crlGenData->signCrl || - !crlGenData->entryDataHashTable) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - crl = &crlGenData->signCrl->crl; - crlGenData->crlExtHandle = CERT_StartCRLExtensions(crl); - crlgen_InitExtensionHandle(crlGenData->crlExtHandle, - crl->extensions); - crl->extensions = NULL; - - if (crl->entries) { - CERTCrlEntry **entry = crl->entries; - while (*entry) { - PRUint64 sn = DER_GetInteger(&(*entry)->serialNumber); - CRLGENEntryData *extData = - crlgen_PlaceAnEntry(crlGenData, *entry, &(*entry)->serialNumber); - if ((*entry)->extensions) { - extData->extHandle = - CERT_StartCRLEntryExtensions(&crlGenData->signCrl->crl, - (CERTCrlEntry*)extData->entry); - if (crlgen_InitExtensionHandle(extData->extHandle, - (*entry)->extensions) == SECFailure) - return SECFailure; - } - (*entry)->extensions = NULL; - entry++; - maxSN = PR_MAX(maxSN, sn); - } - } - - crlGenData->rangeFrom = crlGenData->rangeTo = maxSN + 1; - return SECSuccess; -} - -/***************************************************************************** - * Parser trigger functions start here - */ - -/* Sets new internal range value for add/rm certs.*/ -static SECStatus -crlgen_SetNewRangeField(CRLGENGeneratorData *crlGenData, char *value) -{ - long rangeFrom = 0, rangeTo = 0; - char *dashPos = NULL; - - PORT_Assert(crlGenData); - if (!crlGenData) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - if (value == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of arguments.\n"); - return SECFailure; - } - - if ((dashPos = strchr(value, '-')) != NULL) { - char *rangeToS, *rangeFromS = value; - *dashPos = '\0'; - rangeFrom = atoi(rangeFromS); - *dashPos = '-'; - - rangeToS = (char*)(dashPos + 1); - rangeTo = atol(rangeToS); - } else { - rangeFrom = atol(value); - rangeTo = rangeFrom; - } - - if (rangeFrom < 1 || rangeToparsedLineNum, - "bad cert id range: %s.\n", value); - return SECFailure; - } - - crlGenData->rangeFrom = rangeFrom; - crlGenData->rangeTo = rangeTo; - - return SECSuccess; -} - -/* Changes issuer subject field in CRL. By default this data is taken from - * issuer cert subject field.Not yet implemented */ -static SECStatus -crlgen_SetIssuerField(CRLGENGeneratorData *crlGenData, char *value) -{ - crlgen_PrintError(crlGenData->parsedLineNum, - "Can not change CRL issuer field.\n"); - return SECFailure; -} - -/* Encode and sets CRL thisUpdate and nextUpdate time fields*/ -static SECStatus -crlgen_SetTimeField(CRLGENGeneratorData *crlGenData, char *value, - PRBool setThisUpdate) -{ - CERTSignedCrl *signCrl; - PRArenaPool *arena; - CERTCrl *crl; - int length = 0; - SECItem *timeDest = NULL; - - PORT_Assert(crlGenData && crlGenData->signCrl && - crlGenData->signCrl->arena); - if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - signCrl = crlGenData->signCrl; - arena = signCrl->arena; - crl = &signCrl->crl; - - if (value == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of arguments.\n"); - return SECFailure; - } - length = PORT_Strlen(value); - - if (setThisUpdate == PR_TRUE) { - timeDest = &crl->lastUpdate; - } else { - timeDest = &crl->nextUpdate; - } - - timeDest->type = siGeneralizedTime; - timeDest->data = PORT_ArenaAlloc(arena, length); - if (!timeDest->data) { - return SECFailure; - } - PORT_Memcpy(timeDest->data, value, length); - timeDest->len = length; - - return SECSuccess; -} - - -/* Adds new extension into CRL or added cert handles */ -static SECStatus -crlgen_AddExtension(CRLGENGeneratorData *crlGenData, const char **extData) -{ - PORT_Assert(crlGenData && crlGenData->crlExtHandle); - if (!crlGenData || !crlGenData->crlExtHandle) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - if (extData == NULL || *extData == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of arguments.\n"); - return SECFailure; - } - if (!PORT_Strcmp(*extData, "authKeyId")) - return crlgen_AddAuthKeyID(crlGenData, extData); - else if (!PORT_Strcmp(*extData, "issuerAltNames")) - return crlgen_AddIssuerAltNames(crlGenData, extData); - else if (!PORT_Strcmp(*extData, "crlNumber")) - return crlgen_AddCrlNumber(crlGenData, extData); - else if (!PORT_Strcmp(*extData, "reasonCode")) - return crlgen_AddEntryExtension(crlGenData, extData, "reasonCode", - crlgen_CreateReasonCode); - else if (!PORT_Strcmp(*extData, "invalidityDate")) - return crlgen_AddEntryExtension(crlGenData, extData, "invalidityDate", - crlgen_CreateInvalidityDate); - else { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of arguments.\n"); - return SECFailure; - } -} - - - -/* Created CRLGENEntryData for cert with serial number certId and - * adds it to entryDataHashTable. certId can be a single cert serial - * number or an inclusive rage of certs */ -static SECStatus -crlgen_AddCert(CRLGENGeneratorData *crlGenData, - char *certId, char *revocationDate) -{ - CERTSignedCrl *signCrl; - SECItem *certIdItem; - PRArenaPool *arena; - PRUint64 rangeFrom = 0, rangeTo = 0, i = 0; - int timeValLength = -1; - SECStatus rv = SECFailure; - void *mark; - - - PORT_Assert(crlGenData && crlGenData->signCrl && - crlGenData->signCrl->arena); - if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - signCrl = crlGenData->signCrl; - arena = signCrl->arena; - - if (!certId || !revocationDate) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of arguments.\n"); - return SECFailure; - } - - timeValLength = strlen(revocationDate); - - if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure && - certId) { - return SECFailure; - } - rangeFrom = crlGenData->rangeFrom; - rangeTo = crlGenData->rangeTo; - - for (i = 0;i < rangeTo - rangeFrom + 1;i++) { - CERTCrlEntry *entry; - mark = PORT_ArenaMark(arena); - entry = PORT_ArenaZNew(arena, CERTCrlEntry); - if (entry == NULL) { - goto loser; - } - - certIdItem = SEC_ASN1EncodeInteger(arena, &entry->serialNumber, - rangeFrom + i); - if (!certIdItem) { - goto loser; - } - - if (crlgen_FindEntry(crlGenData, certIdItem)) { - crlgen_PrintError(crlGenData->parsedLineNum, - "entry already exists. Use \"range\" " - "and \"rmcert\" before adding a new one with the " - "same serial number %ld\n", rangeFrom + i); - goto loser; - } - - entry->serialNumber.type = siBuffer; - - entry->revocationDate.type = siGeneralizedTime; - - entry->revocationDate.data = - PORT_ArenaAlloc(arena, timeValLength); - if (entry->revocationDate.data == NULL) { - goto loser; - } - - PORT_Memcpy(entry->revocationDate.data, revocationDate, - timeValLength * sizeof(char)); - entry->revocationDate.len = timeValLength; - - - entry->extensions = NULL; - if (!crlgen_PlaceAnEntry(crlGenData, entry, certIdItem)) { - goto loser; - } - mark = NULL; - } - - rv = SECSuccess; - loser: - if (mark) { - PORT_ArenaRelease(arena, mark); - } - return rv; -} - - -/* Removes certs from entryDataHashTable which have certId serial number. - * certId can have value of a range of certs */ -static SECStatus -crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId) -{ - PRUint64 i = 0; - PRArenaPool *arena; - - PORT_Assert(crlGenData && certId); - if (!crlGenData || !certId) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - arena = crlGenData->signCrl->arena; - - if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure && - certId) { - return SECFailure; - } - - for (i = 0;i < crlGenData->rangeTo - crlGenData->rangeFrom + 1;i++) { - SECItem* certIdItem = SEC_ASN1EncodeInteger(NULL, NULL, - crlGenData->rangeFrom + i); - if (certIdItem) { - CRLGENEntryData *extData = - crlgen_FindEntry(crlGenData, certIdItem); - if (!extData) { - printf("Cert with id %s is not in the list\n", certId); - } else { - crlgen_RmEntry(crlGenData, certIdItem); - } - SECITEM_FreeItem(certIdItem, PR_TRUE); - } - } - - return SECSuccess; -} - -/************************************************************************* - * Lex Parser Helper functions are used to store parsed information - * in context related structures. Context(or state) is identified base on - * a type of a instruction parser currently is going through. New context - * is identified by first token in a line. It can be addcert context, - * addext context, etc. */ - -/* Updates CRL field depending on current context */ -static SECStatus -crlgen_updateCrlFn_field(CRLGENGeneratorData *crlGenData, void *str) -{ - CRLGENCrlField *fieldStr = (CRLGENCrlField*)str; - - PORT_Assert(crlGenData); - if (!crlGenData) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - switch(crlGenData->contextId) { - case CRLGEN_ISSUER_CONTEXT: - crlgen_SetIssuerField(crlGenData, fieldStr->value); - break; - case CRLGEN_UPDATE_CONTEXT: - return crlgen_SetTimeField(crlGenData, fieldStr->value, PR_TRUE); - break; - case CRLGEN_NEXT_UPDATE_CONTEXT: - return crlgen_SetTimeField(crlGenData, fieldStr->value, PR_FALSE); - break; - case CRLGEN_CHANGE_RANGE_CONTEXT: - return crlgen_SetNewRangeField(crlGenData, fieldStr->value); - break; - default: - crlgen_PrintError(crlGenData->parsedLineNum, - "syntax error (unknow token type: %d)\n", - crlGenData->contextId); - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - return SECSuccess; -} - -/* Sets parsed data for CRL field update into temporary structure */ -static SECStatus -crlgen_setNextDataFn_field(CRLGENGeneratorData *crlGenData, void *str, - void *data, unsigned short dtype) -{ - CRLGENCrlField *fieldStr = (CRLGENCrlField*)str; - - PORT_Assert(crlGenData); - if (!crlGenData) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - switch (crlGenData->contextId) { - case CRLGEN_CHANGE_RANGE_CONTEXT: - if (dtype != CRLGEN_TYPE_DIGIT || dtype != CRLGEN_TYPE_DIGIT_RANGE) { - crlgen_PrintError(crlGenData->parsedLineNum, - "range value should have " - "numeric or numeric range values.\n"); - return SECFailure; - } - break; - case CRLGEN_NEXT_UPDATE_CONTEXT: - case CRLGEN_UPDATE_CONTEXT: - if (dtype != CRLGEN_TYPE_ZDATE){ - crlgen_PrintError(crlGenData->parsedLineNum, - "bad formated date. Should be " - "YYYYMMDDHHMMSSZ.\n"); - return SECFailure; - } - break; - default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "syntax error (unknow token type: %d).\n", - crlGenData->contextId, data); - return SECFailure; - } - fieldStr->value = PORT_Strdup(data); - if (!fieldStr->value) { - return SECFailure; - } - return SECSuccess; -} - -/* Triggers cert entries update depending on current context */ -static SECStatus -crlgen_updateCrlFn_cert(CRLGENGeneratorData *crlGenData, void *str) -{ - CRLGENCertEntry *certStr = (CRLGENCertEntry*)str; - - PORT_Assert(crlGenData); - if (!crlGenData) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - switch(crlGenData->contextId) { - case CRLGEN_ADD_CERT_CONTEXT: - return crlgen_AddCert(crlGenData, certStr->certId, - certStr->revocationTime); - case CRLGEN_RM_CERT_CONTEXT: - return crlgen_RmCert(crlGenData, certStr->certId); - default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "syntax error (unknow token type: %d).\n", - crlGenData->contextId); - return SECFailure; - } -} - - -/* Sets parsed data for CRL entries update into temporary structure */ -static SECStatus -crlgen_setNextDataFn_cert(CRLGENGeneratorData *crlGenData, void *str, - void *data, unsigned short dtype) -{ - CRLGENCertEntry *certStr = (CRLGENCertEntry*)str; - - PORT_Assert(crlGenData); - if (!crlGenData) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - switch(dtype) { - case CRLGEN_TYPE_DIGIT: - case CRLGEN_TYPE_DIGIT_RANGE: - certStr->certId = PORT_Strdup(data); - if (!certStr->certId) { - return SECFailure; - } - break; - case CRLGEN_TYPE_DATE: - case CRLGEN_TYPE_ZDATE: - certStr->revocationTime = PORT_Strdup(data); - if (!certStr->revocationTime) { - return SECFailure; - } - break; - default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "syntax error (unknow token type: %d).\n", - crlGenData->contextId); - return SECFailure; - } - return SECSuccess; -} - -/* Triggers cert entries/crl extension update */ -static SECStatus -crlgen_updateCrlFn_extension(CRLGENGeneratorData *crlGenData, void *str) -{ - CRLGENExtensionEntry *extStr = (CRLGENExtensionEntry*)str; - - return crlgen_AddExtension(crlGenData, (const char**)extStr->extData); -} - -/* Defines maximum number of fields extension may have */ -#define MAX_EXT_DATA_LENGTH 10 - -/* Sets parsed extension data for CRL entries/CRL extensions update - * into temporary structure */ -static SECStatus -crlgen_setNextDataFn_extension(CRLGENGeneratorData *crlGenData, void *str, - void *data, unsigned short dtype) -{ - CRLGENExtensionEntry *extStr = (CRLGENExtensionEntry*)str; - - PORT_Assert(crlGenData); - if (!crlGenData) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - if (extStr->extData == NULL) { - extStr->extData = PORT_ZNewArray(char *, MAX_EXT_DATA_LENGTH); - if (!extStr->extData) { - return SECFailure; - } - } - if (extStr->nextUpdatedData >= MAX_EXT_DATA_LENGTH) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "number of fields in extension " - "exceeded maximum allowed data length: %d.\n", - MAX_EXT_DATA_LENGTH); - return SECFailure; - } - extStr->extData[extStr->nextUpdatedData] = PORT_Strdup(data); - if (!extStr->extData[extStr->nextUpdatedData]) { - return SECFailure; - } - extStr->nextUpdatedData += 1; - - return SECSuccess; -} - - -/**************************************************************************************** - * Top level functions are triggered directly by parser. - */ - -/* - * crl generation script parser recreates a temporary data staructure - * for each line it is going through. This function cleans temp structure. - */ -void -crlgen_destroyTempData(CRLGENGeneratorData *crlGenData) -{ - if (crlGenData->contextId != CRLGEN_UNKNOWN_CONTEXT) { - switch(crlGenData->contextId) { - case CRLGEN_ISSUER_CONTEXT: - case CRLGEN_UPDATE_CONTEXT: - case CRLGEN_NEXT_UPDATE_CONTEXT: - case CRLGEN_CHANGE_RANGE_CONTEXT: - if (crlGenData->crlField->value) - PORT_Free(crlGenData->crlField->value); - PORT_Free(crlGenData->crlField); - break; - case CRLGEN_ADD_CERT_CONTEXT: - case CRLGEN_RM_CERT_CONTEXT: - if (crlGenData->certEntry->certId) - PORT_Free(crlGenData->certEntry->certId); - if (crlGenData->certEntry->revocationTime) - PORT_Free(crlGenData->certEntry->revocationTime); - PORT_Free(crlGenData->certEntry); - break; - case CRLGEN_ADD_EXTENSION_CONTEXT: - if (crlGenData->extensionEntry->extData) { - int i = 0; - for (;i < crlGenData->extensionEntry->nextUpdatedData;i++) - PORT_Free(*(crlGenData->extensionEntry->extData + i)); - PORT_Free(crlGenData->extensionEntry->extData); - } - PORT_Free(crlGenData->extensionEntry); - break; - } - crlGenData->contextId = CRLGEN_UNKNOWN_CONTEXT; - } -} - -SECStatus -crlgen_updateCrl(CRLGENGeneratorData *crlGenData) -{ - SECStatus rv = SECSuccess; - - PORT_Assert(crlGenData); - if (!crlGenData) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - switch(crlGenData->contextId) { - case CRLGEN_ISSUER_CONTEXT: - case CRLGEN_UPDATE_CONTEXT: - case CRLGEN_NEXT_UPDATE_CONTEXT: - case CRLGEN_CHANGE_RANGE_CONTEXT: - rv = crlGenData->crlField->updateCrlFn(crlGenData, crlGenData->crlField); - break; - case CRLGEN_RM_CERT_CONTEXT: - case CRLGEN_ADD_CERT_CONTEXT: - rv = crlGenData->certEntry->updateCrlFn(crlGenData, crlGenData->certEntry); - break; - case CRLGEN_ADD_EXTENSION_CONTEXT: - rv = crlGenData->extensionEntry-> - updateCrlFn(crlGenData, crlGenData->extensionEntry); - break; - case CRLGEN_UNKNOWN_CONTEXT: - break; - default: - crlgen_PrintError(crlGenData->parsedLineNum, - "unknown lang context type code: %d.\n", - crlGenData->contextId); - PORT_Assert(0); - return SECFailure; - } - /* Clrean structures after crl update */ - crlgen_destroyTempData(crlGenData); - - crlGenData->parsedLineNum += 1; - - return rv; -} - -SECStatus -crlgen_setNextData(CRLGENGeneratorData *crlGenData, void *data, - unsigned short dtype) -{ - SECStatus rv = SECSuccess; - - PORT_Assert(crlGenData); - if (!crlGenData) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - switch(crlGenData->contextId) { - case CRLGEN_ISSUER_CONTEXT: - case CRLGEN_UPDATE_CONTEXT: - case CRLGEN_NEXT_UPDATE_CONTEXT: - case CRLGEN_CHANGE_RANGE_CONTEXT: - rv = crlGenData->crlField->setNextDataFn(crlGenData, crlGenData->crlField, - data, dtype); - break; - case CRLGEN_ADD_CERT_CONTEXT: - case CRLGEN_RM_CERT_CONTEXT: - rv = crlGenData->certEntry->setNextDataFn(crlGenData, crlGenData->certEntry, - data, dtype); - break; - case CRLGEN_ADD_EXTENSION_CONTEXT: - rv = - crlGenData->extensionEntry-> - setNextDataFn(crlGenData, crlGenData->extensionEntry, data, dtype); - break; - case CRLGEN_UNKNOWN_CONTEXT: - break; - default: - crlgen_PrintError(crlGenData->parsedLineNum, - "unknown context type: %d.\n", - crlGenData->contextId); - PORT_Assert(0); - return SECFailure; - } - return rv; -} - -SECStatus -crlgen_createNewLangStruct(CRLGENGeneratorData *crlGenData, - unsigned structType) -{ - PORT_Assert(crlGenData && - crlGenData->contextId == CRLGEN_UNKNOWN_CONTEXT); - if (!crlGenData || - crlGenData->contextId != CRLGEN_UNKNOWN_CONTEXT) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - switch(structType) { - case CRLGEN_ISSUER_CONTEXT: - case CRLGEN_UPDATE_CONTEXT: - case CRLGEN_NEXT_UPDATE_CONTEXT: - case CRLGEN_CHANGE_RANGE_CONTEXT: - crlGenData->crlField = PORT_New(CRLGENCrlField); - if (!crlGenData->crlField) { - return SECFailure; - } - crlGenData->contextId = structType; - crlGenData->crlField->value = NULL; - crlGenData->crlField->updateCrlFn = &crlgen_updateCrlFn_field; - crlGenData->crlField->setNextDataFn = &crlgen_setNextDataFn_field; - break; - case CRLGEN_RM_CERT_CONTEXT: - case CRLGEN_ADD_CERT_CONTEXT: - crlGenData->certEntry = PORT_New(CRLGENCertEntry); - if (!crlGenData->certEntry) { - return SECFailure; - } - crlGenData->contextId = structType; - crlGenData->certEntry->certId = 0; - crlGenData->certEntry->revocationTime = NULL; - crlGenData->certEntry->updateCrlFn = &crlgen_updateCrlFn_cert; - crlGenData->certEntry->setNextDataFn = &crlgen_setNextDataFn_cert; - break; - case CRLGEN_ADD_EXTENSION_CONTEXT: - crlGenData->extensionEntry = PORT_New(CRLGENExtensionEntry); - if (!crlGenData->extensionEntry) { - return SECFailure; - } - crlGenData->contextId = structType; - crlGenData->extensionEntry->extData = NULL; - crlGenData->extensionEntry->nextUpdatedData = 0; - crlGenData->extensionEntry->updateCrlFn = - &crlgen_updateCrlFn_extension; - crlGenData->extensionEntry->setNextDataFn = - &crlgen_setNextDataFn_extension; - break; - case CRLGEN_UNKNOWN_CONTEXT: - break; - default: - crlgen_PrintError(crlGenData->parsedLineNum, - "unknown context type: %d.\n", structType); - PORT_Assert(0); - return SECFailure; - } - return SECSuccess; -} - - -/* Parser initialization function */ -CRLGENGeneratorData* -CRLGEN_InitCrlGeneration(CERTSignedCrl *signCrl, PRFileDesc *src) -{ - CRLGENGeneratorData *crlGenData = NULL; - - PORT_Assert(signCrl && src); - if (!signCrl || !src) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } - - crlGenData = PORT_ZNew(CRLGENGeneratorData); - if (!crlGenData) { - return NULL; - } - - crlGenData->entryDataHashTable = - PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare, - PL_CompareValues, NULL, NULL); - if (!crlGenData->entryDataHashTable) { - PORT_Free(crlGenData); - return NULL; - } - - crlGenData->src = src; - crlGenData->parsedLineNum = 1; - crlGenData->contextId = CRLGEN_UNKNOWN_CONTEXT; - crlGenData->signCrl = signCrl; - crlGenData->rangeFrom = 0; - crlGenData->rangeTo = 0; - crlGenData->crlExtHandle = NULL; - - PORT_SetError(0); - - return crlGenData; -} - -void -CRLGEN_FinalizeCrlGeneration(CRLGENGeneratorData *crlGenData) -{ - if (!crlGenData) - return; - if (crlGenData->src) - PR_Close(crlGenData->src); - PL_HashTableDestroy(crlGenData->entryDataHashTable); - PORT_Free(crlGenData); -} - diff --git a/security/nss/cmd/crlutil/crlgen.h b/security/nss/cmd/crlutil/crlgen.h deleted file mode 100644 index 4eb5304e35..0000000000 --- a/security/nss/cmd/crlutil/crlgen.h +++ /dev/null @@ -1,182 +0,0 @@ - -#ifndef _CRLGEN_H_ -#define _CRLGEN_H_ - -#include "prio.h" -#include "prprf.h" -#include "plhash.h" -#include "seccomon.h" -#include "certt.h" -#include "secoidt.h" - - -#define CRLGEN_UNKNOWN_CONTEXT 0 -#define CRLGEN_ISSUER_CONTEXT 1 -#define CRLGEN_UPDATE_CONTEXT 2 -#define CRLGEN_NEXT_UPDATE_CONTEXT 3 -#define CRLGEN_ADD_EXTENSION_CONTEXT 4 -#define CRLGEN_ADD_CERT_CONTEXT 6 -#define CRLGEN_CHANGE_RANGE_CONTEXT 7 -#define CRLGEN_RM_CERT_CONTEXT 8 - -#define CRLGEN_TYPE_DATE 0 -#define CRLGEN_TYPE_ZDATE 1 -#define CRLGEN_TYPE_DIGIT 2 -#define CRLGEN_TYPE_DIGIT_RANGE 3 -#define CRLGEN_TYPE_OID 4 -#define CRLGEN_TYPE_STRING 5 -#define CRLGEN_TYPE_ID 6 - - -typedef struct CRLGENGeneratorDataStr CRLGENGeneratorData; -typedef struct CRLGENEntryDataStr CRLGENEntryData; -typedef struct CRLGENExtensionEntryStr CRLGENExtensionEntry; -typedef struct CRLGENCertEntrySrt CRLGENCertEntry; -typedef struct CRLGENCrlFieldStr CRLGENCrlField; -typedef struct CRLGENEntriesSortedDataStr CRLGENEntriesSortedData; - -/* Exported functions */ - -/* Used for initialization of extension handles for crl and certs - * extensions from existing CRL data then modifying existing CRL.*/ -extern SECStatus CRLGEN_ExtHandleInit(CRLGENGeneratorData *crlGenData); - -/* Commits all added entries and their's extensions into CRL. */ -extern SECStatus CRLGEN_CommitExtensionsAndEntries(CRLGENGeneratorData *crlGenData); - -/* Lunches the crl generation script parse */ -extern SECStatus CRLGEN_StartCrlGen(CRLGENGeneratorData *crlGenData); - -/* Closes crl generation script file and frees crlGenData */ -extern void CRLGEN_FinalizeCrlGeneration(CRLGENGeneratorData *crlGenData); - -/* Parser initialization function. Creates CRLGENGeneratorData structure - * for the current thread */ -extern CRLGENGeneratorData* CRLGEN_InitCrlGeneration(CERTSignedCrl *newCrl, - PRFileDesc *src); - - -/* This lock is defined in crlgen_lex.c(derived from crlgen_lex.l). - * It controls access to invocation of yylex, allows to parse one - * script at a time */ -extern void CRLGEN_InitCrlGenParserLock(); -extern void CRLGEN_DestroyCrlGenParserLock(); - - -/* The following function types are used to define functions for each of - * CRLGENExtensionEntryStr, CRLGENCertEntrySrt, CRLGENCrlFieldStr to - * provide functionality needed for these structures*/ -typedef SECStatus updateCrlFn_t(CRLGENGeneratorData *crlGenData, void *str); -typedef SECStatus setNextDataFn_t(CRLGENGeneratorData *crlGenData, void *str, - void *data, unsigned short dtype); -typedef SECStatus createNewLangStructFn_t(CRLGENGeneratorData *crlGenData, - void *str, unsigned i); - -/* Sets reports failure to parser if anything goes wrong */ -extern void crlgen_setFailure(CRLGENGeneratorData *str, char *); - -/* Collects data in to one of the current data structure that corresponds - * to the correct context type. This function gets called after each token - * is found for a particular line */ -extern SECStatus crlgen_setNextData(CRLGENGeneratorData *str, void *data, - unsigned short dtype); - -/* initiates crl update with collected data. This function is called at the - * end of each line */ -extern SECStatus crlgen_updateCrl(CRLGENGeneratorData *str); - -/* Creates new context structure depending on token that was parsed - * at the beginning of a line */ -extern SECStatus crlgen_createNewLangStruct(CRLGENGeneratorData *str, - unsigned structType); - - -/* CRLGENExtensionEntry is used to store addext request data for either - * CRL extensions or CRL entry extensions. The differentiation between - * is based on order and type of extension been added. - * - extData : all data in request staring from name of the extension are - * in saved here. - * - nextUpdatedData: counter of elements added to extData - */ -struct CRLGENExtensionEntryStr { - char **extData; - int nextUpdatedData; - updateCrlFn_t *updateCrlFn; - setNextDataFn_t *setNextDataFn; -}; - -/* CRLGENCeryestEntry is used to store addcert request data - * - certId : certificate id or range of certificate with dash as a delimiter - * All certs from range will be inclusively added to crl - * - revocationTime: revocation time of cert(s) - */ -struct CRLGENCertEntrySrt { - char *certId; - char *revocationTime; - updateCrlFn_t *updateCrlFn; - setNextDataFn_t *setNextDataFn; -}; - - -/* CRLGENCrlField is used to store crl fields record like update time, next - * update time, etc. - * - value: value of the parsed field data*/ -struct CRLGENCrlFieldStr { - char *value; - updateCrlFn_t *updateCrlFn; - setNextDataFn_t *setNextDataFn; -}; - -/* Can not create entries extension until completely done with parsing. - * Therefore need to keep joined data - * - certId : serial number of certificate - * - extHandle: head pointer to a list of extensions that belong to - * entry - * - entry : CERTCrlEntry structure pointer*/ -struct CRLGENEntryDataStr { - SECItem *certId; - void *extHandle; - CERTCrlEntry *entry; -}; - -/* Crl generator/parser main structure. Keeps info regarding current state of - * parser(context, status), parser helper functions pointers, parsed data and - * generated data. - * - contextId : current parsing context. Context in this parser environment - * defines what type of crl operations parser is going through - * in the current line of crl generation script. - * setting or new cert or an extension addition, etc. - * - createNewLangStructFn: pointer to top level function which creates - * data structures according contextId - * - setNextDataFn : pointer to top level function which sets new parsed data - * in temporary structure - * - updateCrlFn : pointer to top level function which triggers actual - * crl update functions with gathered data - * - union : data union create according to contextId - * - rangeFrom, rangeTo : holds last range in which certs was added - * - newCrl : pointer to CERTSignedCrl newly created crl - * - crlExtHandle : pointer to crl extension handle - * - entryDataHashTable: hash of CRLGENEntryData. - * key: cert serial number - * data: CRLGENEntryData pointer - * - parserStatus : current status of parser. Triggers parser to abort when - * set to SECFailure - * - src : PRFileDesc structure pointer of crl generator config file - * - parsedLineNum : currently parsing line. Keeping it to report errors */ -struct CRLGENGeneratorDataStr { - unsigned short contextId; - CRLGENCrlField *crlField; - CRLGENCertEntry *certEntry; - CRLGENExtensionEntry *extensionEntry; - PRUint64 rangeFrom; - PRUint64 rangeTo; - CERTSignedCrl *signCrl; - void *crlExtHandle; - PLHashTable *entryDataHashTable; - - PRFileDesc *src; - int parsedLineNum; -}; - - -#endif /* _CRLGEN_H_ */ diff --git a/security/nss/cmd/crlutil/crlgen_lex.c b/security/nss/cmd/crlutil/crlgen_lex.c deleted file mode 100644 index 76988aef78..0000000000 --- a/security/nss/cmd/crlutil/crlgen_lex.c +++ /dev/null @@ -1,1783 +0,0 @@ -/* A lexical scanner generated by flex */ - -/* Scanner skeleton version: - * $Header$ - */ - -#define FLEX_SCANNER -#define YY_FLEX_MAJOR_VERSION 2 -#define YY_FLEX_MINOR_VERSION 5 - -#include -#ifdef _WIN32 -#include -#else -#include -#endif - -/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ -#ifdef c_plusplus -#ifndef __cplusplus -#define __cplusplus -#endif -#endif - -#ifdef __cplusplus - -#include - -/* Use prototypes in function declarations. */ -#define YY_USE_PROTOS - -/* The "const" storage-class-modifier is valid. */ -#define YY_USE_CONST - -#else /* ! __cplusplus */ - -#if __STDC__ - -#define YY_USE_PROTOS -#define YY_USE_CONST - -#endif /* __STDC__ */ -#endif /* ! __cplusplus */ - -#ifdef __TURBOC__ - #pragma warn -rch - #pragma warn -use -#include -#include -#define YY_USE_CONST -#define YY_USE_PROTOS -#endif - -#ifdef YY_USE_CONST -#define yyconst const -#else -#define yyconst -#endif - - -#ifdef YY_USE_PROTOS -#define YY_PROTO(proto) proto -#else -#define YY_PROTO(proto) () -#endif - -/* Returned upon end-of-file. */ -#define YY_NULL 0 - -/* Promotes a possibly negative, possibly signed char to an unsigned - * integer for use as an array index. If the signed char is negative, - * we want to instead treat it as an 8-bit unsigned char, hence the - * double cast. - */ -#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) - -/* Enter a start condition. This macro really ought to take a parameter, - * but we do it the disgusting crufty way forced on us by the ()-less - * definition of BEGIN. - */ -#define BEGIN yy_start = 1 + 2 * - -/* Translate the current start state into a value that can be later handed - * to BEGIN to return to the state. The YYSTATE alias is for lex - * compatibility. - */ -#define YY_START ((yy_start - 1) / 2) -#define YYSTATE YY_START - -/* Action number for EOF rule of a given start state. */ -#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) - -/* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart( yyin ) - -#define YY_END_OF_BUFFER_CHAR 0 - -/* Size of default input buffer. */ -#define YY_BUF_SIZE 16384 - -typedef struct yy_buffer_state *YY_BUFFER_STATE; - -extern int yyleng; -extern FILE *yyin, *yyout; - -#define EOB_ACT_CONTINUE_SCAN 0 -#define EOB_ACT_END_OF_FILE 1 -#define EOB_ACT_LAST_MATCH 2 - -/* The funky do-while in the following #define is used to turn the definition - * int a single C statement (which needs a semi-colon terminator). This - * avoids problems with code like: - * - * if ( condition_holds ) - * yyless( 5 ); - * else - * do_something_else(); - * - * Prior to using the do-while the compiler would get upset at the - * "else" because it interpreted the "if" statement as being all - * done when it reached the ';' after the yyless() call. - */ - -/* Return all but the first 'n' matched characters back to the input stream. */ - -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - *yy_cp = yy_hold_char; \ - YY_RESTORE_YY_MORE_OFFSET \ - yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ - YY_DO_BEFORE_ACTION; /* set up yytext again */ \ - } \ - while ( 0 ) - -#define unput(c) yyunput( c, yytext_ptr ) - -/* The following is because we cannot portably get our hands on size_t - * (without autoconf's help, which isn't available because we want - * flex-generated scanners to compile on their own). - */ -typedef unsigned int yy_size_t; - - -struct yy_buffer_state - { - FILE *yy_input_file; - - char *yy_ch_buf; /* input buffer */ - char *yy_buf_pos; /* current position in input buffer */ - - /* Size of input buffer in bytes, not including room for EOB - * characters. - */ - yy_size_t yy_buf_size; - - /* Number of characters read into yy_ch_buf, not including EOB - * characters. - */ - int yy_n_chars; - - /* Whether we "own" the buffer - i.e., we know we created it, - * and can realloc() it to grow it, and should free() it to - * delete it. - */ - int yy_is_our_buffer; - - /* Whether this is an "interactive" input source; if so, and - * if we're using stdio for input, then we want to use getc() - * instead of fread(), to make sure we stop fetching input after - * each newline. - */ - int yy_is_interactive; - - /* Whether we're considered to be at the beginning of a line. - * If so, '^' rules will be active on the next match, otherwise - * not. - */ - int yy_at_bol; - - /* Whether to try to fill the input buffer when we reach the - * end of it. - */ - int yy_fill_buffer; - - int yy_buffer_status; -#define YY_BUFFER_NEW 0 -#define YY_BUFFER_NORMAL 1 - /* When an EOF's been seen but there's still some text to process - * then we mark the buffer as YY_EOF_PENDING, to indicate that we - * shouldn't try reading from the input source any more. We might - * still have a bunch of tokens to match, though, because of - * possible backing-up. - * - * When we actually see the EOF, we change the status to "new" - * (via yyrestart()), so that the user can continue scanning by - * just pointing yyin at a new input file. - */ -#define YY_BUFFER_EOF_PENDING 2 - }; - -static YY_BUFFER_STATE yy_current_buffer = 0; - -/* We provide macros for accessing buffer states in case in the - * future we want to put the buffer states in a more general - * "scanner state". - */ -#define YY_CURRENT_BUFFER yy_current_buffer - - -/* yy_hold_char holds the character lost when yytext is formed. */ -static char yy_hold_char; - -static int yy_n_chars; /* number of characters read into yy_ch_buf */ - - -int yyleng; - -/* Points to current character in buffer. */ -static char *yy_c_buf_p = (char *) 0; -static int yy_init = 1; /* whether we need to initialize */ -static int yy_start = 0; /* start state number */ - -/* Flag which is used to allow yywrap()'s to do buffer switches - * instead of setting up a fresh yyin. A bit of a hack ... - */ -static int yy_did_buffer_switch_on_eof; - -void yyrestart YY_PROTO(( FILE *input_file )); - -void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); -void yy_load_buffer_state YY_PROTO(( void )); -YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); -void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); -void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); -void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); -#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) - -YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); -YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); -YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); - -static void *yy_flex_alloc YY_PROTO(( yy_size_t )); -static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); -static void yy_flex_free YY_PROTO(( void * )); - -#define yy_new_buffer yy_create_buffer - -#define yy_set_interactive(is_interactive) \ - { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_is_interactive = is_interactive; \ - } - -#define yy_set_bol(at_bol) \ - { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_at_bol = at_bol; \ - } - -#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) - -typedef unsigned char YY_CHAR; -FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; -typedef int yy_state_type; -extern char *yytext; -#define yytext_ptr yytext - -static yy_state_type yy_get_previous_state YY_PROTO(( void )); -static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); -static int yy_get_next_buffer YY_PROTO(( void )); -static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); - -/* Done after the current pattern has been matched and before the - * corresponding action - sets up yytext. - */ -#define YY_DO_BEFORE_ACTION \ - yytext_ptr = yy_bp; \ - yytext_ptr -= yy_more_len; \ - yyleng = (int) (yy_cp - yytext_ptr); \ - yy_hold_char = *yy_cp; \ - *yy_cp = '\0'; \ - yy_c_buf_p = yy_cp; - -#define YY_NUM_RULES 17 -#define YY_END_OF_BUFFER 18 -static yyconst short int yy_accept[67] = - { 0, - 0, 0, 18, 16, 14, 15, 16, 11, 12, 2, - 10, 9, 9, 9, 9, 9, 13, 14, 15, 11, - 12, 0, 12, 2, 9, 9, 9, 9, 9, 13, - 3, 4, 2, 9, 9, 9, 9, 2, 9, 9, - 9, 9, 2, 2, 9, 9, 8, 9, 2, 5, - 9, 6, 2, 9, 2, 9, 2, 9, 2, 7, - 2, 2, 2, 2, 1, 0 - } ; - -static yyconst int yy_ec[256] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, - 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 1, 5, 6, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 7, 8, 1, 9, 9, 10, - 11, 12, 12, 12, 13, 13, 13, 14, 1, 1, - 15, 1, 1, 1, 16, 16, 16, 16, 16, 16, - 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, - 16, 16, 16, 16, 16, 16, 16, 16, 16, 17, - 1, 1, 1, 1, 1, 1, 18, 16, 16, 19, - - 20, 16, 21, 16, 22, 16, 16, 16, 16, 23, - 16, 24, 16, 25, 26, 27, 28, 16, 16, 29, - 16, 16, 1, 14, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1 - } ; - -static yyconst int yy_meta[30] = - { 0, - 1, 1, 2, 1, 3, 1, 1, 4, 5, 5, - 5, 5, 5, 4, 1, 4, 4, 4, 4, 4, - 4, 4, 4, 4, 4, 4, 4, 4, 4 - } ; - -static yyconst short int yy_base[72] = - { 0, - 0, 149, 154, 205, 138, 205, 103, 0, 0, 23, - 205, 29, 30, 31, 32, 33, 0, 99, 205, 0, - 0, 0, 50, 55, 34, 61, 41, 63, 64, 0, - 0, 0, 79, 65, 68, 86, 66, 99, 105, 88, - 106, 90, 118, 76, 107, 110, 89, 125, 43, 91, - 127, 128, 138, 144, 113, 129, 154, 160, 160, 130, - 172, 166, 177, 144, 0, 205, 190, 192, 194, 199, - 76 - } ; - -static yyconst short int yy_def[72] = - { 0, - 66, 1, 66, 66, 66, 66, 66, 67, 68, 68, - 66, 69, 69, 69, 69, 69, 70, 66, 66, 67, - 68, 71, 68, 10, 69, 69, 69, 69, 69, 70, - 71, 23, 10, 69, 69, 69, 69, 10, 69, 69, - 69, 69, 10, 38, 69, 69, 69, 69, 38, 69, - 69, 69, 38, 69, 38, 69, 38, 69, 38, 69, - 38, 38, 38, 38, 68, 0, 66, 66, 66, 66, - 66 - } ; - -static yyconst short int yy_nxt[235] = - { 0, - 4, 5, 6, 7, 8, 4, 4, 9, 10, 10, - 10, 10, 10, 9, 11, 12, 12, 12, 12, 12, - 12, 13, 14, 12, 15, 12, 12, 16, 12, 22, - 23, 24, 24, 24, 24, 24, 21, 21, 21, 21, - 21, 21, 21, 21, 21, 21, 21, 21, 21, 28, - 27, 53, 53, 53, 21, 26, 29, 32, 32, 32, - 32, 32, 32, 33, 33, 33, 33, 33, 21, 35, - 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, - 31, 21, 37, 42, 44, 36, 34, 38, 38, 38, - 38, 38, 39, 21, 40, 21, 21, 21, 21, 21, - - 18, 21, 21, 21, 21, 19, 41, 43, 44, 44, - 44, 44, 21, 21, 21, 46, 48, 21, 21, 21, - 21, 57, 57, 21, 45, 47, 49, 49, 49, 49, - 49, 50, 21, 51, 21, 21, 21, 21, 21, 18, - 21, 21, 21, 21, 52, 54, 55, 55, 55, 55, - 55, 21, 44, 66, 17, 58, 66, 21, 66, 66, - 65, 56, 59, 59, 59, 59, 59, 21, 61, 61, - 61, 61, 66, 21, 63, 63, 63, 63, 66, 60, - 62, 62, 62, 62, 62, 64, 64, 64, 64, 64, - 20, 20, 66, 20, 20, 21, 21, 25, 25, 30, - - 66, 30, 30, 30, 3, 66, 66, 66, 66, 66, - 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, - 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, - 66, 66, 66, 66 - } ; - -static yyconst short int yy_chk[235] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 10, - 10, 10, 10, 10, 10, 10, 12, 13, 14, 15, - 16, 25, 12, 13, 14, 15, 16, 25, 27, 15, - 14, 49, 49, 49, 27, 13, 16, 23, 23, 23, - 23, 23, 23, 24, 24, 24, 24, 24, 26, 27, - 28, 29, 34, 37, 26, 35, 28, 29, 34, 37, - 71, 35, 29, 37, 44, 28, 26, 33, 33, 33, - 33, 33, 34, 36, 35, 40, 47, 42, 50, 36, - - 18, 40, 47, 42, 50, 7, 36, 38, 38, 38, - 38, 38, 39, 41, 45, 40, 42, 46, 39, 41, - 45, 55, 55, 46, 39, 41, 43, 43, 43, 43, - 43, 45, 48, 46, 51, 52, 56, 60, 48, 5, - 51, 52, 56, 60, 48, 51, 53, 53, 53, 53, - 53, 54, 64, 3, 2, 56, 0, 54, 0, 0, - 64, 54, 57, 57, 57, 57, 57, 58, 59, 59, - 59, 59, 0, 58, 62, 62, 62, 62, 0, 58, - 61, 61, 61, 61, 61, 63, 63, 63, 63, 63, - 67, 67, 0, 67, 67, 68, 68, 69, 69, 70, - - 0, 70, 70, 70, 66, 66, 66, 66, 66, 66, - 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, - 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, - 66, 66, 66, 66 - } ; - -static yy_state_type yy_last_accepting_state; -static char *yy_last_accepting_cpos; - -/* The intent behind this definition is that it'll catch - * any uses of REJECT which flex missed. - */ -#define REJECT reject_used_but_not_detected -static int yy_more_flag = 0; -static int yy_more_len = 0; -#define yymore() (yy_more_flag = 1) -#define YY_MORE_ADJ yy_more_len -#define YY_RESTORE_YY_MORE_OFFSET -char *yytext; -#line 1 "crlgen_lex_orig.l" -#define INITIAL 0 -#line 2 "crlgen_lex_orig.l" - -#include "crlgen.h" - -static SECStatus parserStatus = SECSuccess; -static CRLGENGeneratorData *parserData; -static PRFileDesc *src; - -#define YY_INPUT(buf,result,max_size) \ - if ( parserStatus != SECFailure) { \ - if (((result = PR_Read(src, buf, max_size)) == 0) && \ - ferror( yyin )) \ - return SECFailure; \ - } else { return SECFailure; } - - - -/* Macros after this point can all be overridden by user definitions in - * section 1. - */ - -#ifndef YY_SKIP_YYWRAP -#ifdef __cplusplus -extern "C" int yywrap YY_PROTO(( void )); -#else -extern int yywrap YY_PROTO(( void )); -#endif -#endif - -#ifndef YY_NO_UNPUT -static void yyunput YY_PROTO(( int c, char *buf_ptr )); -#endif - -#ifndef yytext_ptr -static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); -#endif - -#ifdef YY_NEED_STRLEN -static int yy_flex_strlen YY_PROTO(( yyconst char * )); -#endif - -#ifndef YY_NO_INPUT -#ifdef __cplusplus -static int yyinput YY_PROTO(( void )); -#else -static int input YY_PROTO(( void )); -#endif -#endif - -#if YY_STACK_USED -static int yy_start_stack_ptr = 0; -static int yy_start_stack_depth = 0; -static int *yy_start_stack = 0; -#ifndef YY_NO_PUSH_STATE -static void yy_push_state YY_PROTO(( int new_state )); -#endif -#ifndef YY_NO_POP_STATE -static void yy_pop_state YY_PROTO(( void )); -#endif -#ifndef YY_NO_TOP_STATE -static int yy_top_state YY_PROTO(( void )); -#endif - -#else -#define YY_NO_PUSH_STATE 1 -#define YY_NO_POP_STATE 1 -#define YY_NO_TOP_STATE 1 -#endif - -#ifdef YY_MALLOC_DECL -YY_MALLOC_DECL -#else -#if __STDC__ -#ifndef __cplusplus -#include -#endif -#else -/* Just try to get by without declaring the routines. This will fail - * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) - * or sizeof(void*) != sizeof(int). - */ -#endif -#endif - -/* Amount of stuff to slurp up with each read. */ -#ifndef YY_READ_BUF_SIZE -#define YY_READ_BUF_SIZE 8192 -#endif - -/* Copy whatever the last rule matched to the standard output. */ - -#ifndef ECHO -/* This used to be an fputs(), but since the string might contain NUL's, - * we now use fwrite(). - */ -#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) -#endif - -/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, - * is returned in "result". - */ -#ifndef YY_INPUT -#define YY_INPUT(buf,result,max_size) \ - if ( yy_current_buffer->yy_is_interactive ) \ - { \ - int c = '*', n; \ - for ( n = 0; n < max_size && \ - (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ - buf[n] = (char) c; \ - if ( c == '\n' ) \ - buf[n++] = (char) c; \ - if ( c == EOF && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - result = n; \ - } \ - else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ - && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); -#endif - -/* No semi-colon after return; correct usage is to write "yyterminate();" - - * we don't want an extra ';' after the "return" because that will cause - * some compilers to complain about unreachable statements. - */ -#ifndef yyterminate -#define yyterminate() return YY_NULL -#endif - -/* Number of entries by which start-condition stack grows. */ -#ifndef YY_START_STACK_INCR -#define YY_START_STACK_INCR 25 -#endif - -/* Report a fatal error. */ -#ifndef YY_FATAL_ERROR -#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) -#endif - -/* Default declaration of generated scanner - a define so the user can - * easily add parameters. - */ -#ifndef YY_DECL -#define YY_DECL int yylex YY_PROTO(( void )) -#endif - -/* Code executed at the beginning of each rule, after yytext and yyleng - * have been set up. - */ -#ifndef YY_USER_ACTION -#define YY_USER_ACTION -#endif - -/* Code executed at the end of each rule. */ -#ifndef YY_BREAK -#define YY_BREAK break; -#endif - -#define YY_RULE_SETUP \ - if ( yyleng > 0 ) \ - yy_current_buffer->yy_at_bol = \ - (yytext[yyleng - 1] == '\n'); \ - YY_USER_ACTION - -YY_DECL - { - register yy_state_type yy_current_state; - register char *yy_cp = NULL, *yy_bp = NULL; - register int yy_act; - -#line 28 "crlgen_lex_orig.l" - - - - if ( yy_init ) - { - yy_init = 0; - -#ifdef YY_USER_INIT - YY_USER_INIT; -#endif - - if ( ! yy_start ) - yy_start = 1; /* first start state */ - - if ( ! yyin ) - yyin = stdin; - - if ( ! yyout ) - yyout = stdout; - - if ( ! yy_current_buffer ) - yy_current_buffer = - yy_create_buffer( yyin, YY_BUF_SIZE ); - - yy_load_buffer_state(); - } - - while ( 1 ) /* loops until end-of-file is reached */ - { - yy_more_len = 0; - if ( yy_more_flag ) - { - yy_more_len = yy_c_buf_p - yytext_ptr; - yy_more_flag = 0; - } - yy_cp = yy_c_buf_p; - - /* Support of yytext. */ - *yy_cp = yy_hold_char; - - /* yy_bp points to the position in yy_ch_buf of the start of - * the current run. - */ - yy_bp = yy_cp; - - yy_current_state = yy_start; - yy_current_state += YY_AT_BOL(); -yy_match: - do - { - register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 67 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - ++yy_cp; - } - while ( yy_base[yy_current_state] != 205 ); - -yy_find_action: - yy_act = yy_accept[yy_current_state]; - if ( yy_act == 0 ) - { /* have to back up */ - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; - yy_act = yy_accept[yy_current_state]; - } - - YY_DO_BEFORE_ACTION; - - -do_action: /* This label is used only to access EOF actions. */ - - - switch ( yy_act ) - { /* beginning of action switch */ - case 0: /* must back up */ - /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = yy_hold_char; - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; - goto yy_find_action; - -case 1: -YY_RULE_SETUP -#line 30 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ZDATE); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 2: -YY_RULE_SETUP -#line 36 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 3: -YY_RULE_SETUP -#line 42 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT_RANGE); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 4: -YY_RULE_SETUP -#line 48 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_OID); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 5: -YY_RULE_SETUP -#line 54 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_ISSUER_CONTEXT); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 6: -YY_RULE_SETUP -#line 60 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_UPDATE_CONTEXT); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 7: -YY_RULE_SETUP -#line 65 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_NEXT_UPDATE_CONTEXT); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 8: -YY_RULE_SETUP -#line 71 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_CHANGE_RANGE_CONTEXT); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 9: -YY_RULE_SETUP -#line 77 "crlgen_lex_orig.l" -{ -if (strcmp(yytext, "addcert") == 0) { - parserStatus = crlgen_createNewLangStruct(parserData, - CRLGEN_ADD_CERT_CONTEXT); - if (parserStatus != SECSuccess) - return parserStatus; -} else if (strcmp(yytext, "rmcert") == 0) { - parserStatus = crlgen_createNewLangStruct(parserData, - CRLGEN_RM_CERT_CONTEXT); - if (parserStatus != SECSuccess) - return parserStatus; -} else if (strcmp(yytext, "addext") == 0) { - parserStatus = crlgen_createNewLangStruct(parserData, - CRLGEN_ADD_EXTENSION_CONTEXT); - if (parserStatus != SECSuccess) - return parserStatus; -} else { - parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ID); - if (parserStatus != SECSuccess) - return parserStatus; -} -} - YY_BREAK -case 10: -YY_RULE_SETUP -#line 100 "crlgen_lex_orig.l" - - YY_BREAK -case 11: -YY_RULE_SETUP -#line 102 "crlgen_lex_orig.l" -{ -if (yytext[yyleng-1] == '\\') { - yymore(); -} else { - register int c; - c = input(); - if (c != '\"') { - printf( "Error: Line ending \" is missing: %c\n", c); - unput(c); - } else { - parserStatus = crlgen_setNextData(parserData, yytext + 1, - CRLGEN_TYPE_STRING); - if (parserStatus != SECSuccess) - return parserStatus; - } -} -} - YY_BREAK -case 12: -YY_RULE_SETUP -#line 120 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_STRING); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 13: -YY_RULE_SETUP -#line 128 "crlgen_lex_orig.l" -/* eat up one-line comments */ {} - YY_BREAK -case 14: -YY_RULE_SETUP -#line 130 "crlgen_lex_orig.l" -{} - YY_BREAK -case 15: -YY_RULE_SETUP -#line 132 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_updateCrl(parserData); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 16: -YY_RULE_SETUP -#line 138 "crlgen_lex_orig.l" -{ - fprintf(stderr, "Syntax error at line %d: unknown token %s\n", - parserData->parsedLineNum, yytext); - return SECFailure; -} - YY_BREAK -case 17: -YY_RULE_SETUP -#line 144 "crlgen_lex_orig.l" -ECHO; - YY_BREAK -case YY_STATE_EOF(INITIAL): - yyterminate(); - - case YY_END_OF_BUFFER: - { - /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; - - /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = yy_hold_char; - YY_RESTORE_YY_MORE_OFFSET - - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) - { - /* We're scanning a new file or input source. It's - * possible that this happened because the user - * just pointed yyin at a new source and called - * yylex(). If so, then we have to assure - * consistency between yy_current_buffer and our - * globals. Here is the right place to do so, because - * this is the first action (other than possibly a - * back-up) that will match for the new input source. - */ - yy_n_chars = yy_current_buffer->yy_n_chars; - yy_current_buffer->yy_input_file = yyin; - yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; - } - - /* Note that here we test for yy_c_buf_p "<=" to the position - * of the first EOB in the buffer, since yy_c_buf_p will - * already have been incremented past the NUL character - * (since all states make transitions on EOB to the - * end-of-buffer state). Contrast this with the test - * in input(). - */ - if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) - { /* This was really a NUL. */ - yy_state_type yy_next_state; - - yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state(); - - /* Okay, we're now positioned to make the NUL - * transition. We couldn't have - * yy_get_previous_state() go ahead and do it - * for us because it doesn't know how to deal - * with the possibility of jamming (and we don't - * want to build jamming into it because then it - * will run more slowly). - */ - - yy_next_state = yy_try_NUL_trans( yy_current_state ); - - yy_bp = yytext_ptr + YY_MORE_ADJ; - - if ( yy_next_state ) - { - /* Consume the NUL. */ - yy_cp = ++yy_c_buf_p; - yy_current_state = yy_next_state; - goto yy_match; - } - - else - { - yy_cp = yy_c_buf_p; - goto yy_find_action; - } - } - - else switch ( yy_get_next_buffer() ) - { - case EOB_ACT_END_OF_FILE: - { - yy_did_buffer_switch_on_eof = 0; - - if ( yywrap() ) - { - /* Note: because we've taken care in - * yy_get_next_buffer() to have set up - * yytext, we can now set up - * yy_c_buf_p so that if some total - * hoser (like flex itself) wants to - * call the scanner after we return the - * YY_NULL, it'll still work - another - * YY_NULL will get returned. - */ - yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; - - yy_act = YY_STATE_EOF(YY_START); - goto do_action; - } - - else - { - if ( ! yy_did_buffer_switch_on_eof ) - YY_NEW_FILE; - } - break; - } - - case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = - yytext_ptr + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state(); - - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; - goto yy_match; - - case EOB_ACT_LAST_MATCH: - yy_c_buf_p = - &yy_current_buffer->yy_ch_buf[yy_n_chars]; - - yy_current_state = yy_get_previous_state(); - - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; - goto yy_find_action; - } - break; - } - - default: - YY_FATAL_ERROR( - "fatal flex scanner internal error--no action found" ); - } /* end of action switch */ - } /* end of scanning one token */ - } /* end of yylex */ - - -/* yy_get_next_buffer - try to read in a new buffer - * - * Returns a code representing an action: - * EOB_ACT_LAST_MATCH - - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position - * EOB_ACT_END_OF_FILE - end of file - */ - -static int yy_get_next_buffer() - { - register char *dest = yy_current_buffer->yy_ch_buf; - register char *source = yytext_ptr; - register int number_to_move, i; - int ret_val; - - if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) - YY_FATAL_ERROR( - "fatal flex scanner internal error--end of buffer missed" ); - - if ( yy_current_buffer->yy_fill_buffer == 0 ) - { /* Don't try to fill the buffer, so this is an EOF. */ - if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) - { - /* We matched a single character, the EOB, so - * treat this as a final EOF. - */ - return EOB_ACT_END_OF_FILE; - } - - else - { - /* We matched some text prior to the EOB, first - * process it. - */ - return EOB_ACT_LAST_MATCH; - } - } - - /* Try to read more data. */ - - /* First move last chars to start of buffer. */ - number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; - - for ( i = 0; i < number_to_move; ++i ) - *(dest++) = *(source++); - - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) - /* don't do the read, it's not guaranteed to return an EOF, - * just force an EOF - */ - yy_current_buffer->yy_n_chars = yy_n_chars = 0; - - else - { - int num_to_read = - yy_current_buffer->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) - { /* Not enough room in the buffer - grow it. */ -#ifdef YY_USES_REJECT - YY_FATAL_ERROR( -"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); -#else - - /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = yy_current_buffer; - - int yy_c_buf_p_offset = - (int) (yy_c_buf_p - b->yy_ch_buf); - - if ( b->yy_is_our_buffer ) - { - int new_size = b->yy_buf_size * 2; - - if ( new_size <= 0 ) - b->yy_buf_size += b->yy_buf_size / 8; - else - b->yy_buf_size *= 2; - - b->yy_ch_buf = (char *) - /* Include room in for 2 EOB chars. */ - yy_flex_realloc( (void *) b->yy_ch_buf, - b->yy_buf_size + 2 ); - } - else - /* Can't grow it, we don't own it. */ - b->yy_ch_buf = 0; - - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( - "fatal error - scanner input buffer overflow" ); - - yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; - - num_to_read = yy_current_buffer->yy_buf_size - - number_to_move - 1; -#endif - } - - if ( num_to_read > YY_READ_BUF_SIZE ) - num_to_read = YY_READ_BUF_SIZE; - - /* Read in more data. */ - YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), - yy_n_chars, num_to_read ); - - yy_current_buffer->yy_n_chars = yy_n_chars; - } - - if ( yy_n_chars == 0 ) - { - if ( number_to_move == YY_MORE_ADJ ) - { - ret_val = EOB_ACT_END_OF_FILE; - yyrestart( yyin ); - } - - else - { - ret_val = EOB_ACT_LAST_MATCH; - yy_current_buffer->yy_buffer_status = - YY_BUFFER_EOF_PENDING; - } - } - - else - ret_val = EOB_ACT_CONTINUE_SCAN; - - yy_n_chars += number_to_move; - yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; - yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; - - yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; - - return ret_val; - } - - -/* yy_get_previous_state - get the state just before the EOB char was reached */ - -static yy_state_type yy_get_previous_state() - { - register yy_state_type yy_current_state; - register char *yy_cp; - - yy_current_state = yy_start; - yy_current_state += YY_AT_BOL(); - - for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) - { - register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 67 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - } - - return yy_current_state; - } - - -/* yy_try_NUL_trans - try to make a transition on the NUL character - * - * synopsis - * next_state = yy_try_NUL_trans( current_state ); - */ - -#ifdef YY_USE_PROTOS -static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) -#else -static yy_state_type yy_try_NUL_trans( yy_current_state ) -yy_state_type yy_current_state; -#endif - { - register int yy_is_jam; - register char *yy_cp = yy_c_buf_p; - - register YY_CHAR yy_c = 1; - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 67 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 66); - - return yy_is_jam ? 0 : yy_current_state; - } - - -#ifndef YY_NO_UNPUT -#ifdef YY_USE_PROTOS -static void yyunput( int c, register char *yy_bp ) -#else -static void yyunput( c, yy_bp ) -int c; -register char *yy_bp; -#endif - { - register char *yy_cp = yy_c_buf_p; - - /* undo effects of setting up yytext */ - *yy_cp = yy_hold_char; - - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) - { /* need to shift things up to make room */ - /* +2 for EOB chars. */ - register int number_to_move = yy_n_chars + 2; - register char *dest = &yy_current_buffer->yy_ch_buf[ - yy_current_buffer->yy_buf_size + 2]; - register char *source = - &yy_current_buffer->yy_ch_buf[number_to_move]; - - while ( source > yy_current_buffer->yy_ch_buf ) - *--dest = *--source; - - yy_cp += (int) (dest - source); - yy_bp += (int) (dest - source); - yy_current_buffer->yy_n_chars = - yy_n_chars = yy_current_buffer->yy_buf_size; - - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) - YY_FATAL_ERROR( "flex scanner push-back overflow" ); - } - - *--yy_cp = (char) c; - - - yytext_ptr = yy_bp; - yy_hold_char = *yy_cp; - yy_c_buf_p = yy_cp; - } -#endif /* ifndef YY_NO_UNPUT */ - - -#ifndef YY_NO_INPUT -#ifdef __cplusplus -static int yyinput() -#else -static int input() -#endif - { - int c; - - *yy_c_buf_p = yy_hold_char; - - if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) - { - /* yy_c_buf_p now points to the character we want to return. - * If this occurs *before* the EOB characters, then it's a - * valid NUL; if not, then we've hit the end of the buffer. - */ - if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) - /* This was really a NUL. */ - *yy_c_buf_p = '\0'; - - else - { /* need more input */ - int offset = yy_c_buf_p - yytext_ptr; - ++yy_c_buf_p; - - switch ( yy_get_next_buffer() ) - { - case EOB_ACT_LAST_MATCH: - /* This happens because yy_g_n_b() - * sees that we've accumulated a - * token and flags that we need to - * try matching the token before - * proceeding. But for input(), - * there's no matching to consider. - * So convert the EOB_ACT_LAST_MATCH - * to EOB_ACT_END_OF_FILE. - */ - - /* Reset buffer status. */ - yyrestart( yyin ); - - /* fall through */ - - case EOB_ACT_END_OF_FILE: - { - if ( yywrap() ) - return EOF; - - if ( ! yy_did_buffer_switch_on_eof ) - YY_NEW_FILE; -#ifdef __cplusplus - return yyinput(); -#else - return input(); -#endif - } - - case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = yytext_ptr + offset; - break; - } - } - } - - c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ - *yy_c_buf_p = '\0'; /* preserve yytext */ - yy_hold_char = *++yy_c_buf_p; - - yy_current_buffer->yy_at_bol = (c == '\n'); - - return c; - } -#endif /* YY_NO_INPUT */ - -#ifdef YY_USE_PROTOS -void yyrestart( FILE *input_file ) -#else -void yyrestart( input_file ) -FILE *input_file; -#endif - { - if ( ! yy_current_buffer ) - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); - - yy_init_buffer( yy_current_buffer, input_file ); - yy_load_buffer_state(); - } - - -#ifdef YY_USE_PROTOS -void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) -#else -void yy_switch_to_buffer( new_buffer ) -YY_BUFFER_STATE new_buffer; -#endif - { - if ( yy_current_buffer == new_buffer ) - return; - - if ( yy_current_buffer ) - { - /* Flush out information for old buffer. */ - *yy_c_buf_p = yy_hold_char; - yy_current_buffer->yy_buf_pos = yy_c_buf_p; - yy_current_buffer->yy_n_chars = yy_n_chars; - } - - yy_current_buffer = new_buffer; - yy_load_buffer_state(); - - /* We don't actually know whether we did this switch during - * EOF (yywrap()) processing, but the only time this flag - * is looked at is after yywrap() is called, so it's safe - * to go ahead and always set it. - */ - yy_did_buffer_switch_on_eof = 1; - } - - -#ifdef YY_USE_PROTOS -void yy_load_buffer_state( void ) -#else -void yy_load_buffer_state() -#endif - { - yy_n_chars = yy_current_buffer->yy_n_chars; - yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; - yyin = yy_current_buffer->yy_input_file; - yy_hold_char = *yy_c_buf_p; - } - - -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) -#else -YY_BUFFER_STATE yy_create_buffer( file, size ) -FILE *file; -int size; -#endif - { - YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_buf_size = size; - - /* yy_ch_buf has to be 2 characters longer than the size given because - * we need to put in 2 end-of-buffer characters. - */ - b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_is_our_buffer = 1; - - yy_init_buffer( b, file ); - - return b; - } - - -#ifdef YY_USE_PROTOS -void yy_delete_buffer( YY_BUFFER_STATE b ) -#else -void yy_delete_buffer( b ) -YY_BUFFER_STATE b; -#endif - { - if ( ! b ) - return; - - if ( b == yy_current_buffer ) - yy_current_buffer = (YY_BUFFER_STATE) 0; - - if ( b->yy_is_our_buffer ) - yy_flex_free( (void *) b->yy_ch_buf ); - - yy_flex_free( (void *) b ); - } - - - -#ifdef YY_USE_PROTOS -void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) -#else -void yy_init_buffer( b, file ) -YY_BUFFER_STATE b; -FILE *file; -#endif - - - { - yy_flush_buffer( b ); - - b->yy_input_file = file; - b->yy_fill_buffer = 1; - -#if YY_ALWAYS_INTERACTIVE - b->yy_is_interactive = 1; -#else -#if YY_NEVER_INTERACTIVE - b->yy_is_interactive = 0; -#else - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; -#endif -#endif - } - - -#ifdef YY_USE_PROTOS -void yy_flush_buffer( YY_BUFFER_STATE b ) -#else -void yy_flush_buffer( b ) -YY_BUFFER_STATE b; -#endif - - { - if ( ! b ) - return; - - b->yy_n_chars = 0; - - /* We always need two end-of-buffer characters. The first causes - * a transition to the end-of-buffer state. The second causes - * a jam in that state. - */ - b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; - b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; - - b->yy_buf_pos = &b->yy_ch_buf[0]; - - b->yy_at_bol = 1; - b->yy_buffer_status = YY_BUFFER_NEW; - - if ( b == yy_current_buffer ) - yy_load_buffer_state(); - } - - -#ifndef YY_NO_SCAN_BUFFER -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) -#else -YY_BUFFER_STATE yy_scan_buffer( base, size ) -char *base; -yy_size_t size; -#endif - { - YY_BUFFER_STATE b; - - if ( size < 2 || - base[size-2] != YY_END_OF_BUFFER_CHAR || - base[size-1] != YY_END_OF_BUFFER_CHAR ) - /* They forgot to leave room for the EOB's. */ - return 0; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); - - b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ - b->yy_buf_pos = b->yy_ch_buf = base; - b->yy_is_our_buffer = 0; - b->yy_input_file = 0; - b->yy_n_chars = b->yy_buf_size; - b->yy_is_interactive = 0; - b->yy_at_bol = 1; - b->yy_fill_buffer = 0; - b->yy_buffer_status = YY_BUFFER_NEW; - - yy_switch_to_buffer( b ); - - return b; - } -#endif - - -#ifndef YY_NO_SCAN_STRING -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) -#else -YY_BUFFER_STATE yy_scan_string( yy_str ) -yyconst char *yy_str; -#endif - { - int len; - for ( len = 0; yy_str[len]; ++len ) - ; - - return yy_scan_bytes( yy_str, len ); - } -#endif - - -#ifndef YY_NO_SCAN_BYTES -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) -#else -YY_BUFFER_STATE yy_scan_bytes( bytes, len ) -yyconst char *bytes; -int len; -#endif - { - YY_BUFFER_STATE b; - char *buf; - yy_size_t n; - int i; - - /* Get memory for full buffer, including space for trailing EOB's. */ - n = len + 2; - buf = (char *) yy_flex_alloc( n ); - if ( ! buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); - - for ( i = 0; i < len; ++i ) - buf[i] = bytes[i]; - - buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; - - b = yy_scan_buffer( buf, n ); - if ( ! b ) - YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); - - /* It's okay to grow etc. this buffer, and we should throw it - * away when we're done. - */ - b->yy_is_our_buffer = 1; - - return b; - } -#endif - - -#ifndef YY_NO_PUSH_STATE -#ifdef YY_USE_PROTOS -static void yy_push_state( int new_state ) -#else -static void yy_push_state( new_state ) -int new_state; -#endif - { - if ( yy_start_stack_ptr >= yy_start_stack_depth ) - { - yy_size_t new_size; - - yy_start_stack_depth += YY_START_STACK_INCR; - new_size = yy_start_stack_depth * sizeof( int ); - - if ( ! yy_start_stack ) - yy_start_stack = (int *) yy_flex_alloc( new_size ); - - else - yy_start_stack = (int *) yy_flex_realloc( - (void *) yy_start_stack, new_size ); - - if ( ! yy_start_stack ) - YY_FATAL_ERROR( - "out of memory expanding start-condition stack" ); - } - - yy_start_stack[yy_start_stack_ptr++] = YY_START; - - BEGIN(new_state); - } -#endif - - -#ifndef YY_NO_POP_STATE -static void yy_pop_state() - { - if ( --yy_start_stack_ptr < 0 ) - YY_FATAL_ERROR( "start-condition stack underflow" ); - - BEGIN(yy_start_stack[yy_start_stack_ptr]); - } -#endif - - -#ifndef YY_NO_TOP_STATE -static int yy_top_state() - { - return yy_start_stack[yy_start_stack_ptr - 1]; - } -#endif - -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 -#endif - -#ifdef YY_USE_PROTOS -static void yy_fatal_error( yyconst char msg[] ) -#else -static void yy_fatal_error( msg ) -char msg[]; -#endif - { - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); - } - - - -/* Redefine yyless() so it works in section 3 code. */ - -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - yytext[yyleng] = yy_hold_char; \ - yy_c_buf_p = yytext + n; \ - yy_hold_char = *yy_c_buf_p; \ - *yy_c_buf_p = '\0'; \ - yyleng = n; \ - } \ - while ( 0 ) - - -/* Internal utility routines. */ - -#ifndef yytext_ptr -#ifdef YY_USE_PROTOS -static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) -#else -static void yy_flex_strncpy( s1, s2, n ) -char *s1; -yyconst char *s2; -int n; -#endif - { - register int i; - for ( i = 0; i < n; ++i ) - s1[i] = s2[i]; - } -#endif - -#ifdef YY_NEED_STRLEN -#ifdef YY_USE_PROTOS -static int yy_flex_strlen( yyconst char *s ) -#else -static int yy_flex_strlen( s ) -yyconst char *s; -#endif - { - register int n; - for ( n = 0; s[n]; ++n ) - ; - - return n; - } -#endif - - -#ifdef YY_USE_PROTOS -static void *yy_flex_alloc( yy_size_t size ) -#else -static void *yy_flex_alloc( size ) -yy_size_t size; -#endif - { - return (void *) malloc( size ); - } - -#ifdef YY_USE_PROTOS -static void *yy_flex_realloc( void *ptr, yy_size_t size ) -#else -static void *yy_flex_realloc( ptr, size ) -void *ptr; -yy_size_t size; -#endif - { - /* The cast to (char *) in the following accommodates both - * implementations that use char* generic pointers, and those - * that use void* generic pointers. It works with the latter - * because both ANSI C and C++ allow castless assignment from - * any pointer type to void*, and deal with argument conversions - * as though doing an assignment. - */ - return (void *) realloc( (char *) ptr, size ); - } - -#ifdef YY_USE_PROTOS -static void yy_flex_free( void *ptr ) -#else -static void yy_flex_free( ptr ) -void *ptr; -#endif - { - free( ptr ); - } - -#if YY_MAIN -int main() - { - yylex(); - return 0; - } -#endif -#line 144 "crlgen_lex_orig.l" - -#include "prlock.h" - -static PRLock *parserInvocationLock; - -void CRLGEN_InitCrlGenParserLock() -{ - parserInvocationLock = PR_NewLock(); -} - -void CRLGEN_DestroyCrlGenParserLock() -{ - PR_DestroyLock(parserInvocationLock); -} - - -SECStatus CRLGEN_StartCrlGen(CRLGENGeneratorData *parserCtlData) -{ - SECStatus rv; - - PR_Lock(parserInvocationLock); - - parserStatus = SECSuccess; - parserData = parserCtlData; - src = parserCtlData->src; - - rv = yylex(); - - PR_Unlock(parserInvocationLock); - - return rv; -} - -int yywrap() {return 1;} diff --git a/security/nss/cmd/crlutil/crlgen_lex_fix.sed b/security/nss/cmd/crlutil/crlgen_lex_fix.sed deleted file mode 100644 index 603dd2d1be..0000000000 --- a/security/nss/cmd/crlutil/crlgen_lex_fix.sed +++ /dev/null @@ -1,6 +0,0 @@ -// { - i #ifdef _WIN32 - i #include - i #else - a #endif -} diff --git a/security/nss/cmd/crlutil/crlgen_lex_orig.l b/security/nss/cmd/crlutil/crlgen_lex_orig.l deleted file mode 100644 index 7cb1e5cde7..0000000000 --- a/security/nss/cmd/crlutil/crlgen_lex_orig.l +++ /dev/null @@ -1,177 +0,0 @@ -%{ - -#include "crlgen.h" - -static SECStatus parserStatus = SECSuccess; -static CRLGENGeneratorData *parserData; -static PRFileDesc *src; - -#define YY_INPUT(buf,result,max_size) \ - if ( parserStatus != SECFailure) { \ - if (((result = PR_Read(src, buf, max_size)) == 0) && \ - ferror( yyin )) \ - return SECFailure; \ - } else { return SECFailure; } - - -%} - -%a 5000 -DIGIT [0-9]+ -DIGIT_RANGE [0-9]+-[0-9]+ -ID [a-zA-Z][a-zA-Z0-9]* -OID [0-9]+\.[\.0-9]+ -DATE [0-9]{4}[01][0-9][0-3][0-9][0-2][0-9][0-6][0-9][0-6][0-9] -ZDATE [0-9]{4}[01][0-9][0-3][0-9][0-2][0-9][0-6][0-9][0-6][0-9]Z -N_SP_STRING [a-zA-Z0-9\:\|\.]+ - -%% - -{ZDATE} { -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ZDATE); -if (parserStatus != SECSuccess) - return parserStatus; -} - -{DIGIT} { -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT); -if (parserStatus != SECSuccess) - return parserStatus; -} - -{DIGIT_RANGE} { -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT_RANGE); -if (parserStatus != SECSuccess) - return parserStatus; -} - -{OID} { -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_OID); -if (parserStatus != SECSuccess) - return parserStatus; -} - -issuer { -parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_ISSUER_CONTEXT); -if (parserStatus != SECSuccess) - return parserStatus; -} - -update { -parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_UPDATE_CONTEXT); -if (parserStatus != SECSuccess) - return parserStatus; -} -nextupdate { -parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_NEXT_UPDATE_CONTEXT); -if (parserStatus != SECSuccess) - return parserStatus; -} - -range { -parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_CHANGE_RANGE_CONTEXT); -if (parserStatus != SECSuccess) - return parserStatus; -} - -{ID} { -if (strcmp(yytext, "addcert") == 0) { - parserStatus = crlgen_createNewLangStruct(parserData, - CRLGEN_ADD_CERT_CONTEXT); - if (parserStatus != SECSuccess) - return parserStatus; -} else if (strcmp(yytext, "rmcert") == 0) { - parserStatus = crlgen_createNewLangStruct(parserData, - CRLGEN_RM_CERT_CONTEXT); - if (parserStatus != SECSuccess) - return parserStatus; -} else if (strcmp(yytext, "addext") == 0) { - parserStatus = crlgen_createNewLangStruct(parserData, - CRLGEN_ADD_EXTENSION_CONTEXT); - if (parserStatus != SECSuccess) - return parserStatus; -} else { - parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ID); - if (parserStatus != SECSuccess) - return parserStatus; -} -} - -"=" - -\"[^\"]* { -if (yytext[yyleng-1] == '\\') { - yymore(); -} else { - register int c; - c = input(); - if (c != '\"') { - printf( "Error: Line ending \" is missing: %c\n", c); - unput(c); - } else { - parserStatus = crlgen_setNextData(parserData, yytext + 1, - CRLGEN_TYPE_STRING); - if (parserStatus != SECSuccess) - return parserStatus; - } -} -} - -{N_SP_STRING} { -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_STRING); -if (parserStatus != SECSuccess) - return parserStatus; -} - - - -^#[^\n]* /* eat up one-line comments */ {} - -[ \t]+ {} - -(\n|\r\n) { -parserStatus = crlgen_updateCrl(parserData); -if (parserStatus != SECSuccess) - return parserStatus; -} - -. { - fprintf(stderr, "Syntax error at line %d: unknown token %s\n", - parserData->parsedLineNum, yytext); - return SECFailure; -} - -%% -#include "prlock.h" - -static PRLock *parserInvocationLock; - -void CRLGEN_InitCrlGenParserLock() -{ - parserInvocationLock = PR_NewLock(); -} - -void CRLGEN_DestroyCrlGenParserLock() -{ - PR_DestroyLock(parserInvocationLock); -} - - -SECStatus CRLGEN_StartCrlGen(CRLGENGeneratorData *parserCtlData) -{ - SECStatus rv; - - PR_Lock(parserInvocationLock); - - parserStatus = SECSuccess; - parserData = parserCtlData; - src = parserCtlData->src; - - rv = yylex(); - - PR_Unlock(parserInvocationLock); - - return rv; -} - -int yywrap() {return 1;} diff --git a/security/nss/cmd/crlutil/crlutil.c b/security/nss/cmd/crlutil/crlutil.c deleted file mode 100644 index 9ee54335c2..0000000000 --- a/security/nss/cmd/crlutil/crlutil.c +++ /dev/null @@ -1,1089 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* -** certutil.c -** -** utility for managing certificates and the cert database -** -*/ -/* test only */ - -#include "nspr.h" -#include "plgetopt.h" -#include "secutil.h" -#include "cert.h" -#include "certi.h" -#include "certdb.h" -#include "nss.h" -#include "pk11func.h" -#include "crlgen.h" - -#define SEC_CERT_DB_EXISTS 0 -#define SEC_CREATE_CERT_DB 1 - -static char *progName; - -static CERTSignedCrl *FindCRL - (CERTCertDBHandle *certHandle, char *name, int type) -{ - CERTSignedCrl *crl = NULL; - CERTCertificate *cert = NULL; - SECItem derName; - - derName.data = NULL; - derName.len = 0; - - cert = CERT_FindCertByNicknameOrEmailAddr(certHandle, name); - if (!cert) { - CERTName *certName = NULL; - PRArenaPool *arena = NULL; - - certName = CERT_AsciiToName(name); - if (certName) { - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena) { - SECItem *nameItem = - SEC_ASN1EncodeItem (arena, NULL, (void *)certName, - SEC_ASN1_GET(CERT_NameTemplate)); - if (nameItem) { - SECITEM_CopyItem(NULL, &derName, nameItem); - } - PORT_FreeArena(arena, PR_FALSE); - } - CERT_DestroyName(certName); - } - - if (!derName.len || !derName.data) { - SECU_PrintError(progName, "could not find certificate named '%s'", name); - return ((CERTSignedCrl *)NULL); - } - } else { - SECITEM_CopyItem(NULL, &derName, &cert->derSubject); - CERT_DestroyCertificate (cert); - } - - crl = SEC_FindCrlByName(certHandle, &derName, type); - if (crl ==NULL) - SECU_PrintError - (progName, "could not find %s's CRL", name); - if (derName.data) { - SECITEM_FreeItem(&derName, PR_FALSE); - } - return (crl); -} - -static SECStatus DisplayCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType) -{ - CERTSignedCrl *crl = NULL; - - crl = FindCRL (certHandle, nickName, crlType); - - if (crl) { - SECU_PrintCRLInfo (stdout, &crl->crl, "CRL Info:\n", 0); - SEC_DestroyCrl (crl); - return SECSuccess; - } - return SECFailure; -} - -static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType, PRBool deletecrls) -{ - CERTCrlHeadNode *crlList = NULL; - CERTCrlNode *crlNode = NULL; - CERTName *name = NULL; - PRArenaPool *arena = NULL; - SECStatus rv; - - do { - arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE); - if (arena == NULL) { - fprintf(stderr, "%s: fail to allocate memory\n", progName); - break; - } - - name = PORT_ArenaZAlloc (arena, sizeof(*name)); - if (name == NULL) { - fprintf(stderr, "%s: fail to allocate memory\n", progName); - break; - } - name->arena = arena; - - rv = SEC_LookupCrls (certHandle, &crlList, crlType); - if (rv != SECSuccess) { - fprintf(stderr, "%s: fail to look up CRLs (%s)\n", progName, - SECU_Strerror(PORT_GetError())); - break; - } - - /* just in case */ - if (!crlList) - break; - - crlNode = crlList->first; - - fprintf (stdout, "\n"); - fprintf (stdout, "\n%-40s %-5s\n\n", "CRL names", "CRL Type"); - while (crlNode) { - char* asciiname = NULL; - CERTCertificate *cert = NULL; - if (crlNode->crl && &crlNode->crl->crl.derName) { - cert = CERT_FindCertByName(certHandle, - &crlNode->crl->crl.derName); - if (!cert) { - SECU_PrintError(progName, "could not find signing " - "certificate in database"); - } - } - if (cert) { - char* certName = NULL; - if (cert->nickname && PORT_Strlen(cert->nickname) > 0) { - certName = cert->nickname; - } else if (cert->emailAddr && PORT_Strlen(cert->emailAddr) > 0) { - certName = cert->emailAddr; - } - if (certName) { - asciiname = PORT_Strdup(certName); - } - CERT_DestroyCertificate(cert); - } - - if (!asciiname) { - name = &crlNode->crl->crl.name; - if (!name){ - SECU_PrintError(progName, "fail to get the CRL " - "issuer name"); - continue; - } - asciiname = CERT_NameToAscii(name); - } - fprintf (stdout, "%-40s %-5s\n", asciiname, "CRL"); - if (asciiname) { - PORT_Free(asciiname); - } - if ( PR_TRUE == deletecrls) { - CERTSignedCrl* acrl = NULL; - SECItem* issuer = &crlNode->crl->crl.derName; - acrl = SEC_FindCrlByName(certHandle, issuer, crlType); - if (acrl) - { - SEC_DeletePermCRL(acrl); - SEC_DestroyCrl(acrl); - } - } - crlNode = crlNode->next; - } - - } while (0); - if (crlList) - PORT_FreeArena (crlList->arena, PR_FALSE); - PORT_FreeArena (arena, PR_FALSE); -} - -static SECStatus ListCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType) -{ - if (nickName == NULL) { - ListCRLNames (certHandle, crlType, PR_FALSE); - return SECSuccess; - } - - return DisplayCRL (certHandle, nickName, crlType); -} - - - -static SECStatus DeleteCRL (CERTCertDBHandle *certHandle, char *name, int type) -{ - CERTSignedCrl *crl = NULL; - SECStatus rv = SECFailure; - - crl = FindCRL (certHandle, name, type); - if (!crl) { - SECU_PrintError - (progName, "could not find the issuer %s's CRL", name); - return SECFailure; - } - rv = SEC_DeletePermCRL (crl); - SEC_DestroyCrl(crl); - if (rv != SECSuccess) { - SECU_PrintError(progName, "fail to delete the issuer %s's CRL " - "from the perm database (reason: %s)", - name, SECU_Strerror(PORT_GetError())); - return SECFailure; - } - return (rv); -} - -SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type, - PRFileDesc *inFile, PRInt32 importOptions, PRInt32 decodeOptions) -{ - CERTSignedCrl *crl = NULL; - SECItem crlDER; - PK11SlotInfo* slot = NULL; - int rv; -#if defined(DEBUG_jp96085) - PRIntervalTime starttime, endtime, elapsed; - PRUint32 mins, secs, msecs; -#endif - - crlDER.data = NULL; - - - /* Read in the entire file specified with the -f argument */ - rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE); - if (rv != SECSuccess) { - SECU_PrintError(progName, "unable to read input file"); - return (SECFailure); - } - - decodeOptions |= CRL_DECODE_DONT_COPY_DER; - - slot = PK11_GetInternalKeySlot(); - -#if defined(DEBUG_jp96085) - starttime = PR_IntervalNow(); -#endif - crl = PK11_ImportCRL(slot, &crlDER, url, type, - NULL, importOptions, NULL, decodeOptions); -#if defined(DEBUG_jp96085) - endtime = PR_IntervalNow(); - elapsed = endtime - starttime; - mins = PR_IntervalToSeconds(elapsed) / 60; - secs = PR_IntervalToSeconds(elapsed) % 60; - msecs = PR_IntervalToMilliseconds(elapsed) % 1000; - printf("Elapsed : %2d:%2d.%3d\n", mins, secs, msecs); -#endif - if (!crl) { - const char *errString; - - rv = SECFailure; - errString = SECU_Strerror(PORT_GetError()); - if ( errString && PORT_Strlen (errString) == 0) - SECU_PrintError (progName, - "CRL is not imported (error: input CRL is not up to date.)"); - else - SECU_PrintError (progName, "unable to import CRL"); - } else { - SEC_DestroyCrl (crl); - } - if (slot) { - PK11_FreeSlot(slot); - } - return (rv); -} - - -static CERTCertificate* -FindSigningCert(CERTCertDBHandle *certHandle, CERTSignedCrl *signCrl, - char *certNickName) -{ - CERTCertificate *cert = NULL, *certTemp = NULL; - SECStatus rv = SECFailure; - CERTAuthKeyID* authorityKeyID = NULL; - SECItem* subject = NULL; - - PORT_Assert(certHandle != NULL); - if (!certHandle || (!signCrl && !certNickName)) { - SECU_PrintError(progName, "invalid args for function " - "FindSigningCert \n"); - return NULL; - } - - if (signCrl) { -#if 0 - authorityKeyID = SECU_FindCRLAuthKeyIDExten(tmpArena, scrl); -#endif - subject = &signCrl->crl.derName; - } else { - certTemp = CERT_FindCertByNickname(certHandle, certNickName); - if (!certTemp) { - SECU_PrintError(progName, "could not find certificate \"%s\" " - "in database", certNickName); - goto loser; - } - subject = &certTemp->derSubject; - } - - cert = SECU_FindCrlIssuer(certHandle, subject, authorityKeyID, PR_Now()); - if (!cert) { - SECU_PrintError(progName, "could not find signing certificate " - "in database"); - goto loser; - } else { - rv = SECSuccess; - } - - loser: - if (certTemp) - CERT_DestroyCertificate(certTemp); - if (cert && rv != SECSuccess) - CERT_DestroyCertificate(cert); - return cert; -} - -static CERTSignedCrl* -CreateModifiedCRLCopy(PRArenaPool *arena, CERTCertDBHandle *certHandle, - CERTCertificate **cert, char *certNickName, - PRFileDesc *inFile, PRInt32 decodeOptions, - PRInt32 importOptions) -{ - SECItem crlDER = {0, NULL, 0}; - CERTSignedCrl *signCrl = NULL; - CERTSignedCrl *modCrl = NULL; - PRArenaPool *modArena = NULL; - SECStatus rv = SECSuccess; - - if (!arena || !certHandle || !certNickName) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - SECU_PrintError(progName, "CreateModifiedCRLCopy: invalid args\n"); - return NULL; - } - - modArena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); - if (!modArena) { - SECU_PrintError(progName, "fail to allocate memory\n"); - return NULL; - } - - if (inFile != NULL) { - rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE); - if (rv != SECSuccess) { - SECU_PrintError(progName, "unable to read input file"); - PORT_FreeArena(modArena, PR_FALSE); - goto loser; - } - - decodeOptions |= CRL_DECODE_DONT_COPY_DER; - - modCrl = CERT_DecodeDERCrlWithFlags(modArena, &crlDER, SEC_CRL_TYPE, - decodeOptions); - if (!modCrl) { - SECU_PrintError(progName, "fail to decode CRL"); - goto loser; - } - - if (0 == (importOptions & CRL_IMPORT_BYPASS_CHECKS)){ - /* If caCert is a v2 certificate, make sure that it - * can be used for crl signing purpose */ - *cert = FindSigningCert(certHandle, modCrl, NULL); - if (!*cert) { - goto loser; - } - - rv = CERT_VerifySignedData(&modCrl->signatureWrap, *cert, - PR_Now(), NULL); - if (rv != SECSuccess) { - SECU_PrintError(progName, "fail to verify signed data\n"); - goto loser; - } - } - } else { - modCrl = FindCRL(certHandle, certNickName, SEC_CRL_TYPE); - if (!modCrl) { - SECU_PrintError(progName, "fail to find crl %s in database\n", - certNickName); - goto loser; - } - } - - signCrl = PORT_ArenaZNew(arena, CERTSignedCrl); - if (signCrl == NULL) { - SECU_PrintError(progName, "fail to allocate memory\n"); - goto loser; - } - - rv = SECU_CopyCRL(arena, &signCrl->crl, &modCrl->crl); - if (rv != SECSuccess) { - SECU_PrintError(progName, "unable to dublicate crl for " - "modification."); - goto loser; - } - - /* Make sure the update time is current. It can be modified later - * by "update