From f85b74f39ada41c16a1e19714d7a4158067edae5 Mon Sep 17 00:00:00 2001 From: cvs2hg Date: Tue, 3 Jan 2006 23:02:12 +0000 Subject: [PATCH] fixup commit for tag 'SVRCORE_4_0_1_RTM' --- dbm/.cvsignore | 1 - dbm/Makefile.in | 53 - dbm/include/.cvsignore | 1 - dbm/include/Makefile.in | 71 - dbm/include/Makefile.win | 77 - dbm/include/cdefs.h | 126 - dbm/include/extern.h | 65 - dbm/include/hash.h | 337 - dbm/include/hsearch.h | 51 - dbm/include/mcom_db.h | 424 - dbm/include/mpool.h | 99 - dbm/include/ncompat.h | 232 - dbm/include/ndbm.h | 77 - dbm/include/nsres.h | 41 - dbm/include/page.h | 96 - dbm/include/queue.h | 245 - dbm/include/search.h | 51 - dbm/include/watcomfx.h | 26 - dbm/include/winfile.h | 112 - dbm/src/.cvsignore | 1 - dbm/src/Makefile.in | 95 - dbm/src/Makefile.win | 113 - dbm/src/db.c | 144 - dbm/src/h_bigkey.c | 713 - dbm/src/h_func.c | 211 - dbm/src/h_log2.c | 56 - dbm/src/h_page.c | 1290 - dbm/src/hash.c | 1179 - dbm/src/hash_buf.c | 414 - dbm/src/hsearch.c | 108 - dbm/src/memmove.c | 150 - dbm/src/mktemp.c | 166 - dbm/src/ndbm.c | 195 - dbm/src/nsres.c | 305 - dbm/src/snprintf.c | 75 - dbm/src/strerror.c | 78 - dbm/tests/.cvsignore | 3 - dbm/tests/Makefile.in | 62 - dbm/tests/dbmtest.pkg | 2 - dbm/tests/lots.c | 638 - .../perf/perf.sh => coreconf/makefile.win} | 94 +- .../config.mk => coreconf/nsinstall/nfspwd} | 24 +- .../nsinstall/nfspwd.pl} | 21 +- security/dbm/Makefile | 80 - security/dbm/config/config.mk | 67 - security/dbm/include/Makefile | 76 - security/dbm/include/manifest.mn | 57 - security/dbm/manifest.mn | 45 - security/dbm/src/Makefile | 76 - security/dbm/src/config.mk | 63 - security/dbm/src/dirent.c | 348 - security/dbm/src/dirent.h | 97 - security/dbm/src/manifest.mn | 61 - security/dbm/tests/Makefile | 69 - security/nss/Makefile | 172 - security/nss/cmd/.cvsignore | 1 - security/nss/cmd/Makefile | 190 - security/nss/cmd/SSLsample/Makefile | 48 - security/nss/cmd/SSLsample/NSPRerrs.h | 136 - security/nss/cmd/SSLsample/README | 35 - security/nss/cmd/SSLsample/SECerrs.h | 444 - security/nss/cmd/SSLsample/SSLerrs.h | 369 - security/nss/cmd/SSLsample/client.c | 456 - security/nss/cmd/SSLsample/client.mn | 54 - security/nss/cmd/SSLsample/gencerts | 81 - security/nss/cmd/SSLsample/make.client | 81 - security/nss/cmd/SSLsample/make.server | 80 - security/nss/cmd/SSLsample/server.c | 821 - security/nss/cmd/SSLsample/server.mn | 52 - security/nss/cmd/SSLsample/sslerror.h | 113 - security/nss/cmd/SSLsample/sslsample.c | 594 - security/nss/cmd/SSLsample/sslsample.h | 180 - security/nss/cmd/addbuiltin/Makefile | 80 - security/nss/cmd/addbuiltin/addbuiltin.c | 389 - security/nss/cmd/addbuiltin/manifest.mn | 52 - security/nss/cmd/atob/Makefile | 80 - security/nss/cmd/atob/atob.c | 180 - security/nss/cmd/atob/manifest.mn | 54 - security/nss/cmd/bltest/Makefile | 86 - security/nss/cmd/bltest/blapitest.c | 3570 -- security/nss/cmd/bltest/manifest.mn | 62 - security/nss/cmd/bltest/tests/README | 49 - .../nss/cmd/bltest/tests/aes_cbc/ciphertext0 | 1 - security/nss/cmd/bltest/tests/aes_cbc/iv0 | 1 - security/nss/cmd/bltest/tests/aes_cbc/key0 | 1 - .../nss/cmd/bltest/tests/aes_cbc/numtests | 1 - .../nss/cmd/bltest/tests/aes_cbc/plaintext0 | 1 - .../nss/cmd/bltest/tests/aes_ecb/ciphertext0 | 1 - security/nss/cmd/bltest/tests/aes_ecb/key0 | 1 - .../nss/cmd/bltest/tests/aes_ecb/numtests | 1 - .../nss/cmd/bltest/tests/aes_ecb/plaintext0 | 1 - .../nss/cmd/bltest/tests/des3_cbc/ciphertext0 | 1 - security/nss/cmd/bltest/tests/des3_cbc/iv0 | 1 - security/nss/cmd/bltest/tests/des3_cbc/key0 | 1 - .../nss/cmd/bltest/tests/des3_cbc/numtests | 1 - .../nss/cmd/bltest/tests/des3_cbc/plaintext0 | 1 - .../nss/cmd/bltest/tests/des3_ecb/ciphertext0 | 1 - security/nss/cmd/bltest/tests/des3_ecb/key0 | 1 - .../nss/cmd/bltest/tests/des3_ecb/numtests | 1 - .../nss/cmd/bltest/tests/des3_ecb/plaintext0 | 1 - .../nss/cmd/bltest/tests/des_cbc/ciphertext0 | 1 - security/nss/cmd/bltest/tests/des_cbc/iv0 | 1 - security/nss/cmd/bltest/tests/des_cbc/key0 | 1 - .../nss/cmd/bltest/tests/des_cbc/numtests | 1 - .../nss/cmd/bltest/tests/des_cbc/plaintext0 | 1 - .../nss/cmd/bltest/tests/des_ecb/ciphertext0 | 1 - security/nss/cmd/bltest/tests/des_ecb/key0 | 1 - .../nss/cmd/bltest/tests/des_ecb/numtests | 1 - .../nss/cmd/bltest/tests/des_ecb/plaintext0 | 1 - security/nss/cmd/bltest/tests/dsa/ciphertext0 | 1 - security/nss/cmd/bltest/tests/dsa/key0 | 6 - security/nss/cmd/bltest/tests/dsa/keyseed0 | 1 - security/nss/cmd/bltest/tests/dsa/numtests | 1 - security/nss/cmd/bltest/tests/dsa/plaintext0 | 1 - security/nss/cmd/bltest/tests/dsa/pqg0 | 4 - security/nss/cmd/bltest/tests/dsa/sigseed0 | 1 - security/nss/cmd/bltest/tests/ecdsa/README | 22 - .../nss/cmd/bltest/tests/ecdsa/ciphertext0 | 1 - .../nss/cmd/bltest/tests/ecdsa/ciphertext1 | 1 - .../nss/cmd/bltest/tests/ecdsa/ciphertext10 | 2 - .../nss/cmd/bltest/tests/ecdsa/ciphertext11 | 2 - .../nss/cmd/bltest/tests/ecdsa/ciphertext12 | 2 - .../nss/cmd/bltest/tests/ecdsa/ciphertext13 | 2 - .../nss/cmd/bltest/tests/ecdsa/ciphertext14 | 2 - .../nss/cmd/bltest/tests/ecdsa/ciphertext15 | 2 - .../nss/cmd/bltest/tests/ecdsa/ciphertext16 | 3 - .../nss/cmd/bltest/tests/ecdsa/ciphertext17 | 3 - .../nss/cmd/bltest/tests/ecdsa/ciphertext18 | 3 - .../nss/cmd/bltest/tests/ecdsa/ciphertext19 | 3 - .../nss/cmd/bltest/tests/ecdsa/ciphertext2 | 1 - .../nss/cmd/bltest/tests/ecdsa/ciphertext20 | 3 - .../nss/cmd/bltest/tests/ecdsa/ciphertext3 | 1 - .../nss/cmd/bltest/tests/ecdsa/ciphertext4 | 1 - .../nss/cmd/bltest/tests/ecdsa/ciphertext5 | 1 - .../nss/cmd/bltest/tests/ecdsa/ciphertext6 | 1 - .../nss/cmd/bltest/tests/ecdsa/ciphertext7 | 1 - .../nss/cmd/bltest/tests/ecdsa/ciphertext8 | 2 - .../nss/cmd/bltest/tests/ecdsa/ciphertext9 | 2 - security/nss/cmd/bltest/tests/ecdsa/key0 | 2 - security/nss/cmd/bltest/tests/ecdsa/key1 | 2 - security/nss/cmd/bltest/tests/ecdsa/key10 | 3 - security/nss/cmd/bltest/tests/ecdsa/key11 | 3 - security/nss/cmd/bltest/tests/ecdsa/key12 | 3 - security/nss/cmd/bltest/tests/ecdsa/key13 | 3 - security/nss/cmd/bltest/tests/ecdsa/key14 | 3 - security/nss/cmd/bltest/tests/ecdsa/key15 | 4 - security/nss/cmd/bltest/tests/ecdsa/key16 | 4 - security/nss/cmd/bltest/tests/ecdsa/key17 | 4 - security/nss/cmd/bltest/tests/ecdsa/key18 | 5 - security/nss/cmd/bltest/tests/ecdsa/key19 | 5 - security/nss/cmd/bltest/tests/ecdsa/key2 | 2 - security/nss/cmd/bltest/tests/ecdsa/key20 | 5 - security/nss/cmd/bltest/tests/ecdsa/key3 | 2 - security/nss/cmd/bltest/tests/ecdsa/key4 | 2 - security/nss/cmd/bltest/tests/ecdsa/key5 | 2 - security/nss/cmd/bltest/tests/ecdsa/key6 | 2 - security/nss/cmd/bltest/tests/ecdsa/key7 | 2 - security/nss/cmd/bltest/tests/ecdsa/key8 | 3 - security/nss/cmd/bltest/tests/ecdsa/key9 | 3 - security/nss/cmd/bltest/tests/ecdsa/numtests | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext0 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext1 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext10 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext11 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext12 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext13 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext14 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext15 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext16 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext17 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext18 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext19 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext2 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext20 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext3 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext4 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext5 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext6 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext7 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext8 | 1 - .../nss/cmd/bltest/tests/ecdsa/plaintext9 | 1 - security/nss/cmd/bltest/tests/ecdsa/sigseed0 | 1 - security/nss/cmd/bltest/tests/ecdsa/sigseed1 | 1 - security/nss/cmd/bltest/tests/ecdsa/sigseed10 | 1 - security/nss/cmd/bltest/tests/ecdsa/sigseed11 | 1 - security/nss/cmd/bltest/tests/ecdsa/sigseed12 | 1 - security/nss/cmd/bltest/tests/ecdsa/sigseed13 | 1 - security/nss/cmd/bltest/tests/ecdsa/sigseed14 | 1 - security/nss/cmd/bltest/tests/ecdsa/sigseed15 | 1 - security/nss/cmd/bltest/tests/ecdsa/sigseed16 | 1 - security/nss/cmd/bltest/tests/ecdsa/sigseed17 | 1 - security/nss/cmd/bltest/tests/ecdsa/sigseed18 | 2 - security/nss/cmd/bltest/tests/ecdsa/sigseed19 | 2 - security/nss/cmd/bltest/tests/ecdsa/sigseed2 | 1 - security/nss/cmd/bltest/tests/ecdsa/sigseed20 | 2 - security/nss/cmd/bltest/tests/ecdsa/sigseed3 | 1 - security/nss/cmd/bltest/tests/ecdsa/sigseed4 | 1 - security/nss/cmd/bltest/tests/ecdsa/sigseed5 | 1 - security/nss/cmd/bltest/tests/ecdsa/sigseed6 | 1 - security/nss/cmd/bltest/tests/ecdsa/sigseed7 | 1 - security/nss/cmd/bltest/tests/ecdsa/sigseed8 | 1 - security/nss/cmd/bltest/tests/ecdsa/sigseed9 | 1 - security/nss/cmd/bltest/tests/md2/ciphertext0 | 1 - security/nss/cmd/bltest/tests/md2/numtests | 1 - security/nss/cmd/bltest/tests/md2/plaintext0 | 1 - security/nss/cmd/bltest/tests/md5/ciphertext0 | 1 - security/nss/cmd/bltest/tests/md5/numtests | 1 - security/nss/cmd/bltest/tests/md5/plaintext0 | 1 - .../nss/cmd/bltest/tests/rc2_cbc/ciphertext0 | 1 - security/nss/cmd/bltest/tests/rc2_cbc/iv0 | 1 - security/nss/cmd/bltest/tests/rc2_cbc/key0 | 1 - .../nss/cmd/bltest/tests/rc2_cbc/numtests | 1 - .../nss/cmd/bltest/tests/rc2_cbc/plaintext0 | 1 - .../nss/cmd/bltest/tests/rc2_ecb/ciphertext0 | 1 - security/nss/cmd/bltest/tests/rc2_ecb/key0 | 1 - .../nss/cmd/bltest/tests/rc2_ecb/numtests | 1 - .../nss/cmd/bltest/tests/rc2_ecb/plaintext0 | 1 - security/nss/cmd/bltest/tests/rc4/ciphertext0 | 1 - security/nss/cmd/bltest/tests/rc4/ciphertext1 | 1 - security/nss/cmd/bltest/tests/rc4/key0 | 1 - security/nss/cmd/bltest/tests/rc4/key1 | 1 - security/nss/cmd/bltest/tests/rc4/numtests | 1 - security/nss/cmd/bltest/tests/rc4/plaintext0 | 1 - security/nss/cmd/bltest/tests/rc4/plaintext1 | 1 - .../nss/cmd/bltest/tests/rc5_cbc/ciphertext0 | 1 - security/nss/cmd/bltest/tests/rc5_cbc/iv0 | 1 - security/nss/cmd/bltest/tests/rc5_cbc/key0 | 1 - .../nss/cmd/bltest/tests/rc5_cbc/numtests | 1 - security/nss/cmd/bltest/tests/rc5_cbc/params0 | 2 - .../nss/cmd/bltest/tests/rc5_cbc/plaintext0 | 1 - .../nss/cmd/bltest/tests/rc5_ecb/ciphertext0 | 1 - security/nss/cmd/bltest/tests/rc5_ecb/key0 | 1 - .../nss/cmd/bltest/tests/rc5_ecb/numtests | 1 - security/nss/cmd/bltest/tests/rc5_ecb/params0 | 2 - .../nss/cmd/bltest/tests/rc5_ecb/plaintext0 | 1 - security/nss/cmd/bltest/tests/rsa/ciphertext0 | 1 - security/nss/cmd/bltest/tests/rsa/key0 | 4 - security/nss/cmd/bltest/tests/rsa/numtests | 1 - security/nss/cmd/bltest/tests/rsa/plaintext0 | 1 - .../nss/cmd/bltest/tests/sha1/ciphertext0 | 1 - security/nss/cmd/bltest/tests/sha1/numtests | 1 - security/nss/cmd/bltest/tests/sha1/plaintext0 | 1 - .../nss/cmd/bltest/tests/sha256/ciphertext0 | 1 - .../nss/cmd/bltest/tests/sha256/ciphertext1 | 1 - security/nss/cmd/bltest/tests/sha256/numtests | 1 - .../nss/cmd/bltest/tests/sha256/plaintext0 | 1 - .../nss/cmd/bltest/tests/sha256/plaintext1 | 1 - .../nss/cmd/bltest/tests/sha384/ciphertext0 | 1 - .../nss/cmd/bltest/tests/sha384/ciphertext1 | 1 - security/nss/cmd/bltest/tests/sha384/numtests | 1 - .../nss/cmd/bltest/tests/sha384/plaintext0 | 1 - .../nss/cmd/bltest/tests/sha384/plaintext1 | 1 - .../nss/cmd/bltest/tests/sha512/ciphertext0 | 2 - .../nss/cmd/bltest/tests/sha512/ciphertext1 | 2 - security/nss/cmd/bltest/tests/sha512/numtests | 1 - .../nss/cmd/bltest/tests/sha512/plaintext0 | 1 - .../nss/cmd/bltest/tests/sha512/plaintext1 | 1 - security/nss/cmd/btoa/Makefile | 79 - security/nss/cmd/btoa/btoa.c | 213 - security/nss/cmd/btoa/manifest.mn | 53 - security/nss/cmd/certcgi/HOWTO.txt | 168 - security/nss/cmd/certcgi/Makefile | 80 - security/nss/cmd/certcgi/ca.html | 51 - security/nss/cmd/certcgi/ca_form.html | 388 - security/nss/cmd/certcgi/certcgi.c | 2415 - security/nss/cmd/certcgi/index.html | 959 - security/nss/cmd/certcgi/main.html | 108 - security/nss/cmd/certcgi/manifest.mn | 54 - security/nss/cmd/certcgi/nscp_ext_form.html | 116 - security/nss/cmd/certcgi/stnd_ext_form.html | 250 - security/nss/cmd/certutil/Makefile | 80 - security/nss/cmd/certutil/certutil.c | 3162 - security/nss/cmd/certutil/keystuff.c | 583 - security/nss/cmd/certutil/manifest.mn | 60 - security/nss/cmd/checkcert/Makefile | 80 - security/nss/cmd/checkcert/checkcert.c | 642 - security/nss/cmd/checkcert/manifest.mn | 51 - security/nss/cmd/crlutil/Makefile | 85 - security/nss/cmd/crlutil/crlgen.c | 1627 - security/nss/cmd/crlutil/crlgen.h | 182 - security/nss/cmd/crlutil/crlgen_lex.c | 1783 - security/nss/cmd/crlutil/crlgen_lex_fix.sed | 4 - security/nss/cmd/crlutil/crlgen_lex_orig.l | 177 - security/nss/cmd/crlutil/crlutil.c | 1020 - security/nss/cmd/crlutil/manifest.mn | 57 - security/nss/cmd/crmf-cgi/Makefile | 85 - security/nss/cmd/crmf-cgi/crmfcgi.c | 1127 - security/nss/cmd/crmf-cgi/crmfcgi.html | 168 - security/nss/cmd/crmf-cgi/manifest.mn | 65 - security/nss/cmd/crmftest/Makefile | 96 - security/nss/cmd/crmftest/manifest.mn | 57 - security/nss/cmd/crmftest/testcrmf.c | 1697 - security/nss/cmd/dbck/Makefile | 79 - security/nss/cmd/dbck/dbck.c | 1879 - security/nss/cmd/dbck/manifest.mn | 53 - security/nss/cmd/dbtest/Makefile | 92 - security/nss/cmd/dbtest/dbtest.c | 183 - security/nss/cmd/dbtest/manifest.mn | 54 - security/nss/cmd/derdump/Makefile | 80 - security/nss/cmd/derdump/derdump.c | 137 - security/nss/cmd/derdump/manifest.mn | 53 - security/nss/cmd/digest/Makefile | 80 - security/nss/cmd/digest/digest.c | 256 - security/nss/cmd/digest/manifest.mn | 54 - security/nss/cmd/fipstest/Makefile | 86 - security/nss/cmd/fipstest/aes.sh | 94 - security/nss/cmd/fipstest/ecdsa.sh | 29 - security/nss/cmd/fipstest/fipstest.c | 3411 -- security/nss/cmd/fipstest/hmac.sh | 20 - security/nss/cmd/fipstest/manifest.mn | 55 - security/nss/cmd/fipstest/sha.sh | 46 - security/nss/cmd/fipstest/tdea.sh | 87 - security/nss/cmd/lib/Makefile | 82 - security/nss/cmd/lib/NSPRerrs.h | 153 - security/nss/cmd/lib/SECerrs.h | 506 - security/nss/cmd/lib/SSLerrs.h | 372 - security/nss/cmd/lib/berparse.c | 407 - security/nss/cmd/lib/config.mk | 47 - security/nss/cmd/lib/derprint.c | 622 - security/nss/cmd/lib/ffs.c | 51 - security/nss/cmd/lib/manifest.mn | 64 - security/nss/cmd/lib/moreoids.c | 180 - security/nss/cmd/lib/pppolicy.c | 299 - security/nss/cmd/lib/secerror.c | 110 - security/nss/cmd/lib/secpwd.c | 205 - security/nss/cmd/lib/secutil.c | 3685 -- security/nss/cmd/lib/secutil.h | 424 - security/nss/cmd/makepqg/Makefile | 81 - security/nss/cmd/makepqg/makepqg.c | 363 - security/nss/cmd/makepqg/manifest.mn | 51 - security/nss/cmd/makepqg/testit.ksh | 45 - security/nss/cmd/manifest.mn | 97 - security/nss/cmd/modutil/Makefile | 84 - security/nss/cmd/modutil/README | 7 - security/nss/cmd/modutil/error.h | 185 - security/nss/cmd/modutil/install-ds.c | 1544 - security/nss/cmd/modutil/install-ds.h | 293 - security/nss/cmd/modutil/install.c | 988 - security/nss/cmd/modutil/install.h | 133 - security/nss/cmd/modutil/installparse.c | 429 - security/nss/cmd/modutil/installparse.h | 3 - security/nss/cmd/modutil/installparse.l | 169 - security/nss/cmd/modutil/installparse.y | 136 - security/nss/cmd/modutil/instsec.c | 181 - security/nss/cmd/modutil/lex.Pk11Install_yy.c | 1694 - security/nss/cmd/modutil/manifest.mn | 66 - security/nss/cmd/modutil/modutil.c | 973 - security/nss/cmd/modutil/modutil.h | 70 - security/nss/cmd/modutil/pk11.c | 949 - security/nss/cmd/modutil/pk11jar.html | 312 - security/nss/cmd/modutil/rules.mk | 58 - security/nss/cmd/modutil/specification.html | 354 - security/nss/cmd/ocspclnt/Makefile | 77 - security/nss/cmd/ocspclnt/manifest.mn | 58 - security/nss/cmd/ocspclnt/ocspclnt.c | 1225 - security/nss/cmd/oidcalc/Makefile | 80 - security/nss/cmd/oidcalc/manifest.mn | 51 - security/nss/cmd/oidcalc/oidcalc.c | 120 - security/nss/cmd/p7content/Makefile | 79 - security/nss/cmd/p7content/manifest.mn | 47 - security/nss/cmd/p7content/p7content.c | 274 - security/nss/cmd/p7env/Makefile | 79 - security/nss/cmd/p7env/manifest.mn | 47 - security/nss/cmd/p7env/p7env.c | 275 - security/nss/cmd/p7sign/Makefile | 79 - security/nss/cmd/p7sign/manifest.mn | 47 - security/nss/cmd/p7sign/p7sign.c | 294 - security/nss/cmd/p7verify/Makefile | 79 - security/nss/cmd/p7verify/manifest.mn | 47 - security/nss/cmd/p7verify/p7verify.c | 308 - security/nss/cmd/pk11util/Makefile | 80 - security/nss/cmd/pk11util/manifest.mn | 55 - security/nss/cmd/pk11util/pk11table.c | 1403 - security/nss/cmd/pk11util/pk11util.c | 2182 - security/nss/cmd/pk11util/pk11util.h | 165 - security/nss/cmd/pk11util/scripts/dosign | 162 - security/nss/cmd/pk11util/scripts/hssign | 48 - security/nss/cmd/pk11util/scripts/lcert | 35 - security/nss/cmd/pk11util/scripts/mechanisms | 11 - security/nss/cmd/pk11util/scripts/pLabel1 | 6 - security/nss/cmd/pk11util/scripts/pMechanisms | 8 - security/nss/cmd/pk11util/scripts/pcert | 30 - security/nss/cmd/pk11util/scripts/pkey | Bin 1543 -> 0 bytes security/nss/cmd/pk12util/Makefile | 80 - security/nss/cmd/pk12util/manifest.mn | 59 - security/nss/cmd/pk12util/pk12util.c | 1007 - security/nss/cmd/pk12util/pk12util.h | 72 - security/nss/cmd/platlibs.mk | 235 - security/nss/cmd/platrules.mk | 51 - security/nss/cmd/pp/Makefile | 79 - security/nss/cmd/pp/manifest.mn | 51 - security/nss/cmd/pp/pp.c | 190 - security/nss/cmd/pwdecrypt/Makefile | 77 - security/nss/cmd/pwdecrypt/manifest.mn | 58 - security/nss/cmd/pwdecrypt/pwdecrypt.c | 358 - security/nss/cmd/rsaperf/Makefile | 88 - security/nss/cmd/rsaperf/defkey.c | 205 - security/nss/cmd/rsaperf/manifest.mn | 56 - security/nss/cmd/rsaperf/rsaperf.c | 712 - security/nss/cmd/samples/cert | 15 - security/nss/cmd/samples/cert0 | Bin 505 -> 0 bytes security/nss/cmd/samples/cert1 | Bin 515 -> 0 bytes security/nss/cmd/samples/cert2 | Bin 528 -> 0 bytes security/nss/cmd/samples/pkcs7.ber | Bin 1771 -> 0 bytes security/nss/cmd/samples/pkcs7bday.ber | Bin 1881 -> 0 bytes security/nss/cmd/samples/pkcs7cnet.ber | Bin 3330 -> 0 bytes security/nss/cmd/samples/pkcs7news.ber | Bin 255328 -> 0 bytes security/nss/cmd/samples/x509v3.der | Bin 463 -> 0 bytes security/nss/cmd/samples/x509v3.txt | 10 - security/nss/cmd/sdrtest/Makefile | 77 - security/nss/cmd/sdrtest/manifest.mn | 58 - security/nss/cmd/sdrtest/sdrtest.c | 410 - security/nss/cmd/selfserv/Makefile | 78 - security/nss/cmd/selfserv/manifest.mn | 56 - security/nss/cmd/selfserv/selfserv.c | 2013 - security/nss/cmd/shlibsign/Makefile | 97 - security/nss/cmd/shlibsign/mangle/Makefile | 79 - security/nss/cmd/shlibsign/mangle/mangle.c | 169 - security/nss/cmd/shlibsign/mangle/manifest.mn | 56 - security/nss/cmd/shlibsign/manifest.mn | 62 - security/nss/cmd/shlibsign/shlibsign.c | 435 - security/nss/cmd/shlibsign/sign.cmd | 21 - security/nss/cmd/shlibsign/sign.sh | 56 - security/nss/cmd/signtool/Makefile | 75 - security/nss/cmd/signtool/README | 128 - security/nss/cmd/signtool/certgen.c | 746 - security/nss/cmd/signtool/javascript.c | 1867 - security/nss/cmd/signtool/list.c | 280 - security/nss/cmd/signtool/manifest.mn | 61 - security/nss/cmd/signtool/sign.c | 902 - security/nss/cmd/signtool/signtool.c | 1100 - security/nss/cmd/signtool/signtool.h | 145 - security/nss/cmd/signtool/util.c | 1009 - security/nss/cmd/signtool/verify.c | 371 - security/nss/cmd/signtool/zip.c | 721 - security/nss/cmd/signtool/zip.h | 103 - security/nss/cmd/signver/Makefile | 75 - security/nss/cmd/signver/examples/1/form.pl | 54 - .../cmd/signver/examples/1/signedForm.html | 87 - .../cmd/signver/examples/1/signedForm.nt.html | 87 - .../nss/cmd/signver/examples/1/signedForm.pl | 92 - security/nss/cmd/signver/manifest.mn | 58 - security/nss/cmd/signver/pk7print.c | 894 - security/nss/cmd/signver/signver.c | 422 - security/nss/cmd/smimetools/Makefile | 81 - security/nss/cmd/smimetools/cmsutil.c | 1620 - security/nss/cmd/smimetools/manifest.mn | 49 - security/nss/cmd/smimetools/rules.mk | 40 - security/nss/cmd/smimetools/smime | 581 - security/nss/cmd/ssltap/Makefile | 83 - security/nss/cmd/ssltap/manifest.mn | 55 - security/nss/cmd/ssltap/ssltap-manual.html | 202 - security/nss/cmd/ssltap/ssltap.c | 1420 - security/nss/cmd/strsclnt/Makefile | 79 - security/nss/cmd/strsclnt/manifest.mn | 51 - security/nss/cmd/strsclnt/strsclnt.c | 1485 - security/nss/cmd/symkeyutil/Makefile | 80 - security/nss/cmd/symkeyutil/manifest.mn | 55 - security/nss/cmd/symkeyutil/symkey.man | 182 - security/nss/cmd/symkeyutil/symkeyutil.c | 1129 - security/nss/cmd/tests/Makefile | 77 - security/nss/cmd/tests/manifest.mn | 53 - security/nss/cmd/tests/remtest.c | 165 - security/nss/cmd/tstclnt/Makefile | 88 - security/nss/cmd/tstclnt/manifest.mn | 58 - security/nss/cmd/tstclnt/tstclnt.c | 948 - security/nss/cmd/vfychain/Makefile | 86 - security/nss/cmd/vfychain/manifest.mn | 55 - security/nss/cmd/vfychain/vfychain.c | 332 - security/nss/cmd/vfyserv/Makefile | 88 - security/nss/cmd/vfyserv/manifest.mn | 55 - security/nss/cmd/vfyserv/vfyserv.c | 495 - security/nss/cmd/vfyserv/vfyserv.h | 180 - security/nss/cmd/vfyserv/vfyutil.c | 618 - security/nss/cmd/zlib/Makefile | 88 - security/nss/cmd/zlib/README | 125 - security/nss/cmd/zlib/adler32.c | 149 - security/nss/cmd/zlib/compress.c | 79 - security/nss/cmd/zlib/config.mk | 48 - security/nss/cmd/zlib/crc32.c | 423 - security/nss/cmd/zlib/crc32.h | 441 - security/nss/cmd/zlib/deflate.c | 1736 - security/nss/cmd/zlib/deflate.h | 331 - security/nss/cmd/zlib/example.c | 565 - security/nss/cmd/zlib/gzio.c | 1026 - security/nss/cmd/zlib/infback.c | 623 - security/nss/cmd/zlib/inffast.c | 318 - security/nss/cmd/zlib/inffast.h | 11 - security/nss/cmd/zlib/inffixed.h | 94 - security/nss/cmd/zlib/inflate.c | 1368 - security/nss/cmd/zlib/inflate.h | 115 - security/nss/cmd/zlib/inftrees.c | 329 - security/nss/cmd/zlib/inftrees.h | 55 - security/nss/cmd/zlib/manifest.mn | 68 - security/nss/cmd/zlib/minigzip.c | 322 - security/nss/cmd/zlib/trees.c | 1219 - security/nss/cmd/zlib/trees.h | 128 - security/nss/cmd/zlib/uncompr.c | 61 - security/nss/cmd/zlib/zconf.h | 332 - security/nss/cmd/zlib/zlib.h | 1357 - security/nss/cmd/zlib/zutil.c | 318 - security/nss/cmd/zlib/zutil.h | 269 - security/nss/lib/Makefile | 95 - security/nss/lib/asn1/Makefile | 44 - security/nss/lib/asn1/asn1.c | 1730 - security/nss/lib/asn1/asn1.h | 882 - security/nss/lib/asn1/asn1m.h | 83 - security/nss/lib/asn1/asn1t.h | 169 - security/nss/lib/asn1/config.mk | 52 - security/nss/lib/asn1/manifest.mn | 59 - security/nss/lib/asn1/nssasn1t.h | 70 - security/nss/lib/base/Makefile | 44 - security/nss/lib/base/arena.c | 1145 - security/nss/lib/base/base.h | 1411 - security/nss/lib/base/baset.h | 161 - security/nss/lib/base/config.mk | 52 - security/nss/lib/base/error.c | 286 - security/nss/lib/base/errorval.c | 96 - security/nss/lib/base/hash.c | 407 - security/nss/lib/base/hashops.c | 120 - security/nss/lib/base/item.c | 244 - security/nss/lib/base/libc.c | 200 - security/nss/lib/base/list.c | 436 - security/nss/lib/base/manifest.mn | 68 - security/nss/lib/base/nssbase.h | 170 - security/nss/lib/base/nssbaset.h | 156 - security/nss/lib/base/tracker.c | 546 - security/nss/lib/base/utf8.c | 762 - security/nss/lib/certdb/.cvsignore | 1 - security/nss/lib/certdb/Makefile | 80 - security/nss/lib/certdb/alg1485.c | 1219 - security/nss/lib/certdb/cert.h | 1528 - security/nss/lib/certdb/certdb.c | 2982 - security/nss/lib/certdb/certdb.h | 171 - security/nss/lib/certdb/certi.h | 247 - security/nss/lib/certdb/certt.h | 887 - security/nss/lib/certdb/certv3.c | 400 - security/nss/lib/certdb/certxutl.c | 529 - security/nss/lib/certdb/certxutl.h | 82 - security/nss/lib/certdb/config.mk | 47 - security/nss/lib/certdb/crl.c | 3003 - security/nss/lib/certdb/genname.c | 1832 - security/nss/lib/certdb/genname.h | 138 - security/nss/lib/certdb/manifest.mn | 72 - security/nss/lib/certdb/polcyxtn.c | 568 - security/nss/lib/certdb/secname.c | 704 - security/nss/lib/certdb/stanpcertdb.c | 989 - security/nss/lib/certdb/xauthkid.c | 158 - security/nss/lib/certdb/xbsconst.c | 177 - security/nss/lib/certdb/xconst.c | 298 - security/nss/lib/certdb/xconst.h | 72 - security/nss/lib/certhigh/Makefile | 80 - security/nss/lib/certhigh/certhigh.c | 1204 - security/nss/lib/certhigh/certhtml.c | 599 - security/nss/lib/certhigh/certreq.c | 350 - security/nss/lib/certhigh/certvfy.c | 2078 - security/nss/lib/certhigh/config.mk | 47 - security/nss/lib/certhigh/crlv2.c | 141 - security/nss/lib/certhigh/manifest.mn | 63 - security/nss/lib/certhigh/ocsp.c | 3998 -- security/nss/lib/certhigh/ocsp.h | 537 - security/nss/lib/certhigh/ocspt.h | 62 - security/nss/lib/certhigh/ocspti.h | 408 - security/nss/lib/certhigh/xcrldist.c | 233 - security/nss/lib/ckfw/Makefile | 66 - security/nss/lib/ckfw/builtins/Makefile | 102 - security/nss/lib/ckfw/builtins/README | 48 - security/nss/lib/ckfw/builtins/anchor.c | 53 - security/nss/lib/ckfw/builtins/bfind.c | 286 - security/nss/lib/ckfw/builtins/binst.c | 133 - security/nss/lib/ckfw/builtins/bobject.c | 258 - security/nss/lib/ckfw/builtins/bsession.c | 111 - security/nss/lib/ckfw/builtins/bslot.c | 127 - security/nss/lib/ckfw/builtins/btoken.c | 187 - security/nss/lib/ckfw/builtins/builtins.h | 107 - security/nss/lib/ckfw/builtins/certdata.c | 12872 ---- security/nss/lib/ckfw/builtins/certdata.perl | 299 - security/nss/lib/ckfw/builtins/certdata.txt | 13070 ---- security/nss/lib/ckfw/builtins/ckbiver.c | 58 - security/nss/lib/ckfw/builtins/config.mk | 71 - security/nss/lib/ckfw/builtins/constants.c | 97 - security/nss/lib/ckfw/builtins/manifest.mn | 65 - security/nss/lib/ckfw/builtins/nssckbi.def | 58 - security/nss/lib/ckfw/builtins/nssckbi.h | 90 - security/nss/lib/ckfw/builtins/nssckbi.rc | 97 - security/nss/lib/ckfw/capi/Makefile | 105 - security/nss/lib/ckfw/capi/README | 7 - security/nss/lib/ckfw/capi/anchor.c | 55 - security/nss/lib/ckfw/capi/cfind.c | 618 - security/nss/lib/ckfw/capi/cinst.c | 148 - security/nss/lib/ckfw/capi/ckcapi.h | 309 - security/nss/lib/ckfw/capi/ckcapiver.c | 59 - security/nss/lib/ckfw/capi/cobject.c | 2346 - security/nss/lib/ckfw/capi/config.mk | 71 - security/nss/lib/ckfw/capi/constants.c | 98 - security/nss/lib/ckfw/capi/crsa.c | 748 - security/nss/lib/ckfw/capi/csession.c | 131 - security/nss/lib/ckfw/capi/cslot.c | 129 - security/nss/lib/ckfw/capi/ctoken.c | 246 - security/nss/lib/ckfw/capi/manifest.mn | 66 - security/nss/lib/ckfw/capi/nsscapi.def | 58 - security/nss/lib/ckfw/capi/nsscapi.h | 75 - security/nss/lib/ckfw/capi/nsscapi.rc | 97 - security/nss/lib/ckfw/capi/staticobj.c | 74 - security/nss/lib/ckfw/ck.api | 575 - security/nss/lib/ckfw/ck.h | 124 - security/nss/lib/ckfw/ckapi.perl | 515 - security/nss/lib/ckfw/ckfw.h | 2450 - security/nss/lib/ckfw/ckfwm.h | 164 - security/nss/lib/ckfw/ckfwtm.h | 59 - security/nss/lib/ckfw/ckmd.h | 68 - security/nss/lib/ckfw/ckt.h | 40 - security/nss/lib/ckfw/config.mk | 58 - security/nss/lib/ckfw/crypto.c | 377 - security/nss/lib/ckfw/dbm/Makefile | 38 - security/nss/lib/ckfw/dbm/anchor.c | 50 - security/nss/lib/ckfw/dbm/ckdbm.h | 281 - security/nss/lib/ckfw/dbm/config.mk | 37 - security/nss/lib/ckfw/dbm/db.c | 1065 - security/nss/lib/ckfw/dbm/find.c | 166 - security/nss/lib/ckfw/dbm/instance.c | 196 - security/nss/lib/ckfw/dbm/manifest.mn | 54 - security/nss/lib/ckfw/dbm/object.c | 204 - security/nss/lib/ckfw/dbm/session.c | 298 - security/nss/lib/ckfw/dbm/slot.c | 214 - security/nss/lib/ckfw/dbm/token.c | 315 - security/nss/lib/ckfw/find.c | 413 - security/nss/lib/ckfw/hash.c | 337 - security/nss/lib/ckfw/instance.c | 1367 - security/nss/lib/ckfw/manifest.mn | 83 - security/nss/lib/ckfw/mechanism.c | 1218 - security/nss/lib/ckfw/mutex.c | 314 - security/nss/lib/ckfw/nsprstub.c | 520 - security/nss/lib/ckfw/nssck.api | 1890 - security/nss/lib/ckfw/nssckepv.h | 42 - security/nss/lib/ckfw/nssckft.h | 43 - security/nss/lib/ckfw/nssckfw.h | 526 - security/nss/lib/ckfw/nssckfwc.h | 1049 - security/nss/lib/ckfw/nssckfwt.h | 146 - security/nss/lib/ckfw/nssckg.h | 42 - security/nss/lib/ckfw/nssckmdt.h | 1981 - security/nss/lib/ckfw/nssckt.h | 45 - security/nss/lib/ckfw/nssmkey/Makefile | 105 - security/nss/lib/ckfw/nssmkey/README | 21 - security/nss/lib/ckfw/nssmkey/ckmk.h | 236 - security/nss/lib/ckfw/nssmkey/ckmkver.c | 59 - security/nss/lib/ckfw/nssmkey/config.mk | 57 - security/nss/lib/ckfw/nssmkey/manchor.c | 55 - security/nss/lib/ckfw/nssmkey/manifest.mn | 66 - security/nss/lib/ckfw/nssmkey/mconstants.c | 96 - security/nss/lib/ckfw/nssmkey/mfind.c | 404 - security/nss/lib/ckfw/nssmkey/minst.c | 148 - security/nss/lib/ckfw/nssmkey/mobject.c | 1959 - security/nss/lib/ckfw/nssmkey/mrsa.c | 547 - security/nss/lib/ckfw/nssmkey/msession.c | 131 - security/nss/lib/ckfw/nssmkey/mslot.c | 129 - security/nss/lib/ckfw/nssmkey/mtoken.c | 246 - security/nss/lib/ckfw/nssmkey/nssmkey.def | 58 - security/nss/lib/ckfw/nssmkey/nssmkey.h | 75 - security/nss/lib/ckfw/nssmkey/staticobj.c | 74 - security/nss/lib/ckfw/object.c | 1056 - security/nss/lib/ckfw/session.c | 2503 - security/nss/lib/ckfw/sessobj.c | 1102 - security/nss/lib/ckfw/slot.c | 759 - security/nss/lib/ckfw/token.c | 1907 - security/nss/lib/ckfw/wrap.c | 5682 -- security/nss/lib/crmf/Makefile | 81 - security/nss/lib/crmf/asn1cmn.c | 253 - security/nss/lib/crmf/challcli.c | 287 - security/nss/lib/crmf/cmmf.h | 1122 - security/nss/lib/crmf/cmmfasn1.c | 164 - security/nss/lib/crmf/cmmfchal.c | 322 - security/nss/lib/crmf/cmmfi.h | 130 - security/nss/lib/crmf/cmmfit.h | 148 - security/nss/lib/crmf/cmmfrec.c | 351 - security/nss/lib/crmf/cmmfresp.c | 315 - security/nss/lib/crmf/cmmft.h | 105 - security/nss/lib/crmf/config.mk | 48 - security/nss/lib/crmf/crmf.h | 1782 - security/nss/lib/crmf/crmfcont.c | 1175 - security/nss/lib/crmf/crmfdec.c | 393 - security/nss/lib/crmf/crmfenc.c | 87 - security/nss/lib/crmf/crmffut.h | 393 - security/nss/lib/crmf/crmfget.c | 481 - security/nss/lib/crmf/crmfi.h | 190 - security/nss/lib/crmf/crmfit.h | 219 - security/nss/lib/crmf/crmfpop.c | 608 - security/nss/lib/crmf/crmfreq.c | 684 - security/nss/lib/crmf/crmft.h | 220 - security/nss/lib/crmf/crmftmpl.c | 302 - security/nss/lib/crmf/encutil.c | 66 - security/nss/lib/crmf/manifest.mn | 75 - security/nss/lib/crmf/respcli.c | 169 - security/nss/lib/crmf/respcmn.c | 424 - security/nss/lib/crmf/servget.c | 1011 - security/nss/lib/cryptohi/Makefile | 81 - security/nss/lib/cryptohi/config.mk | 47 - security/nss/lib/cryptohi/cryptohi.h | 275 - security/nss/lib/cryptohi/cryptoht.h | 48 - security/nss/lib/cryptohi/dsautil.c | 300 - security/nss/lib/cryptohi/hasht.h | 102 - security/nss/lib/cryptohi/key.h | 43 - security/nss/lib/cryptohi/keyhi.h | 290 - security/nss/lib/cryptohi/keyt.h | 43 - security/nss/lib/cryptohi/keythi.h | 258 - security/nss/lib/cryptohi/manifest.mn | 67 - security/nss/lib/cryptohi/sechash.c | 381 - security/nss/lib/cryptohi/sechash.h | 86 - security/nss/lib/cryptohi/seckey.c | 2334 - security/nss/lib/cryptohi/secsign.c | 513 - security/nss/lib/cryptohi/secvfy.c | 512 - security/nss/lib/dev/Makefile | 57 - security/nss/lib/dev/ckhelper.c | 728 - security/nss/lib/dev/ckhelper.h | 197 - security/nss/lib/dev/config.mk | 52 - security/nss/lib/dev/dev.h | 1004 - security/nss/lib/dev/devm.h | 245 - security/nss/lib/dev/devmod.c | 878 - security/nss/lib/dev/devslot.c | 852 - security/nss/lib/dev/devt.h | 202 - security/nss/lib/dev/devtm.h | 61 - security/nss/lib/dev/devtoken.c | 1722 - security/nss/lib/dev/devutil.c | 1454 - security/nss/lib/dev/manifest.mn | 70 - security/nss/lib/dev/nssdev.h | 75 - security/nss/lib/dev/nssdevt.h | 72 - security/nss/lib/freebl/GF2m_ecl.c | 540 - security/nss/lib/freebl/GF2m_ecl.h | 97 - security/nss/lib/freebl/GFp_ecl.c | 648 - security/nss/lib/freebl/GFp_ecl.h | 127 - security/nss/lib/freebl/Makefile | 537 - security/nss/lib/freebl/aeskeywrap.c | 413 - security/nss/lib/freebl/alg2268.c | 515 - security/nss/lib/freebl/alghmac.c | 193 - security/nss/lib/freebl/alghmac.h | 96 - security/nss/lib/freebl/arcfive.c | 117 - security/nss/lib/freebl/arcfour-amd64-gas.s | 116 - security/nss/lib/freebl/arcfour-amd64-sun.s | 116 - security/nss/lib/freebl/arcfour.c | 639 - security/nss/lib/freebl/blapi.h | 1062 - security/nss/lib/freebl/blapit.h | 372 - security/nss/lib/freebl/config.mk | 112 - security/nss/lib/freebl/des.c | 689 - security/nss/lib/freebl/des.h | 75 - security/nss/lib/freebl/desblapi.c | 301 - security/nss/lib/freebl/dh.c | 388 - security/nss/lib/freebl/dsa.c | 450 - security/nss/lib/freebl/ec.c | 1053 - security/nss/lib/freebl/ec.h | 52 - security/nss/lib/freebl/ecl/Makefile | 227 - security/nss/lib/freebl/ecl/README | 330 - security/nss/lib/freebl/ecl/README.FP | 317 - security/nss/lib/freebl/ecl/ec2.h | 126 - security/nss/lib/freebl/ecl/ec2_163.c | 259 - security/nss/lib/freebl/ecl/ec2_193.c | 276 - security/nss/lib/freebl/ecl/ec2_233.c | 299 - security/nss/lib/freebl/ecl/ec2_aff.c | 347 - security/nss/lib/freebl/ecl/ec2_mont.c | 277 - security/nss/lib/freebl/ecl/ec2_proj.c | 369 - security/nss/lib/freebl/ecl/ec_naf.c | 103 - security/nss/lib/freebl/ecl/ecl-curve.h | 648 - security/nss/lib/freebl/ecl/ecl-exp.h | 196 - security/nss/lib/freebl/ecl/ecl-priv.h | 219 - security/nss/lib/freebl/ecl/ecl.c | 426 - security/nss/lib/freebl/ecl/ecl.h | 91 - security/nss/lib/freebl/ecl/ecl_curve.c | 122 - security/nss/lib/freebl/ecl/ecl_gf.c | 339 - security/nss/lib/freebl/ecl/ecl_mult.c | 356 - security/nss/lib/freebl/ecl/ecp.h | 140 - security/nss/lib/freebl/ecl/ecp_192.c | 229 - security/nss/lib/freebl/ecl/ecp_224.c | 306 - security/nss/lib/freebl/ecl/ecp_aff.c | 357 - security/nss/lib/freebl/ecl/ecp_fp.c | 568 - security/nss/lib/freebl/ecl/ecp_fp.h | 406 - security/nss/lib/freebl/ecl/ecp_fp160.c | 179 - security/nss/lib/freebl/ecl/ecp_fp192.c | 177 - security/nss/lib/freebl/ecl/ecp_fp224.c | 190 - security/nss/lib/freebl/ecl/ecp_fpinc.c | 855 - security/nss/lib/freebl/ecl/ecp_jac.c | 553 - security/nss/lib/freebl/ecl/ecp_jm.c | 321 - security/nss/lib/freebl/ecl/ecp_mont.c | 192 - security/nss/lib/freebl/ecl/tests/ec2_test.c | 473 - security/nss/lib/freebl/ecl/tests/ec_naft.c | 151 - security/nss/lib/freebl/ecl/tests/ecp_fpt.c | 1123 - security/nss/lib/freebl/ecl/tests/ecp_test.c | 435 - security/nss/lib/freebl/freebl.def | 58 - security/nss/lib/freebl/freebl.rc | 101 - security/nss/lib/freebl/freeblver.c | 56 - security/nss/lib/freebl/ldvector.c | 238 - security/nss/lib/freebl/loader.c | 1616 - security/nss/lib/freebl/loader.h | 464 - security/nss/lib/freebl/mac_rand.c | 318 - security/nss/lib/freebl/manifest.mn | 186 - security/nss/lib/freebl/mapfile.Solaris | 43 - security/nss/lib/freebl/md2.c | 296 - security/nss/lib/freebl/md5.c | 595 - security/nss/lib/freebl/mknewpc2.c | 242 - security/nss/lib/freebl/mksp.c | 159 - security/nss/lib/freebl/mpi/Makefile | 279 - security/nss/lib/freebl/mpi/Makefile.os2 | 280 - security/nss/lib/freebl/mpi/Makefile.win | 280 - security/nss/lib/freebl/mpi/README | 799 - security/nss/lib/freebl/mpi/all-tests | 115 - security/nss/lib/freebl/mpi/doc/LICENSE | 11 - security/nss/lib/freebl/mpi/doc/LICENSE-MPL | 32 - security/nss/lib/freebl/mpi/doc/basecvt.pod | 63 - security/nss/lib/freebl/mpi/doc/build | 66 - security/nss/lib/freebl/mpi/doc/div.txt | 101 - security/nss/lib/freebl/mpi/doc/expt.txt | 132 - security/nss/lib/freebl/mpi/doc/gcd.pod | 27 - security/nss/lib/freebl/mpi/doc/invmod.pod | 33 - security/nss/lib/freebl/mpi/doc/isprime.pod | 62 - security/nss/lib/freebl/mpi/doc/lap.pod | 35 - security/nss/lib/freebl/mpi/doc/mpi-test.pod | 49 - security/nss/lib/freebl/mpi/doc/mul.txt | 114 - security/nss/lib/freebl/mpi/doc/pi.txt | 90 - security/nss/lib/freebl/mpi/doc/prime.txt | 6542 -- security/nss/lib/freebl/mpi/doc/prng.pod | 41 - security/nss/lib/freebl/mpi/doc/redux.txt | 121 - security/nss/lib/freebl/mpi/doc/sqrt.txt | 87 - security/nss/lib/freebl/mpi/doc/square.txt | 109 - security/nss/lib/freebl/mpi/doc/timing.txt | 250 - security/nss/lib/freebl/mpi/hpma512.s | 640 - security/nss/lib/freebl/mpi/hppa20.s | 929 - security/nss/lib/freebl/mpi/hppatch.adb | 54 - security/nss/lib/freebl/mpi/logtab.h | 62 - security/nss/lib/freebl/mpi/make-logtab | 64 - security/nss/lib/freebl/mpi/make-test-arrays | 133 - security/nss/lib/freebl/mpi/mdxptest.c | 342 - security/nss/lib/freebl/mpi/montmulf.c | 329 - security/nss/lib/freebl/mpi/montmulf.h | 103 - security/nss/lib/freebl/mpi/montmulf.il | 141 - security/nss/lib/freebl/mpi/montmulf.s | 1967 - security/nss/lib/freebl/mpi/montmulfv8.il | 141 - security/nss/lib/freebl/mpi/montmulfv8.s | 1847 - security/nss/lib/freebl/mpi/montmulfv9.il | 126 - security/nss/lib/freebl/mpi/montmulfv9.s | 2377 - security/nss/lib/freebl/mpi/mp_comba.c | 1306 - .../nss/lib/freebl/mpi/mp_comba_amd64_sun.s | 16097 ----- security/nss/lib/freebl/mpi/mp_gf2m-priv.h | 102 - security/nss/lib/freebl/mpi/mp_gf2m.c | 600 - security/nss/lib/freebl/mpi/mp_gf2m.h | 63 - security/nss/lib/freebl/mpi/mpcpucache.c | 773 - .../nss/lib/freebl/mpi/mpcpucache_amd64.s | 891 - security/nss/lib/freebl/mpi/mpcpucache_x86.s | 931 - security/nss/lib/freebl/mpi/mpi-config.h | 112 - security/nss/lib/freebl/mpi/mpi-priv.h | 318 - security/nss/lib/freebl/mpi/mpi-test.c | 1986 - security/nss/lib/freebl/mpi/mpi.c | 4847 -- security/nss/lib/freebl/mpi/mpi.h | 336 - security/nss/lib/freebl/mpi/mpi_amd64.c | 65 - security/nss/lib/freebl/mpi/mpi_amd64_gas.s | 418 - security/nss/lib/freebl/mpi/mpi_amd64_sun.s | 418 - security/nss/lib/freebl/mpi/mpi_hp.c | 115 - security/nss/lib/freebl/mpi/mpi_i86pc.s | 342 - security/nss/lib/freebl/mpi/mpi_mips.s | 502 - security/nss/lib/freebl/mpi/mpi_sparc.c | 361 - security/nss/lib/freebl/mpi/mpi_x86.asm | 356 - security/nss/lib/freebl/mpi/mpi_x86.s | 345 - security/nss/lib/freebl/mpi/mplogic.c | 465 - security/nss/lib/freebl/mpi/mplogic.h | 85 - security/nss/lib/freebl/mpi/mpmontg.c | 1210 - security/nss/lib/freebl/mpi/mpprime.c | 626 - security/nss/lib/freebl/mpi/mpprime.h | 70 - security/nss/lib/freebl/mpi/mpv_sparc.c | 253 - security/nss/lib/freebl/mpi/mpv_sparcv8.s | 1639 - security/nss/lib/freebl/mpi/mpv_sparcv8x.s | 175 - security/nss/lib/freebl/mpi/mpv_sparcv9.s | 1673 - security/nss/lib/freebl/mpi/mpvalpha.c | 214 - security/nss/lib/freebl/mpi/mulsqr.c | 115 - security/nss/lib/freebl/mpi/multest | 111 - security/nss/lib/freebl/mpi/primes.c | 874 - security/nss/lib/freebl/mpi/stats | 74 - security/nss/lib/freebl/mpi/target.mk | 231 - security/nss/lib/freebl/mpi/test-arrays.txt | 90 - security/nss/lib/freebl/mpi/test-info.c | 194 - security/nss/lib/freebl/mpi/tests/LICENSE | 6 - security/nss/lib/freebl/mpi/tests/LICENSE-MPL | 32 - security/nss/lib/freebl/mpi/tests/mptest-1.c | 75 - security/nss/lib/freebl/mpi/tests/mptest-2.c | 86 - security/nss/lib/freebl/mpi/tests/mptest-3.c | 131 - security/nss/lib/freebl/mpi/tests/mptest-3a.c | 144 - security/nss/lib/freebl/mpi/tests/mptest-4.c | 126 - security/nss/lib/freebl/mpi/tests/mptest-4a.c | 138 - security/nss/lib/freebl/mpi/tests/mptest-4b.c | 135 - security/nss/lib/freebl/mpi/tests/mptest-5.c | 103 - security/nss/lib/freebl/mpi/tests/mptest-5a.c | 165 - security/nss/lib/freebl/mpi/tests/mptest-6.c | 111 - security/nss/lib/freebl/mpi/tests/mptest-7.c | 107 - security/nss/lib/freebl/mpi/tests/mptest-8.c | 98 - security/nss/lib/freebl/mpi/tests/mptest-9.c | 116 - security/nss/lib/freebl/mpi/tests/mptest-b.c | 220 - security/nss/lib/freebl/mpi/tests/pi1k.txt | 1 - security/nss/lib/freebl/mpi/tests/pi2k.txt | 1 - security/nss/lib/freebl/mpi/tests/pi5k.txt | 1 - security/nss/lib/freebl/mpi/timetest | 135 - security/nss/lib/freebl/mpi/types.pl | 162 - security/nss/lib/freebl/mpi/utils/LICENSE | 4 - security/nss/lib/freebl/mpi/utils/LICENSE-MPL | 32 - security/nss/lib/freebl/mpi/utils/PRIMES | 41 - security/nss/lib/freebl/mpi/utils/README | 241 - security/nss/lib/freebl/mpi/utils/basecvt.c | 100 - security/nss/lib/freebl/mpi/utils/bbs_rand.c | 96 - security/nss/lib/freebl/mpi/utils/bbs_rand.h | 57 - security/nss/lib/freebl/mpi/utils/bbsrand.c | 67 - security/nss/lib/freebl/mpi/utils/dec2hex.c | 71 - security/nss/lib/freebl/mpi/utils/exptmod.c | 83 - security/nss/lib/freebl/mpi/utils/fact.c | 115 - security/nss/lib/freebl/mpi/utils/gcd.c | 119 - security/nss/lib/freebl/mpi/utils/hex2dec.c | 71 - security/nss/lib/freebl/mpi/utils/identest.c | 79 - security/nss/lib/freebl/mpi/utils/invmod.c | 92 - security/nss/lib/freebl/mpi/utils/isprime.c | 121 - security/nss/lib/freebl/mpi/utils/lap.c | 121 - security/nss/lib/freebl/mpi/utils/makeprime.c | 147 - security/nss/lib/freebl/mpi/utils/metime.c | 136 - security/nss/lib/freebl/mpi/utils/pi.c | 197 - security/nss/lib/freebl/mpi/utils/primegen.c | 201 - security/nss/lib/freebl/mpi/utils/prng.c | 90 - security/nss/lib/freebl/mpi/utils/ptab.pl | 61 - security/nss/lib/freebl/mpi/utils/sieve.c | 268 - security/nss/lib/freebl/mpi/vis_32.il | 1324 - security/nss/lib/freebl/mpi/vis_64.il | 1030 - security/nss/lib/freebl/mpi/vis_proto.h | 267 - security/nss/lib/freebl/os2_rand.c | 333 - security/nss/lib/freebl/pqg.c | 671 - security/nss/lib/freebl/prng_fips1861.c | 586 - security/nss/lib/freebl/rawhash.c | 164 - security/nss/lib/freebl/ret_cr16.s | 54 - security/nss/lib/freebl/rijndael.c | 1155 - security/nss/lib/freebl/rijndael.h | 95 - security/nss/lib/freebl/rijndael32.tab | 1215 - security/nss/lib/freebl/rijndael_tables.c | 246 - security/nss/lib/freebl/rsa.c | 960 - security/nss/lib/freebl/secmpi.h | 61 - security/nss/lib/freebl/secrng.h | 85 - security/nss/lib/freebl/sha-fast-amd64-sun.s | 2142 - security/nss/lib/freebl/sha.c | 161 - security/nss/lib/freebl/sha.h | 49 - security/nss/lib/freebl/sha512.c | 1389 - security/nss/lib/freebl/sha_fast.c | 472 - security/nss/lib/freebl/sha_fast.h | 178 - security/nss/lib/freebl/shsign.h | 47 - security/nss/lib/freebl/shvfy.c | 295 - security/nss/lib/freebl/sysrand.c | 49 - security/nss/lib/freebl/tlsprfalg.c | 164 - security/nss/lib/freebl/unix_rand.c | 996 - security/nss/lib/freebl/win_rand.c | 548 - security/nss/lib/jar/Makefile | 43 - security/nss/lib/jar/config.mk | 47 - security/nss/lib/jar/jar-ds.c | 73 - security/nss/lib/jar/jar-ds.h | 109 - security/nss/lib/jar/jar.c | 834 - security/nss/lib/jar/jar.h | 481 - security/nss/lib/jar/jarevil.c | 577 - security/nss/lib/jar/jarevil.h | 79 - security/nss/lib/jar/jarfile.c | 1154 - security/nss/lib/jar/jarfile.h | 117 - security/nss/lib/jar/jarint.c | 84 - security/nss/lib/jar/jarint.h | 119 - security/nss/lib/jar/jarjart.c | 360 - security/nss/lib/jar/jarjart.h | 75 - security/nss/lib/jar/jarnav.c | 110 - security/nss/lib/jar/jarsign.c | 374 - security/nss/lib/jar/jarver.c | 2023 - security/nss/lib/jar/jzconf.h | 190 - security/nss/lib/jar/jzlib.h | 896 - security/nss/lib/jar/manifest.mn | 58 - security/nss/lib/manifest.mn | 69 - security/nss/lib/nss/Makefile | 80 - security/nss/lib/nss/config.mk | 133 - security/nss/lib/nss/manifest.mn | 59 - security/nss/lib/nss/nss.def | 880 - security/nss/lib/nss/nss.h | 208 - security/nss/lib/nss/nss.rc | 101 - security/nss/lib/nss/nssinit.c | 676 - security/nss/lib/nss/nssrenam.h | 53 - security/nss/lib/nss/nssver.c | 56 - security/nss/lib/pk11wrap/Makefile | 103 - security/nss/lib/pk11wrap/config.mk | 47 - security/nss/lib/pk11wrap/debug_module.c | 2212 - security/nss/lib/pk11wrap/dev3hack.c | 316 - security/nss/lib/pk11wrap/dev3hack.h | 66 - security/nss/lib/pk11wrap/manifest.mn | 88 - security/nss/lib/pk11wrap/pk11akey.c | 2095 - security/nss/lib/pk11wrap/pk11auth.c | 760 - security/nss/lib/pk11wrap/pk11cert.c | 2437 - security/nss/lib/pk11wrap/pk11cxt.c | 1062 - security/nss/lib/pk11wrap/pk11err.c | 154 - security/nss/lib/pk11wrap/pk11func.h | 46 - security/nss/lib/pk11wrap/pk11init.h | 55 - security/nss/lib/pk11wrap/pk11kea.c | 239 - security/nss/lib/pk11wrap/pk11list.c | 127 - security/nss/lib/pk11wrap/pk11load.c | 433 - security/nss/lib/pk11wrap/pk11mech.c | 1788 - security/nss/lib/pk11wrap/pk11nobj.c | 805 - security/nss/lib/pk11wrap/pk11obj.c | 1695 - security/nss/lib/pk11wrap/pk11pars.c | 427 - security/nss/lib/pk11wrap/pk11pbe.c | 844 - security/nss/lib/pk11wrap/pk11pk12.c | 558 - security/nss/lib/pk11wrap/pk11pqg.c | 387 - security/nss/lib/pk11wrap/pk11pqg.h | 155 - security/nss/lib/pk11wrap/pk11priv.h | 226 - security/nss/lib/pk11wrap/pk11pub.h | 700 - security/nss/lib/pk11wrap/pk11sdr.c | 322 - security/nss/lib/pk11wrap/pk11sdr.h | 59 - security/nss/lib/pk11wrap/pk11skey.c | 2167 - security/nss/lib/pk11wrap/pk11slot.c | 2298 - security/nss/lib/pk11wrap/pk11util.c | 1440 - security/nss/lib/pk11wrap/secmod.h | 171 - security/nss/lib/pk11wrap/secmodi.h | 161 - security/nss/lib/pk11wrap/secmodt.h | 465 - security/nss/lib/pk11wrap/secmodti.h | 223 - security/nss/lib/pk11wrap/secpkcs5.h | 90 - security/nss/lib/pkcs12/Makefile | 81 - security/nss/lib/pkcs12/config.mk | 48 - security/nss/lib/pkcs12/manifest.mn | 62 - security/nss/lib/pkcs12/p12.h | 208 - security/nss/lib/pkcs12/p12creat.c | 254 - security/nss/lib/pkcs12/p12d.c | 3472 -- security/nss/lib/pkcs12/p12dec.c | 696 - security/nss/lib/pkcs12/p12e.c | 2368 - security/nss/lib/pkcs12/p12exp.c | 1410 - security/nss/lib/pkcs12/p12local.c | 1371 - security/nss/lib/pkcs12/p12local.h | 91 - security/nss/lib/pkcs12/p12plcy.c | 201 - security/nss/lib/pkcs12/p12plcy.h | 63 - security/nss/lib/pkcs12/p12t.h | 187 - security/nss/lib/pkcs12/p12tmpl.c | 323 - security/nss/lib/pkcs12/pkcs12.h | 74 - security/nss/lib/pkcs12/pkcs12t.h | 398 - security/nss/lib/pkcs7/Makefile | 80 - security/nss/lib/pkcs7/certread.c | 558 - security/nss/lib/pkcs7/config.mk | 46 - security/nss/lib/pkcs7/manifest.mn | 64 - security/nss/lib/pkcs7/p7common.c | 750 - security/nss/lib/pkcs7/p7create.c | 1323 - security/nss/lib/pkcs7/p7decode.c | 2062 - security/nss/lib/pkcs7/p7encode.c | 1342 - security/nss/lib/pkcs7/p7local.c | 1451 - security/nss/lib/pkcs7/p7local.h | 179 - security/nss/lib/pkcs7/pkcs7t.h | 299 - security/nss/lib/pkcs7/secmime.c | 904 - security/nss/lib/pkcs7/secmime.h | 195 - security/nss/lib/pkcs7/secpkcs7.h | 626 - security/nss/lib/pki/Makefile | 44 - security/nss/lib/pki/asymmkey.c | 434 - security/nss/lib/pki/certdecode.c | 121 - security/nss/lib/pki/certificate.c | 1154 - security/nss/lib/pki/config.mk | 52 - security/nss/lib/pki/cryptocontext.c | 1006 - security/nss/lib/pki/doc/standiag.png | Bin 20475 -> 0 bytes security/nss/lib/pki/doc/standoc.html | 474 - security/nss/lib/pki/manifest.mn | 75 - security/nss/lib/pki/nsspki.h | 3195 - security/nss/lib/pki/nsspkit.h | 274 - security/nss/lib/pki/pki.h | 248 - security/nss/lib/pki/pki3hack.c | 1228 - security/nss/lib/pki/pki3hack.h | 197 - security/nss/lib/pki/pkibase.c | 1452 - security/nss/lib/pki/pkim.h | 726 - security/nss/lib/pki/pkistore.c | 706 - security/nss/lib/pki/pkistore.h | 191 - security/nss/lib/pki/pkit.h | 219 - security/nss/lib/pki/pkitm.h | 123 - security/nss/lib/pki/symmkey.c | 300 - security/nss/lib/pki/tdcache.c | 1177 - security/nss/lib/pki/trustdomain.c | 1403 - security/nss/lib/pki1/Makefile | 50 - security/nss/lib/pki1/atav.c | 1824 - security/nss/lib/pki1/config.mk | 51 - security/nss/lib/pki1/genname.c | 97 - security/nss/lib/pki1/gnseq.c | 74 - security/nss/lib/pki1/manifest.mn | 69 - security/nss/lib/pki1/name.c | 80 - security/nss/lib/pki1/nsspki1.h | 2872 - security/nss/lib/pki1/nsspki1t.h | 205 - security/nss/lib/pki1/oid.c | 1618 - security/nss/lib/pki1/oiddata.c | 2937 - security/nss/lib/pki1/oiddata.h | 214 - security/nss/lib/pki1/oidgen.perl | 318 - security/nss/lib/pki1/oids.txt | 2119 - security/nss/lib/pki1/pki1.h | 3037 - security/nss/lib/pki1/pki1t.h | 107 - security/nss/lib/pki1/rdn.c | 76 - security/nss/lib/pki1/rdnseq.c | 74 - security/nss/lib/smime/Makefile | 80 - security/nss/lib/smime/cms.h | 1141 - security/nss/lib/smime/cmsarray.c | 219 - security/nss/lib/smime/cmsasn1.c | 578 - security/nss/lib/smime/cmsattr.c | 461 - security/nss/lib/smime/cmscinfo.c | 360 - security/nss/lib/smime/cmscipher.c | 788 - security/nss/lib/smime/cmsdecode.c | 742 - security/nss/lib/smime/cmsdigdata.c | 231 - security/nss/lib/smime/cmsdigest.c | 294 - security/nss/lib/smime/cmsencdata.c | 280 - security/nss/lib/smime/cmsencode.c | 745 - security/nss/lib/smime/cmsenvdata.c | 421 - security/nss/lib/smime/cmslocal.h | 346 - security/nss/lib/smime/cmsmessage.c | 321 - security/nss/lib/smime/cmspubkey.c | 565 - security/nss/lib/smime/cmsrecinfo.c | 743 - security/nss/lib/smime/cmsreclist.c | 193 - security/nss/lib/smime/cmsreclist.h | 62 - security/nss/lib/smime/cmssigdata.c | 1146 - security/nss/lib/smime/cmssiginfo.c | 1037 - security/nss/lib/smime/cmst.h | 534 - security/nss/lib/smime/cmsutil.c | 401 - security/nss/lib/smime/config.mk | 99 - security/nss/lib/smime/manifest.mn | 81 - security/nss/lib/smime/smime.def | 268 - security/nss/lib/smime/smime.h | 156 - security/nss/lib/smime/smime.rc | 101 - security/nss/lib/smime/smimemessage.c | 218 - security/nss/lib/smime/smimesym.c | 8 - security/nss/lib/smime/smimeutil.c | 784 - security/nss/lib/smime/smimever.c | 56 - security/nss/lib/softoken/Makefile | 95 - security/nss/lib/softoken/cdbhdl.h | 89 - security/nss/lib/softoken/config.mk | 101 - security/nss/lib/softoken/dbinit.c | 449 - security/nss/lib/softoken/dbmshim.c | 664 - security/nss/lib/softoken/ecdecode.c | 687 - security/nss/lib/softoken/fipstest.c | 1494 - security/nss/lib/softoken/fipstokn.c | 1102 - security/nss/lib/softoken/keydb.c | 2885 - security/nss/lib/softoken/keydbi.h | 86 - security/nss/lib/softoken/lowcert.c | 646 - security/nss/lib/softoken/lowkey.c | 492 - security/nss/lib/softoken/lowkeyi.h | 274 - security/nss/lib/softoken/lowkeyti.h | 163 - security/nss/lib/softoken/lowpbe.c | 1185 - security/nss/lib/softoken/lowpbe.h | 135 - security/nss/lib/softoken/manifest.mn | 88 - security/nss/lib/softoken/padbuf.c | 80 - security/nss/lib/softoken/pcert.h | 249 - security/nss/lib/softoken/pcertdb.c | 5370 -- security/nss/lib/softoken/pcertt.h | 446 - security/nss/lib/softoken/pk11db.c | 1019 - security/nss/lib/softoken/pk11pars.h | 869 - security/nss/lib/softoken/pkcs11.c | 5157 -- security/nss/lib/softoken/pkcs11.h | 323 - security/nss/lib/softoken/pkcs11c.c | 5708 -- security/nss/lib/softoken/pkcs11f.h | 937 - security/nss/lib/softoken/pkcs11i.h | 730 - security/nss/lib/softoken/pkcs11n.h | 246 - security/nss/lib/softoken/pkcs11ni.h | 52 - security/nss/lib/softoken/pkcs11p.h | 54 - security/nss/lib/softoken/pkcs11t.h | 1747 - security/nss/lib/softoken/pkcs11u.c | 3476 -- security/nss/lib/softoken/pkcs11u.h | 52 - security/nss/lib/softoken/rsawrapr.c | 879 - security/nss/lib/softoken/softkver.c | 56 - security/nss/lib/softoken/softoken.h | 164 - security/nss/lib/softoken/softokn.def | 61 - security/nss/lib/softoken/softokn.rc | 101 - security/nss/lib/softoken/softoknt.h | 64 - security/nss/lib/softoken/tlsprf.c | 215 - security/nss/lib/ssl/Makefile | 91 - security/nss/lib/ssl/authcert.c | 122 - security/nss/lib/ssl/cmpcert.c | 123 - security/nss/lib/ssl/config.mk | 125 - security/nss/lib/ssl/derive.c | 481 - security/nss/lib/ssl/emulate.c | 636 - security/nss/lib/ssl/manifest.mn | 90 - security/nss/lib/ssl/notes.txt | 166 - security/nss/lib/ssl/nsskea.c | 78 - security/nss/lib/ssl/os2_err.c | 313 - security/nss/lib/ssl/os2_err.h | 86 - security/nss/lib/ssl/preenc.h | 146 - security/nss/lib/ssl/prelib.c | 67 - security/nss/lib/ssl/ssl.def | 128 - security/nss/lib/ssl/ssl.h | 479 - security/nss/lib/ssl/ssl.rc | 101 - security/nss/lib/ssl/ssl3con.c | 8064 --- security/nss/lib/ssl/ssl3ecc.c | 655 - security/nss/lib/ssl/ssl3gthr.c | 239 - security/nss/lib/ssl/ssl3prot.h | 303 - security/nss/lib/ssl/sslauth.c | 270 - security/nss/lib/ssl/sslcon.c | 3804 -- security/nss/lib/ssl/ssldef.c | 252 - security/nss/lib/ssl/sslenum.c | 134 - security/nss/lib/ssl/sslerr.c | 74 - security/nss/lib/ssl/sslerr.h | 193 - security/nss/lib/ssl/sslgathr.c | 483 - security/nss/lib/ssl/sslimpl.h | 1393 - security/nss/lib/ssl/sslinfo.c | 275 - security/nss/lib/ssl/sslmutex.c | 673 - security/nss/lib/ssl/sslmutex.h | 151 - security/nss/lib/ssl/sslnonce.c | 375 - security/nss/lib/ssl/sslproto.h | 208 - security/nss/lib/ssl/sslreveal.c | 100 - security/nss/lib/ssl/sslsecur.c | 1348 - security/nss/lib/ssl/sslsnce.c | 1699 - security/nss/lib/ssl/sslsock.c | 2111 - security/nss/lib/ssl/sslt.h | 173 - security/nss/lib/ssl/ssltrace.c | 272 - security/nss/lib/ssl/sslver.c | 56 - security/nss/lib/ssl/unix_err.c | 550 - security/nss/lib/ssl/unix_err.h | 90 - security/nss/lib/ssl/win32err.c | 379 - security/nss/lib/ssl/win32err.h | 84 - security/nss/lib/util/Makefile | 88 - security/nss/lib/util/base64.h | 74 - security/nss/lib/util/ciferfam.h | 90 - security/nss/lib/util/config.mk | 47 - security/nss/lib/util/derdec.c | 555 - security/nss/lib/util/derenc.c | 507 - security/nss/lib/util/dersubr.c | 266 - security/nss/lib/util/dertime.c | 403 - security/nss/lib/util/manifest.mn | 100 - security/nss/lib/util/nssb64.h | 127 - security/nss/lib/util/nssb64d.c | 864 - security/nss/lib/util/nssb64e.c | 765 - security/nss/lib/util/nssb64t.h | 48 - security/nss/lib/util/nssilckt.h | 224 - security/nss/lib/util/nssilock.c | 522 - security/nss/lib/util/nssilock.h | 319 - security/nss/lib/util/nsslocks.c | 112 - security/nss/lib/util/nsslocks.h | 70 - security/nss/lib/util/nssrwlk.c | 514 - security/nss/lib/util/nssrwlk.h | 163 - security/nss/lib/util/nssrwlkt.h | 50 - security/nss/lib/util/portreg.c | 321 - security/nss/lib/util/portreg.h | 96 - security/nss/lib/util/pqgutil.c | 270 - security/nss/lib/util/pqgutil.h | 130 - security/nss/lib/util/quickder.c | 912 - security/nss/lib/util/secalgid.c | 182 - security/nss/lib/util/secasn1.h | 310 - security/nss/lib/util/secasn1d.c | 3300 -- security/nss/lib/util/secasn1e.c | 1647 - security/nss/lib/util/secasn1t.h | 300 - security/nss/lib/util/secasn1u.c | 131 - security/nss/lib/util/seccomon.h | 115 - security/nss/lib/util/secder.h | 223 - security/nss/lib/util/secdert.h | 173 - security/nss/lib/util/secdig.c | 237 - security/nss/lib/util/secdig.h | 138 - security/nss/lib/util/secdigt.h | 60 - security/nss/lib/util/secerr.h | 213 - security/nss/lib/util/secinit.c | 53 - security/nss/lib/util/secitem.c | 313 - security/nss/lib/util/secitem.h | 122 - security/nss/lib/util/secoid.c | 1848 - security/nss/lib/util/secoid.h | 129 - security/nss/lib/util/secoidt.h | 432 - security/nss/lib/util/secplcy.c | 117 - security/nss/lib/util/secplcy.h | 136 - security/nss/lib/util/secport.c | 607 - security/nss/lib/util/secport.h | 263 - security/nss/lib/util/sectime.c | 260 - security/nss/lib/util/utf8.c | 1833 - security/nss/lib/util/watcomfx.h | 62 - security/nss/manifest.mn | 47 - security/nss/pkg/Makefile | 59 - security/nss/pkg/linux/Makefile | 121 - security/nss/pkg/linux/sun-nss.spec | 84 - security/nss/pkg/solaris/Makefile | 125 - security/nss/pkg/solaris/Makefile-devl.com | 69 - security/nss/pkg/solaris/Makefile-devl.targ | 62 - security/nss/pkg/solaris/Makefile-tlsu.com | 69 - security/nss/pkg/solaris/Makefile-tlsu.targ | 70 - security/nss/pkg/solaris/Makefile.com | 70 - security/nss/pkg/solaris/Makefile.targ | 70 - security/nss/pkg/solaris/SUNWtls/Makefile | 52 - security/nss/pkg/solaris/SUNWtls/pkgdepend | 64 - security/nss/pkg/solaris/SUNWtls/pkginfo.tmpl | 70 - .../nss/pkg/solaris/SUNWtls/prototype_com | 77 - .../nss/pkg/solaris/SUNWtls/prototype_i386 | 90 - .../nss/pkg/solaris/SUNWtls/prototype_sparc | 103 - security/nss/pkg/solaris/SUNWtlsd/Makefile | 52 - security/nss/pkg/solaris/SUNWtlsd/pkgdepend | 59 - .../nss/pkg/solaris/SUNWtlsd/pkginfo.tmpl | 70 - security/nss/pkg/solaris/SUNWtlsd/prototype | 163 - security/nss/pkg/solaris/SUNWtlsu/Makefile | 52 - security/nss/pkg/solaris/SUNWtlsu/pkgdepend | 58 - .../nss/pkg/solaris/SUNWtlsu/pkginfo.tmpl | 70 - .../nss/pkg/solaris/SUNWtlsu/prototype_com | 73 - .../nss/pkg/solaris/SUNWtlsu/prototype_i386 | 78 - .../nss/pkg/solaris/SUNWtlsu/prototype_sparc | 78 - security/nss/pkg/solaris/bld_awk_pkginfo.ksh | 141 - .../nss/pkg/solaris/common_files/copyright | 36 - security/nss/pkg/solaris/proto64.mk | 50 - security/nss/tests/all.sh | 106 - security/nss/tests/cert/cert.sh | 807 - security/nss/tests/cert/eccert.sh | 886 - security/nss/tests/cipher/cipher.sh | 119 - security/nss/tests/cipher/cipher.txt | 35 - security/nss/tests/cipher/dsa.txt | 8 - security/nss/tests/cipher/hash.txt | 8 - security/nss/tests/cipher/performance.sh | 148 - security/nss/tests/cipher/rsa.txt | 8 - security/nss/tests/cipher/symmkey.txt | 23 - security/nss/tests/clean_tbx | 172 - security/nss/tests/cmdtests/cmdtests.sh | 133 - security/nss/tests/common/Makefile | 53 - security/nss/tests/common/cleanup.sh | 44 - security/nss/tests/common/init.sh | 496 - security/nss/tests/common/results_header.html | 6 - security/nss/tests/core_watch | 45 - security/nss/tests/crmf/crmf.sh | 121 - security/nss/tests/dbtests/dbtests.sh | 236 - security/nss/tests/dll_version.sh | 50 - security/nss/tests/doc/clean.gif | Bin 5503 -> 0 bytes security/nss/tests/doc/nssqa.txt | 108 - .../nss/tests/doc/platform_specific_problems | 110 - security/nss/tests/doc/qa_wrapper.html | 269 - security/nss/tests/fips/fips.sh | 219 - security/nss/tests/fixtests.sh | 117 - security/nss/tests/header | 1636 - security/nss/tests/jss_dll_version.sh | 22 - security/nss/tests/jssdir | 28 - security/nss/tests/jssqa | 220 - security/nss/tests/mksymlinks | 115 - security/nss/tests/nssdir | 28 - security/nss/tests/nsspath | 12 - security/nss/tests/nssqa | 286 - security/nss/tests/path_uniq | 107 - .../nss/tests/pkcs11/netscape/suites/Makefile | 80 - .../tests/pkcs11/netscape/suites/config.mk | 46 - .../tests/pkcs11/netscape/suites/manifest.mn | 41 - .../pkcs11/netscape/suites/security/Makefile | 80 - .../pkcs11/netscape/suites/security/config.mk | 58 - .../netscape/suites/security/manifest.mn | 44 - .../netscape/suites/security/pkcs11/Makefile | 81 - .../netscape/suites/security/pkcs11/config.mk | 61 - .../suites/security/pkcs11/manifest.mn | 50 - .../suites/security/pkcs11/pk11test.c | 1363 - .../suites/security/pkcs11/pk11test.h | 114 - .../suites/security/pkcs11/pk11test.htp | 53 - .../netscape/suites/security/pkcs11/pkcs11.h | 193 - .../suites/security/pkcs11/pkcs11.reg | 964 - .../suites/security/pkcs11/pkcs11.rep | 161 - .../netscape/suites/security/pkcs11/rules.mk | 38 - .../netscape/suites/security/ssl/Makefile | 82 - .../netscape/suites/security/ssl/README | 11 - .../netscape/suites/security/ssl/cert7.db | Bin 90112 -> 0 bytes .../netscape/suites/security/ssl/config.mk | 66 - .../netscape/suites/security/ssl/key3.db | Bin 16384 -> 0 bytes .../netscape/suites/security/ssl/manifest.mn | 57 - .../netscape/suites/security/ssl/ssl.reg | 49198 ---------------- .../netscape/suites/security/ssl/sslc.c | 296 - .../netscape/suites/security/ssl/sslc.h | 99 - .../netscape/suites/security/ssl/ssls.c | 108 - .../netscape/suites/security/ssl/ssls.h | 130 - .../netscape/suites/security/ssl/sslt.c | 1186 - .../netscape/suites/security/ssl/sslt.h | 241 - .../netscape/suites/security/ssl/sslt.htp | 139 - .../netscape/suites/security/ssl/sslt.rep | 421 - .../tests/pkcs11/netscape/trivial/.cvsignore | 6 - .../tests/pkcs11/netscape/trivial/Makefile.in | 180 - .../tests/pkcs11/netscape/trivial/README.txt | 56 - .../tests/pkcs11/netscape/trivial/acconfig.h | 39 - .../tests/pkcs11/netscape/trivial/config.h.in | 28 - .../tests/pkcs11/netscape/trivial/configure | 1906 - .../pkcs11/netscape/trivial/configure.in | 180 - .../tests/pkcs11/netscape/trivial/install-sh | 251 - .../tests/pkcs11/netscape/trivial/trivial.c | 1316 - security/nss/tests/pkits/pkits.sh | 2065 - security/nss/tests/platformlist | 11 - security/nss/tests/platformlist.tbx | 14 - security/nss/tests/qa_stage | 336 - security/nss/tests/qa_stat | 938 - security/nss/tests/qaclean | 144 - security/nss/tests/run_niscc.sh | 487 - security/nss/tests/sdr/sdr.sh | 131 - security/nss/tests/set_environment | 234 - security/nss/tests/smime/alice.txt | 6 - security/nss/tests/smime/bob.txt | 6 - security/nss/tests/smime/ecsmime.sh | 260 - security/nss/tests/smime/smime.sh | 233 - security/nss/tests/ssl/ecssl.sh | 350 - security/nss/tests/ssl/ecsslauth.txt | 50 - security/nss/tests/ssl/ecsslcov.txt | 94 - security/nss/tests/ssl/ecsslstress.txt | 26 - security/nss/tests/ssl/ssl.sh | 683 - security/nss/tests/ssl/ssl_dist_stress.sh | 345 - security/nss/tests/ssl/sslauth.txt | 31 - security/nss/tests/ssl/sslcov.txt | 48 - security/nss/tests/ssl/sslreq.dat | 2 - security/nss/tests/ssl/sslreq.txt | 2 - security/nss/tests/ssl/sslstress.txt | 14 - security/nss/tests/tools/ectools.sh | 210 - security/nss/tests/tools/sign.html | 5 - security/nss/tests/tools/signjs.html | 8 - security/nss/tests/tools/tools.sh | 217 - security/nss/trademarks.txt | 130 - 1389 files changed, 78 insertions(+), 600334 deletions(-) delete mode 100644 dbm/.cvsignore delete mode 100644 dbm/Makefile.in delete mode 100644 dbm/include/.cvsignore delete mode 100644 dbm/include/Makefile.in delete mode 100644 dbm/include/Makefile.win delete mode 100644 dbm/include/cdefs.h delete mode 100644 dbm/include/extern.h delete mode 100644 dbm/include/hash.h delete mode 100644 dbm/include/hsearch.h delete mode 100644 dbm/include/mcom_db.h delete mode 100644 dbm/include/mpool.h delete mode 100644 dbm/include/ncompat.h delete mode 100644 dbm/include/ndbm.h delete mode 100644 dbm/include/nsres.h delete mode 100644 dbm/include/page.h delete mode 100644 dbm/include/queue.h delete mode 100644 dbm/include/search.h delete mode 100644 dbm/include/watcomfx.h delete mode 100644 dbm/include/winfile.h delete mode 100644 dbm/src/.cvsignore delete mode 100644 dbm/src/Makefile.in delete mode 100644 dbm/src/Makefile.win delete mode 100644 dbm/src/db.c delete mode 100644 dbm/src/h_bigkey.c delete mode 100644 dbm/src/h_func.c delete mode 100644 dbm/src/h_log2.c delete mode 100644 dbm/src/h_page.c delete mode 100644 dbm/src/hash.c delete mode 100644 dbm/src/hash_buf.c delete mode 100644 dbm/src/hsearch.c delete mode 100644 dbm/src/memmove.c delete mode 100644 dbm/src/mktemp.c delete mode 100644 dbm/src/ndbm.c delete mode 100644 dbm/src/nsres.c delete mode 100644 dbm/src/snprintf.c delete mode 100644 dbm/src/strerror.c delete mode 100644 dbm/tests/.cvsignore delete mode 100644 dbm/tests/Makefile.in delete mode 100644 dbm/tests/dbmtest.pkg delete mode 100644 dbm/tests/lots.c rename security/{nss/tests/perf/perf.sh => coreconf/makefile.win} (52%) mode change 100755 => 100644 rename security/{nss/cmd/crmf-cgi/config.mk => coreconf/nsinstall/nfspwd} (84%) mode change 100644 => 100755 rename security/{nss/cmd/crmftest/config.mk => coreconf/nsinstall/nfspwd.pl} (84%) delete mode 100644 security/dbm/Makefile delete mode 100644 security/dbm/config/config.mk delete mode 100644 security/dbm/include/Makefile delete mode 100644 security/dbm/include/manifest.mn delete mode 100644 security/dbm/manifest.mn delete mode 100644 security/dbm/src/Makefile delete mode 100644 security/dbm/src/config.mk delete mode 100644 security/dbm/src/dirent.c delete mode 100644 security/dbm/src/dirent.h delete mode 100644 security/dbm/src/manifest.mn delete mode 100644 security/dbm/tests/Makefile delete mode 100644 security/nss/Makefile delete mode 100644 security/nss/cmd/.cvsignore delete mode 100644 security/nss/cmd/Makefile delete mode 100644 security/nss/cmd/SSLsample/Makefile delete mode 100644 security/nss/cmd/SSLsample/NSPRerrs.h delete mode 100644 security/nss/cmd/SSLsample/README delete mode 100644 security/nss/cmd/SSLsample/SECerrs.h delete mode 100644 security/nss/cmd/SSLsample/SSLerrs.h delete mode 100644 security/nss/cmd/SSLsample/client.c delete mode 100644 security/nss/cmd/SSLsample/client.mn delete mode 100755 security/nss/cmd/SSLsample/gencerts delete mode 100644 security/nss/cmd/SSLsample/make.client delete mode 100644 security/nss/cmd/SSLsample/make.server delete mode 100644 security/nss/cmd/SSLsample/server.c delete mode 100644 security/nss/cmd/SSLsample/server.mn delete mode 100644 security/nss/cmd/SSLsample/sslerror.h delete mode 100644 security/nss/cmd/SSLsample/sslsample.c delete mode 100644 security/nss/cmd/SSLsample/sslsample.h delete mode 100644 security/nss/cmd/addbuiltin/Makefile delete mode 100644 security/nss/cmd/addbuiltin/addbuiltin.c delete mode 100644 security/nss/cmd/addbuiltin/manifest.mn delete mode 100644 security/nss/cmd/atob/Makefile delete mode 100644 security/nss/cmd/atob/atob.c delete mode 100644 security/nss/cmd/atob/manifest.mn delete mode 100644 security/nss/cmd/bltest/Makefile delete mode 100644 security/nss/cmd/bltest/blapitest.c delete mode 100644 security/nss/cmd/bltest/manifest.mn delete mode 100644 security/nss/cmd/bltest/tests/README delete mode 100644 security/nss/cmd/bltest/tests/aes_cbc/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/aes_cbc/iv0 delete mode 100644 security/nss/cmd/bltest/tests/aes_cbc/key0 delete mode 100644 security/nss/cmd/bltest/tests/aes_cbc/numtests delete mode 100644 security/nss/cmd/bltest/tests/aes_cbc/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/aes_ecb/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/aes_ecb/key0 delete mode 100644 security/nss/cmd/bltest/tests/aes_ecb/numtests delete mode 100644 security/nss/cmd/bltest/tests/aes_ecb/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/des3_cbc/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/des3_cbc/iv0 delete mode 100644 security/nss/cmd/bltest/tests/des3_cbc/key0 delete mode 100644 security/nss/cmd/bltest/tests/des3_cbc/numtests delete mode 100644 security/nss/cmd/bltest/tests/des3_cbc/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/des3_ecb/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/des3_ecb/key0 delete mode 100644 security/nss/cmd/bltest/tests/des3_ecb/numtests delete mode 100644 security/nss/cmd/bltest/tests/des3_ecb/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/des_cbc/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/des_cbc/iv0 delete mode 100644 security/nss/cmd/bltest/tests/des_cbc/key0 delete mode 100644 security/nss/cmd/bltest/tests/des_cbc/numtests delete mode 100644 security/nss/cmd/bltest/tests/des_cbc/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/des_ecb/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/des_ecb/key0 delete mode 100644 security/nss/cmd/bltest/tests/des_ecb/numtests delete mode 100644 security/nss/cmd/bltest/tests/des_ecb/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/dsa/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/dsa/key0 delete mode 100644 security/nss/cmd/bltest/tests/dsa/keyseed0 delete mode 100644 security/nss/cmd/bltest/tests/dsa/numtests delete mode 100644 security/nss/cmd/bltest/tests/dsa/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/dsa/pqg0 delete mode 100644 security/nss/cmd/bltest/tests/dsa/sigseed0 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/README delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext1 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext10 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext11 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext12 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext13 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext14 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext15 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext16 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext17 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext18 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext19 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext2 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext20 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext3 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext4 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext5 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext6 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext7 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext8 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/ciphertext9 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key0 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key1 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key10 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key11 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key12 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key13 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key14 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key15 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key16 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key17 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key18 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key19 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key2 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key20 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key3 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key4 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key5 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key6 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key7 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key8 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/key9 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/numtests delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext1 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext10 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext11 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext12 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext13 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext14 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext15 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext16 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext17 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext18 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext19 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext2 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext20 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext3 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext4 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext5 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext6 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext7 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext8 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/plaintext9 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed0 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed1 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed10 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed11 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed12 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed13 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed14 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed15 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed16 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed17 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed18 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed19 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed2 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed20 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed3 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed4 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed5 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed6 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed7 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed8 delete mode 100644 security/nss/cmd/bltest/tests/ecdsa/sigseed9 delete mode 100644 security/nss/cmd/bltest/tests/md2/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/md2/numtests delete mode 100644 security/nss/cmd/bltest/tests/md2/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/md5/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/md5/numtests delete mode 100644 security/nss/cmd/bltest/tests/md5/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/rc2_cbc/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/rc2_cbc/iv0 delete mode 100644 security/nss/cmd/bltest/tests/rc2_cbc/key0 delete mode 100644 security/nss/cmd/bltest/tests/rc2_cbc/numtests delete mode 100644 security/nss/cmd/bltest/tests/rc2_cbc/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/rc2_ecb/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/rc2_ecb/key0 delete mode 100644 security/nss/cmd/bltest/tests/rc2_ecb/numtests delete mode 100644 security/nss/cmd/bltest/tests/rc2_ecb/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/rc4/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/rc4/ciphertext1 delete mode 100644 security/nss/cmd/bltest/tests/rc4/key0 delete mode 100644 security/nss/cmd/bltest/tests/rc4/key1 delete mode 100644 security/nss/cmd/bltest/tests/rc4/numtests delete mode 100644 security/nss/cmd/bltest/tests/rc4/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/rc4/plaintext1 delete mode 100644 security/nss/cmd/bltest/tests/rc5_cbc/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/rc5_cbc/iv0 delete mode 100644 security/nss/cmd/bltest/tests/rc5_cbc/key0 delete mode 100644 security/nss/cmd/bltest/tests/rc5_cbc/numtests delete mode 100644 security/nss/cmd/bltest/tests/rc5_cbc/params0 delete mode 100644 security/nss/cmd/bltest/tests/rc5_cbc/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/rc5_ecb/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/rc5_ecb/key0 delete mode 100644 security/nss/cmd/bltest/tests/rc5_ecb/numtests delete mode 100644 security/nss/cmd/bltest/tests/rc5_ecb/params0 delete mode 100644 security/nss/cmd/bltest/tests/rc5_ecb/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/rsa/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/rsa/key0 delete mode 100644 security/nss/cmd/bltest/tests/rsa/numtests delete mode 100644 security/nss/cmd/bltest/tests/rsa/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/sha1/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/sha1/numtests delete mode 100644 security/nss/cmd/bltest/tests/sha1/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/sha256/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/sha256/ciphertext1 delete mode 100644 security/nss/cmd/bltest/tests/sha256/numtests delete mode 100644 security/nss/cmd/bltest/tests/sha256/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/sha256/plaintext1 delete mode 100644 security/nss/cmd/bltest/tests/sha384/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/sha384/ciphertext1 delete mode 100644 security/nss/cmd/bltest/tests/sha384/numtests delete mode 100644 security/nss/cmd/bltest/tests/sha384/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/sha384/plaintext1 delete mode 100644 security/nss/cmd/bltest/tests/sha512/ciphertext0 delete mode 100644 security/nss/cmd/bltest/tests/sha512/ciphertext1 delete mode 100644 security/nss/cmd/bltest/tests/sha512/numtests delete mode 100644 security/nss/cmd/bltest/tests/sha512/plaintext0 delete mode 100644 security/nss/cmd/bltest/tests/sha512/plaintext1 delete mode 100644 security/nss/cmd/btoa/Makefile delete mode 100644 security/nss/cmd/btoa/btoa.c delete mode 100644 security/nss/cmd/btoa/manifest.mn delete mode 100644 security/nss/cmd/certcgi/HOWTO.txt delete mode 100644 security/nss/cmd/certcgi/Makefile delete mode 100644 security/nss/cmd/certcgi/ca.html delete mode 100644 security/nss/cmd/certcgi/ca_form.html delete mode 100644 security/nss/cmd/certcgi/certcgi.c delete mode 100644 security/nss/cmd/certcgi/index.html delete mode 100644 security/nss/cmd/certcgi/main.html delete mode 100644 security/nss/cmd/certcgi/manifest.mn delete mode 100644 security/nss/cmd/certcgi/nscp_ext_form.html delete mode 100644 security/nss/cmd/certcgi/stnd_ext_form.html delete mode 100644 security/nss/cmd/certutil/Makefile delete mode 100644 security/nss/cmd/certutil/certutil.c delete mode 100644 security/nss/cmd/certutil/keystuff.c delete mode 100644 security/nss/cmd/certutil/manifest.mn delete mode 100644 security/nss/cmd/checkcert/Makefile delete mode 100644 security/nss/cmd/checkcert/checkcert.c delete mode 100644 security/nss/cmd/checkcert/manifest.mn delete mode 100644 security/nss/cmd/crlutil/Makefile delete mode 100644 security/nss/cmd/crlutil/crlgen.c delete mode 100644 security/nss/cmd/crlutil/crlgen.h delete mode 100644 security/nss/cmd/crlutil/crlgen_lex.c delete mode 100644 security/nss/cmd/crlutil/crlgen_lex_fix.sed delete mode 100644 security/nss/cmd/crlutil/crlgen_lex_orig.l delete mode 100644 security/nss/cmd/crlutil/crlutil.c delete mode 100644 security/nss/cmd/crlutil/manifest.mn delete mode 100644 security/nss/cmd/crmf-cgi/Makefile delete mode 100644 security/nss/cmd/crmf-cgi/crmfcgi.c delete mode 100644 security/nss/cmd/crmf-cgi/crmfcgi.html delete mode 100644 security/nss/cmd/crmf-cgi/manifest.mn delete mode 100644 security/nss/cmd/crmftest/Makefile delete mode 100644 security/nss/cmd/crmftest/manifest.mn delete mode 100644 security/nss/cmd/crmftest/testcrmf.c delete mode 100644 security/nss/cmd/dbck/Makefile delete mode 100644 security/nss/cmd/dbck/dbck.c delete mode 100644 security/nss/cmd/dbck/manifest.mn delete mode 100644 security/nss/cmd/dbtest/Makefile delete mode 100644 security/nss/cmd/dbtest/dbtest.c delete mode 100644 security/nss/cmd/dbtest/manifest.mn delete mode 100644 security/nss/cmd/derdump/Makefile delete mode 100644 security/nss/cmd/derdump/derdump.c delete mode 100644 security/nss/cmd/derdump/manifest.mn delete mode 100644 security/nss/cmd/digest/Makefile delete mode 100644 security/nss/cmd/digest/digest.c delete mode 100644 security/nss/cmd/digest/manifest.mn delete mode 100755 security/nss/cmd/fipstest/Makefile delete mode 100644 security/nss/cmd/fipstest/aes.sh delete mode 100644 security/nss/cmd/fipstest/ecdsa.sh delete mode 100644 security/nss/cmd/fipstest/fipstest.c delete mode 100755 security/nss/cmd/fipstest/hmac.sh delete mode 100644 security/nss/cmd/fipstest/manifest.mn delete mode 100644 security/nss/cmd/fipstest/sha.sh delete mode 100644 security/nss/cmd/fipstest/tdea.sh delete mode 100644 security/nss/cmd/lib/Makefile delete mode 100644 security/nss/cmd/lib/NSPRerrs.h delete mode 100644 security/nss/cmd/lib/SECerrs.h delete mode 100644 security/nss/cmd/lib/SSLerrs.h delete mode 100644 security/nss/cmd/lib/berparse.c delete mode 100644 security/nss/cmd/lib/config.mk delete mode 100644 security/nss/cmd/lib/derprint.c delete mode 100644 security/nss/cmd/lib/ffs.c delete mode 100644 security/nss/cmd/lib/manifest.mn delete mode 100644 security/nss/cmd/lib/moreoids.c delete mode 100644 security/nss/cmd/lib/pppolicy.c delete mode 100644 security/nss/cmd/lib/secerror.c delete mode 100644 security/nss/cmd/lib/secpwd.c delete mode 100644 security/nss/cmd/lib/secutil.c delete mode 100644 security/nss/cmd/lib/secutil.h delete mode 100644 security/nss/cmd/makepqg/Makefile delete mode 100644 security/nss/cmd/makepqg/makepqg.c delete mode 100644 security/nss/cmd/makepqg/manifest.mn delete mode 100644 security/nss/cmd/makepqg/testit.ksh delete mode 100644 security/nss/cmd/manifest.mn delete mode 100644 security/nss/cmd/modutil/Makefile delete mode 100644 security/nss/cmd/modutil/README delete mode 100644 security/nss/cmd/modutil/error.h delete mode 100644 security/nss/cmd/modutil/install-ds.c delete mode 100644 security/nss/cmd/modutil/install-ds.h delete mode 100644 security/nss/cmd/modutil/install.c delete mode 100644 security/nss/cmd/modutil/install.h delete mode 100644 security/nss/cmd/modutil/installparse.c delete mode 100644 security/nss/cmd/modutil/installparse.h delete mode 100644 security/nss/cmd/modutil/installparse.l delete mode 100644 security/nss/cmd/modutil/installparse.y delete mode 100644 security/nss/cmd/modutil/instsec.c delete mode 100644 security/nss/cmd/modutil/lex.Pk11Install_yy.c delete mode 100644 security/nss/cmd/modutil/manifest.mn delete mode 100644 security/nss/cmd/modutil/modutil.c delete mode 100644 security/nss/cmd/modutil/modutil.h delete mode 100644 security/nss/cmd/modutil/pk11.c delete mode 100644 security/nss/cmd/modutil/pk11jar.html delete mode 100644 security/nss/cmd/modutil/rules.mk delete mode 100644 security/nss/cmd/modutil/specification.html delete mode 100644 security/nss/cmd/ocspclnt/Makefile delete mode 100644 security/nss/cmd/ocspclnt/manifest.mn delete mode 100644 security/nss/cmd/ocspclnt/ocspclnt.c delete mode 100644 security/nss/cmd/oidcalc/Makefile delete mode 100644 security/nss/cmd/oidcalc/manifest.mn delete mode 100644 security/nss/cmd/oidcalc/oidcalc.c delete mode 100644 security/nss/cmd/p7content/Makefile delete mode 100644 security/nss/cmd/p7content/manifest.mn delete mode 100644 security/nss/cmd/p7content/p7content.c delete mode 100644 security/nss/cmd/p7env/Makefile delete mode 100644 security/nss/cmd/p7env/manifest.mn delete mode 100644 security/nss/cmd/p7env/p7env.c delete mode 100644 security/nss/cmd/p7sign/Makefile delete mode 100644 security/nss/cmd/p7sign/manifest.mn delete mode 100644 security/nss/cmd/p7sign/p7sign.c delete mode 100644 security/nss/cmd/p7verify/Makefile delete mode 100644 security/nss/cmd/p7verify/manifest.mn delete mode 100644 security/nss/cmd/p7verify/p7verify.c delete mode 100644 security/nss/cmd/pk11util/Makefile delete mode 100644 security/nss/cmd/pk11util/manifest.mn delete mode 100644 security/nss/cmd/pk11util/pk11table.c delete mode 100644 security/nss/cmd/pk11util/pk11util.c delete mode 100644 security/nss/cmd/pk11util/pk11util.h delete mode 100644 security/nss/cmd/pk11util/scripts/dosign delete mode 100644 security/nss/cmd/pk11util/scripts/hssign delete mode 100644 security/nss/cmd/pk11util/scripts/lcert delete mode 100644 security/nss/cmd/pk11util/scripts/mechanisms delete mode 100644 security/nss/cmd/pk11util/scripts/pLabel1 delete mode 100644 security/nss/cmd/pk11util/scripts/pMechanisms delete mode 100644 security/nss/cmd/pk11util/scripts/pcert delete mode 100644 security/nss/cmd/pk11util/scripts/pkey delete mode 100644 security/nss/cmd/pk12util/Makefile delete mode 100644 security/nss/cmd/pk12util/manifest.mn delete mode 100644 security/nss/cmd/pk12util/pk12util.c delete mode 100644 security/nss/cmd/pk12util/pk12util.h delete mode 100644 security/nss/cmd/platlibs.mk delete mode 100644 security/nss/cmd/platrules.mk delete mode 100644 security/nss/cmd/pp/Makefile delete mode 100644 security/nss/cmd/pp/manifest.mn delete mode 100644 security/nss/cmd/pp/pp.c delete mode 100644 security/nss/cmd/pwdecrypt/Makefile delete mode 100644 security/nss/cmd/pwdecrypt/manifest.mn delete mode 100644 security/nss/cmd/pwdecrypt/pwdecrypt.c delete mode 100644 security/nss/cmd/rsaperf/Makefile delete mode 100644 security/nss/cmd/rsaperf/defkey.c delete mode 100644 security/nss/cmd/rsaperf/manifest.mn delete mode 100644 security/nss/cmd/rsaperf/rsaperf.c delete mode 100644 security/nss/cmd/samples/cert delete mode 100644 security/nss/cmd/samples/cert0 delete mode 100644 security/nss/cmd/samples/cert1 delete mode 100644 security/nss/cmd/samples/cert2 delete mode 100644 security/nss/cmd/samples/pkcs7.ber delete mode 100644 security/nss/cmd/samples/pkcs7bday.ber delete mode 100644 security/nss/cmd/samples/pkcs7cnet.ber delete mode 100644 security/nss/cmd/samples/pkcs7news.ber delete mode 100644 security/nss/cmd/samples/x509v3.der delete mode 100644 security/nss/cmd/samples/x509v3.txt delete mode 100644 security/nss/cmd/sdrtest/Makefile delete mode 100644 security/nss/cmd/sdrtest/manifest.mn delete mode 100644 security/nss/cmd/sdrtest/sdrtest.c delete mode 100644 security/nss/cmd/selfserv/Makefile delete mode 100644 security/nss/cmd/selfserv/manifest.mn delete mode 100644 security/nss/cmd/selfserv/selfserv.c delete mode 100644 security/nss/cmd/shlibsign/Makefile delete mode 100644 security/nss/cmd/shlibsign/mangle/Makefile delete mode 100644 security/nss/cmd/shlibsign/mangle/mangle.c delete mode 100644 security/nss/cmd/shlibsign/mangle/manifest.mn delete mode 100644 security/nss/cmd/shlibsign/manifest.mn delete mode 100644 security/nss/cmd/shlibsign/shlibsign.c delete mode 100644 security/nss/cmd/shlibsign/sign.cmd delete mode 100644 security/nss/cmd/shlibsign/sign.sh delete mode 100644 security/nss/cmd/signtool/Makefile delete mode 100644 security/nss/cmd/signtool/README delete mode 100644 security/nss/cmd/signtool/certgen.c delete mode 100644 security/nss/cmd/signtool/javascript.c delete mode 100644 security/nss/cmd/signtool/list.c delete mode 100644 security/nss/cmd/signtool/manifest.mn delete mode 100644 security/nss/cmd/signtool/sign.c delete mode 100644 security/nss/cmd/signtool/signtool.c delete mode 100644 security/nss/cmd/signtool/signtool.h delete mode 100644 security/nss/cmd/signtool/util.c delete mode 100644 security/nss/cmd/signtool/verify.c delete mode 100644 security/nss/cmd/signtool/zip.c delete mode 100644 security/nss/cmd/signtool/zip.h delete mode 100644 security/nss/cmd/signver/Makefile delete mode 100755 security/nss/cmd/signver/examples/1/form.pl delete mode 100644 security/nss/cmd/signver/examples/1/signedForm.html delete mode 100644 security/nss/cmd/signver/examples/1/signedForm.nt.html delete mode 100755 security/nss/cmd/signver/examples/1/signedForm.pl delete mode 100644 security/nss/cmd/signver/manifest.mn delete mode 100644 security/nss/cmd/signver/pk7print.c delete mode 100644 security/nss/cmd/signver/signver.c delete mode 100644 security/nss/cmd/smimetools/Makefile delete mode 100644 security/nss/cmd/smimetools/cmsutil.c delete mode 100644 security/nss/cmd/smimetools/manifest.mn delete mode 100644 security/nss/cmd/smimetools/rules.mk delete mode 100755 security/nss/cmd/smimetools/smime delete mode 100644 security/nss/cmd/ssltap/Makefile delete mode 100644 security/nss/cmd/ssltap/manifest.mn delete mode 100644 security/nss/cmd/ssltap/ssltap-manual.html delete mode 100644 security/nss/cmd/ssltap/ssltap.c delete mode 100644 security/nss/cmd/strsclnt/Makefile delete mode 100644 security/nss/cmd/strsclnt/manifest.mn delete mode 100644 security/nss/cmd/strsclnt/strsclnt.c delete mode 100644 security/nss/cmd/symkeyutil/Makefile delete mode 100644 security/nss/cmd/symkeyutil/manifest.mn delete mode 100644 security/nss/cmd/symkeyutil/symkey.man delete mode 100644 security/nss/cmd/symkeyutil/symkeyutil.c delete mode 100644 security/nss/cmd/tests/Makefile delete mode 100644 security/nss/cmd/tests/manifest.mn delete mode 100644 security/nss/cmd/tests/remtest.c delete mode 100644 security/nss/cmd/tstclnt/Makefile delete mode 100644 security/nss/cmd/tstclnt/manifest.mn delete mode 100644 security/nss/cmd/tstclnt/tstclnt.c delete mode 100644 security/nss/cmd/vfychain/Makefile delete mode 100644 security/nss/cmd/vfychain/manifest.mn delete mode 100644 security/nss/cmd/vfychain/vfychain.c delete mode 100644 security/nss/cmd/vfyserv/Makefile delete mode 100644 security/nss/cmd/vfyserv/manifest.mn delete mode 100644 security/nss/cmd/vfyserv/vfyserv.c delete mode 100644 security/nss/cmd/vfyserv/vfyserv.h delete mode 100644 security/nss/cmd/vfyserv/vfyutil.c delete mode 100644 security/nss/cmd/zlib/Makefile delete mode 100644 security/nss/cmd/zlib/README delete mode 100644 security/nss/cmd/zlib/adler32.c delete mode 100644 security/nss/cmd/zlib/compress.c delete mode 100644 security/nss/cmd/zlib/config.mk delete mode 100644 security/nss/cmd/zlib/crc32.c delete mode 100644 security/nss/cmd/zlib/crc32.h delete mode 100644 security/nss/cmd/zlib/deflate.c delete mode 100644 security/nss/cmd/zlib/deflate.h delete mode 100644 security/nss/cmd/zlib/example.c delete mode 100644 security/nss/cmd/zlib/gzio.c delete mode 100644 security/nss/cmd/zlib/infback.c delete mode 100644 security/nss/cmd/zlib/inffast.c delete mode 100644 security/nss/cmd/zlib/inffast.h delete mode 100644 security/nss/cmd/zlib/inffixed.h delete mode 100644 security/nss/cmd/zlib/inflate.c delete mode 100644 security/nss/cmd/zlib/inflate.h delete mode 100644 security/nss/cmd/zlib/inftrees.c delete mode 100644 security/nss/cmd/zlib/inftrees.h delete mode 100644 security/nss/cmd/zlib/manifest.mn delete mode 100644 security/nss/cmd/zlib/minigzip.c delete mode 100644 security/nss/cmd/zlib/trees.c delete mode 100644 security/nss/cmd/zlib/trees.h delete mode 100644 security/nss/cmd/zlib/uncompr.c delete mode 100644 security/nss/cmd/zlib/zconf.h delete mode 100644 security/nss/cmd/zlib/zlib.h delete mode 100644 security/nss/cmd/zlib/zutil.c delete mode 100644 security/nss/cmd/zlib/zutil.h delete mode 100644 security/nss/lib/Makefile delete mode 100644 security/nss/lib/asn1/Makefile delete mode 100644 security/nss/lib/asn1/asn1.c delete mode 100644 security/nss/lib/asn1/asn1.h delete mode 100644 security/nss/lib/asn1/asn1m.h delete mode 100644 security/nss/lib/asn1/asn1t.h delete mode 100644 security/nss/lib/asn1/config.mk delete mode 100644 security/nss/lib/asn1/manifest.mn delete mode 100644 security/nss/lib/asn1/nssasn1t.h delete mode 100644 security/nss/lib/base/Makefile delete mode 100644 security/nss/lib/base/arena.c delete mode 100644 security/nss/lib/base/base.h delete mode 100644 security/nss/lib/base/baset.h delete mode 100644 security/nss/lib/base/config.mk delete mode 100644 security/nss/lib/base/error.c delete mode 100644 security/nss/lib/base/errorval.c delete mode 100644 security/nss/lib/base/hash.c delete mode 100644 security/nss/lib/base/hashops.c delete mode 100644 security/nss/lib/base/item.c delete mode 100644 security/nss/lib/base/libc.c delete mode 100644 security/nss/lib/base/list.c delete mode 100644 security/nss/lib/base/manifest.mn delete mode 100644 security/nss/lib/base/nssbase.h delete mode 100644 security/nss/lib/base/nssbaset.h delete mode 100644 security/nss/lib/base/tracker.c delete mode 100644 security/nss/lib/base/utf8.c delete mode 100644 security/nss/lib/certdb/.cvsignore delete mode 100644 security/nss/lib/certdb/Makefile delete mode 100644 security/nss/lib/certdb/alg1485.c delete mode 100644 security/nss/lib/certdb/cert.h delete mode 100644 security/nss/lib/certdb/certdb.c delete mode 100644 security/nss/lib/certdb/certdb.h delete mode 100644 security/nss/lib/certdb/certi.h delete mode 100644 security/nss/lib/certdb/certt.h delete mode 100644 security/nss/lib/certdb/certv3.c delete mode 100644 security/nss/lib/certdb/certxutl.c delete mode 100644 security/nss/lib/certdb/certxutl.h delete mode 100644 security/nss/lib/certdb/config.mk delete mode 100644 security/nss/lib/certdb/crl.c delete mode 100644 security/nss/lib/certdb/genname.c delete mode 100644 security/nss/lib/certdb/genname.h delete mode 100644 security/nss/lib/certdb/manifest.mn delete mode 100644 security/nss/lib/certdb/polcyxtn.c delete mode 100644 security/nss/lib/certdb/secname.c delete mode 100644 security/nss/lib/certdb/stanpcertdb.c delete mode 100644 security/nss/lib/certdb/xauthkid.c delete mode 100644 security/nss/lib/certdb/xbsconst.c delete mode 100644 security/nss/lib/certdb/xconst.c delete mode 100644 security/nss/lib/certdb/xconst.h delete mode 100644 security/nss/lib/certhigh/Makefile delete mode 100644 security/nss/lib/certhigh/certhigh.c delete mode 100644 security/nss/lib/certhigh/certhtml.c delete mode 100644 security/nss/lib/certhigh/certreq.c delete mode 100644 security/nss/lib/certhigh/certvfy.c delete mode 100644 security/nss/lib/certhigh/config.mk delete mode 100644 security/nss/lib/certhigh/crlv2.c delete mode 100644 security/nss/lib/certhigh/manifest.mn delete mode 100644 security/nss/lib/certhigh/ocsp.c delete mode 100644 security/nss/lib/certhigh/ocsp.h delete mode 100644 security/nss/lib/certhigh/ocspt.h delete mode 100644 security/nss/lib/certhigh/ocspti.h delete mode 100644 security/nss/lib/certhigh/xcrldist.c delete mode 100644 security/nss/lib/ckfw/Makefile delete mode 100644 security/nss/lib/ckfw/builtins/Makefile delete mode 100644 security/nss/lib/ckfw/builtins/README delete mode 100644 security/nss/lib/ckfw/builtins/anchor.c delete mode 100644 security/nss/lib/ckfw/builtins/bfind.c delete mode 100644 security/nss/lib/ckfw/builtins/binst.c delete mode 100644 security/nss/lib/ckfw/builtins/bobject.c delete mode 100644 security/nss/lib/ckfw/builtins/bsession.c delete mode 100644 security/nss/lib/ckfw/builtins/bslot.c delete mode 100644 security/nss/lib/ckfw/builtins/btoken.c delete mode 100644 security/nss/lib/ckfw/builtins/builtins.h delete mode 100644 security/nss/lib/ckfw/builtins/certdata.c delete mode 100644 security/nss/lib/ckfw/builtins/certdata.perl delete mode 100644 security/nss/lib/ckfw/builtins/certdata.txt delete mode 100644 security/nss/lib/ckfw/builtins/ckbiver.c delete mode 100644 security/nss/lib/ckfw/builtins/config.mk delete mode 100644 security/nss/lib/ckfw/builtins/constants.c delete mode 100644 security/nss/lib/ckfw/builtins/manifest.mn delete mode 100644 security/nss/lib/ckfw/builtins/nssckbi.def delete mode 100644 security/nss/lib/ckfw/builtins/nssckbi.h delete mode 100644 security/nss/lib/ckfw/builtins/nssckbi.rc delete mode 100644 security/nss/lib/ckfw/capi/Makefile delete mode 100644 security/nss/lib/ckfw/capi/README delete mode 100644 security/nss/lib/ckfw/capi/anchor.c delete mode 100644 security/nss/lib/ckfw/capi/cfind.c delete mode 100644 security/nss/lib/ckfw/capi/cinst.c delete mode 100644 security/nss/lib/ckfw/capi/ckcapi.h delete mode 100644 security/nss/lib/ckfw/capi/ckcapiver.c delete mode 100644 security/nss/lib/ckfw/capi/cobject.c delete mode 100644 security/nss/lib/ckfw/capi/config.mk delete mode 100644 security/nss/lib/ckfw/capi/constants.c delete mode 100644 security/nss/lib/ckfw/capi/crsa.c delete mode 100644 security/nss/lib/ckfw/capi/csession.c delete mode 100644 security/nss/lib/ckfw/capi/cslot.c delete mode 100644 security/nss/lib/ckfw/capi/ctoken.c delete mode 100644 security/nss/lib/ckfw/capi/manifest.mn delete mode 100644 security/nss/lib/ckfw/capi/nsscapi.def delete mode 100644 security/nss/lib/ckfw/capi/nsscapi.h delete mode 100644 security/nss/lib/ckfw/capi/nsscapi.rc delete mode 100644 security/nss/lib/ckfw/capi/staticobj.c delete mode 100644 security/nss/lib/ckfw/ck.api delete mode 100644 security/nss/lib/ckfw/ck.h delete mode 100644 security/nss/lib/ckfw/ckapi.perl delete mode 100644 security/nss/lib/ckfw/ckfw.h delete mode 100644 security/nss/lib/ckfw/ckfwm.h delete mode 100644 security/nss/lib/ckfw/ckfwtm.h delete mode 100644 security/nss/lib/ckfw/ckmd.h delete mode 100644 security/nss/lib/ckfw/ckt.h delete mode 100644 security/nss/lib/ckfw/config.mk delete mode 100644 security/nss/lib/ckfw/crypto.c delete mode 100644 security/nss/lib/ckfw/dbm/Makefile delete mode 100644 security/nss/lib/ckfw/dbm/anchor.c delete mode 100644 security/nss/lib/ckfw/dbm/ckdbm.h delete mode 100644 security/nss/lib/ckfw/dbm/config.mk delete mode 100644 security/nss/lib/ckfw/dbm/db.c delete mode 100644 security/nss/lib/ckfw/dbm/find.c delete mode 100644 security/nss/lib/ckfw/dbm/instance.c delete mode 100644 security/nss/lib/ckfw/dbm/manifest.mn delete mode 100644 security/nss/lib/ckfw/dbm/object.c delete mode 100644 security/nss/lib/ckfw/dbm/session.c delete mode 100644 security/nss/lib/ckfw/dbm/slot.c delete mode 100644 security/nss/lib/ckfw/dbm/token.c delete mode 100644 security/nss/lib/ckfw/find.c delete mode 100644 security/nss/lib/ckfw/hash.c delete mode 100644 security/nss/lib/ckfw/instance.c delete mode 100644 security/nss/lib/ckfw/manifest.mn delete mode 100644 security/nss/lib/ckfw/mechanism.c delete mode 100644 security/nss/lib/ckfw/mutex.c delete mode 100644 security/nss/lib/ckfw/nsprstub.c delete mode 100644 security/nss/lib/ckfw/nssck.api delete mode 100644 security/nss/lib/ckfw/nssckepv.h delete mode 100644 security/nss/lib/ckfw/nssckft.h delete mode 100644 security/nss/lib/ckfw/nssckfw.h delete mode 100644 security/nss/lib/ckfw/nssckfwc.h delete mode 100644 security/nss/lib/ckfw/nssckfwt.h delete mode 100644 security/nss/lib/ckfw/nssckg.h delete mode 100644 security/nss/lib/ckfw/nssckmdt.h delete mode 100644 security/nss/lib/ckfw/nssckt.h delete mode 100644 security/nss/lib/ckfw/nssmkey/Makefile delete mode 100644 security/nss/lib/ckfw/nssmkey/README delete mode 100644 security/nss/lib/ckfw/nssmkey/ckmk.h delete mode 100644 security/nss/lib/ckfw/nssmkey/ckmkver.c delete mode 100644 security/nss/lib/ckfw/nssmkey/config.mk delete mode 100644 security/nss/lib/ckfw/nssmkey/manchor.c delete mode 100644 security/nss/lib/ckfw/nssmkey/manifest.mn delete mode 100644 security/nss/lib/ckfw/nssmkey/mconstants.c delete mode 100644 security/nss/lib/ckfw/nssmkey/mfind.c delete mode 100644 security/nss/lib/ckfw/nssmkey/minst.c delete mode 100644 security/nss/lib/ckfw/nssmkey/mobject.c delete mode 100644 security/nss/lib/ckfw/nssmkey/mrsa.c delete mode 100644 security/nss/lib/ckfw/nssmkey/msession.c delete mode 100644 security/nss/lib/ckfw/nssmkey/mslot.c delete mode 100644 security/nss/lib/ckfw/nssmkey/mtoken.c delete mode 100644 security/nss/lib/ckfw/nssmkey/nssmkey.def delete mode 100644 security/nss/lib/ckfw/nssmkey/nssmkey.h delete mode 100644 security/nss/lib/ckfw/nssmkey/staticobj.c delete mode 100644 security/nss/lib/ckfw/object.c delete mode 100644 security/nss/lib/ckfw/session.c delete mode 100644 security/nss/lib/ckfw/sessobj.c delete mode 100644 security/nss/lib/ckfw/slot.c delete mode 100644 security/nss/lib/ckfw/token.c delete mode 100644 security/nss/lib/ckfw/wrap.c delete mode 100644 security/nss/lib/crmf/Makefile delete mode 100644 security/nss/lib/crmf/asn1cmn.c delete mode 100644 security/nss/lib/crmf/challcli.c delete mode 100644 security/nss/lib/crmf/cmmf.h delete mode 100644 security/nss/lib/crmf/cmmfasn1.c delete mode 100644 security/nss/lib/crmf/cmmfchal.c delete mode 100644 security/nss/lib/crmf/cmmfi.h delete mode 100644 security/nss/lib/crmf/cmmfit.h delete mode 100644 security/nss/lib/crmf/cmmfrec.c delete mode 100644 security/nss/lib/crmf/cmmfresp.c delete mode 100644 security/nss/lib/crmf/cmmft.h delete mode 100644 security/nss/lib/crmf/config.mk delete mode 100644 security/nss/lib/crmf/crmf.h delete mode 100644 security/nss/lib/crmf/crmfcont.c delete mode 100644 security/nss/lib/crmf/crmfdec.c delete mode 100644 security/nss/lib/crmf/crmfenc.c delete mode 100644 security/nss/lib/crmf/crmffut.h delete mode 100644 security/nss/lib/crmf/crmfget.c delete mode 100644 security/nss/lib/crmf/crmfi.h delete mode 100644 security/nss/lib/crmf/crmfit.h delete mode 100644 security/nss/lib/crmf/crmfpop.c delete mode 100644 security/nss/lib/crmf/crmfreq.c delete mode 100644 security/nss/lib/crmf/crmft.h delete mode 100644 security/nss/lib/crmf/crmftmpl.c delete mode 100644 security/nss/lib/crmf/encutil.c delete mode 100644 security/nss/lib/crmf/manifest.mn delete mode 100644 security/nss/lib/crmf/respcli.c delete mode 100644 security/nss/lib/crmf/respcmn.c delete mode 100644 security/nss/lib/crmf/servget.c delete mode 100644 security/nss/lib/cryptohi/Makefile delete mode 100644 security/nss/lib/cryptohi/config.mk delete mode 100644 security/nss/lib/cryptohi/cryptohi.h delete mode 100644 security/nss/lib/cryptohi/cryptoht.h delete mode 100644 security/nss/lib/cryptohi/dsautil.c delete mode 100644 security/nss/lib/cryptohi/hasht.h delete mode 100644 security/nss/lib/cryptohi/key.h delete mode 100644 security/nss/lib/cryptohi/keyhi.h delete mode 100644 security/nss/lib/cryptohi/keyt.h delete mode 100644 security/nss/lib/cryptohi/keythi.h delete mode 100644 security/nss/lib/cryptohi/manifest.mn delete mode 100644 security/nss/lib/cryptohi/sechash.c delete mode 100644 security/nss/lib/cryptohi/sechash.h delete mode 100644 security/nss/lib/cryptohi/seckey.c delete mode 100644 security/nss/lib/cryptohi/secsign.c delete mode 100644 security/nss/lib/cryptohi/secvfy.c delete mode 100644 security/nss/lib/dev/Makefile delete mode 100644 security/nss/lib/dev/ckhelper.c delete mode 100644 security/nss/lib/dev/ckhelper.h delete mode 100644 security/nss/lib/dev/config.mk delete mode 100644 security/nss/lib/dev/dev.h delete mode 100644 security/nss/lib/dev/devm.h delete mode 100644 security/nss/lib/dev/devmod.c delete mode 100644 security/nss/lib/dev/devslot.c delete mode 100644 security/nss/lib/dev/devt.h delete mode 100644 security/nss/lib/dev/devtm.h delete mode 100644 security/nss/lib/dev/devtoken.c delete mode 100644 security/nss/lib/dev/devutil.c delete mode 100644 security/nss/lib/dev/manifest.mn delete mode 100644 security/nss/lib/dev/nssdev.h delete mode 100644 security/nss/lib/dev/nssdevt.h delete mode 100644 security/nss/lib/freebl/GF2m_ecl.c delete mode 100644 security/nss/lib/freebl/GF2m_ecl.h delete mode 100644 security/nss/lib/freebl/GFp_ecl.c delete mode 100644 security/nss/lib/freebl/GFp_ecl.h delete mode 100644 security/nss/lib/freebl/Makefile delete mode 100644 security/nss/lib/freebl/aeskeywrap.c delete mode 100644 security/nss/lib/freebl/alg2268.c delete mode 100644 security/nss/lib/freebl/alghmac.c delete mode 100644 security/nss/lib/freebl/alghmac.h delete mode 100644 security/nss/lib/freebl/arcfive.c delete mode 100644 security/nss/lib/freebl/arcfour-amd64-gas.s delete mode 100644 security/nss/lib/freebl/arcfour-amd64-sun.s delete mode 100644 security/nss/lib/freebl/arcfour.c delete mode 100644 security/nss/lib/freebl/blapi.h delete mode 100644 security/nss/lib/freebl/blapit.h delete mode 100644 security/nss/lib/freebl/config.mk delete mode 100644 security/nss/lib/freebl/des.c delete mode 100644 security/nss/lib/freebl/des.h delete mode 100644 security/nss/lib/freebl/desblapi.c delete mode 100644 security/nss/lib/freebl/dh.c delete mode 100644 security/nss/lib/freebl/dsa.c delete mode 100644 security/nss/lib/freebl/ec.c delete mode 100644 security/nss/lib/freebl/ec.h delete mode 100644 security/nss/lib/freebl/ecl/Makefile delete mode 100644 security/nss/lib/freebl/ecl/README delete mode 100644 security/nss/lib/freebl/ecl/README.FP delete mode 100644 security/nss/lib/freebl/ecl/ec2.h delete mode 100644 security/nss/lib/freebl/ecl/ec2_163.c delete mode 100644 security/nss/lib/freebl/ecl/ec2_193.c delete mode 100644 security/nss/lib/freebl/ecl/ec2_233.c delete mode 100644 security/nss/lib/freebl/ecl/ec2_aff.c delete mode 100644 security/nss/lib/freebl/ecl/ec2_mont.c delete mode 100644 security/nss/lib/freebl/ecl/ec2_proj.c delete mode 100644 security/nss/lib/freebl/ecl/ec_naf.c delete mode 100644 security/nss/lib/freebl/ecl/ecl-curve.h delete mode 100644 security/nss/lib/freebl/ecl/ecl-exp.h delete mode 100644 security/nss/lib/freebl/ecl/ecl-priv.h delete mode 100644 security/nss/lib/freebl/ecl/ecl.c delete mode 100644 security/nss/lib/freebl/ecl/ecl.h delete mode 100644 security/nss/lib/freebl/ecl/ecl_curve.c delete mode 100644 security/nss/lib/freebl/ecl/ecl_gf.c delete mode 100644 security/nss/lib/freebl/ecl/ecl_mult.c delete mode 100644 security/nss/lib/freebl/ecl/ecp.h delete mode 100644 security/nss/lib/freebl/ecl/ecp_192.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_224.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_aff.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_fp.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_fp.h delete mode 100644 security/nss/lib/freebl/ecl/ecp_fp160.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_fp192.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_fp224.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_fpinc.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_jac.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_jm.c delete mode 100644 security/nss/lib/freebl/ecl/ecp_mont.c delete mode 100644 security/nss/lib/freebl/ecl/tests/ec2_test.c delete mode 100644 security/nss/lib/freebl/ecl/tests/ec_naft.c delete mode 100644 security/nss/lib/freebl/ecl/tests/ecp_fpt.c delete mode 100644 security/nss/lib/freebl/ecl/tests/ecp_test.c delete mode 100644 security/nss/lib/freebl/freebl.def delete mode 100644 security/nss/lib/freebl/freebl.rc delete mode 100644 security/nss/lib/freebl/freeblver.c delete mode 100644 security/nss/lib/freebl/ldvector.c delete mode 100644 security/nss/lib/freebl/loader.c delete mode 100644 security/nss/lib/freebl/loader.h delete mode 100644 security/nss/lib/freebl/mac_rand.c delete mode 100644 security/nss/lib/freebl/manifest.mn delete mode 100644 security/nss/lib/freebl/mapfile.Solaris delete mode 100644 security/nss/lib/freebl/md2.c delete mode 100644 security/nss/lib/freebl/md5.c delete mode 100644 security/nss/lib/freebl/mknewpc2.c delete mode 100644 security/nss/lib/freebl/mksp.c delete mode 100644 security/nss/lib/freebl/mpi/Makefile delete mode 100644 security/nss/lib/freebl/mpi/Makefile.os2 delete mode 100644 security/nss/lib/freebl/mpi/Makefile.win delete mode 100644 security/nss/lib/freebl/mpi/README delete mode 100755 security/nss/lib/freebl/mpi/all-tests delete mode 100644 security/nss/lib/freebl/mpi/doc/LICENSE delete mode 100644 security/nss/lib/freebl/mpi/doc/LICENSE-MPL delete mode 100644 security/nss/lib/freebl/mpi/doc/basecvt.pod delete mode 100755 security/nss/lib/freebl/mpi/doc/build delete mode 100644 security/nss/lib/freebl/mpi/doc/div.txt delete mode 100644 security/nss/lib/freebl/mpi/doc/expt.txt delete mode 100644 security/nss/lib/freebl/mpi/doc/gcd.pod delete mode 100644 security/nss/lib/freebl/mpi/doc/invmod.pod delete mode 100644 security/nss/lib/freebl/mpi/doc/isprime.pod delete mode 100644 security/nss/lib/freebl/mpi/doc/lap.pod delete mode 100644 security/nss/lib/freebl/mpi/doc/mpi-test.pod delete mode 100644 security/nss/lib/freebl/mpi/doc/mul.txt delete mode 100644 security/nss/lib/freebl/mpi/doc/pi.txt delete mode 100644 security/nss/lib/freebl/mpi/doc/prime.txt delete mode 100644 security/nss/lib/freebl/mpi/doc/prng.pod delete mode 100644 security/nss/lib/freebl/mpi/doc/redux.txt delete mode 100644 security/nss/lib/freebl/mpi/doc/sqrt.txt delete mode 100644 security/nss/lib/freebl/mpi/doc/square.txt delete mode 100644 security/nss/lib/freebl/mpi/doc/timing.txt delete mode 100644 security/nss/lib/freebl/mpi/hpma512.s delete mode 100644 security/nss/lib/freebl/mpi/hppa20.s delete mode 100644 security/nss/lib/freebl/mpi/hppatch.adb delete mode 100644 security/nss/lib/freebl/mpi/logtab.h delete mode 100755 security/nss/lib/freebl/mpi/make-logtab delete mode 100755 security/nss/lib/freebl/mpi/make-test-arrays delete mode 100644 security/nss/lib/freebl/mpi/mdxptest.c delete mode 100644 security/nss/lib/freebl/mpi/montmulf.c delete mode 100644 security/nss/lib/freebl/mpi/montmulf.h delete mode 100644 security/nss/lib/freebl/mpi/montmulf.il delete mode 100644 security/nss/lib/freebl/mpi/montmulf.s delete mode 100644 security/nss/lib/freebl/mpi/montmulfv8.il delete mode 100644 security/nss/lib/freebl/mpi/montmulfv8.s delete mode 100644 security/nss/lib/freebl/mpi/montmulfv9.il delete mode 100644 security/nss/lib/freebl/mpi/montmulfv9.s delete mode 100644 security/nss/lib/freebl/mpi/mp_comba.c delete mode 100644 security/nss/lib/freebl/mpi/mp_comba_amd64_sun.s delete mode 100644 security/nss/lib/freebl/mpi/mp_gf2m-priv.h delete mode 100644 security/nss/lib/freebl/mpi/mp_gf2m.c delete mode 100644 security/nss/lib/freebl/mpi/mp_gf2m.h delete mode 100644 security/nss/lib/freebl/mpi/mpcpucache.c delete mode 100644 security/nss/lib/freebl/mpi/mpcpucache_amd64.s delete mode 100644 security/nss/lib/freebl/mpi/mpcpucache_x86.s delete mode 100644 security/nss/lib/freebl/mpi/mpi-config.h delete mode 100644 security/nss/lib/freebl/mpi/mpi-priv.h delete mode 100644 security/nss/lib/freebl/mpi/mpi-test.c delete mode 100644 security/nss/lib/freebl/mpi/mpi.c delete mode 100644 security/nss/lib/freebl/mpi/mpi.h delete mode 100644 security/nss/lib/freebl/mpi/mpi_amd64.c delete mode 100644 security/nss/lib/freebl/mpi/mpi_amd64_gas.s delete mode 100644 security/nss/lib/freebl/mpi/mpi_amd64_sun.s delete mode 100644 security/nss/lib/freebl/mpi/mpi_hp.c delete mode 100644 security/nss/lib/freebl/mpi/mpi_i86pc.s delete mode 100644 security/nss/lib/freebl/mpi/mpi_mips.s delete mode 100644 security/nss/lib/freebl/mpi/mpi_sparc.c delete mode 100644 security/nss/lib/freebl/mpi/mpi_x86.asm delete mode 100644 security/nss/lib/freebl/mpi/mpi_x86.s delete mode 100644 security/nss/lib/freebl/mpi/mplogic.c delete mode 100644 security/nss/lib/freebl/mpi/mplogic.h delete mode 100644 security/nss/lib/freebl/mpi/mpmontg.c delete mode 100644 security/nss/lib/freebl/mpi/mpprime.c delete mode 100644 security/nss/lib/freebl/mpi/mpprime.h delete mode 100644 security/nss/lib/freebl/mpi/mpv_sparc.c delete mode 100644 security/nss/lib/freebl/mpi/mpv_sparcv8.s delete mode 100644 security/nss/lib/freebl/mpi/mpv_sparcv8x.s delete mode 100644 security/nss/lib/freebl/mpi/mpv_sparcv9.s delete mode 100644 security/nss/lib/freebl/mpi/mpvalpha.c delete mode 100644 security/nss/lib/freebl/mpi/mulsqr.c delete mode 100755 security/nss/lib/freebl/mpi/multest delete mode 100644 security/nss/lib/freebl/mpi/primes.c delete mode 100755 security/nss/lib/freebl/mpi/stats delete mode 100644 security/nss/lib/freebl/mpi/target.mk delete mode 100644 security/nss/lib/freebl/mpi/test-arrays.txt delete mode 100644 security/nss/lib/freebl/mpi/test-info.c delete mode 100644 security/nss/lib/freebl/mpi/tests/LICENSE delete mode 100644 security/nss/lib/freebl/mpi/tests/LICENSE-MPL delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-1.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-2.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-3.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-3a.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-4.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-4a.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-4b.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-5.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-5a.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-6.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-7.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-8.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-9.c delete mode 100644 security/nss/lib/freebl/mpi/tests/mptest-b.c delete mode 100644 security/nss/lib/freebl/mpi/tests/pi1k.txt delete mode 100644 security/nss/lib/freebl/mpi/tests/pi2k.txt delete mode 100644 security/nss/lib/freebl/mpi/tests/pi5k.txt delete mode 100755 security/nss/lib/freebl/mpi/timetest delete mode 100755 security/nss/lib/freebl/mpi/types.pl delete mode 100644 security/nss/lib/freebl/mpi/utils/LICENSE delete mode 100644 security/nss/lib/freebl/mpi/utils/LICENSE-MPL delete mode 100644 security/nss/lib/freebl/mpi/utils/PRIMES delete mode 100644 security/nss/lib/freebl/mpi/utils/README delete mode 100644 security/nss/lib/freebl/mpi/utils/basecvt.c delete mode 100644 security/nss/lib/freebl/mpi/utils/bbs_rand.c delete mode 100644 security/nss/lib/freebl/mpi/utils/bbs_rand.h delete mode 100644 security/nss/lib/freebl/mpi/utils/bbsrand.c delete mode 100644 security/nss/lib/freebl/mpi/utils/dec2hex.c delete mode 100644 security/nss/lib/freebl/mpi/utils/exptmod.c delete mode 100644 security/nss/lib/freebl/mpi/utils/fact.c delete mode 100644 security/nss/lib/freebl/mpi/utils/gcd.c delete mode 100644 security/nss/lib/freebl/mpi/utils/hex2dec.c delete mode 100644 security/nss/lib/freebl/mpi/utils/identest.c delete mode 100644 security/nss/lib/freebl/mpi/utils/invmod.c delete mode 100644 security/nss/lib/freebl/mpi/utils/isprime.c delete mode 100644 security/nss/lib/freebl/mpi/utils/lap.c delete mode 100644 security/nss/lib/freebl/mpi/utils/makeprime.c delete mode 100644 security/nss/lib/freebl/mpi/utils/metime.c delete mode 100644 security/nss/lib/freebl/mpi/utils/pi.c delete mode 100644 security/nss/lib/freebl/mpi/utils/primegen.c delete mode 100644 security/nss/lib/freebl/mpi/utils/prng.c delete mode 100755 security/nss/lib/freebl/mpi/utils/ptab.pl delete mode 100644 security/nss/lib/freebl/mpi/utils/sieve.c delete mode 100644 security/nss/lib/freebl/mpi/vis_32.il delete mode 100644 security/nss/lib/freebl/mpi/vis_64.il delete mode 100644 security/nss/lib/freebl/mpi/vis_proto.h delete mode 100644 security/nss/lib/freebl/os2_rand.c delete mode 100644 security/nss/lib/freebl/pqg.c delete mode 100644 security/nss/lib/freebl/prng_fips1861.c delete mode 100644 security/nss/lib/freebl/rawhash.c delete mode 100644 security/nss/lib/freebl/ret_cr16.s delete mode 100644 security/nss/lib/freebl/rijndael.c delete mode 100644 security/nss/lib/freebl/rijndael.h delete mode 100644 security/nss/lib/freebl/rijndael32.tab delete mode 100644 security/nss/lib/freebl/rijndael_tables.c delete mode 100644 security/nss/lib/freebl/rsa.c delete mode 100644 security/nss/lib/freebl/secmpi.h delete mode 100644 security/nss/lib/freebl/secrng.h delete mode 100644 security/nss/lib/freebl/sha-fast-amd64-sun.s delete mode 100644 security/nss/lib/freebl/sha.c delete mode 100644 security/nss/lib/freebl/sha.h delete mode 100644 security/nss/lib/freebl/sha512.c delete mode 100644 security/nss/lib/freebl/sha_fast.c delete mode 100644 security/nss/lib/freebl/sha_fast.h delete mode 100644 security/nss/lib/freebl/shsign.h delete mode 100644 security/nss/lib/freebl/shvfy.c delete mode 100644 security/nss/lib/freebl/sysrand.c delete mode 100644 security/nss/lib/freebl/tlsprfalg.c delete mode 100644 security/nss/lib/freebl/unix_rand.c delete mode 100644 security/nss/lib/freebl/win_rand.c delete mode 100644 security/nss/lib/jar/Makefile delete mode 100644 security/nss/lib/jar/config.mk delete mode 100644 security/nss/lib/jar/jar-ds.c delete mode 100644 security/nss/lib/jar/jar-ds.h delete mode 100644 security/nss/lib/jar/jar.c delete mode 100644 security/nss/lib/jar/jar.h delete mode 100644 security/nss/lib/jar/jarevil.c delete mode 100644 security/nss/lib/jar/jarevil.h delete mode 100644 security/nss/lib/jar/jarfile.c delete mode 100644 security/nss/lib/jar/jarfile.h delete mode 100644 security/nss/lib/jar/jarint.c delete mode 100644 security/nss/lib/jar/jarint.h delete mode 100644 security/nss/lib/jar/jarjart.c delete mode 100644 security/nss/lib/jar/jarjart.h delete mode 100644 security/nss/lib/jar/jarnav.c delete mode 100644 security/nss/lib/jar/jarsign.c delete mode 100644 security/nss/lib/jar/jarver.c delete mode 100644 security/nss/lib/jar/jzconf.h delete mode 100644 security/nss/lib/jar/jzlib.h delete mode 100644 security/nss/lib/jar/manifest.mn delete mode 100644 security/nss/lib/manifest.mn delete mode 100644 security/nss/lib/nss/Makefile delete mode 100644 security/nss/lib/nss/config.mk delete mode 100644 security/nss/lib/nss/manifest.mn delete mode 100644 security/nss/lib/nss/nss.def delete mode 100644 security/nss/lib/nss/nss.h delete mode 100644 security/nss/lib/nss/nss.rc delete mode 100644 security/nss/lib/nss/nssinit.c delete mode 100644 security/nss/lib/nss/nssrenam.h delete mode 100644 security/nss/lib/nss/nssver.c delete mode 100644 security/nss/lib/pk11wrap/Makefile delete mode 100644 security/nss/lib/pk11wrap/config.mk delete mode 100644 security/nss/lib/pk11wrap/debug_module.c delete mode 100644 security/nss/lib/pk11wrap/dev3hack.c delete mode 100644 security/nss/lib/pk11wrap/dev3hack.h delete mode 100644 security/nss/lib/pk11wrap/manifest.mn delete mode 100644 security/nss/lib/pk11wrap/pk11akey.c delete mode 100644 security/nss/lib/pk11wrap/pk11auth.c delete mode 100644 security/nss/lib/pk11wrap/pk11cert.c delete mode 100644 security/nss/lib/pk11wrap/pk11cxt.c delete mode 100644 security/nss/lib/pk11wrap/pk11err.c delete mode 100644 security/nss/lib/pk11wrap/pk11func.h delete mode 100644 security/nss/lib/pk11wrap/pk11init.h delete mode 100644 security/nss/lib/pk11wrap/pk11kea.c delete mode 100644 security/nss/lib/pk11wrap/pk11list.c delete mode 100644 security/nss/lib/pk11wrap/pk11load.c delete mode 100644 security/nss/lib/pk11wrap/pk11mech.c delete mode 100644 security/nss/lib/pk11wrap/pk11nobj.c delete mode 100644 security/nss/lib/pk11wrap/pk11obj.c delete mode 100644 security/nss/lib/pk11wrap/pk11pars.c delete mode 100644 security/nss/lib/pk11wrap/pk11pbe.c delete mode 100644 security/nss/lib/pk11wrap/pk11pk12.c delete mode 100644 security/nss/lib/pk11wrap/pk11pqg.c delete mode 100644 security/nss/lib/pk11wrap/pk11pqg.h delete mode 100644 security/nss/lib/pk11wrap/pk11priv.h delete mode 100644 security/nss/lib/pk11wrap/pk11pub.h delete mode 100644 security/nss/lib/pk11wrap/pk11sdr.c delete mode 100644 security/nss/lib/pk11wrap/pk11sdr.h delete mode 100644 security/nss/lib/pk11wrap/pk11skey.c delete mode 100644 security/nss/lib/pk11wrap/pk11slot.c delete mode 100644 security/nss/lib/pk11wrap/pk11util.c delete mode 100644 security/nss/lib/pk11wrap/secmod.h delete mode 100644 security/nss/lib/pk11wrap/secmodi.h delete mode 100644 security/nss/lib/pk11wrap/secmodt.h delete mode 100644 security/nss/lib/pk11wrap/secmodti.h delete mode 100644 security/nss/lib/pk11wrap/secpkcs5.h delete mode 100644 security/nss/lib/pkcs12/Makefile delete mode 100644 security/nss/lib/pkcs12/config.mk delete mode 100644 security/nss/lib/pkcs12/manifest.mn delete mode 100644 security/nss/lib/pkcs12/p12.h delete mode 100644 security/nss/lib/pkcs12/p12creat.c delete mode 100644 security/nss/lib/pkcs12/p12d.c delete mode 100644 security/nss/lib/pkcs12/p12dec.c delete mode 100644 security/nss/lib/pkcs12/p12e.c delete mode 100644 security/nss/lib/pkcs12/p12exp.c delete mode 100644 security/nss/lib/pkcs12/p12local.c delete mode 100644 security/nss/lib/pkcs12/p12local.h delete mode 100644 security/nss/lib/pkcs12/p12plcy.c delete mode 100644 security/nss/lib/pkcs12/p12plcy.h delete mode 100644 security/nss/lib/pkcs12/p12t.h delete mode 100644 security/nss/lib/pkcs12/p12tmpl.c delete mode 100644 security/nss/lib/pkcs12/pkcs12.h delete mode 100644 security/nss/lib/pkcs12/pkcs12t.h delete mode 100644 security/nss/lib/pkcs7/Makefile delete mode 100644 security/nss/lib/pkcs7/certread.c delete mode 100644 security/nss/lib/pkcs7/config.mk delete mode 100644 security/nss/lib/pkcs7/manifest.mn delete mode 100644 security/nss/lib/pkcs7/p7common.c delete mode 100644 security/nss/lib/pkcs7/p7create.c delete mode 100644 security/nss/lib/pkcs7/p7decode.c delete mode 100644 security/nss/lib/pkcs7/p7encode.c delete mode 100644 security/nss/lib/pkcs7/p7local.c delete mode 100644 security/nss/lib/pkcs7/p7local.h delete mode 100644 security/nss/lib/pkcs7/pkcs7t.h delete mode 100644 security/nss/lib/pkcs7/secmime.c delete mode 100644 security/nss/lib/pkcs7/secmime.h delete mode 100644 security/nss/lib/pkcs7/secpkcs7.h delete mode 100644 security/nss/lib/pki/Makefile delete mode 100644 security/nss/lib/pki/asymmkey.c delete mode 100644 security/nss/lib/pki/certdecode.c delete mode 100644 security/nss/lib/pki/certificate.c delete mode 100644 security/nss/lib/pki/config.mk delete mode 100644 security/nss/lib/pki/cryptocontext.c delete mode 100644 security/nss/lib/pki/doc/standiag.png delete mode 100644 security/nss/lib/pki/doc/standoc.html delete mode 100644 security/nss/lib/pki/manifest.mn delete mode 100644 security/nss/lib/pki/nsspki.h delete mode 100644 security/nss/lib/pki/nsspkit.h delete mode 100644 security/nss/lib/pki/pki.h delete mode 100644 security/nss/lib/pki/pki3hack.c delete mode 100644 security/nss/lib/pki/pki3hack.h delete mode 100644 security/nss/lib/pki/pkibase.c delete mode 100644 security/nss/lib/pki/pkim.h delete mode 100644 security/nss/lib/pki/pkistore.c delete mode 100644 security/nss/lib/pki/pkistore.h delete mode 100644 security/nss/lib/pki/pkit.h delete mode 100644 security/nss/lib/pki/pkitm.h delete mode 100644 security/nss/lib/pki/symmkey.c delete mode 100644 security/nss/lib/pki/tdcache.c delete mode 100644 security/nss/lib/pki/trustdomain.c delete mode 100644 security/nss/lib/pki1/Makefile delete mode 100644 security/nss/lib/pki1/atav.c delete mode 100644 security/nss/lib/pki1/config.mk delete mode 100644 security/nss/lib/pki1/genname.c delete mode 100644 security/nss/lib/pki1/gnseq.c delete mode 100644 security/nss/lib/pki1/manifest.mn delete mode 100644 security/nss/lib/pki1/name.c delete mode 100644 security/nss/lib/pki1/nsspki1.h delete mode 100644 security/nss/lib/pki1/nsspki1t.h delete mode 100644 security/nss/lib/pki1/oid.c delete mode 100644 security/nss/lib/pki1/oiddata.c delete mode 100644 security/nss/lib/pki1/oiddata.h delete mode 100755 security/nss/lib/pki1/oidgen.perl delete mode 100644 security/nss/lib/pki1/oids.txt delete mode 100644 security/nss/lib/pki1/pki1.h delete mode 100644 security/nss/lib/pki1/pki1t.h delete mode 100644 security/nss/lib/pki1/rdn.c delete mode 100644 security/nss/lib/pki1/rdnseq.c delete mode 100644 security/nss/lib/smime/Makefile delete mode 100644 security/nss/lib/smime/cms.h delete mode 100644 security/nss/lib/smime/cmsarray.c delete mode 100644 security/nss/lib/smime/cmsasn1.c delete mode 100644 security/nss/lib/smime/cmsattr.c delete mode 100644 security/nss/lib/smime/cmscinfo.c delete mode 100644 security/nss/lib/smime/cmscipher.c delete mode 100644 security/nss/lib/smime/cmsdecode.c delete mode 100644 security/nss/lib/smime/cmsdigdata.c delete mode 100644 security/nss/lib/smime/cmsdigest.c delete mode 100644 security/nss/lib/smime/cmsencdata.c delete mode 100644 security/nss/lib/smime/cmsencode.c delete mode 100644 security/nss/lib/smime/cmsenvdata.c delete mode 100644 security/nss/lib/smime/cmslocal.h delete mode 100644 security/nss/lib/smime/cmsmessage.c delete mode 100644 security/nss/lib/smime/cmspubkey.c delete mode 100644 security/nss/lib/smime/cmsrecinfo.c delete mode 100644 security/nss/lib/smime/cmsreclist.c delete mode 100644 security/nss/lib/smime/cmsreclist.h delete mode 100644 security/nss/lib/smime/cmssigdata.c delete mode 100644 security/nss/lib/smime/cmssiginfo.c delete mode 100644 security/nss/lib/smime/cmst.h delete mode 100644 security/nss/lib/smime/cmsutil.c delete mode 100644 security/nss/lib/smime/config.mk delete mode 100644 security/nss/lib/smime/manifest.mn delete mode 100644 security/nss/lib/smime/smime.def delete mode 100644 security/nss/lib/smime/smime.h delete mode 100644 security/nss/lib/smime/smime.rc delete mode 100644 security/nss/lib/smime/smimemessage.c delete mode 100644 security/nss/lib/smime/smimesym.c delete mode 100644 security/nss/lib/smime/smimeutil.c delete mode 100644 security/nss/lib/smime/smimever.c delete mode 100644 security/nss/lib/softoken/Makefile delete mode 100644 security/nss/lib/softoken/cdbhdl.h delete mode 100644 security/nss/lib/softoken/config.mk delete mode 100644 security/nss/lib/softoken/dbinit.c delete mode 100644 security/nss/lib/softoken/dbmshim.c delete mode 100644 security/nss/lib/softoken/ecdecode.c delete mode 100644 security/nss/lib/softoken/fipstest.c delete mode 100644 security/nss/lib/softoken/fipstokn.c delete mode 100644 security/nss/lib/softoken/keydb.c delete mode 100644 security/nss/lib/softoken/keydbi.h delete mode 100644 security/nss/lib/softoken/lowcert.c delete mode 100644 security/nss/lib/softoken/lowkey.c delete mode 100644 security/nss/lib/softoken/lowkeyi.h delete mode 100644 security/nss/lib/softoken/lowkeyti.h delete mode 100644 security/nss/lib/softoken/lowpbe.c delete mode 100644 security/nss/lib/softoken/lowpbe.h delete mode 100644 security/nss/lib/softoken/manifest.mn delete mode 100644 security/nss/lib/softoken/padbuf.c delete mode 100644 security/nss/lib/softoken/pcert.h delete mode 100644 security/nss/lib/softoken/pcertdb.c delete mode 100644 security/nss/lib/softoken/pcertt.h delete mode 100644 security/nss/lib/softoken/pk11db.c delete mode 100644 security/nss/lib/softoken/pk11pars.h delete mode 100644 security/nss/lib/softoken/pkcs11.c delete mode 100644 security/nss/lib/softoken/pkcs11.h delete mode 100644 security/nss/lib/softoken/pkcs11c.c delete mode 100644 security/nss/lib/softoken/pkcs11f.h delete mode 100644 security/nss/lib/softoken/pkcs11i.h delete mode 100644 security/nss/lib/softoken/pkcs11n.h delete mode 100644 security/nss/lib/softoken/pkcs11ni.h delete mode 100644 security/nss/lib/softoken/pkcs11p.h delete mode 100644 security/nss/lib/softoken/pkcs11t.h delete mode 100644 security/nss/lib/softoken/pkcs11u.c delete mode 100644 security/nss/lib/softoken/pkcs11u.h delete mode 100644 security/nss/lib/softoken/rsawrapr.c delete mode 100644 security/nss/lib/softoken/softkver.c delete mode 100644 security/nss/lib/softoken/softoken.h delete mode 100644 security/nss/lib/softoken/softokn.def delete mode 100644 security/nss/lib/softoken/softokn.rc delete mode 100644 security/nss/lib/softoken/softoknt.h delete mode 100644 security/nss/lib/softoken/tlsprf.c delete mode 100644 security/nss/lib/ssl/Makefile delete mode 100644 security/nss/lib/ssl/authcert.c delete mode 100644 security/nss/lib/ssl/cmpcert.c delete mode 100644 security/nss/lib/ssl/config.mk delete mode 100644 security/nss/lib/ssl/derive.c delete mode 100644 security/nss/lib/ssl/emulate.c delete mode 100644 security/nss/lib/ssl/manifest.mn delete mode 100644 security/nss/lib/ssl/notes.txt delete mode 100644 security/nss/lib/ssl/nsskea.c delete mode 100644 security/nss/lib/ssl/os2_err.c delete mode 100644 security/nss/lib/ssl/os2_err.h delete mode 100644 security/nss/lib/ssl/preenc.h delete mode 100644 security/nss/lib/ssl/prelib.c delete mode 100644 security/nss/lib/ssl/ssl.def delete mode 100644 security/nss/lib/ssl/ssl.h delete mode 100644 security/nss/lib/ssl/ssl.rc delete mode 100644 security/nss/lib/ssl/ssl3con.c delete mode 100644 security/nss/lib/ssl/ssl3ecc.c delete mode 100644 security/nss/lib/ssl/ssl3gthr.c delete mode 100644 security/nss/lib/ssl/ssl3prot.h delete mode 100644 security/nss/lib/ssl/sslauth.c delete mode 100644 security/nss/lib/ssl/sslcon.c delete mode 100644 security/nss/lib/ssl/ssldef.c delete mode 100644 security/nss/lib/ssl/sslenum.c delete mode 100644 security/nss/lib/ssl/sslerr.c delete mode 100644 security/nss/lib/ssl/sslerr.h delete mode 100644 security/nss/lib/ssl/sslgathr.c delete mode 100644 security/nss/lib/ssl/sslimpl.h delete mode 100644 security/nss/lib/ssl/sslinfo.c delete mode 100644 security/nss/lib/ssl/sslmutex.c delete mode 100644 security/nss/lib/ssl/sslmutex.h delete mode 100644 security/nss/lib/ssl/sslnonce.c delete mode 100644 security/nss/lib/ssl/sslproto.h delete mode 100644 security/nss/lib/ssl/sslreveal.c delete mode 100644 security/nss/lib/ssl/sslsecur.c delete mode 100644 security/nss/lib/ssl/sslsnce.c delete mode 100644 security/nss/lib/ssl/sslsock.c delete mode 100644 security/nss/lib/ssl/sslt.h delete mode 100644 security/nss/lib/ssl/ssltrace.c delete mode 100644 security/nss/lib/ssl/sslver.c delete mode 100644 security/nss/lib/ssl/unix_err.c delete mode 100644 security/nss/lib/ssl/unix_err.h delete mode 100644 security/nss/lib/ssl/win32err.c delete mode 100644 security/nss/lib/ssl/win32err.h delete mode 100644 security/nss/lib/util/Makefile delete mode 100644 security/nss/lib/util/base64.h delete mode 100644 security/nss/lib/util/ciferfam.h delete mode 100644 security/nss/lib/util/config.mk delete mode 100644 security/nss/lib/util/derdec.c delete mode 100644 security/nss/lib/util/derenc.c delete mode 100644 security/nss/lib/util/dersubr.c delete mode 100644 security/nss/lib/util/dertime.c delete mode 100644 security/nss/lib/util/manifest.mn delete mode 100644 security/nss/lib/util/nssb64.h delete mode 100644 security/nss/lib/util/nssb64d.c delete mode 100644 security/nss/lib/util/nssb64e.c delete mode 100644 security/nss/lib/util/nssb64t.h delete mode 100644 security/nss/lib/util/nssilckt.h delete mode 100644 security/nss/lib/util/nssilock.c delete mode 100644 security/nss/lib/util/nssilock.h delete mode 100644 security/nss/lib/util/nsslocks.c delete mode 100644 security/nss/lib/util/nsslocks.h delete mode 100644 security/nss/lib/util/nssrwlk.c delete mode 100644 security/nss/lib/util/nssrwlk.h delete mode 100644 security/nss/lib/util/nssrwlkt.h delete mode 100644 security/nss/lib/util/portreg.c delete mode 100644 security/nss/lib/util/portreg.h delete mode 100644 security/nss/lib/util/pqgutil.c delete mode 100644 security/nss/lib/util/pqgutil.h delete mode 100644 security/nss/lib/util/quickder.c delete mode 100644 security/nss/lib/util/secalgid.c delete mode 100644 security/nss/lib/util/secasn1.h delete mode 100644 security/nss/lib/util/secasn1d.c delete mode 100644 security/nss/lib/util/secasn1e.c delete mode 100644 security/nss/lib/util/secasn1t.h delete mode 100644 security/nss/lib/util/secasn1u.c delete mode 100644 security/nss/lib/util/seccomon.h delete mode 100644 security/nss/lib/util/secder.h delete mode 100644 security/nss/lib/util/secdert.h delete mode 100644 security/nss/lib/util/secdig.c delete mode 100644 security/nss/lib/util/secdig.h delete mode 100644 security/nss/lib/util/secdigt.h delete mode 100644 security/nss/lib/util/secerr.h delete mode 100644 security/nss/lib/util/secinit.c delete mode 100644 security/nss/lib/util/secitem.c delete mode 100644 security/nss/lib/util/secitem.h delete mode 100644 security/nss/lib/util/secoid.c delete mode 100644 security/nss/lib/util/secoid.h delete mode 100644 security/nss/lib/util/secoidt.h delete mode 100644 security/nss/lib/util/secplcy.c delete mode 100644 security/nss/lib/util/secplcy.h delete mode 100644 security/nss/lib/util/secport.c delete mode 100644 security/nss/lib/util/secport.h delete mode 100644 security/nss/lib/util/sectime.c delete mode 100644 security/nss/lib/util/utf8.c delete mode 100644 security/nss/lib/util/watcomfx.h delete mode 100644 security/nss/manifest.mn delete mode 100644 security/nss/pkg/Makefile delete mode 100644 security/nss/pkg/linux/Makefile delete mode 100644 security/nss/pkg/linux/sun-nss.spec delete mode 100644 security/nss/pkg/solaris/Makefile delete mode 100755 security/nss/pkg/solaris/Makefile-devl.com delete mode 100755 security/nss/pkg/solaris/Makefile-devl.targ delete mode 100755 security/nss/pkg/solaris/Makefile-tlsu.com delete mode 100755 security/nss/pkg/solaris/Makefile-tlsu.targ delete mode 100644 security/nss/pkg/solaris/Makefile.com delete mode 100644 security/nss/pkg/solaris/Makefile.targ delete mode 100644 security/nss/pkg/solaris/SUNWtls/Makefile delete mode 100644 security/nss/pkg/solaris/SUNWtls/pkgdepend delete mode 100644 security/nss/pkg/solaris/SUNWtls/pkginfo.tmpl delete mode 100644 security/nss/pkg/solaris/SUNWtls/prototype_com delete mode 100644 security/nss/pkg/solaris/SUNWtls/prototype_i386 delete mode 100644 security/nss/pkg/solaris/SUNWtls/prototype_sparc delete mode 100755 security/nss/pkg/solaris/SUNWtlsd/Makefile delete mode 100755 security/nss/pkg/solaris/SUNWtlsd/pkgdepend delete mode 100755 security/nss/pkg/solaris/SUNWtlsd/pkginfo.tmpl delete mode 100755 security/nss/pkg/solaris/SUNWtlsd/prototype delete mode 100755 security/nss/pkg/solaris/SUNWtlsu/Makefile delete mode 100755 security/nss/pkg/solaris/SUNWtlsu/pkgdepend delete mode 100755 security/nss/pkg/solaris/SUNWtlsu/pkginfo.tmpl delete mode 100755 security/nss/pkg/solaris/SUNWtlsu/prototype_com delete mode 100644 security/nss/pkg/solaris/SUNWtlsu/prototype_i386 delete mode 100644 security/nss/pkg/solaris/SUNWtlsu/prototype_sparc delete mode 100644 security/nss/pkg/solaris/bld_awk_pkginfo.ksh delete mode 100644 security/nss/pkg/solaris/common_files/copyright delete mode 100644 security/nss/pkg/solaris/proto64.mk delete mode 100755 security/nss/tests/all.sh delete mode 100755 security/nss/tests/cert/cert.sh delete mode 100644 security/nss/tests/cert/eccert.sh delete mode 100755 security/nss/tests/cipher/cipher.sh delete mode 100644 security/nss/tests/cipher/cipher.txt delete mode 100644 security/nss/tests/cipher/dsa.txt delete mode 100644 security/nss/tests/cipher/hash.txt delete mode 100755 security/nss/tests/cipher/performance.sh delete mode 100644 security/nss/tests/cipher/rsa.txt delete mode 100644 security/nss/tests/cipher/symmkey.txt delete mode 100755 security/nss/tests/clean_tbx delete mode 100644 security/nss/tests/cmdtests/cmdtests.sh delete mode 100644 security/nss/tests/common/Makefile delete mode 100755 security/nss/tests/common/cleanup.sh delete mode 100644 security/nss/tests/common/init.sh delete mode 100644 security/nss/tests/common/results_header.html delete mode 100755 security/nss/tests/core_watch delete mode 100644 security/nss/tests/crmf/crmf.sh delete mode 100755 security/nss/tests/dbtests/dbtests.sh delete mode 100755 security/nss/tests/dll_version.sh delete mode 100644 security/nss/tests/doc/clean.gif delete mode 100755 security/nss/tests/doc/nssqa.txt delete mode 100644 security/nss/tests/doc/platform_specific_problems delete mode 100755 security/nss/tests/doc/qa_wrapper.html delete mode 100755 security/nss/tests/fips/fips.sh delete mode 100755 security/nss/tests/fixtests.sh delete mode 100644 security/nss/tests/header delete mode 100755 security/nss/tests/jss_dll_version.sh delete mode 100755 security/nss/tests/jssdir delete mode 100755 security/nss/tests/jssqa delete mode 100755 security/nss/tests/mksymlinks delete mode 100755 security/nss/tests/nssdir delete mode 100755 security/nss/tests/nsspath delete mode 100755 security/nss/tests/nssqa delete mode 100755 security/nss/tests/path_uniq delete mode 100644 security/nss/tests/pkcs11/netscape/suites/Makefile delete mode 100644 security/nss/tests/pkcs11/netscape/suites/config.mk delete mode 100644 security/nss/tests/pkcs11/netscape/suites/manifest.mn delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/Makefile delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/config.mk delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/manifest.mn delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/pkcs11/Makefile delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/pkcs11/config.mk delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/pkcs11/manifest.mn delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/pkcs11/pk11test.c delete mode 100755 security/nss/tests/pkcs11/netscape/suites/security/pkcs11/pk11test.h delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/pkcs11/pk11test.htp delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/pkcs11/pkcs11.h delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/pkcs11/pkcs11.reg delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/pkcs11/pkcs11.rep delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/pkcs11/rules.mk delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/ssl/Makefile delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/ssl/README delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/ssl/cert7.db delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/ssl/config.mk delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/ssl/key3.db delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/ssl/manifest.mn delete mode 100755 security/nss/tests/pkcs11/netscape/suites/security/ssl/ssl.reg delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/ssl/sslc.c delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/ssl/sslc.h delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/ssl/ssls.c delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/ssl/ssls.h delete mode 100755 security/nss/tests/pkcs11/netscape/suites/security/ssl/sslt.c delete mode 100755 security/nss/tests/pkcs11/netscape/suites/security/ssl/sslt.h delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/ssl/sslt.htp delete mode 100644 security/nss/tests/pkcs11/netscape/suites/security/ssl/sslt.rep delete mode 100644 security/nss/tests/pkcs11/netscape/trivial/.cvsignore delete mode 100644 security/nss/tests/pkcs11/netscape/trivial/Makefile.in delete mode 100644 security/nss/tests/pkcs11/netscape/trivial/README.txt delete mode 100644 security/nss/tests/pkcs11/netscape/trivial/acconfig.h delete mode 100644 security/nss/tests/pkcs11/netscape/trivial/config.h.in delete mode 100755 security/nss/tests/pkcs11/netscape/trivial/configure delete mode 100644 security/nss/tests/pkcs11/netscape/trivial/configure.in delete mode 100755 security/nss/tests/pkcs11/netscape/trivial/install-sh delete mode 100644 security/nss/tests/pkcs11/netscape/trivial/trivial.c delete mode 100755 security/nss/tests/pkits/pkits.sh delete mode 100644 security/nss/tests/platformlist delete mode 100644 security/nss/tests/platformlist.tbx delete mode 100755 security/nss/tests/qa_stage delete mode 100755 security/nss/tests/qa_stat delete mode 100755 security/nss/tests/qaclean delete mode 100755 security/nss/tests/run_niscc.sh delete mode 100755 security/nss/tests/sdr/sdr.sh delete mode 100644 security/nss/tests/set_environment delete mode 100644 security/nss/tests/smime/alice.txt delete mode 100644 security/nss/tests/smime/bob.txt delete mode 100644 security/nss/tests/smime/ecsmime.sh delete mode 100755 security/nss/tests/smime/smime.sh delete mode 100644 security/nss/tests/ssl/ecssl.sh delete mode 100644 security/nss/tests/ssl/ecsslauth.txt delete mode 100644 security/nss/tests/ssl/ecsslcov.txt delete mode 100644 security/nss/tests/ssl/ecsslstress.txt delete mode 100755 security/nss/tests/ssl/ssl.sh delete mode 100755 security/nss/tests/ssl/ssl_dist_stress.sh delete mode 100644 security/nss/tests/ssl/sslauth.txt delete mode 100644 security/nss/tests/ssl/sslcov.txt delete mode 100644 security/nss/tests/ssl/sslreq.dat delete mode 100644 security/nss/tests/ssl/sslreq.txt delete mode 100644 security/nss/tests/ssl/sslstress.txt delete mode 100644 security/nss/tests/tools/ectools.sh delete mode 100644 security/nss/tests/tools/sign.html delete mode 100644 security/nss/tests/tools/signjs.html delete mode 100644 security/nss/tests/tools/tools.sh delete mode 100755 security/nss/trademarks.txt diff --git a/dbm/.cvsignore b/dbm/.cvsignore deleted file mode 100644 index f3c7a7c5da..0000000000 --- a/dbm/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -Makefile diff --git a/dbm/Makefile.in b/dbm/Makefile.in deleted file mode 100644 index 7c0c92e993..0000000000 --- a/dbm/Makefile.in +++ /dev/null @@ -1,53 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is mozilla.org code. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1998 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -DEPTH = .. -topsrcdir = @top_srcdir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -include $(DEPTH)/config/autoconf.mk - -MODULE = dbm -DIRS = include src - -ifdef ENABLE_TESTS -DIRS += tests -endif - -include $(topsrcdir)/config/rules.mk - diff --git a/dbm/include/.cvsignore b/dbm/include/.cvsignore deleted file mode 100644 index f3c7a7c5da..0000000000 --- a/dbm/include/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -Makefile diff --git a/dbm/include/Makefile.in b/dbm/include/Makefile.in deleted file mode 100644 index 343a08807c..0000000000 --- a/dbm/include/Makefile.in +++ /dev/null @@ -1,71 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is mozilla.org code. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1998 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -DEPTH = ../.. -topsrcdir = @top_srcdir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -include $(DEPTH)/config/autoconf.mk - -MODULE = dbm - -EXPORTS = \ - nsres.h \ - cdefs.h \ - mcom_db.h \ - ncompat.h \ - winfile.h \ - $(NULL) - -EXPORTS := $(addprefix $(srcdir)/, $(EXPORTS)) - -PRIVATE_EXPORTS = \ - hsearch.h \ - page.h \ - extern.h \ - ndbm.h \ - queue.h \ - hash.h \ - mpool.h \ - search.h \ - $(NULL) - -PRIVATE_EXPORTS := $(addprefix $(srcdir)/, $(PRIVATE_EXPORTS)) - -include $(topsrcdir)/config/rules.mk - diff --git a/dbm/include/Makefile.win b/dbm/include/Makefile.win deleted file mode 100644 index df31e52737..0000000000 --- a/dbm/include/Makefile.win +++ /dev/null @@ -1,77 +0,0 @@ -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is mozilla.org code. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1998 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - - -#//------------------------------------------------------------------------ -#// -#// Makefile to build the cert library -#// -#//------------------------------------------------------------------------ - -!if "$(MOZ_BITS)" == "16" -!ifndef MOZ_DEBUG -OPTIMIZER=-Os -UDEBUG -DNDEBUG -!endif -!endif - -#//------------------------------------------------------------------------ -#// -#// Specify the depth of the current directory relative to the -#// root of NS -#// -#//------------------------------------------------------------------------ -DEPTH= ..\.. - -!ifndef MAKE_OBJ_TYPE -MAKE_OBJ_TYPE=EXE -!endif - -#//------------------------------------------------------------------------ -#// -#// install headers -#// -#//------------------------------------------------------------------------ -EXPORTS=nsres.h cdefs.h mcom_db.h ncompat.h winfile.h - -#//------------------------------------------------------------------------ -#// -#// Include the common makefile rules -#// -#//------------------------------------------------------------------------ -include <$(DEPTH)/config/rules.mak> - -CFLAGS = $(CFLAGS) -DMOZILLA_CLIENT - diff --git a/dbm/include/cdefs.h b/dbm/include/cdefs.h deleted file mode 100644 index 6df5a80e37..0000000000 --- a/dbm/include/cdefs.h +++ /dev/null @@ -1,126 +0,0 @@ -/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Berkeley Software Design, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)cdefs.h 8.7 (Berkeley) 1/21/94 - */ - -#ifndef _CDEFS_H_ -#define _CDEFS_H_ - -#if defined(__cplusplus) -#define __BEGIN_DECLS extern "C" { -#define __END_DECLS } -#else -#define __BEGIN_DECLS -#define __END_DECLS -#endif - -/* - * The __CONCAT macro is used to concatenate parts of symbol names, e.g. - * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo. - * The __CONCAT macro is a bit tricky -- make sure you don't put spaces - * in between its arguments. __CONCAT can also concatenate double-quoted - * strings produced by the __STRING macro, but this only works with ANSI C. - */ -#if defined(__STDC__) || defined(__cplusplus) || defined(_WINDOWS) || defined(XP_OS2) -#define __P(protos) protos /* full-blown ANSI C */ -#define __CONCAT(x,y) x ## y -#define __STRING(x) #x - -/* On HP-UX 11.00, defines __const. */ -#ifndef __const -#define __const const /* define reserved names to standard */ -#endif /* __const */ -#define __signed signed -#define __volatile volatile -#ifndef _WINDOWS -#if defined(__cplusplus) -#define __inline inline /* convert to C++ keyword */ -#else -#if !defined(__GNUC__) && !defined(__MWERKS__) -#define __inline /* delete GCC keyword */ -#endif /* !__GNUC__ */ -#endif /* !__cplusplus */ -#endif /* !_WINDOWS */ - -#else /* !(__STDC__ || __cplusplus) */ -#define __P(protos) () /* traditional C preprocessor */ -#define __CONCAT(x,y) x/**/y -#define __STRING(x) "x" - -#ifndef __GNUC__ -#define __const /* delete pseudo-ANSI C keywords */ -#define __inline -#define __signed -#define __volatile -/* - * In non-ANSI C environments, new programs will want ANSI-only C keywords - * deleted from the program and old programs will want them left alone. - * When using a compiler other than gcc, programs using the ANSI C keywords - * const, inline etc. as normal identifiers should define -DNO_ANSI_KEYWORDS. - * When using "gcc -traditional", we assume that this is the intent; if - * __GNUC__ is defined but __STDC__ is not, we leave the new keywords alone. - */ -#ifndef NO_ANSI_KEYWORDS -#define const /* delete ANSI C keywords */ -#define inline -#define signed -#define volatile -#endif -#endif /* !__GNUC__ */ -#endif /* !(__STDC__ || __cplusplus) */ - -/* - * GCC1 and some versions of GCC2 declare dead (non-returning) and - * pure (no side effects) functions using "volatile" and "const"; - * unfortunately, these then cause warnings under "-ansi -pedantic". - * GCC2 uses a new, peculiar __attribute__((attrs)) style. All of - * these work for GNU C++ (modulo a slight glitch in the C++ grammar - * in the distribution version of 2.5.5). - */ -#if !defined(__GNUC__) || __GNUC__ < 2 || __GNUC_MINOR__ < 5 -#define __attribute__(x) /* delete __attribute__ if non-gcc or gcc1 */ -#if defined(__GNUC__) && !defined(__STRICT_ANSI__) -#define __dead __volatile -#define __pure __const -#endif -#endif - -/* Delete pseudo-keywords wherever they are not available or needed. */ -#ifndef __dead -#define __dead -#define __pure -#endif - -#endif /* !_CDEFS_H_ */ diff --git a/dbm/include/extern.h b/dbm/include/extern.h deleted file mode 100644 index 8eabc81fea..0000000000 --- a/dbm/include/extern.h +++ /dev/null @@ -1,65 +0,0 @@ -/*- - * Copyright (c) 1991, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)extern.h 8.4 (Berkeley) 6/16/94 - */ - -BUFHEAD *__add_ovflpage (HTAB *, BUFHEAD *); -int __addel (HTAB *, BUFHEAD *, const DBT *, const DBT *); -int __big_delete (HTAB *, BUFHEAD *); -int __big_insert (HTAB *, BUFHEAD *, const DBT *, const DBT *); -int __big_keydata (HTAB *, BUFHEAD *, DBT *, DBT *, int); -int __big_return (HTAB *, BUFHEAD *, int, DBT *, int); -int __big_split (HTAB *, BUFHEAD *, BUFHEAD *, BUFHEAD *, - uint32, uint32, SPLIT_RETURN *); -int __buf_free (HTAB *, int, int); -void __buf_init (HTAB *, int); -uint32 __call_hash (HTAB *, char *, size_t); -int __delpair (HTAB *, BUFHEAD *, int); -int __expand_table (HTAB *); -int __find_bigpair (HTAB *, BUFHEAD *, int, char *, int); -uint16 __find_last_page (HTAB *, BUFHEAD **); -void __free_ovflpage (HTAB *, BUFHEAD *); -BUFHEAD *__get_buf (HTAB *, uint32, BUFHEAD *, int); -int __get_page (HTAB *, char *, uint32, int, int, int); -int __ibitmap (HTAB *, int, int, int); -uint32 __log2 (uint32); -int __put_page (HTAB *, char *, uint32, int, int); -void __reclaim_buf (HTAB *, BUFHEAD *); -int __split_page (HTAB *, uint32, uint32); - -/* Default hash routine. */ -extern uint32 (*__default_hash) (const void *, size_t); - -#ifdef HASH_STATISTICS -extern int hash_accesses, hash_collisions, hash_expansions, hash_overflows; -#endif diff --git a/dbm/include/hash.h b/dbm/include/hash.h deleted file mode 100644 index 454a8ec42c..0000000000 --- a/dbm/include/hash.h +++ /dev/null @@ -1,337 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)hash.h 8.3 (Berkeley) 5/31/94 - */ - -/* Operations */ - -#include -#include "mcom_db.h" -typedef enum { - HASH_GET, HASH_PUT, HASH_PUTNEW, HASH_DELETE, HASH_FIRST, HASH_NEXT -} ACTION; - -/* Buffer Management structures */ -typedef struct _bufhead BUFHEAD; - -struct _bufhead { - BUFHEAD *prev; /* LRU links */ - BUFHEAD *next; /* LRU links */ - BUFHEAD *ovfl; /* Overflow page buffer header */ - uint32 addr; /* Address of this page */ - char *page; /* Actual page data */ - char is_disk; - char flags; -#define BUF_MOD 0x0001 -#define BUF_DISK 0x0002 -#define BUF_BUCKET 0x0004 -#define BUF_PIN 0x0008 -}; - -#define IS_BUCKET(X) ((X) & BUF_BUCKET) - -typedef BUFHEAD **SEGMENT; - -typedef int DBFILE_PTR; -#define NO_FILE -1 -#ifdef macintosh -#define DBFILE_OPEN(path, flag,mode) open((path), flag) -#define EXISTS(path) -#else -#define DBFILE_OPEN(path, flag,mode) open((path), (flag), (mode)) -#endif -/* Hash Table Information */ -typedef struct hashhdr { /* Disk resident portion */ - int32 magic; /* Magic NO for hash tables */ - int32 version; /* Version ID */ - uint32 lorder; /* Byte Order */ - int32 bsize; /* Bucket/Page Size */ - int32 bshift; /* Bucket shift */ - int32 dsize; /* Directory Size */ - int32 ssize; /* Segment Size */ - int32 sshift; /* Segment shift */ - int32 ovfl_point; /* Where overflow pages are being - * allocated */ - int32 last_freed; /* Last overflow page freed */ - int32 max_bucket; /* ID of Maximum bucket in use */ - int32 high_mask; /* Mask to modulo into entire table */ - int32 low_mask; /* Mask to modulo into lower half of - * table */ - int32 ffactor; /* Fill factor */ - int32 nkeys; /* Number of keys in hash table */ - int32 hdrpages; /* Size of table header */ - uint32 h_charkey; /* value of hash(CHARKEY) */ -#define NCACHED 32 /* number of bit maps and spare - * points */ - int32 spares[NCACHED];/* spare pages for overflow */ - uint16 bitmaps[NCACHED]; /* address of overflow page - * bitmaps */ -} HASHHDR; - -typedef struct htab { /* Memory resident data structure */ - HASHHDR hdr; /* Header */ - int nsegs; /* Number of allocated segments */ - int exsegs; /* Number of extra allocated - * segments */ - uint32 /* Hash function */ - (*hash)(const void *, size_t); - int flags; /* Flag values */ - DBFILE_PTR fp; /* File pointer */ - char *filename; - char *tmp_buf; /* Temporary Buffer for BIG data */ - char *tmp_key; /* Temporary Buffer for BIG keys */ - BUFHEAD *cpage; /* Current page */ - int cbucket; /* Current bucket */ - int cndx; /* Index of next item on cpage */ - int dbmerrno; /* Error Number -- for DBM - * compatability */ - int new_file; /* Indicates if fd is backing store - * or no */ - int save_file; /* Indicates whether we need to flush - * file at - * exit */ - uint32 *mapp[NCACHED]; /* Pointers to page maps */ - int nmaps; /* Initial number of bitmaps */ - int nbufs; /* Number of buffers left to - * allocate */ - BUFHEAD bufhead; /* Header of buffer lru list */ - SEGMENT *dir; /* Hash Bucket directory */ - off_t file_size; /* in bytes */ - char is_temp; /* unlink file on close */ - char updateEOF; /* force EOF update on flush */ -} HTAB; - -/* - * Constants - */ -#define DATABASE_CORRUPTED_ERROR -999 /* big ugly abort, delete database */ -#define OLD_MAX_BSIZE 65536 /* 2^16 */ -#define MAX_BSIZE 32l*1024l /* 2^15 */ -#define MIN_BUFFERS 6 -#define MINHDRSIZE 512 -#define DEF_BUFSIZE 65536l /* 64 K */ -#define DEF_BUCKET_SIZE 4096 -#define DEF_BUCKET_SHIFT 12 /* log2(BUCKET) */ -#define DEF_SEGSIZE 256 -#define DEF_SEGSIZE_SHIFT 8 /* log2(SEGSIZE) */ -#define DEF_DIRSIZE 256 -#define DEF_FFACTOR 65536l -#define MIN_FFACTOR 4 -#define SPLTMAX 8 -#define CHARKEY "%$sniglet^&" -#define NUMKEY 1038583l -#define BYTE_SHIFT 3 -#define INT_TO_BYTE 2 -#define INT_BYTE_SHIFT 5 -#define ALL_SET ((uint32)0xFFFFFFFF) -#define ALL_CLEAR 0 - -#define PTROF(X) ((ptrdiff_t)(X) == BUF_DISK ? 0 : (X)) -#define ISDISK(X) ((X) ? ((ptrdiff_t)(X) == BUF_DISK ? BUF_DISK \ - : (X)->is_disk) : 0) - -#define BITS_PER_MAP 32 - -/* Given the address of the beginning of a big map, clear/set the nth bit */ -#define CLRBIT(A, N) ((A)[(N)/BITS_PER_MAP] &= ~(1<<((N)%BITS_PER_MAP))) -#define SETBIT(A, N) ((A)[(N)/BITS_PER_MAP] |= (1<<((N)%BITS_PER_MAP))) -#define ISSET(A, N) ((A)[(N)/BITS_PER_MAP] & (1<<((N)%BITS_PER_MAP))) - -/* Overflow management */ -/* - * Overflow page numbers are allocated per split point. At each doubling of - * the table, we can allocate extra pages. So, an overflow page number has - * the top 5 bits indicate which split point and the lower 11 bits indicate - * which page at that split point is indicated (pages within split points are - * numberered starting with 1). - */ - -#define SPLITSHIFT 11 -#define SPLITMASK 0x7FF -#define SPLITNUM(N) (((uint32)(N)) >> SPLITSHIFT) -#define OPAGENUM(N) ((N) & SPLITMASK) -#define OADDR_OF(S,O) ((uint32)((uint32)(S) << SPLITSHIFT) + (O)) - -#define BUCKET_TO_PAGE(B) \ - (B) + hashp->HDRPAGES + ((B) ? hashp->SPARES[__log2((uint32)((B)+1))-1] : 0) -#define OADDR_TO_PAGE(B) \ - BUCKET_TO_PAGE ( (1 << SPLITNUM((B))) -1 ) + OPAGENUM((B)); - -/* - * page.h contains a detailed description of the page format. - * - * Normally, keys and data are accessed from offset tables in the top of - * each page which point to the beginning of the key and data. There are - * four flag values which may be stored in these offset tables which indicate - * the following: - * - * - * OVFLPAGE Rather than a key data pair, this pair contains - * the address of an overflow page. The format of - * the pair is: - * OVERFLOW_PAGE_NUMBER OVFLPAGE - * - * PARTIAL_KEY This must be the first key/data pair on a page - * and implies that page contains only a partial key. - * That is, the key is too big to fit on a single page - * so it starts on this page and continues on the next. - * The format of the page is: - * KEY_OFF PARTIAL_KEY OVFL_PAGENO OVFLPAGE - * - * KEY_OFF -- offset of the beginning of the key - * PARTIAL_KEY -- 1 - * OVFL_PAGENO - page number of the next overflow page - * OVFLPAGE -- 0 - * - * FULL_KEY This must be the first key/data pair on the page. It - * is used in two cases. - * - * Case 1: - * There is a complete key on the page but no data - * (because it wouldn't fit). The next page contains - * the data. - * - * Page format it: - * KEY_OFF FULL_KEY OVFL_PAGENO OVFL_PAGE - * - * KEY_OFF -- offset of the beginning of the key - * FULL_KEY -- 2 - * OVFL_PAGENO - page number of the next overflow page - * OVFLPAGE -- 0 - * - * Case 2: - * This page contains no key, but part of a large - * data field, which is continued on the next page. - * - * Page format it: - * DATA_OFF FULL_KEY OVFL_PAGENO OVFL_PAGE - * - * KEY_OFF -- offset of the beginning of the data on - * this page - * FULL_KEY -- 2 - * OVFL_PAGENO - page number of the next overflow page - * OVFLPAGE -- 0 - * - * FULL_KEY_DATA - * This must be the first key/data pair on the page. - * There are two cases: - * - * Case 1: - * This page contains a key and the beginning of the - * data field, but the data field is continued on the - * next page. - * - * Page format is: - * KEY_OFF FULL_KEY_DATA OVFL_PAGENO DATA_OFF - * - * KEY_OFF -- offset of the beginning of the key - * FULL_KEY_DATA -- 3 - * OVFL_PAGENO - page number of the next overflow page - * DATA_OFF -- offset of the beginning of the data - * - * Case 2: - * This page contains the last page of a big data pair. - * There is no key, only the tail end of the data - * on this page. - * - * Page format is: - * DATA_OFF FULL_KEY_DATA - * - * DATA_OFF -- offset of the beginning of the data on - * this page - * FULL_KEY_DATA -- 3 - * OVFL_PAGENO - page number of the next overflow page - * OVFLPAGE -- 0 - * - * OVFL_PAGENO and OVFLPAGE are optional (they are - * not present if there is no next page). - */ - -#define OVFLPAGE 0 -#define PARTIAL_KEY 1 -#define FULL_KEY 2 -#define FULL_KEY_DATA 3 -#define REAL_KEY 4 - -/* Short hands for accessing structure */ -#undef BSIZE -#define BSIZE hdr.bsize -#undef BSHIFT -#define BSHIFT hdr.bshift -#define DSIZE hdr.dsize -#define SGSIZE hdr.ssize -#define SSHIFT hdr.sshift -#define LORDER hdr.lorder -#define OVFL_POINT hdr.ovfl_point -#define LAST_FREED hdr.last_freed -#define MAX_BUCKET hdr.max_bucket -#define FFACTOR hdr.ffactor -#define HIGH_MASK hdr.high_mask -#define LOW_MASK hdr.low_mask -#define NKEYS hdr.nkeys -#define HDRPAGES hdr.hdrpages -#define SPARES hdr.spares -#define BITMAPS hdr.bitmaps -#define VERSION hdr.version -#define MAGIC hdr.magic -#define NEXT_FREE hdr.next_free -#define H_CHARKEY hdr.h_charkey - -extern uint32 (*__default_hash) (const void *, size_t); -void __buf_init(HTAB *hashp, int32 nbytes); -int __big_delete(HTAB *hashp, BUFHEAD *bufp); -BUFHEAD * __get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage); -uint32 __call_hash(HTAB *hashp, char *k, size_t len); -#include "page.h" -extern int __big_split(HTAB *hashp, BUFHEAD *op,BUFHEAD *np, -BUFHEAD *big_keyp,uint32 addr,uint32 obucket, SPLIT_RETURN *ret); -void __free_ovflpage(HTAB *hashp, BUFHEAD *obufp); -BUFHEAD * __add_ovflpage(HTAB *hashp, BUFHEAD *bufp); -int __big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val); -int __expand_table(HTAB *hashp); -uint32 __log2(uint32 num); -void __reclaim_buf(HTAB *hashp, BUFHEAD *bp); -int __get_page(HTAB *hashp, char * p, uint32 bucket, int is_bucket, int is_disk, int is_bitmap); -int __put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap); -int __ibitmap(HTAB *hashp, int pnum, int nbits, int ndx); -int __buf_free(HTAB *hashp, int do_free, int to_disk); -int __find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size); -uint16 __find_last_page(HTAB *hashp, BUFHEAD **bpp); -int __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT * val); -int __big_return(HTAB *hashp, BUFHEAD *bufp, int ndx, DBT *val, int set_current); -int __delpair(HTAB *hashp, BUFHEAD *bufp, int ndx); -int __big_keydata(HTAB *hashp, BUFHEAD *bufp, DBT *key, DBT *val, int set); -int __split_page(HTAB *hashp, uint32 obucket, uint32 nbucket); diff --git a/dbm/include/hsearch.h b/dbm/include/hsearch.h deleted file mode 100644 index ff58b1c155..0000000000 --- a/dbm/include/hsearch.h +++ /dev/null @@ -1,51 +0,0 @@ -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)search.h 8.1 (Berkeley) 6/4/93 - */ - -/* Backward compatibility to hsearch interface. */ -typedef struct entry { - char *key; - char *data; -} ENTRY; - -typedef enum { - FIND, ENTER -} ACTION; - -int hcreate (unsigned int); -void hdestroy (void); -ENTRY *hsearch (ENTRY, ACTION); diff --git a/dbm/include/mcom_db.h b/dbm/include/mcom_db.h deleted file mode 100644 index d265f43225..0000000000 --- a/dbm/include/mcom_db.h +++ /dev/null @@ -1,424 +0,0 @@ -/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)db.h 8.7 (Berkeley) 6/16/94 - */ - -#ifndef _DB_H_ -#define _DB_H_ - - -#ifdef WINCE -#define off_t long -#endif - -#ifndef macintosh -#include -#endif -#include "prtypes.h" - -#include - -#ifdef __DBINTERFACE_PRIVATE - -#ifdef HAVE_SYS_CDEFS_H -#include -#else -#include "cdefs.h" -#endif - -#ifdef HAVE_SYS_BYTEORDER_H -#include -#endif - -#if defined(__linux) || defined(__BEOS__) -#include -#ifndef BYTE_ORDER -#define BYTE_ORDER __BYTE_ORDER -#define BIG_ENDIAN __BIG_ENDIAN -#define LITTLE_ENDIAN __LITTLE_ENDIAN -#endif -#endif /* __linux */ - -#ifdef __sgi -#define BYTE_ORDER BIG_ENDIAN -#define BIG_ENDIAN 4321 -#define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */ -#endif - -#ifdef __sun -#define BIG_ENDIAN 4321 -#define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */ - -#ifndef __SVR4 -/* compat.h is only in 4.1.3 machines. - dp */ -#include -#endif - -/* XXX - dp - * Need to find a general way of defining endian-ness in SunOS 5.3 - * SunOS 5.4 defines _BIG_ENDIAN and _LITTLE_ENDIAN - * SunOS 5.3 does nothing like this. - */ - -#ifndef BYTE_ORDER - -#if defined(_BIG_ENDIAN) -#define BYTE_ORDER BIG_ENDIAN -#elif defined(_LITTLE_ENDIAN) -#define BYTE_ORDER LITTLE_ENDIAN -#elif !defined(__SVR4) -/* 4.1.3 is always BIG_ENDIAN as it was released only on sparc platforms. */ -#define BYTE_ORDER BIG_ENDIAN -#elif !defined(vax) && !defined(ntohl) && !defined(lint) && !defined(i386) -/* 5.3 big endian. Copied this above line from sys/byteorder.h */ -/* Now we are in a 5.3 SunOS rather non 5.4 or above SunOS */ -#define BYTE_ORDER BIG_ENDIAN -#else -#define BYTE_ORDER LITTLE_ENDIAN -#endif - -#endif /* !BYTE_ORDER */ -#endif /* __sun */ - -#if defined(__hpux) || defined(__hppa) -#define BYTE_ORDER BIG_ENDIAN -#define BIG_ENDIAN 4321 -#define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */ -#endif - -#if defined(AIXV3) || defined(AIX) -/* BYTE_ORDER, LITTLE_ENDIAN, BIG_ENDIAN are all defined here */ -#include -#endif - -/* Digital Unix */ -#ifdef __osf__ -#include -#endif - -#ifdef __alpha -#ifndef WIN32 -#else -/* Alpha NT */ -#define BYTE_ORDER LITTLE_ENDIAN -#define BIG_ENDIAN 4321 -#define LITTLE_ENDIAN 1234 -#endif -#endif - -#ifdef NCR -#include -#endif - -#ifdef __QNX__ -#ifdef __QNXNTO__ -#include -#else -#define LITTLE_ENDIAN 1234 -#define BIG_ENDIAN 4321 -#define BYTE_ORDER LITTLE_ENDIAN -#endif -#endif - -#ifdef SNI -/* #include */ -#define BYTE_ORDER BIG_ENDIAN -#define BIG_ENDIAN 4321 -#define LITTLE_ENDIAN 1234 -#endif - -#if defined(_WINDOWS) || defined(XP_OS2_VACPP) -#ifdef BYTE_ORDER -#undef BYTE_ORDER -#endif - -#define BYTE_ORDER LITTLE_ENDIAN -#define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */ -#define BIG_ENDIAN 4321 -#endif - -#ifdef macintosh -#define BIG_ENDIAN 4321 -#define LITTLE_ENDIAN 1234 -#define BYTE_ORDER BIG_ENDIAN -#endif - -#endif /* __DBINTERFACE_PRIVATE */ - -#ifdef SCO -#define MAXPATHLEN 1024 -#endif - -#include - -#if defined(_WINDOWS) || defined(XP_OS2) -#include -#include - -#ifndef XP_OS2 -#define MAXPATHLEN 1024 -#endif - -#ifdef XP_OS2_VACPP -#include -#define MAXPATHLEN CCHMAXPATH -#define EPERM EINVAL -#define ENOTDIR EBADPOS -#define S_ISDIR(s) ((s) & S_IFDIR) -#endif - -#define EFTYPE EINVAL /* POSIX 1003.1 format errno. */ - -#ifndef STDERR_FILENO -#define STDIN_FILENO 0 /* ANSI C #defines */ -#define STDOUT_FILENO 1 -#define STDERR_FILENO 2 -#endif - -#ifndef O_ACCMODE /* POSIX 1003.1 access mode mask. */ -#define O_ACCMODE (O_RDONLY|O_WRONLY|O_RDWR) -#endif -#endif - -#ifdef macintosh -#include -#include "xp_mcom.h" -#define O_ACCMODE 3 /* Mask for file access modes */ -#define EFTYPE 2000 -PR_BEGIN_EXTERN_C -int mkstemp(const char *path); -PR_END_EXTERN_C -#endif /* MACINTOSH */ - -#if !defined(_WINDOWS) && !defined(macintosh) -#include -#include -#endif - -/* define EFTYPE since most don't */ -#ifndef EFTYPE -#define EFTYPE EINVAL /* POSIX 1003.1 format errno. */ -#endif - -#define RET_ERROR -1 /* Return values. */ -#define RET_SUCCESS 0 -#define RET_SPECIAL 1 - -#define MAX_PAGE_NUMBER 0xffffffff /* >= # of pages in a file */ - -#ifndef __sgi -typedef uint32 pgno_t; -#endif - -#define MAX_PAGE_OFFSET 65535 /* >= # of bytes in a page */ -typedef uint16 indx_t; -#define MAX_REC_NUMBER 0xffffffff /* >= # of records in a tree */ -typedef uint32 recno_t; - -/* Key/data structure -- a Data-Base Thang. */ -typedef struct { - void *data; /* data */ - size_t size; /* data length */ -} DBT; - -/* Routine flags. */ -#define R_CURSOR 1 /* del, put, seq */ -#define __R_UNUSED 2 /* UNUSED */ -#define R_FIRST 3 /* seq */ -#define R_IAFTER 4 /* put (RECNO) */ -#define R_IBEFORE 5 /* put (RECNO) */ -#define R_LAST 6 /* seq (BTREE, RECNO) */ -#define R_NEXT 7 /* seq */ -#define R_NOOVERWRITE 8 /* put */ -#define R_PREV 9 /* seq (BTREE, RECNO) */ -#define R_SETCURSOR 10 /* put (RECNO) */ -#define R_RECNOSYNC 11 /* sync (RECNO) */ - -typedef enum { DB_BTREE, DB_HASH, DB_RECNO } DBTYPE; - -typedef enum { LockOutDatabase, UnlockDatabase } DBLockFlagEnum; - -/* - * !!! - * The following flags are included in the dbopen(3) call as part of the - * open(2) flags. In order to avoid conflicts with the open flags, start - * at the top of the 16 or 32-bit number space and work our way down. If - * the open flags were significantly expanded in the future, it could be - * a problem. Wish I'd left another flags word in the dbopen call. - * - * !!! - * None of this stuff is implemented yet. The only reason that it's here - * is so that the access methods can skip copying the key/data pair when - * the DB_LOCK flag isn't set. - */ -#if UINT_MAX > 65535 -#define DB_LOCK 0x20000000 /* Do locking. */ -#define DB_SHMEM 0x40000000 /* Use shared memory. */ -#define DB_TXN 0x80000000 /* Do transactions. */ -#else -#define DB_LOCK 0x2000 /* Do locking. */ -#define DB_SHMEM 0x4000 /* Use shared memory. */ -#define DB_TXN 0x8000 /* Do transactions. */ -#endif - -/* Access method description structure. */ -typedef struct __db { - DBTYPE type; /* Underlying db type. */ - int (*close) (struct __db *); - int (*del) (const struct __db *, const DBT *, uint); - int (*get) (const struct __db *, const DBT *, DBT *, uint); - int (*put) (const struct __db *, DBT *, const DBT *, uint); - int (*seq) (const struct __db *, DBT *, DBT *, uint); - int (*sync) (const struct __db *, uint); - void *internal; /* Access method private. */ - int (*fd) (const struct __db *); -} DB; - -#define BTREEMAGIC 0x053162 -#define BTREEVERSION 3 - -/* Structure used to pass parameters to the btree routines. */ -typedef struct { -#define R_DUP 0x01 /* duplicate keys */ - uint32 flags; - uint cachesize; /* bytes to cache */ - int maxkeypage; /* maximum keys per page */ - int minkeypage; /* minimum keys per page */ - uint psize; /* page size */ - int (*compare) /* comparison function */ - (const DBT *, const DBT *); - size_t (*prefix) /* prefix function */ - (const DBT *, const DBT *); - int lorder; /* byte order */ -} BTREEINFO; - -#define HASHMAGIC 0x061561 -#define HASHVERSION 2 - -/* Structure used to pass parameters to the hashing routines. */ -typedef struct { - uint bsize; /* bucket size */ - uint ffactor; /* fill factor */ - uint nelem; /* number of elements */ - uint cachesize; /* bytes to cache */ - uint32 /* hash function */ - (*hash) (const void *, size_t); - int lorder; /* byte order */ -} HASHINFO; - -/* Structure used to pass parameters to the record routines. */ -typedef struct { -#define R_FIXEDLEN 0x01 /* fixed-length records */ -#define R_NOKEY 0x02 /* key not required */ -#define R_SNAPSHOT 0x04 /* snapshot the input */ - uint32 flags; - uint cachesize; /* bytes to cache */ - uint psize; /* page size */ - int lorder; /* byte order */ - size_t reclen; /* record length (fixed-length records) */ - uint8 bval; /* delimiting byte (variable-length records */ - char *bfname; /* btree file name */ -} RECNOINFO; - -#ifdef __DBINTERFACE_PRIVATE -/* - * Little endian <==> big endian 32-bit swap macros. - * M_32_SWAP swap a memory location - * P_32_SWAP swap a referenced memory location - * P_32_COPY swap from one location to another - */ -#define M_32_SWAP(a) { \ - uint32 _tmp = a; \ - ((char *)&a)[0] = ((char *)&_tmp)[3]; \ - ((char *)&a)[1] = ((char *)&_tmp)[2]; \ - ((char *)&a)[2] = ((char *)&_tmp)[1]; \ - ((char *)&a)[3] = ((char *)&_tmp)[0]; \ -} -#define P_32_SWAP(a) { \ - uint32 _tmp = *(uint32 *)a; \ - ((char *)a)[0] = ((char *)&_tmp)[3]; \ - ((char *)a)[1] = ((char *)&_tmp)[2]; \ - ((char *)a)[2] = ((char *)&_tmp)[1]; \ - ((char *)a)[3] = ((char *)&_tmp)[0]; \ -} -#define P_32_COPY(a, b) { \ - ((char *)&(b))[0] = ((char *)&(a))[3]; \ - ((char *)&(b))[1] = ((char *)&(a))[2]; \ - ((char *)&(b))[2] = ((char *)&(a))[1]; \ - ((char *)&(b))[3] = ((char *)&(a))[0]; \ -} - -/* - * Little endian <==> big endian 16-bit swap macros. - * M_16_SWAP swap a memory location - * P_16_SWAP swap a referenced memory location - * P_16_COPY swap from one location to another - */ -#define M_16_SWAP(a) { \ - uint16 _tmp = a; \ - ((char *)&a)[0] = ((char *)&_tmp)[1]; \ - ((char *)&a)[1] = ((char *)&_tmp)[0]; \ -} -#define P_16_SWAP(a) { \ - uint16 _tmp = *(uint16 *)a; \ - ((char *)a)[0] = ((char *)&_tmp)[1]; \ - ((char *)a)[1] = ((char *)&_tmp)[0]; \ -} -#define P_16_COPY(a, b) { \ - ((char *)&(b))[0] = ((char *)&(a))[1]; \ - ((char *)&(b))[1] = ((char *)&(a))[0]; \ -} -#endif - -PR_BEGIN_EXTERN_C -#if defined(__WATCOMC__) || defined(__WATCOM_CPLUSPLUS__) -extern DB * -#else -PR_EXTERN(DB *) -#endif -dbopen (const char *, int, int, DBTYPE, const void *); - -/* set or unset a global lock flag to disable the - * opening of any DBM file - */ -void dbSetOrClearDBLock(DBLockFlagEnum type); - -#ifdef __DBINTERFACE_PRIVATE -DB *__bt_open (const char *, int, int, const BTREEINFO *, int); -DB *__hash_open (const char *, int, int, const HASHINFO *, int); -DB *__rec_open (const char *, int, int, const RECNOINFO *, int); -void __dbpanic (DB *dbp); -#endif - -PR_END_EXTERN_C - -#endif /* !_DB_H_ */ diff --git a/dbm/include/mpool.h b/dbm/include/mpool.h deleted file mode 100644 index a2fb62b9f7..0000000000 --- a/dbm/include/mpool.h +++ /dev/null @@ -1,99 +0,0 @@ -/*- - * Copyright (c) 1991, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)mpool.h 8.2 (Berkeley) 7/14/94 - */ - -#include - -/* - * The memory pool scheme is a simple one. Each in-memory page is referenced - * by a bucket which is threaded in up to two of three ways. All active pages - * are threaded on a hash chain (hashed by page number) and an lru chain. - * Inactive pages are threaded on a free chain. Each reference to a memory - * pool is handed an opaque MPOOL cookie which stores all of this information. - */ -#define HASHSIZE 128 -#define HASHKEY(pgno) ((pgno - 1) % HASHSIZE) - -/* The BKT structures are the elements of the queues. */ -typedef struct _bkt { - CIRCLEQ_ENTRY(_bkt) hq; /* hash queue */ - CIRCLEQ_ENTRY(_bkt) q; /* lru queue */ - void *page; /* page */ - pgno_t pgno; /* page number */ - -#define MPOOL_DIRTY 0x01 /* page needs to be written */ -#define MPOOL_PINNED 0x02 /* page is pinned into memory */ - uint8 flags; /* flags */ -} BKT; - -typedef struct MPOOL { - CIRCLEQ_HEAD(_lqh, _bkt) lqh; /* lru queue head */ - /* hash queue array */ - CIRCLEQ_HEAD(_hqh, _bkt) hqh[HASHSIZE]; - pgno_t curcache; /* current number of cached pages */ - pgno_t maxcache; /* max number of cached pages */ - pgno_t npages; /* number of pages in the file */ - uint32 pagesize; /* file page size */ - int fd; /* file descriptor */ - /* page in conversion routine */ - void (*pgin) (void *, pgno_t, void *); - /* page out conversion routine */ - void (*pgout) (void *, pgno_t, void *); - void *pgcookie; /* cookie for page in/out routines */ -#ifdef STATISTICS - uint32 cachehit; - uint32 cachemiss; - uint32 pagealloc; - uint32 pageflush; - uint32 pageget; - uint32 pagenew; - uint32 pageput; - uint32 pageread; - uint32 pagewrite; -#endif -} MPOOL; - -__BEGIN_DECLS -MPOOL *mpool_open (void *, int, pgno_t, pgno_t); -void mpool_filter (MPOOL *, void (*)(void *, pgno_t, void *), - void (*)(void *, pgno_t, void *), void *); -void *mpool_new (MPOOL *, pgno_t *); -void *mpool_get (MPOOL *, pgno_t, uint); -int mpool_put (MPOOL *, void *, uint); -int mpool_sync (MPOOL *); -int mpool_close (MPOOL *); -#ifdef STATISTICS -void mpool_stat (MPOOL *); -#endif -__END_DECLS diff --git a/dbm/include/ncompat.h b/dbm/include/ncompat.h deleted file mode 100644 index c95b327feb..0000000000 --- a/dbm/include/ncompat.h +++ /dev/null @@ -1,232 +0,0 @@ -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)compat.h 8.13 (Berkeley) 2/21/94 - */ - -#ifndef _COMPAT_H_ -#define _COMPAT_H_ - -#include - -/* - * If your system doesn't typedef u_long, u_short, or u_char, change - * the 0 to a 1. - */ -#if 0 -typedef unsigned char u_char; /* 4.[34]BSD names. */ -typedef unsigned int u_int; -typedef unsigned long u_long; -typedef unsigned short u_short; -#endif - -/* If your system doesn't typedef size_t, change the 0 to a 1. */ -#if 0 -typedef unsigned int size_t; /* POSIX, 4.[34]BSD names. */ -#endif - -/* If your system doesn't typedef ssize_t, change the 0 to a 1. */ -#if 0 -typedef int ssize_t; /* POSIX names. */ -#endif - -/* - * If your system doesn't have the POSIX type for a signal mask, - * change the 0 to a 1. - */ -#if 0 /* POSIX 1003.1 signal mask type. */ -typedef unsigned int sigset_t; -#endif - -/* - * If your system's vsprintf returns a char *, not an int, - * change the 0 to a 1. - */ -#if defined (__sun) && !defined(__SVR4) /* SUNOS */ -#define VSPRINTF_CHARSTAR -#endif -/* - * If you don't have POSIX 1003.1 signals, the signal code surrounding the - * temporary file creation is intended to block all of the possible signals - * long enough to create the file and unlink it. All of this stuff is - * intended to use old-style BSD calls to fake POSIX 1003.1 calls. - */ -#ifdef NO_POSIX_SIGNALS -#define sigemptyset(set) (*(set) = 0) -#define sigfillset(set) (*(set) = ~(sigset_t)0, 0) -#define sigaddset(set,signo) (*(set) |= sigmask(signo), 0) -#define sigdelset(set,signo) (*(set) &= ~sigmask(signo), 0) -#define sigismember(set,signo) ((*(set) & sigmask(signo)) != 0) - -#define SIG_BLOCK 1 -#define SIG_UNBLOCK 2 -#define SIG_SETMASK 3 - -static int __sigtemp; /* For the use of sigprocmask */ - -/* Repeated test of oset != NULL is to avoid "*0". */ -#define sigprocmask(how, set, oset) \ - ((__sigtemp = \ - (((how) == SIG_BLOCK) ? \ - sigblock(0) | *(set) : \ - (((how) == SIG_UNBLOCK) ? \ - sigblock(0) & ~(*(set)) : \ - ((how) == SIG_SETMASK ? \ - *(set) : sigblock(0))))), \ - ((oset) ? (*(oset ? oset : set) = sigsetmask(__sigtemp)) : \ - sigsetmask(__sigtemp)), 0) -#endif - -/* - * If your system doesn't have an include file with the appropriate - * byte order set, make sure you specify the correct one. - */ -#ifndef BYTE_ORDER -#define LITTLE_ENDIAN 1234 /* LSB first: i386, vax */ -#define BIG_ENDIAN 4321 /* MSB first: 68000, ibm, net */ -#define BYTE_ORDER BIG_ENDIAN /* Set for your system. */ -#endif - -#if defined(SYSV) || defined(SYSTEM5) || defined(__sun) -#define index(a, b) strchr(a, b) -#define rindex(a, b) strrchr(a, b) -#define bzero(a, b) memset(a, 0, b) -#define bcmp(a, b, n) memcmp(a, b, n) -#define bcopy(a, b, n) memmove(b, a, n) -#endif - -#if defined(BSD) || defined(BSD4_3) -#define strchr(a, b) index(a, b) -#define strrchr(a, b) rindex(a, b) -#define memcmp(a, b, n) bcmp(a, b, n) -#define memmove(a, b, n) bcopy(b, a, n) -#endif - -/* - * 32-bit machine. The db routines are theoretically independent of - * the size of u_shorts and u_longs, but I don't know that anyone has - * ever actually tried it. At a minimum, change the following #define's - * if you are trying to compile on a different type of system. - */ -#ifndef USHRT_MAX -#define USHRT_MAX 0xFFFF -#define ULONG_MAX 0xFFFFFFFF -#endif - -#ifndef O_ACCMODE /* POSIX 1003.1 access mode mask. */ -#define O_ACCMODE (O_RDONLY|O_WRONLY|O_RDWR) -#endif - -#ifndef _POSIX2_RE_DUP_MAX /* POSIX 1003.2 RE limit. */ -#define _POSIX2_RE_DUP_MAX 255 -#endif - -/* - * If you can't provide lock values in the open(2) call. Note, this - * allows races to happen. - */ -#ifndef O_EXLOCK /* 4.4BSD extension. */ -#define O_EXLOCK 0 -#endif - -#ifndef O_SHLOCK /* 4.4BSD extension. */ -#define O_SHLOCK 0 -#endif - -#ifndef EFTYPE -#define EFTYPE EINVAL /* POSIX 1003.1 format errno. */ -#endif - -#ifndef WCOREDUMP /* 4.4BSD extension */ -#define WCOREDUMP(a) 0 -#endif - -#ifndef STDERR_FILENO -#define STDIN_FILENO 0 /* ANSI C #defines */ -#define STDOUT_FILENO 1 -#define STDERR_FILENO 2 -#endif - -#ifndef SEEK_END -#define SEEK_SET 0 /* POSIX 1003.1 seek values */ -#define SEEK_CUR 1 -#define SEEK_END 2 -#endif - -#ifndef _POSIX_VDISABLE /* POSIX 1003.1 disabling char. */ -#define _POSIX_VDISABLE 0 /* Some systems used 0. */ -#endif - -#ifndef TCSASOFT /* 4.4BSD extension. */ -#define TCSASOFT 0 -#endif - -#ifndef _POSIX2_RE_DUP_MAX /* POSIX 1003.2 values. */ -#define _POSIX2_RE_DUP_MAX 255 -#endif - -#ifndef NULL /* ANSI C #defines NULL everywhere. */ -#define NULL 0 -#endif - -#ifndef MAX /* Usually found in . */ -#define MAX(_a,_b) ((_a)<(_b)?(_b):(_a)) -#endif -#ifndef MIN /* Usually found in . */ -#define MIN(_a,_b) ((_a)<(_b)?(_a):(_b)) -#endif - -/* Default file permissions. */ -#ifndef DEFFILEMODE /* 4.4BSD extension. */ -#define DEFFILEMODE (S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH) -#endif - -#ifndef __sun -#ifndef S_ISDIR /* POSIX 1003.1 file type tests. */ -#define S_ISDIR(m) ((m & 0170000) == 0040000) /* directory */ -#define S_ISCHR(m) ((m & 0170000) == 0020000) /* char special */ -#define S_ISBLK(m) ((m & 0170000) == 0060000) /* block special */ -#define S_ISREG(m) ((m & 0170000) == 0100000) /* regular file */ -#define S_ISFIFO(m) ((m & 0170000) == 0010000) /* fifo */ -#endif -#ifndef S_ISLNK /* BSD POSIX 1003.1 extensions */ -#define S_ISLNK(m) ((m & 0170000) == 0120000) /* symbolic link */ -#define S_ISSOCK(m) ((m & 0170000) == 0140000) /* socket */ -#endif -#endif /* __sun */ - -/* The type of a va_list. */ -#ifndef _BSD_VA_LIST_ /* 4.4BSD #define. */ -#define _BSD_VA_LIST_ char * -#endif - -#endif /* !_COMPAT_H_ */ diff --git a/dbm/include/ndbm.h b/dbm/include/ndbm.h deleted file mode 100644 index 7ad5f1a23c..0000000000 --- a/dbm/include/ndbm.h +++ /dev/null @@ -1,77 +0,0 @@ -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)ndbm.h 8.1 (Berkeley) 6/2/93 - */ - -#ifndef _NDBM_H_ -#define _NDBM_H_ - -#include "mcom_db.h" - -/* Map dbm interface onto db(3). */ -#define DBM_RDONLY O_RDONLY - -/* Flags to dbm_store(). */ -#define DBM_INSERT 0 -#define DBM_REPLACE 1 - -/* - * The db(3) support for ndbm(3) always appends this suffix to the - * file name to avoid overwriting the user's original database. - */ -#define DBM_SUFFIX ".db" - -typedef struct { - char *dptr; - int dsize; -} datum; - -typedef DB DBM; -#define dbm_pagfno(a) DBM_PAGFNO_NOT_AVAILABLE - -__BEGIN_DECLS -void dbm_close (DBM *); -int dbm_delete (DBM *, datum); -datum dbm_fetch (DBM *, datum); -datum dbm_firstkey (DBM *); -long dbm_forder (DBM *, datum); -datum dbm_nextkey (DBM *); -DBM *dbm_open (const char *, int, int); -int dbm_store (DBM *, datum, datum, int); -int dbm_dirfno (DBM *); -__END_DECLS - -#endif /* !_NDBM_H_ */ diff --git a/dbm/include/nsres.h b/dbm/include/nsres.h deleted file mode 100644 index f3f4e2d1a9..0000000000 --- a/dbm/include/nsres.h +++ /dev/null @@ -1,41 +0,0 @@ -#ifndef NSRES_H -#define NSRES_H -#include "mcom_db.h" - -__BEGIN_DECLS - -/* C version */ -#define NSRESHANDLE void * - -typedef void (*NSRESTHREADFUNC)(void *); - -typedef struct NSRESTHREADINFO -{ - void *lock; - NSRESTHREADFUNC fn_lock; - NSRESTHREADFUNC fn_unlock; -} NSRESTHREADINFO; - -#define MAXBUFNUM 10 -#define MAXSTRINGLEN 300 - -#define NSRES_CREATE 1 -#define NSRES_OPEN 2 - - - -NSRESHANDLE NSResCreateTable(const char *filename, NSRESTHREADINFO *threadinfo); -NSRESHANDLE NSResOpenTable(const char *filename, NSRESTHREADINFO *threadinfo); -void NSResCloseTable(NSRESHANDLE handle); - -char *NSResLoadString(NSRESHANDLE handle, const char * library, int32 id, - unsigned int charsetid, char *retbuf); -int32 NSResGetSize(NSRESHANDLE handle, const char *library, int32 id); -int32 NSResLoadResource(NSRESHANDLE handle, const char *library, int32 id, char *retbuf); -int NSResAddString(NSRESHANDLE handle, const char *library, int32 id, const char *string, unsigned int charset); - -__END_DECLS - - -#endif - diff --git a/dbm/include/page.h b/dbm/include/page.h deleted file mode 100644 index faf2b815bf..0000000000 --- a/dbm/include/page.h +++ /dev/null @@ -1,96 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)page.h 8.2 (Berkeley) 5/31/94 - */ - -/* - * Definitions for hashing page file format. - */ - -/* - * routines dealing with a data page - * - * page format: - * +------------------------------+ - * p | n | keyoff | datoff | keyoff | - * +------------+--------+--------+ - * | datoff | free | ptr | --> | - * +--------+---------------------+ - * | F R E E A R E A | - * +--------------+---------------+ - * | <---- - - - | data | - * +--------+-----+----+----------+ - * | key | data | key | - * +--------+----------+----------+ - * - * Pointer to the free space is always: p[p[0] + 2] - * Amount of free space on the page is: p[p[0] + 1] - */ - -/* - * How many bytes required for this pair? - * 2 shorts in the table at the top of the page + room for the - * key and room for the data - * - * We prohibit entering a pair on a page unless there is also room to append - * an overflow page. The reason for this it that you can get in a situation - * where a single key/data pair fits on a page, but you can't append an - * overflow page and later you'd have to split the key/data and handle like - * a big pair. - * You might as well do this up front. - */ -#ifndef PAGE_H -#define PAGE_H - -#define PAIRSIZE(K,D) (2*sizeof(uint16) + (K)->size + (D)->size) -#define BIGOVERHEAD (4*sizeof(uint16)) -#define KEYSIZE(K) (4*sizeof(uint16) + (K)->size); -#define OVFLSIZE (2*sizeof(uint16)) -#define FREESPACE(P) ((P)[(P)[0]+1]) -#define OFFSET(P) ((P)[(P)[0]+2]) -#define PAIRFITS(P,K,D) \ - (((P)[2] >= REAL_KEY) && \ - (PAIRSIZE((K),(D)) + OVFLSIZE) <= FREESPACE((P))) -#define PAGE_META(N) (((N)+3) * sizeof(uint16)) - -typedef struct { - BUFHEAD *newp; - BUFHEAD *oldp; - BUFHEAD *nextp; - uint16 next_addr; -} SPLIT_RETURN; -#endif - diff --git a/dbm/include/queue.h b/dbm/include/queue.h deleted file mode 100644 index 40d32ccb6e..0000000000 --- a/dbm/include/queue.h +++ /dev/null @@ -1,245 +0,0 @@ -/* - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)queue.h 8.3 (Berkeley) 12/13/93 - */ - -#ifndef _QUEUE_H_ -#define _QUEUE_H_ - -/* - * This file defines three types of data structures: lists, tail queues, - * and circular queues. - * - * A list is headed by a single forward pointer (or an array of forward - * pointers for a hash table header). The elements are doubly linked - * so that an arbitrary element can be removed without a need to - * traverse the list. New elements can be added to the list after - * an existing element or at the head of the list. A list may only be - * traversed in the forward direction. - * - * A tail queue is headed by a pair of pointers, one to the head of the - * list and the other to the tail of the list. The elements are doubly - * linked so that an arbitrary element can be removed without a need to - * traverse the list. New elements can be added to the list after - * an existing element, at the head of the list, or at the end of the - * list. A tail queue may only be traversed in the forward direction. - * - * A circle queue is headed by a pair of pointers, one to the head of the - * list and the other to the tail of the list. The elements are doubly - * linked so that an arbitrary element can be removed without a need to - * traverse the list. New elements can be added to the list before or after - * an existing element, at the head of the list, or at the end of the list. - * A circle queue may be traversed in either direction, but has a more - * complex end of list detection. - * - * For details on the use of these macros, see the queue(3) manual page. - */ - -/* - * List definitions. - */ -#define LIST_HEAD(name, type) \ -struct name { \ - struct type *lh_first; /* first element */ \ -} - -#define LIST_ENTRY(type) \ -struct { \ - struct type *le_next; /* next element */ \ - struct type **le_prev; /* address of previous next element */ \ -} - -/* - * List functions. - */ -#define LIST_INIT(head) { \ - (head)->lh_first = NULL; \ -} - -#define LIST_INSERT_AFTER(listelm, elm, field) { \ - if (((elm)->field.le_next = (listelm)->field.le_next) != NULL) \ - (listelm)->field.le_next->field.le_prev = \ - &(elm)->field.le_next; \ - (listelm)->field.le_next = (elm); \ - (elm)->field.le_prev = &(listelm)->field.le_next; \ -} - -#define LIST_INSERT_HEAD(head, elm, field) { \ - if (((elm)->field.le_next = (head)->lh_first) != NULL) \ - (head)->lh_first->field.le_prev = &(elm)->field.le_next;\ - (head)->lh_first = (elm); \ - (elm)->field.le_prev = &(head)->lh_first; \ -} - -#define LIST_REMOVE(elm, field) { \ - if ((elm)->field.le_next != NULL) \ - (elm)->field.le_next->field.le_prev = \ - (elm)->field.le_prev; \ - *(elm)->field.le_prev = (elm)->field.le_next; \ -} - -/* - * Tail queue definitions. - */ -#define TAILQ_HEAD(name, type) \ -struct name { \ - struct type *tqh_first; /* first element */ \ - struct type **tqh_last; /* addr of last next element */ \ -} - -#define TAILQ_ENTRY(type) \ -struct { \ - struct type *tqe_next; /* next element */ \ - struct type **tqe_prev; /* address of previous next element */ \ -} - -/* - * Tail queue functions. - */ -#define TAILQ_INIT(head) { \ - (head)->tqh_first = NULL; \ - (head)->tqh_last = &(head)->tqh_first; \ -} - -#define TAILQ_INSERT_HEAD(head, elm, field) { \ - if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \ - (elm)->field.tqe_next->field.tqe_prev = \ - &(elm)->field.tqe_next; \ - else \ - (head)->tqh_last = &(elm)->field.tqe_next; \ - (head)->tqh_first = (elm); \ - (elm)->field.tqe_prev = &(head)->tqh_first; \ -} - -#define TAILQ_INSERT_TAIL(head, elm, field) { \ - (elm)->field.tqe_next = NULL; \ - (elm)->field.tqe_prev = (head)->tqh_last; \ - *(head)->tqh_last = (elm); \ - (head)->tqh_last = &(elm)->field.tqe_next; \ -} - -#define TAILQ_INSERT_AFTER(head, listelm, elm, field) { \ - if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\ - (elm)->field.tqe_next->field.tqe_prev = \ - &(elm)->field.tqe_next; \ - else \ - (head)->tqh_last = &(elm)->field.tqe_next; \ - (listelm)->field.tqe_next = (elm); \ - (elm)->field.tqe_prev = &(listelm)->field.tqe_next; \ -} - -#define TAILQ_REMOVE(head, elm, field) { \ - if (((elm)->field.tqe_next) != NULL) \ - (elm)->field.tqe_next->field.tqe_prev = \ - (elm)->field.tqe_prev; \ - else \ - (head)->tqh_last = (elm)->field.tqe_prev; \ - *(elm)->field.tqe_prev = (elm)->field.tqe_next; \ -} - -/* - * Circular queue definitions. - */ -#define CIRCLEQ_HEAD(name, type) \ -struct name { \ - struct type *cqh_first; /* first element */ \ - struct type *cqh_last; /* last element */ \ -} - -#define CIRCLEQ_ENTRY(type) \ -struct { \ - struct type *cqe_next; /* next element */ \ - struct type *cqe_prev; /* previous element */ \ -} - -/* - * Circular queue functions. - */ -#define CIRCLEQ_INIT(head) { \ - (head)->cqh_first = (void *)(head); \ - (head)->cqh_last = (void *)(head); \ -} - -#define CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) { \ - (elm)->field.cqe_next = (listelm)->field.cqe_next; \ - (elm)->field.cqe_prev = (listelm); \ - if ((listelm)->field.cqe_next == (void *)(head)) \ - (head)->cqh_last = (elm); \ - else \ - (listelm)->field.cqe_next->field.cqe_prev = (elm); \ - (listelm)->field.cqe_next = (elm); \ -} - -#define CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) { \ - (elm)->field.cqe_next = (listelm); \ - (elm)->field.cqe_prev = (listelm)->field.cqe_prev; \ - if ((listelm)->field.cqe_prev == (void *)(head)) \ - (head)->cqh_first = (elm); \ - else \ - (listelm)->field.cqe_prev->field.cqe_next = (elm); \ - (listelm)->field.cqe_prev = (elm); \ -} - -#define CIRCLEQ_INSERT_HEAD(head, elm, field) { \ - (elm)->field.cqe_next = (head)->cqh_first; \ - (elm)->field.cqe_prev = (void *)(head); \ - if ((head)->cqh_last == (void *)(head)) \ - (head)->cqh_last = (elm); \ - else \ - (head)->cqh_first->field.cqe_prev = (elm); \ - (head)->cqh_first = (elm); \ -} - -#define CIRCLEQ_INSERT_TAIL(head, elm, field) { \ - (elm)->field.cqe_next = (void *)(head); \ - (elm)->field.cqe_prev = (head)->cqh_last; \ - if ((head)->cqh_first == (void *)(head)) \ - (head)->cqh_first = (elm); \ - else \ - (head)->cqh_last->field.cqe_next = (elm); \ - (head)->cqh_last = (elm); \ -} - -#define CIRCLEQ_REMOVE(head, elm, field) { \ - if ((elm)->field.cqe_next == (void *)(head)) \ - (head)->cqh_last = (elm)->field.cqe_prev; \ - else \ - (elm)->field.cqe_next->field.cqe_prev = \ - (elm)->field.cqe_prev; \ - if ((elm)->field.cqe_prev == (void *)(head)) \ - (head)->cqh_first = (elm)->field.cqe_next; \ - else \ - (elm)->field.cqe_prev->field.cqe_next = \ - (elm)->field.cqe_next; \ -} -#endif /* !_QUEUE_H_ */ diff --git a/dbm/include/search.h b/dbm/include/search.h deleted file mode 100644 index ff58b1c155..0000000000 --- a/dbm/include/search.h +++ /dev/null @@ -1,51 +0,0 @@ -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)search.h 8.1 (Berkeley) 6/4/93 - */ - -/* Backward compatibility to hsearch interface. */ -typedef struct entry { - char *key; - char *data; -} ENTRY; - -typedef enum { - FIND, ENTER -} ACTION; - -int hcreate (unsigned int); -void hdestroy (void); -ENTRY *hsearch (ENTRY, ACTION); diff --git a/dbm/include/watcomfx.h b/dbm/include/watcomfx.h deleted file mode 100644 index 3020e9de91..0000000000 --- a/dbm/include/watcomfx.h +++ /dev/null @@ -1,26 +0,0 @@ -#if defined(__WATCOMC__) || defined(__WATCOM_CPLUSPLUS__) -#ifndef __WATCOM_FIX_H__ -#define __WATCOM_FIX_H__ 1 -/* - * WATCOM's C compiler doesn't default to "__cdecl" conventions for external - * symbols and functions. Rather than adding an explicit __cdecl modifier to - * every external symbol and function declaration and definition, we use the - * following pragma to (attempt to) change WATCOM c's default to __cdecl. - * These pragmas were taken from pages 180-181, 266 & 269 of the - * Watcom C/C++ version 11 User's Guide, 3rd edition. - */ -#if defined(XP_WIN16) || defined(WIN16) -#pragma aux default "_*" \ - parm caller [] \ - value struct float struct routine [ax] \ - modify [ax bx cx dx es] -#else -#pragma aux default "_*" \ - parm caller [] \ - value struct float struct routine [eax] \ - modify [eax ecx edx] -#endif -#pragma aux default far - -#endif /* once */ -#endif /* WATCOM compiler */ diff --git a/dbm/include/winfile.h b/dbm/include/winfile.h deleted file mode 100644 index 36b59f7212..0000000000 --- a/dbm/include/winfile.h +++ /dev/null @@ -1,112 +0,0 @@ - -/* --------------------------------------------------------------------------- - Stuff to fake unix file I/O on windows boxes - ------------------------------------------------------------------------*/ - -#ifndef WINFILE_H -#define WINFILE_H - -#ifdef _WINDOWS -/* hacked out of on an SGI */ -#if defined(XP_WIN32) || defined(_WIN32) -/* 32-bit stuff here */ -#include -#include -#ifdef __MINGW32__ -#include -#include -#else -#include -#include -#endif - -typedef struct DIR_Struct { - void * directoryPtr; - WIN32_FIND_DATA data; -} DIR; - -#define _ST_FSTYPSZ 16 - -#if !defined(__BORLANDC__) && !defined(__GNUC__) - typedef unsigned long mode_t; - typedef long uid_t; - typedef long gid_t; - -#ifdef WINCE - typedef long ino_t; -#else - typedef long off_t; -#endif - - typedef unsigned long nlink_t; -#endif - -typedef struct timestruc { - time_t tv_sec; /* seconds */ - long tv_nsec; /* and nanoseconds */ -} timestruc_t; - - -struct dirent { /* data from readdir() */ - ino_t d_ino; /* inode number of entry */ - off_t d_off; /* offset of disk direntory entry */ - unsigned short d_reclen; /* length of this record */ - char d_name[_MAX_FNAME]; /* name of file */ -}; - -#if !defined(__BORLANDC__) && !defined (__GNUC__) -#define S_ISDIR(s) ((s) & _S_IFDIR) -#endif - -#else /* _WIN32 */ -/* 16-bit windows stuff */ - -#include -#include -#include - - - -/* Getting cocky to support multiple file systems */ -typedef struct dirStruct_tag { - struct _find_t file_data; - char c_checkdrive; -} dirStruct; - -typedef struct DIR_Struct { - void * directoryPtr; - dirStruct data; -} DIR; - -#define _ST_FSTYPSZ 16 -typedef unsigned long mode_t; -typedef long uid_t; -typedef long gid_t; -typedef long off_t; -typedef unsigned long nlink_t; - -typedef struct timestruc { - time_t tv_sec; /* seconds */ - long tv_nsec; /* and nanoseconds */ -} timestruc_t; - -struct dirent { /* data from readdir() */ - ino_t d_ino; /* inode number of entry */ - off_t d_off; /* offset of disk direntory entry */ - unsigned short d_reclen; /* length of this record */ -#ifdef XP_WIN32 - char d_name[_MAX_FNAME]; /* name of file */ -#else - char d_name[20]; /* name of file */ -#endif -}; - -#define S_ISDIR(s) ((s) & _S_IFDIR) - -#endif /* 16-bit windows */ - -#define CONST const - -#endif /* _WINDOWS */ - -#endif /* WINFILE_H */ diff --git a/dbm/src/.cvsignore b/dbm/src/.cvsignore deleted file mode 100644 index f3c7a7c5da..0000000000 --- a/dbm/src/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -Makefile diff --git a/dbm/src/Makefile.in b/dbm/src/Makefile.in deleted file mode 100644 index 2f7476d8c8..0000000000 --- a/dbm/src/Makefile.in +++ /dev/null @@ -1,95 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is mozilla.org code. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1998 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -DEPTH = ../.. -topsrcdir = @top_srcdir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -include $(DEPTH)/config/autoconf.mk - -LIBRARY_NAME = mozdbm_s -LIB_IS_C_ONLY = 1 - -ifeq ($(OS_ARCH),WINNT) -LIBRARY_NAME = dbm$(MOZ_BITS) -endif - -CSRCS = \ - db.c \ - h_bigkey.c \ - h_func.c \ - h_log2.c \ - h_page.c \ - hash.c \ - hash_buf.c \ - hsearch.c \ - mktemp.c \ - ndbm.c \ - strerror.c \ - nsres.c \ - $(NULL) - -ifeq ($(OS_ARCH),WINNT) -CSRCS += memmove.c snprintf.c -else -ifeq (,$(filter -DHAVE_MEMMOVE=1,$(ACDEFINES))) -CSRCS += memmove.c -endif - -ifeq (,$(filter -DHAVE_SNPRINTF=1,$(ACDEFINES))) -CSRCS += snprintf.c -endif -endif # WINNT - -LOCAL_INCLUDES = -I$(srcdir)/../include - -FORCE_STATIC_LIB = 1 -FORCE_USE_PIC = 1 - -include $(topsrcdir)/config/rules.mk - -DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE $(SECURITY_FLAG) - -ifeq ($(OS_ARCH),WINCE) -DEFINES += -D__STDC__ -DDBM_REOPEN_ON_FLUSH -endif - -ifeq ($(OS_ARCH),AIX) -OS_LIBS += -lc_r -endif - diff --git a/dbm/src/Makefile.win b/dbm/src/Makefile.win deleted file mode 100644 index 91bdf7d209..0000000000 --- a/dbm/src/Makefile.win +++ /dev/null @@ -1,113 +0,0 @@ -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is mozilla.org code. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1998 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - - -#//------------------------------------------------------------------------ -#// -#// Makefile to build the cert library -#// -#//------------------------------------------------------------------------ - -!if "$(MOZ_BITS)" == "16" -!ifndef MOZ_DEBUG -OPTIMIZER=-Os -UDEBUG -DNDEBUG -!endif -!endif - -#//------------------------------------------------------------------------ -#// -#// Specify the depth of the current directory relative to the -#// root of NS -#// -#//------------------------------------------------------------------------ -DEPTH= ..\.. - -!ifndef MAKE_OBJ_TYPE -MAKE_OBJ_TYPE=EXE -!endif - -#//------------------------------------------------------------------------ -#// -#// Define any Public Make Variables here: (ie. PDFFILE, MAPFILE, ...) -#// -#//------------------------------------------------------------------------ -LIBNAME=dbm$(MOZ_BITS) -PDBFILE=$(LIBNAME).pdb - -#//------------------------------------------------------------------------ -#// -#// Define the files necessary to build the target (ie. OBJS) -#// -#//------------------------------------------------------------------------ -OBJS= \ - .\$(OBJDIR)\db.obj \ - .\$(OBJDIR)\h_bigkey.obj \ - .\$(OBJDIR)\h_func.obj \ - .\$(OBJDIR)\h_log2.obj \ - .\$(OBJDIR)\h_page.obj \ - .\$(OBJDIR)\hash.obj \ - .\$(OBJDIR)\hash_buf.obj \ - .\$(OBJDIR)\hsearch.obj \ - .\$(OBJDIR)\memmove.obj \ - .\$(OBJDIR)\mktemp.obj \ - .\$(OBJDIR)\ndbm.obj \ - .\$(OBJDIR)\snprintf.obj \ - .\$(OBJDIR)\strerror.obj \ - .\$(OBJDIR)\nsres.obj \ - $(NULL) - -#//------------------------------------------------------------------------ -#// -#// Define any Public Targets here (ie. PROGRAM, LIBRARY, DLL, ...) -#// (these must be defined before the common makefiles are included) -#// -#//------------------------------------------------------------------------ -LIBRARY = .\$(OBJDIR)\$(LIBNAME).lib -LINCS = -I..\include - -#//------------------------------------------------------------------------ -#// -#// Include the common makefile rules -#// -#//------------------------------------------------------------------------ -include <$(DEPTH)/config/rules.mak> - -CFLAGS = $(CFLAGS) -DMOZILLA_CLIENT -D__DBINTERFACE_PRIVATE - -install:: $(LIBRARY) - $(MAKE_INSTALL) $(LIBRARY) $(DIST)\lib - - diff --git a/dbm/src/db.c b/dbm/src/db.c deleted file mode 100644 index 6650cd2de1..0000000000 --- a/dbm/src/db.c +++ /dev/null @@ -1,144 +0,0 @@ -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)db.c 8.4 (Berkeley) 2/21/94"; -#endif /* LIBC_SCCS and not lint */ - -#include "watcomfx.h" - -#ifndef __DBINTERFACE_PRIVATE -#define __DBINTERFACE_PRIVATE -#endif -#ifdef macintosh -#include -#else -#include -#endif - -#include -#include -#include -#include - -#include "mcom_db.h" - -/* a global flag that locks closed all databases */ -int all_databases_locked_closed = 0; - -/* set or unset a global lock flag to disable the - * opening of any DBM file - */ -void -dbSetOrClearDBLock(DBLockFlagEnum type) -{ - if(type == LockOutDatabase) - all_databases_locked_closed = 1; - else - all_databases_locked_closed = 0; -} - -#if defined(__WATCOMC__) || defined(__WATCOM_CPLUSPLUS__) -DB * -#else -PR_IMPLEMENT(DB *) -#endif -dbopen(const char *fname, int flags,int mode, DBTYPE type, const void *openinfo) -{ - - /* lock out all file databases. Let in-memory databases through - */ - if(all_databases_locked_closed && fname) - { - errno = EINVAL; - return(NULL); - } - -#define DB_FLAGS (DB_LOCK | DB_SHMEM | DB_TXN) - - -#if 0 /* most systems don't have EXLOCK and SHLOCK */ -#define USE_OPEN_FLAGS \ - (O_CREAT | O_EXCL | O_EXLOCK | O_NONBLOCK | O_RDONLY | \ - O_RDWR | O_SHLOCK | O_TRUNC) -#else -#define USE_OPEN_FLAGS \ - (O_CREAT | O_EXCL | O_RDONLY | \ - O_RDWR | O_TRUNC) -#endif - - if ((flags & ~(USE_OPEN_FLAGS | DB_FLAGS)) == 0) - switch (type) { -/* we don't need btree and recno right now */ -#if 0 - case DB_BTREE: - return (__bt_open(fname, flags & USE_OPEN_FLAGS, - mode, openinfo, flags & DB_FLAGS)); - case DB_RECNO: - return (__rec_open(fname, flags & USE_OPEN_FLAGS, - mode, openinfo, flags & DB_FLAGS)); -#endif - - case DB_HASH: - return (__hash_open(fname, flags & USE_OPEN_FLAGS, - mode, (const HASHINFO *)openinfo, flags & DB_FLAGS)); - default: - break; - } - errno = EINVAL; - return (NULL); -} - -static int -__dberr() -{ - return (RET_ERROR); -} - -/* - * __DBPANIC -- Stop. - * - * Parameters: - * dbp: pointer to the DB structure. - */ -void -__dbpanic(DB *dbp) -{ - /* The only thing that can succeed is a close. */ - dbp->del = (int (*)(const struct __db *, const DBT *, uint))__dberr; - dbp->fd = (int (*)(const struct __db *))__dberr; - dbp->get = (int (*)(const struct __db *, const DBT *, DBT *, uint))__dberr; - dbp->put = (int (*)(const struct __db *, DBT *, const DBT *, uint))__dberr; - dbp->seq = (int (*)(const struct __db *, DBT *, DBT *, uint))__dberr; - dbp->sync = (int (*)(const struct __db *, uint))__dberr; -} diff --git a/dbm/src/h_bigkey.c b/dbm/src/h_bigkey.c deleted file mode 100644 index 855f107256..0000000000 --- a/dbm/src/h_bigkey.c +++ /dev/null @@ -1,713 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)hash_bigkey.c 8.3 (Berkeley) 5/31/94"; -#endif /* LIBC_SCCS and not lint */ - -#include "watcomfx.h" - -/* - * PACKAGE: hash - * DESCRIPTION: - * Big key/data handling for the hashing package. - * - * ROUTINES: - * External - * __big_keydata - * __big_split - * __big_insert - * __big_return - * __big_delete - * __find_last_page - * Internal - * collect_key - * collect_data - */ - -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP) -#include -#endif - -#include -#include -#include -#include - -#ifdef DEBUG -#include -#endif - -#include "mcom_db.h" -#include "hash.h" -#include "page.h" -/* #include "extern.h" */ - -static int collect_key __P((HTAB *, BUFHEAD *, int, DBT *, int)); -static int collect_data __P((HTAB *, BUFHEAD *, int, int)); - -/* - * Big_insert - * - * You need to do an insert and the key/data pair is too big - * - * Returns: - * 0 ==> OK - *-1 ==> ERROR - */ -extern int -__big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val) -{ - register uint16 *p; - uint key_size, n, val_size; - uint16 space, move_bytes, off; - char *cp, *key_data, *val_data; - - cp = bufp->page; /* Character pointer of p. */ - p = (uint16 *)cp; - - key_data = (char *)key->data; - key_size = key->size; - val_data = (char *)val->data; - val_size = val->size; - - /* First move the Key */ - for (space = FREESPACE(p) - BIGOVERHEAD; key_size; - space = FREESPACE(p) - BIGOVERHEAD) { - move_bytes = PR_MIN(space, key_size); - off = OFFSET(p) - move_bytes; - memmove(cp + off, key_data, move_bytes); - key_size -= move_bytes; - key_data += move_bytes; - n = p[0]; - p[++n] = off; - p[0] = ++n; - FREESPACE(p) = off - PAGE_META(n); - OFFSET(p) = off; - p[n] = PARTIAL_KEY; - bufp = __add_ovflpage(hashp, bufp); - if (!bufp) - return (-1); - n = p[0]; - if (!key_size) { - if (FREESPACE(p)) { - move_bytes = PR_MIN(FREESPACE(p), val_size); - off = OFFSET(p) - move_bytes; - p[n] = off; - memmove(cp + off, val_data, move_bytes); - val_data += move_bytes; - val_size -= move_bytes; - p[n - 2] = FULL_KEY_DATA; - FREESPACE(p) = FREESPACE(p) - move_bytes; - OFFSET(p) = off; - } else - p[n - 2] = FULL_KEY; - } - p = (uint16 *)bufp->page; - cp = bufp->page; - bufp->flags |= BUF_MOD; - } - - /* Now move the data */ - for (space = FREESPACE(p) - BIGOVERHEAD; val_size; - space = FREESPACE(p) - BIGOVERHEAD) { - move_bytes = PR_MIN(space, val_size); - /* - * Here's the hack to make sure that if the data ends on the - * same page as the key ends, FREESPACE is at least one. - */ - if (space == val_size && val_size == val->size) - move_bytes--; - off = OFFSET(p) - move_bytes; - memmove(cp + off, val_data, move_bytes); - val_size -= move_bytes; - val_data += move_bytes; - n = p[0]; - p[++n] = off; - p[0] = ++n; - FREESPACE(p) = off - PAGE_META(n); - OFFSET(p) = off; - if (val_size) { - p[n] = FULL_KEY; - bufp = __add_ovflpage(hashp, bufp); - if (!bufp) - return (-1); - cp = bufp->page; - p = (uint16 *)cp; - } else - p[n] = FULL_KEY_DATA; - bufp->flags |= BUF_MOD; - } - return (0); -} - -/* - * Called when bufp's page contains a partial key (index should be 1) - * - * All pages in the big key/data pair except bufp are freed. We cannot - * free bufp because the page pointing to it is lost and we can't get rid - * of its pointer. - * - * Returns: - * 0 => OK - *-1 => ERROR - */ -extern int -__big_delete(HTAB *hashp, BUFHEAD *bufp) -{ - register BUFHEAD *last_bfp, *rbufp; - uint16 *bp, pageno; - int key_done, n; - - rbufp = bufp; - last_bfp = NULL; - bp = (uint16 *)bufp->page; - pageno = 0; - key_done = 0; - - while (!key_done || (bp[2] != FULL_KEY_DATA)) { - if (bp[2] == FULL_KEY || bp[2] == FULL_KEY_DATA) - key_done = 1; - - /* - * If there is freespace left on a FULL_KEY_DATA page, then - * the data is short and fits entirely on this page, and this - * is the last page. - */ - if (bp[2] == FULL_KEY_DATA && FREESPACE(bp)) - break; - pageno = bp[bp[0] - 1]; - rbufp->flags |= BUF_MOD; - rbufp = __get_buf(hashp, pageno, rbufp, 0); - if (last_bfp) - __free_ovflpage(hashp, last_bfp); - last_bfp = rbufp; - if (!rbufp) - return (-1); /* Error. */ - bp = (uint16 *)rbufp->page; - } - - /* - * If we get here then rbufp points to the last page of the big - * key/data pair. Bufp points to the first one -- it should now be - * empty pointing to the next page after this pair. Can't free it - * because we don't have the page pointing to it. - */ - - /* This is information from the last page of the pair. */ - n = bp[0]; - pageno = bp[n - 1]; - - /* Now, bp is the first page of the pair. */ - bp = (uint16 *)bufp->page; - if (n > 2) { - /* There is an overflow page. */ - bp[1] = pageno; - bp[2] = OVFLPAGE; - bufp->ovfl = rbufp->ovfl; - } else - /* This is the last page. */ - bufp->ovfl = NULL; - n -= 2; - bp[0] = n; - FREESPACE(bp) = hashp->BSIZE - PAGE_META(n); - OFFSET(bp) = hashp->BSIZE - 1; - - bufp->flags |= BUF_MOD; - if (rbufp) - __free_ovflpage(hashp, rbufp); - if (last_bfp != rbufp) - __free_ovflpage(hashp, last_bfp); - - hashp->NKEYS--; - return (0); -} -/* - * Returns: - * 0 = key not found - * -1 = get next overflow page - * -2 means key not found and this is big key/data - * -3 error - */ -extern int -__find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size) -{ - register uint16 *bp; - register char *p; - int ksize; - uint16 bytes; - char *kkey; - - bp = (uint16 *)bufp->page; - p = bufp->page; - ksize = size; - kkey = key; - - for (bytes = hashp->BSIZE - bp[ndx]; - bytes <= size && bp[ndx + 1] == PARTIAL_KEY; - bytes = hashp->BSIZE - bp[ndx]) { - if (memcmp(p + bp[ndx], kkey, bytes)) - return (-2); - kkey += bytes; - ksize -= bytes; - bufp = __get_buf(hashp, bp[ndx + 2], bufp, 0); - if (!bufp) - return (-3); - p = bufp->page; - bp = (uint16 *)p; - ndx = 1; - } - - if (bytes != ksize || memcmp(p + bp[ndx], kkey, bytes)) { -#ifdef HASH_STATISTICS - ++hash_collisions; -#endif - return (-2); - } else - return (ndx); -} - -/* - * Given the buffer pointer of the first overflow page of a big pair, - * find the end of the big pair - * - * This will set bpp to the buffer header of the last page of the big pair. - * It will return the pageno of the overflow page following the last page - * of the pair; 0 if there isn't any (i.e. big pair is the last key in the - * bucket) - */ -extern uint16 -__find_last_page(HTAB *hashp, BUFHEAD **bpp) -{ - BUFHEAD *bufp; - uint16 *bp, pageno; - uint n; - - bufp = *bpp; - bp = (uint16 *)bufp->page; - for (;;) { - n = bp[0]; - - /* - * This is the last page if: the tag is FULL_KEY_DATA and - * either only 2 entries OVFLPAGE marker is explicit there - * is freespace on the page. - */ - if (bp[2] == FULL_KEY_DATA && - ((n == 2) || (bp[n] == OVFLPAGE) || (FREESPACE(bp)))) - break; - - /* LJM bound the size of n to reasonable limits - */ - if(n > hashp->BSIZE/sizeof(uint16)) - return(0); - - pageno = bp[n - 1]; - bufp = __get_buf(hashp, pageno, bufp, 0); - if (!bufp) - return (0); /* Need to indicate an error! */ - bp = (uint16 *)bufp->page; - } - - *bpp = bufp; - if (bp[0] > 2) - return (bp[3]); - else - return (0); -} - -/* - * Return the data for the key/data pair that begins on this page at this - * index (index should always be 1). - */ -extern int -__big_return( - HTAB *hashp, - BUFHEAD *bufp, - int ndx, - DBT *val, - int set_current) -{ - BUFHEAD *save_p; - uint16 *bp, len, off, save_addr; - char *tp; - int save_flags; - - bp = (uint16 *)bufp->page; - while (bp[ndx + 1] == PARTIAL_KEY) { - bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); - if (!bufp) - return (-1); - bp = (uint16 *)bufp->page; - ndx = 1; - } - - if (bp[ndx + 1] == FULL_KEY) { - bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); - if (!bufp) - return (-1); - bp = (uint16 *)bufp->page; - save_p = bufp; - save_addr = save_p->addr; - off = bp[1]; - len = 0; - } else - if (!FREESPACE(bp)) { - /* - * This is a hack. We can't distinguish between - * FULL_KEY_DATA that contains complete data or - * incomplete data, so we require that if the data - * is complete, there is at least 1 byte of free - * space left. - */ - off = bp[bp[0]]; - len = bp[1] - off; - save_p = bufp; - save_addr = bufp->addr; - bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); - if (!bufp) - return (-1); - bp = (uint16 *)bufp->page; - } else { - /* The data is all on one page. */ - tp = (char *)bp; - off = bp[bp[0]]; - val->data = (uint8 *)tp + off; - val->size = bp[1] - off; - if (set_current) { - if (bp[0] == 2) { /* No more buckets in - * chain */ - hashp->cpage = NULL; - hashp->cbucket++; - hashp->cndx = 1; - } else { - hashp->cpage = __get_buf(hashp, - bp[bp[0] - 1], bufp, 0); - if (!hashp->cpage) - return (-1); - hashp->cndx = 1; - if (!((uint16 *) - hashp->cpage->page)[0]) { - hashp->cbucket++; - hashp->cpage = NULL; - } - } - } - return (0); - } - - /* pin our saved buf so that we don't lose if - * we run out of buffers */ - save_flags = save_p->flags; - save_p->flags |= BUF_PIN; - val->size = collect_data(hashp, bufp, (int)len, set_current); - save_p->flags = save_flags; - if (val->size == (size_t)-1) - return (-1); - if (save_p->addr != save_addr) { - /* We are pretty short on buffers. */ - errno = EINVAL; /* OUT OF BUFFERS */ - return (-1); - } - memmove(hashp->tmp_buf, (save_p->page) + off, len); - val->data = (uint8 *)hashp->tmp_buf; - return (0); -} - - -/* - * Count how big the total datasize is by looping through the pages. Then - * allocate a buffer and copy the data in the second loop. NOTE: Our caller - * may already have a bp which it is holding onto. The caller is - * responsible for copying that bp into our temp buffer. 'len' is how much - * space to reserve for that buffer. - */ -static int -collect_data( - HTAB *hashp, - BUFHEAD *bufp, - int len, int set) -{ - register uint16 *bp; - BUFHEAD *save_bufp; - int save_flags; - int mylen, totlen; - - /* - * save the input buf head because we need to walk the list twice. - * pin it to make sure it doesn't leave the buffer pool. - * This has the effect of growing the buffer pool if necessary. - */ - save_bufp = bufp; - save_flags = save_bufp->flags; - save_bufp->flags |= BUF_PIN; - - /* read the length of the buffer */ - for (totlen = len; bufp ; bufp = __get_buf(hashp, bp[bp[0]-1], bufp, 0)) { - bp = (uint16 *)bufp->page; - mylen = hashp->BSIZE - bp[1]; - - /* if mylen ever goes negative it means that the - * page is screwed up. - */ - if (mylen < 0) { - save_bufp->flags = save_flags; - return (-1); - } - totlen += mylen; - if (bp[2] == FULL_KEY_DATA) { /* End of Data */ - break; - } - } - - if (!bufp) { - save_bufp->flags = save_flags; - return (-1); - } - - /* allocate a temp buf */ - if (hashp->tmp_buf) - free(hashp->tmp_buf); - if ((hashp->tmp_buf = (char *)malloc((size_t)totlen)) == NULL) { - save_bufp->flags = save_flags; - return (-1); - } - - /* copy the buffers back into temp buf */ - for (bufp = save_bufp; bufp ; - bufp = __get_buf(hashp, bp[bp[0]-1], bufp, 0)) { - bp = (uint16 *)bufp->page; - mylen = hashp->BSIZE - bp[1]; - memmove(&hashp->tmp_buf[len], (bufp->page) + bp[1], (size_t)mylen); - len += mylen; - if (bp[2] == FULL_KEY_DATA) { - break; - } - } - - /* 'clear' the pin flags */ - save_bufp->flags = save_flags; - - /* update the database cursor */ - if (set) { - hashp->cndx = 1; - if (bp[0] == 2) { /* No more buckets in chain */ - hashp->cpage = NULL; - hashp->cbucket++; - } else { - hashp->cpage = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); - if (!hashp->cpage) - return (-1); - else if (!((uint16 *)hashp->cpage->page)[0]) { - hashp->cbucket++; - hashp->cpage = NULL; - } - } - } - return (totlen); -} - -/* - * Fill in the key and data for this big pair. - */ -extern int -__big_keydata( - HTAB *hashp, - BUFHEAD *bufp, - DBT *key, DBT *val, - int set) -{ - key->size = collect_key(hashp, bufp, 0, val, set); - if (key->size == (size_t)-1) - return (-1); - key->data = (uint8 *)hashp->tmp_key; - return (0); -} - -/* - * Count how big the total key size is by recursing through the pages. Then - * collect the data, allocate a buffer and copy the key as you recurse up. - */ -static int -collect_key( - HTAB *hashp, - BUFHEAD *bufp, - int len, - DBT *val, - int set) -{ - BUFHEAD *xbp; - char *p; - int mylen, totlen; - uint16 *bp, save_addr; - - p = bufp->page; - bp = (uint16 *)p; - mylen = hashp->BSIZE - bp[1]; - - save_addr = bufp->addr; - totlen = len + mylen; - if (bp[2] == FULL_KEY || bp[2] == FULL_KEY_DATA) { /* End of Key. */ - if (hashp->tmp_key != NULL) - free(hashp->tmp_key); - if ((hashp->tmp_key = (char *)malloc((size_t)totlen)) == NULL) - return (-1); - if (__big_return(hashp, bufp, 1, val, set)) - return (-1); - } else { - xbp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); - if (!xbp || ((totlen = - collect_key(hashp, xbp, totlen, val, set)) < 1)) - return (-1); - } - if (bufp->addr != save_addr) { - errno = EINVAL; /* MIS -- OUT OF BUFFERS */ - return (-1); - } - memmove(&hashp->tmp_key[len], (bufp->page) + bp[1], (size_t)mylen); - return (totlen); -} - -/* - * Returns: - * 0 => OK - * -1 => error - */ -extern int -__big_split( - HTAB *hashp, - BUFHEAD *op, /* Pointer to where to put keys that go in old bucket */ - BUFHEAD *np, /* Pointer to new bucket page */ - /* Pointer to first page containing the big key/data */ - BUFHEAD *big_keyp, - uint32 addr, /* Address of big_keyp */ - uint32 obucket,/* Old Bucket */ - SPLIT_RETURN *ret) -{ - register BUFHEAD *tmpp; - register uint16 *tp; - BUFHEAD *bp; - DBT key, val; - uint32 change; - uint16 free_space, n, off; - - bp = big_keyp; - - /* Now figure out where the big key/data goes */ - if (__big_keydata(hashp, big_keyp, &key, &val, 0)) - return (-1); - change = (__call_hash(hashp,(char*) key.data, key.size) != obucket); - - if ((ret->next_addr = __find_last_page(hashp, &big_keyp))) { - if (!(ret->nextp = - __get_buf(hashp, ret->next_addr, big_keyp, 0))) - return (-1);; - } else - ret->nextp = NULL; - - /* Now make one of np/op point to the big key/data pair */ -#ifdef DEBUG - assert(np->ovfl == NULL); -#endif - if (change) - tmpp = np; - else - tmpp = op; - - tmpp->flags |= BUF_MOD; -#ifdef DEBUG1 - (void)fprintf(stderr, - "BIG_SPLIT: %d->ovfl was %d is now %d\n", tmpp->addr, - (tmpp->ovfl ? tmpp->ovfl->addr : 0), (bp ? bp->addr : 0)); -#endif - tmpp->ovfl = bp; /* one of op/np point to big_keyp */ - tp = (uint16 *)tmpp->page; - - -#if 0 /* this get's tripped on database corrupted error */ - assert(FREESPACE(tp) >= OVFLSIZE); -#endif - if(FREESPACE(tp) < OVFLSIZE) - return(DATABASE_CORRUPTED_ERROR); - - n = tp[0]; - off = OFFSET(tp); - free_space = FREESPACE(tp); - tp[++n] = (uint16)addr; - tp[++n] = OVFLPAGE; - tp[0] = n; - OFFSET(tp) = off; - FREESPACE(tp) = free_space - OVFLSIZE; - - /* - * Finally, set the new and old return values. BIG_KEYP contains a - * pointer to the last page of the big key_data pair. Make sure that - * big_keyp has no following page (2 elements) or create an empty - * following page. - */ - - ret->newp = np; - ret->oldp = op; - - tp = (uint16 *)big_keyp->page; - big_keyp->flags |= BUF_MOD; - if (tp[0] > 2) { - /* - * There may be either one or two offsets on this page. If - * there is one, then the overflow page is linked on normally - * and tp[4] is OVFLPAGE. If there are two, tp[4] contains - * the second offset and needs to get stuffed in after the - * next overflow page is added. - */ - n = tp[4]; - free_space = FREESPACE(tp); - off = OFFSET(tp); - tp[0] -= 2; - FREESPACE(tp) = free_space + OVFLSIZE; - OFFSET(tp) = off; - tmpp = __add_ovflpage(hashp, big_keyp); - if (!tmpp) - return (-1); - tp[4] = n; - } else - tmpp = big_keyp; - - if (change) - ret->newp = tmpp; - else - ret->oldp = tmpp; - return (0); -} diff --git a/dbm/src/h_func.c b/dbm/src/h_func.c deleted file mode 100644 index 5819efe234..0000000000 --- a/dbm/src/h_func.c +++ /dev/null @@ -1,211 +0,0 @@ -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)hash_func.c 8.2 (Berkeley) 2/21/94"; -#endif /* LIBC_SCCS and not lint */ - -#include "watcomfx.h" - -#ifndef macintosh -#include -#endif -#include "mcom_db.h" -#include "hash.h" -#include "page.h" -/* #include "extern.h" */ - -#if 0 -static uint32 hash1 __P((const void *, size_t)); -static uint32 hash2 __P((const void *, size_t)); -static uint32 hash3 __P((const void *, size_t)); -#endif -static uint32 hash4 __P((const void *, size_t)); - -/* Global default hash function */ -uint32 (*__default_hash) __P((const void *, size_t)) = hash4; - -/* - * HASH FUNCTIONS - * - * Assume that we've already split the bucket to which this key hashes, - * calculate that bucket, and check that in fact we did already split it. - * - * This came from ejb's hsearch. - */ - -#define PRIME1 37 -#define PRIME2 1048583 - -#if 0 -static uint32 -hash1(const void *keyarg, register size_t len) -{ - register const uint8 *key; - register uint32 h; - - /* Convert string to integer */ - for (key = (const uint8 *)keyarg, h = 0; len--;) - h = h * PRIME1 ^ (*key++ - ' '); - h %= PRIME2; - return (h); -} - -/* - * Phong's linear congruential hash - */ -#define dcharhash(h, c) ((h) = 0x63c63cd9*(h) + 0x9c39c33d + (c)) - -static uint32 -hash2(const void *keyarg, size_t len) -{ - register const uint8 *e, *key; - register uint32 h; - register uint8 c; - - key = (const uint8 *)keyarg; - e = key + len; - for (h = 0; key != e;) { - c = *key++; - if (!c && key > e) - break; - dcharhash(h, c); - } - return (h); -} - -/* - * This is INCREDIBLY ugly, but fast. We break the string up into 8 byte - * units. On the first time through the loop we get the "leftover bytes" - * (strlen % 8). On every other iteration, we perform 8 HASHC's so we handle - * all 8 bytes. Essentially, this saves us 7 cmp & branch instructions. If - * this routine is heavily used enough, it's worth the ugly coding. - * - * OZ's original sdbm hash - */ -static uint32 -hash3(const void *keyarg, register size_t len) -{ - register const uint8 *key; - register size_t loop; - register uint32 h; - -#define HASHC h = *key++ + 65599 * h - - h = 0; - key = (const uint8 *)keyarg; - if (len > 0) { - loop = (len + 8 - 1) >> 3; - - switch (len & (8 - 1)) { - case 0: - do { - HASHC; - /* FALLTHROUGH */ - case 7: - HASHC; - /* FALLTHROUGH */ - case 6: - HASHC; - /* FALLTHROUGH */ - case 5: - HASHC; - /* FALLTHROUGH */ - case 4: - HASHC; - /* FALLTHROUGH */ - case 3: - HASHC; - /* FALLTHROUGH */ - case 2: - HASHC; - /* FALLTHROUGH */ - case 1: - HASHC; - } while (--loop); - } - } - return (h); -} -#endif /* 0 */ - -/* Hash function from Chris Torek. */ -static uint32 -hash4(const void *keyarg, register size_t len) -{ - register const uint8 *key; - register size_t loop; - register uint32 h; - -#define HASH4a h = (h << 5) - h + *key++; -#define HASH4b h = (h << 5) + h + *key++; -#define HASH4 HASH4b - - h = 0; - key = (const uint8 *)keyarg; - if (len > 0) { - loop = (len + 8 - 1) >> 3; - - switch (len & (8 - 1)) { - case 0: - do { - HASH4; - /* FALLTHROUGH */ - case 7: - HASH4; - /* FALLTHROUGH */ - case 6: - HASH4; - /* FALLTHROUGH */ - case 5: - HASH4; - /* FALLTHROUGH */ - case 4: - HASH4; - /* FALLTHROUGH */ - case 3: - HASH4; - /* FALLTHROUGH */ - case 2: - HASH4; - /* FALLTHROUGH */ - case 1: - HASH4; - } while (--loop); - } - } - return (h); -} diff --git a/dbm/src/h_log2.c b/dbm/src/h_log2.c deleted file mode 100644 index 4d8b0a7156..0000000000 --- a/dbm/src/h_log2.c +++ /dev/null @@ -1,56 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)hash_log2.c 8.2 (Berkeley) 5/31/94"; -#endif /* LIBC_SCCS and not lint */ - -#include "watcomfx.h" - -#include -#ifndef macintosh -#include -#endif -#include "mcom_db.h" - -uint32 __log2(uint32 num) -{ - register uint32 i, limit; - - limit = 1; - for (i = 0; limit < num; limit = limit << 1, i++) {} - return (i); -} diff --git a/dbm/src/h_page.c b/dbm/src/h_page.c deleted file mode 100644 index e11ad9451b..0000000000 --- a/dbm/src/h_page.c +++ /dev/null @@ -1,1290 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(unix) -#define MY_LSEEK lseek -#else -#define MY_LSEEK new_lseek -extern long new_lseek(int fd, long pos, int start); -#endif - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)hash_page.c 8.7 (Berkeley) 8/16/94"; -#endif /* LIBC_SCCS and not lint */ - -#include "watcomfx.h" - -/* - * PACKAGE: hashing - * - * DESCRIPTION: - * Page manipulation for hashing package. - * - * ROUTINES: - * - * External - * __get_page - * __add_ovflpage - * Internal - * overflow_page - * open_temp - */ -#ifndef macintosh -#include -#endif - -#if defined(macintosh) -#include -#endif - -#include -#include -#if defined(_WIN32) || defined(_WINDOWS) -#include -#endif -#include -#include -#include -#include - -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP) -#include -#endif - -#include - -#include "mcom_db.h" -#include "hash.h" -#include "page.h" -/* #include "extern.h" */ - -extern int mkstempflags(char *path, int extraFlags); - -static uint32 *fetch_bitmap __P((HTAB *, uint32)); -static uint32 first_free __P((uint32)); -static int open_temp __P((HTAB *)); -static uint16 overflow_page __P((HTAB *)); -static void squeeze_key __P((uint16 *, const DBT *, const DBT *)); -static int ugly_split - __P((HTAB *, uint32, BUFHEAD *, BUFHEAD *, int, int)); - -#define PAGE_INIT(P) { \ - ((uint16 *)(P))[0] = 0; \ - ((uint16 *)(P))[1] = hashp->BSIZE - 3 * sizeof(uint16); \ - ((uint16 *)(P))[2] = hashp->BSIZE; \ -} - -/* implement a new lseek using lseek that - * writes zero's when extending a file - * beyond the end. - */ -long new_lseek(int fd, long offset, int origin) -{ - long cur_pos=0; - long end_pos=0; - long seek_pos=0; - - if(origin == SEEK_CUR) - { - if(offset < 1) - return(lseek(fd, offset, SEEK_CUR)); - - cur_pos = lseek(fd, 0, SEEK_CUR); - - if(cur_pos < 0) - return(cur_pos); - } - - end_pos = lseek(fd, 0, SEEK_END); - if(end_pos < 0) - return(end_pos); - - if(origin == SEEK_SET) - seek_pos = offset; - else if(origin == SEEK_CUR) - seek_pos = cur_pos + offset; - else if(origin == SEEK_END) - seek_pos = end_pos + offset; - else - { - assert(0); - return(-1); - } - - /* the seek position desired is before the - * end of the file. We don't need - * to do anything special except the seek. - */ - if(seek_pos <= end_pos) - return(lseek(fd, seek_pos, SEEK_SET)); - - /* the seek position is beyond the end of the - * file. Write zero's to the end. - * - * we are already at the end of the file so - * we just need to "write()" zeros for the - * difference between seek_pos-end_pos and - * then seek to the position to finish - * the call - */ - { - char buffer[1024]; - long len = seek_pos-end_pos; - memset(&buffer, 0, 1024); - while(len > 0) - { - write(fd, (char*)&buffer, (size_t)(1024 > len ? len : 1024)); - len -= 1024; - } - return(lseek(fd, seek_pos, SEEK_SET)); - } - -} - -/* - * This is called AFTER we have verified that there is room on the page for - * the pair (PAIRFITS has returned true) so we go right ahead and start moving - * stuff on. - */ -static void -putpair(char *p, const DBT *key, DBT * val) -{ - register uint16 *bp, n, off; - - bp = (uint16 *)p; - - /* Enter the key first. */ - n = bp[0]; - - off = OFFSET(bp) - key->size; - memmove(p + off, key->data, key->size); - bp[++n] = off; - - /* Now the data. */ - off -= val->size; - memmove(p + off, val->data, val->size); - bp[++n] = off; - - /* Adjust page info. */ - bp[0] = n; - bp[n + 1] = off - ((n + 3) * sizeof(uint16)); - bp[n + 2] = off; -} - -/* - * Returns: - * 0 OK - * -1 error - */ -extern int -__delpair(HTAB *hashp, BUFHEAD *bufp, int ndx) -{ - register uint16 *bp, newoff; - register int n; - uint16 pairlen; - - bp = (uint16 *)bufp->page; - n = bp[0]; - - if (bp[ndx + 1] < REAL_KEY) - return (__big_delete(hashp, bufp)); - if (ndx != 1) - newoff = bp[ndx - 1]; - else - newoff = hashp->BSIZE; - pairlen = newoff - bp[ndx + 1]; - - if (ndx != (n - 1)) { - /* Hard Case -- need to shuffle keys */ - register int i; - register char *src = bufp->page + (int)OFFSET(bp); - uint32 dst_offset = (uint32)OFFSET(bp) + (uint32)pairlen; - register char *dst = bufp->page + dst_offset; - uint32 length = bp[ndx + 1] - OFFSET(bp); - - /* - * +-----------+XXX+---------+XXX+---------+---------> +infinity - * | | | | - * 0 src_offset dst_offset BSIZE - * - * Dst_offset is > src_offset, so if src_offset were bad, dst_offset - * would be too, therefore we check only dst_offset. - * - * If dst_offset is >= BSIZE, either OFFSET(bp), or pairlen, or both - * is corrupted. - * - * Once we know dst_offset is < BSIZE, we can subtract it from BSIZE - * to get an upper bound on length. - */ - if(dst_offset > (uint32)hashp->BSIZE) - return(DATABASE_CORRUPTED_ERROR); - - if(length > (uint32)(hashp->BSIZE - dst_offset)) - return(DATABASE_CORRUPTED_ERROR); - - memmove(dst, src, length); - - /* Now adjust the pointers */ - for (i = ndx + 2; i <= n; i += 2) { - if (bp[i + 1] == OVFLPAGE) { - bp[i - 2] = bp[i]; - bp[i - 1] = bp[i + 1]; - } else { - bp[i - 2] = bp[i] + pairlen; - bp[i - 1] = bp[i + 1] + pairlen; - } - } - } - /* Finally adjust the page data */ - bp[n] = OFFSET(bp) + pairlen; - bp[n - 1] = bp[n + 1] + pairlen + 2 * sizeof(uint16); - bp[0] = n - 2; - hashp->NKEYS--; - - bufp->flags |= BUF_MOD; - return (0); -} -/* - * Returns: - * 0 ==> OK - * -1 ==> Error - */ -extern int -__split_page(HTAB *hashp, uint32 obucket, uint32 nbucket) -{ - register BUFHEAD *new_bufp, *old_bufp; - register uint16 *ino; - register uint16 *tmp_uint16_array; - register char *np; - DBT key, val; - uint16 n, ndx; - int retval; - uint16 copyto, diff, moved; - size_t off; - char *op; - - copyto = (uint16)hashp->BSIZE; - off = (uint16)hashp->BSIZE; - old_bufp = __get_buf(hashp, obucket, NULL, 0); - if (old_bufp == NULL) - return (-1); - new_bufp = __get_buf(hashp, nbucket, NULL, 0); - if (new_bufp == NULL) - return (-1); - - old_bufp->flags |= (BUF_MOD | BUF_PIN); - new_bufp->flags |= (BUF_MOD | BUF_PIN); - - ino = (uint16 *)(op = old_bufp->page); - np = new_bufp->page; - - moved = 0; - - for (n = 1, ndx = 1; n < ino[0]; n += 2) { - if (ino[n + 1] < REAL_KEY) { - retval = ugly_split(hashp, obucket, old_bufp, new_bufp, - (int)copyto, (int)moved); - old_bufp->flags &= ~BUF_PIN; - new_bufp->flags &= ~BUF_PIN; - return (retval); - - } - key.data = (uint8 *)op + ino[n]; - - /* check here for ino[n] being greater than - * off. If it is then the database has - * been corrupted. - */ - if(ino[n] > off) - return(DATABASE_CORRUPTED_ERROR); - - key.size = off - ino[n]; - -#ifdef DEBUG - /* make sure the size is positive */ - assert(((int)key.size) > -1); -#endif - - if (__call_hash(hashp, (char *)key.data, key.size) == obucket) { - /* Don't switch page */ - diff = copyto - off; - if (diff) { - copyto = ino[n + 1] + diff; - memmove(op + copyto, op + ino[n + 1], - off - ino[n + 1]); - ino[ndx] = copyto + ino[n] - ino[n + 1]; - ino[ndx + 1] = copyto; - } else - copyto = ino[n + 1]; - ndx += 2; - } else { - /* Switch page */ - val.data = (uint8 *)op + ino[n + 1]; - val.size = ino[n] - ino[n + 1]; - - /* if the pair doesn't fit something is horribly - * wrong. LJM - */ - tmp_uint16_array = (uint16*)np; - if(!PAIRFITS(tmp_uint16_array, &key, &val)) - return(DATABASE_CORRUPTED_ERROR); - - putpair(np, &key, &val); - moved += 2; - } - - off = ino[n + 1]; - } - - /* Now clean up the page */ - ino[0] -= moved; - FREESPACE(ino) = copyto - sizeof(uint16) * (ino[0] + 3); - OFFSET(ino) = copyto; - -#ifdef DEBUG3 - (void)fprintf(stderr, "split %d/%d\n", - ((uint16 *)np)[0] / 2, - ((uint16 *)op)[0] / 2); -#endif - /* unpin both pages */ - old_bufp->flags &= ~BUF_PIN; - new_bufp->flags &= ~BUF_PIN; - return (0); -} - -/* - * Called when we encounter an overflow or big key/data page during split - * handling. This is special cased since we have to begin checking whether - * the key/data pairs fit on their respective pages and because we may need - * overflow pages for both the old and new pages. - * - * The first page might be a page with regular key/data pairs in which case - * we have a regular overflow condition and just need to go on to the next - * page or it might be a big key/data pair in which case we need to fix the - * big key/data pair. - * - * Returns: - * 0 ==> success - * -1 ==> failure - */ - -/* the maximum number of loops we will allow UGLY split to chew - * on before we assume the database is corrupted and throw it - * away. - */ -#define MAX_UGLY_SPLIT_LOOPS 10000 - -static int -ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp, - BUFHEAD *new_bufp,/* Same as __split_page. */ int copyto, int moved) - /* int copyto; First byte on page which contains key/data values. */ - /* int moved; Number of pairs moved to new page. */ -{ - register BUFHEAD *bufp; /* Buffer header for ino */ - register uint16 *ino; /* Page keys come off of */ - register uint16 *np; /* New page */ - register uint16 *op; /* Page keys go on to if they aren't moving */ - uint32 loop_detection=0; - - BUFHEAD *last_bfp; /* Last buf header OVFL needing to be freed */ - DBT key, val; - SPLIT_RETURN ret; - uint16 n, off, ov_addr, scopyto; - char *cino; /* Character value of ino */ - int status; - - bufp = old_bufp; - ino = (uint16 *)old_bufp->page; - np = (uint16 *)new_bufp->page; - op = (uint16 *)old_bufp->page; - last_bfp = NULL; - scopyto = (uint16)copyto; /* ANSI */ - - n = ino[0] - 1; - while (n < ino[0]) { - - - /* this function goes nuts sometimes and never returns. - * I havent found the problem yet but I need a solution - * so if we loop too often we assume a database curruption error - * :LJM - */ - loop_detection++; - - if(loop_detection > MAX_UGLY_SPLIT_LOOPS) - return DATABASE_CORRUPTED_ERROR; - - if (ino[2] < REAL_KEY && ino[2] != OVFLPAGE) { - if ((status = __big_split(hashp, old_bufp, - new_bufp, bufp, bufp->addr, obucket, &ret))) - return (status); - old_bufp = ret.oldp; - if (!old_bufp) - return (-1); - op = (uint16 *)old_bufp->page; - new_bufp = ret.newp; - if (!new_bufp) - return (-1); - np = (uint16 *)new_bufp->page; - bufp = ret.nextp; - if (!bufp) - return (0); - cino = (char *)bufp->page; - ino = (uint16 *)cino; - last_bfp = ret.nextp; - } else if (ino[n + 1] == OVFLPAGE) { - ov_addr = ino[n]; - /* - * Fix up the old page -- the extra 2 are the fields - * which contained the overflow information. - */ - ino[0] -= (moved + 2); - FREESPACE(ino) = - scopyto - sizeof(uint16) * (ino[0] + 3); - OFFSET(ino) = scopyto; - - bufp = __get_buf(hashp, ov_addr, bufp, 0); - if (!bufp) - return (-1); - - ino = (uint16 *)bufp->page; - n = 1; - scopyto = hashp->BSIZE; - moved = 0; - - if (last_bfp) - __free_ovflpage(hashp, last_bfp); - last_bfp = bufp; - } - /* Move regular sized pairs of there are any */ - off = hashp->BSIZE; - for (n = 1; (n < ino[0]) && (ino[n + 1] >= REAL_KEY); n += 2) { - cino = (char *)ino; - key.data = (uint8 *)cino + ino[n]; - key.size = off - ino[n]; - val.data = (uint8 *)cino + ino[n + 1]; - val.size = ino[n] - ino[n + 1]; - off = ino[n + 1]; - - if (__call_hash(hashp, (char*)key.data, key.size) == obucket) { - /* Keep on old page */ - if (PAIRFITS(op, (&key), (&val))) - putpair((char *)op, &key, &val); - else { - old_bufp = - __add_ovflpage(hashp, old_bufp); - if (!old_bufp) - return (-1); - op = (uint16 *)old_bufp->page; - putpair((char *)op, &key, &val); - } - old_bufp->flags |= BUF_MOD; - } else { - /* Move to new page */ - if (PAIRFITS(np, (&key), (&val))) - putpair((char *)np, &key, &val); - else { - new_bufp = - __add_ovflpage(hashp, new_bufp); - if (!new_bufp) - return (-1); - np = (uint16 *)new_bufp->page; - putpair((char *)np, &key, &val); - } - new_bufp->flags |= BUF_MOD; - } - } - } - if (last_bfp) - __free_ovflpage(hashp, last_bfp); - return (0); -} - -/* - * Add the given pair to the page - * - * Returns: - * 0 ==> OK - * 1 ==> failure - */ -extern int -__addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT * val) -{ - register uint16 *bp, *sop; - int do_expand; - - bp = (uint16 *)bufp->page; - do_expand = 0; - while (bp[0] && (bp[2] < REAL_KEY || bp[bp[0]] < REAL_KEY)) - /* Exception case */ - if (bp[2] == FULL_KEY_DATA && bp[0] == 2) - /* This is the last page of a big key/data pair - and we need to add another page */ - break; - else if (bp[2] < REAL_KEY && bp[bp[0]] != OVFLPAGE) { - bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); - if (!bufp) - { -#ifdef DEBUG - assert(0); -#endif - return (-1); - } - bp = (uint16 *)bufp->page; - } else - /* Try to squeeze key on this page */ - if (FREESPACE(bp) > PAIRSIZE(key, val)) { - { - squeeze_key(bp, key, val); - - /* LJM: I added this because I think it was - * left out on accident. - * if this isn't incremented nkeys will not - * be the actual number of keys in the db. - */ - hashp->NKEYS++; - return (0); - } - } else { - bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); - if (!bufp) - { -#ifdef DEBUG - assert(0); -#endif - return (-1); - } - bp = (uint16 *)bufp->page; - } - - if (PAIRFITS(bp, key, val)) - putpair(bufp->page, key, (DBT *)val); - else { - do_expand = 1; - bufp = __add_ovflpage(hashp, bufp); - if (!bufp) - { -#ifdef DEBUG - assert(0); -#endif - return (-1); - } - sop = (uint16 *)bufp->page; - - if (PAIRFITS(sop, key, val)) - putpair((char *)sop, key, (DBT *)val); - else - if (__big_insert(hashp, bufp, key, val)) - { -#ifdef DEBUG - assert(0); -#endif - return (-1); - } - } - bufp->flags |= BUF_MOD; - /* - * If the average number of keys per bucket exceeds the fill factor, - * expand the table. - */ - hashp->NKEYS++; - if (do_expand || - (hashp->NKEYS / (hashp->MAX_BUCKET + 1) > hashp->FFACTOR)) - return (__expand_table(hashp)); - return (0); -} - -/* - * - * Returns: - * pointer on success - * NULL on error - */ -extern BUFHEAD * -__add_ovflpage(HTAB *hashp, BUFHEAD *bufp) -{ - register uint16 *sp; - uint16 ndx, ovfl_num; -#ifdef DEBUG1 - int tmp1, tmp2; -#endif - sp = (uint16 *)bufp->page; - - /* Check if we are dynamically determining the fill factor */ - if (hashp->FFACTOR == DEF_FFACTOR) { - hashp->FFACTOR = sp[0] >> 1; - if (hashp->FFACTOR < MIN_FFACTOR) - hashp->FFACTOR = MIN_FFACTOR; - } - bufp->flags |= BUF_MOD; - ovfl_num = overflow_page(hashp); -#ifdef DEBUG1 - tmp1 = bufp->addr; - tmp2 = bufp->ovfl ? bufp->ovfl->addr : 0; -#endif - if (!ovfl_num || !(bufp->ovfl = __get_buf(hashp, ovfl_num, bufp, 1))) - return (NULL); - bufp->ovfl->flags |= BUF_MOD; -#ifdef DEBUG1 - (void)fprintf(stderr, "ADDOVFLPAGE: %d->ovfl was %d is now %d\n", - tmp1, tmp2, bufp->ovfl->addr); -#endif - ndx = sp[0]; - /* - * Since a pair is allocated on a page only if there's room to add - * an overflow page, we know that the OVFL information will fit on - * the page. - */ - sp[ndx + 4] = OFFSET(sp); - sp[ndx + 3] = FREESPACE(sp) - OVFLSIZE; - sp[ndx + 1] = ovfl_num; - sp[ndx + 2] = OVFLPAGE; - sp[0] = ndx + 2; -#ifdef HASH_STATISTICS - hash_overflows++; -#endif - return (bufp->ovfl); -} - -/* - * Returns: - * 0 indicates SUCCESS - * -1 indicates FAILURE - */ -extern int -__get_page(HTAB *hashp, - char * p, - uint32 bucket, - int is_bucket, - int is_disk, - int is_bitmap) -{ - register int fd, page; - size_t size; - int rsize; - uint16 *bp; - - fd = hashp->fp; - size = hashp->BSIZE; - - if ((fd == -1) || !is_disk) { - PAGE_INIT(p); - return (0); - } - if (is_bucket) - page = BUCKET_TO_PAGE(bucket); - else - page = OADDR_TO_PAGE(bucket); - if ((MY_LSEEK(fd, (off_t)page << hashp->BSHIFT, SEEK_SET) == -1) || - ((rsize = read(fd, p, size)) == -1)) - return (-1); - - bp = (uint16 *)p; - if (!rsize) - bp[0] = 0; /* We hit the EOF, so initialize a new page */ - else - if ((unsigned)rsize != size) { - errno = EFTYPE; - return (-1); - } - - if (!is_bitmap && !bp[0]) { - PAGE_INIT(p); - } else { - -#ifdef DEBUG - if(BYTE_ORDER == LITTLE_ENDIAN) - { - int is_little_endian; - is_little_endian = BYTE_ORDER; - } - else if(BYTE_ORDER == BIG_ENDIAN) - { - int is_big_endian; - is_big_endian = BYTE_ORDER; - } - else - { - assert(0); - } -#endif - - if (hashp->LORDER != BYTE_ORDER) { - register int i, max; - - if (is_bitmap) { - max = hashp->BSIZE >> 2; /* divide by 4 */ - for (i = 0; i < max; i++) - M_32_SWAP(((int *)p)[i]); - } else { - M_16_SWAP(bp[0]); - max = bp[0] + 2; - - /* bound the size of max by - * the maximum number of entries - * in the array - */ - if((unsigned)max > (size / sizeof(uint16))) - return(DATABASE_CORRUPTED_ERROR); - - /* do the byte order swap - */ - for (i = 1; i <= max; i++) - M_16_SWAP(bp[i]); - } - } - - /* check the validity of the page here - * (after doing byte order swaping if necessary) - */ - if(!is_bitmap && bp[0] != 0) - { - uint16 num_keys = bp[0]; - uint16 offset; - uint16 i; - - /* bp[0] is supposed to be the number of - * entries currently in the page. If - * bp[0] is too large (larger than the whole - * page) then the page is corrupted - */ - if(bp[0] > (size / sizeof(uint16))) - return(DATABASE_CORRUPTED_ERROR); - - /* bound free space */ - if(FREESPACE(bp) > size) - return(DATABASE_CORRUPTED_ERROR); - - /* check each key and data offset to make - * sure they are all within bounds they - * should all be less than the previous - * offset as well. - */ - offset = size; - for(i=1 ; i <= num_keys; i+=2) - { - /* ignore overflow pages etc. */ - if(bp[i+1] >= REAL_KEY) - { - - if(bp[i] > offset || bp[i+1] > bp[i]) - return(DATABASE_CORRUPTED_ERROR); - - offset = bp[i+1]; - } - else - { - /* there are no other valid keys after - * seeing a non REAL_KEY - */ - break; - } - } - } - } - return (0); -} - -/* - * Write page p to disk - * - * Returns: - * 0 ==> OK - * -1 ==>failure - */ -extern int -__put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap) -{ - register int fd, page; - size_t size; - int wsize; - off_t offset; - - size = hashp->BSIZE; - if ((hashp->fp == -1) && open_temp(hashp)) - return (-1); - fd = hashp->fp; - - if (hashp->LORDER != BYTE_ORDER) { - register int i; - register int max; - - if (is_bitmap) { - max = hashp->BSIZE >> 2; /* divide by 4 */ - for (i = 0; i < max; i++) - M_32_SWAP(((int *)p)[i]); - } else { - max = ((uint16 *)p)[0] + 2; - - /* bound the size of max by - * the maximum number of entries - * in the array - */ - if((unsigned)max > (size / sizeof(uint16))) - return(DATABASE_CORRUPTED_ERROR); - - for (i = 0; i <= max; i++) - M_16_SWAP(((uint16 *)p)[i]); - - } - } - - if (is_bucket) - page = BUCKET_TO_PAGE(bucket); - else - page = OADDR_TO_PAGE(bucket); - offset = (off_t)page << hashp->BSHIFT; - if ((MY_LSEEK(fd, offset, SEEK_SET) == -1) || - ((wsize = write(fd, p, size)) == -1)) - /* Errno is set */ - return (-1); - if ((unsigned)wsize != size) { - errno = EFTYPE; - return (-1); - } -#if defined(_WIN32) || defined(_WINDOWS) - if (offset + size > hashp->file_size) { - hashp->updateEOF = 1; - } -#endif - /* put the page back the way it was so that it isn't byteswapped - * if it remains in memory - LJM - */ - if (hashp->LORDER != BYTE_ORDER) { - register int i; - register int max; - - if (is_bitmap) { - max = hashp->BSIZE >> 2; /* divide by 4 */ - for (i = 0; i < max; i++) - M_32_SWAP(((int *)p)[i]); - } else { - uint16 *bp = (uint16 *)p; - - M_16_SWAP(bp[0]); - max = bp[0] + 2; - - /* no need to bound the size if max again - * since it was done already above - */ - - /* do the byte order re-swap - */ - for (i = 1; i <= max; i++) - M_16_SWAP(bp[i]); - } - } - - return (0); -} - -#define BYTE_MASK ((1 << INT_BYTE_SHIFT) -1) -/* - * Initialize a new bitmap page. Bitmap pages are left in memory - * once they are read in. - */ -extern int -__ibitmap(HTAB *hashp, int pnum, int nbits, int ndx) -{ - uint32 *ip; - size_t clearbytes, clearints; - - if ((ip = (uint32 *)malloc((size_t)hashp->BSIZE)) == NULL) - return (1); - hashp->nmaps++; - clearints = ((nbits - 1) >> INT_BYTE_SHIFT) + 1; - clearbytes = clearints << INT_TO_BYTE; - (void)memset((char *)ip, 0, clearbytes); - (void)memset(((char *)ip) + clearbytes, 0xFF, - hashp->BSIZE - clearbytes); - ip[clearints - 1] = ALL_SET << (nbits & BYTE_MASK); - SETBIT(ip, 0); - hashp->BITMAPS[ndx] = (uint16)pnum; - hashp->mapp[ndx] = ip; - return (0); -} - -static uint32 -first_free(uint32 map) -{ - register uint32 i, mask; - - mask = 0x1; - for (i = 0; i < BITS_PER_MAP; i++) { - if (!(mask & map)) - return (i); - mask = mask << 1; - } - return (i); -} - -static uint16 -overflow_page(HTAB *hashp) -{ - register uint32 *freep=NULL; - register int max_free, offset, splitnum; - uint16 addr; - uint32 i; - int bit, first_page, free_bit, free_page, in_use_bits, j; -#ifdef DEBUG2 - int tmp1, tmp2; -#endif - splitnum = hashp->OVFL_POINT; - max_free = hashp->SPARES[splitnum]; - - free_page = (max_free - 1) >> (hashp->BSHIFT + BYTE_SHIFT); - free_bit = (max_free - 1) & ((hashp->BSIZE << BYTE_SHIFT) - 1); - - /* Look through all the free maps to find the first free block */ - first_page = hashp->LAST_FREED >>(hashp->BSHIFT + BYTE_SHIFT); - for ( i = first_page; i <= (unsigned)free_page; i++ ) { - if (!(freep = (uint32 *)hashp->mapp[i]) && - !(freep = fetch_bitmap(hashp, i))) - return (0); - if (i == (unsigned)free_page) - in_use_bits = free_bit; - else - in_use_bits = (hashp->BSIZE << BYTE_SHIFT) - 1; - - if (i == (unsigned)first_page) { - bit = hashp->LAST_FREED & - ((hashp->BSIZE << BYTE_SHIFT) - 1); - j = bit / BITS_PER_MAP; - bit = bit & ~(BITS_PER_MAP - 1); - } else { - bit = 0; - j = 0; - } - for (; bit <= in_use_bits; j++, bit += BITS_PER_MAP) - if (freep[j] != ALL_SET) - goto found; - } - - /* No Free Page Found */ - hashp->LAST_FREED = hashp->SPARES[splitnum]; - hashp->SPARES[splitnum]++; - offset = hashp->SPARES[splitnum] - - (splitnum ? hashp->SPARES[splitnum - 1] : 0); - -#define OVMSG "HASH: Out of overflow pages. Increase page size\n" - if (offset > SPLITMASK) { - if (++splitnum >= NCACHED) { -#ifndef macintosh - (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1); -#endif - return (0); - } - hashp->OVFL_POINT = splitnum; - hashp->SPARES[splitnum] = hashp->SPARES[splitnum-1]; - hashp->SPARES[splitnum-1]--; - offset = 1; - } - - /* Check if we need to allocate a new bitmap page */ - if (free_bit == (hashp->BSIZE << BYTE_SHIFT) - 1) { - free_page++; - if (free_page >= NCACHED) { -#ifndef macintosh - (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1); -#endif - return (0); - } - /* - * This is tricky. The 1 indicates that you want the new page - * allocated with 1 clear bit. Actually, you are going to - * allocate 2 pages from this map. The first is going to be - * the map page, the second is the overflow page we were - * looking for. The init_bitmap routine automatically, sets - * the first bit of itself to indicate that the bitmap itself - * is in use. We would explicitly set the second bit, but - * don't have to if we tell init_bitmap not to leave it clear - * in the first place. - */ - if (__ibitmap(hashp, - (int)OADDR_OF(splitnum, offset), 1, free_page)) - return (0); - hashp->SPARES[splitnum]++; -#ifdef DEBUG2 - free_bit = 2; -#endif - offset++; - if (offset > SPLITMASK) { - if (++splitnum >= NCACHED) { -#ifndef macintosh - (void)write(STDERR_FILENO, OVMSG, - sizeof(OVMSG) - 1); -#endif - return (0); - } - hashp->OVFL_POINT = splitnum; - hashp->SPARES[splitnum] = hashp->SPARES[splitnum-1]; - hashp->SPARES[splitnum-1]--; - offset = 0; - } - } else { - /* - * Free_bit addresses the last used bit. Bump it to address - * the first available bit. - */ - free_bit++; - SETBIT(freep, free_bit); - } - - /* Calculate address of the new overflow page */ - addr = OADDR_OF(splitnum, offset); -#ifdef DEBUG2 - (void)fprintf(stderr, "OVERFLOW_PAGE: ADDR: %d BIT: %d PAGE %d\n", - addr, free_bit, free_page); -#endif - return (addr); - -found: - bit = bit + first_free(freep[j]); - SETBIT(freep, bit); -#ifdef DEBUG2 - tmp1 = bit; - tmp2 = i; -#endif - /* - * Bits are addressed starting with 0, but overflow pages are addressed - * beginning at 1. Bit is a bit addressnumber, so we need to increment - * it to convert it to a page number. - */ - bit = 1 + bit + (i * (hashp->BSIZE << BYTE_SHIFT)); - if (bit >= hashp->LAST_FREED) - hashp->LAST_FREED = bit - 1; - - /* Calculate the split number for this page */ - for (i = 0; (i < (unsigned)splitnum) && (bit > hashp->SPARES[i]); i++) {} - offset = (i ? bit - hashp->SPARES[i - 1] : bit); - if (offset >= SPLITMASK) - return (0); /* Out of overflow pages */ - addr = OADDR_OF(i, offset); -#ifdef DEBUG2 - (void)fprintf(stderr, "OVERFLOW_PAGE: ADDR: %d BIT: %d PAGE %d\n", - addr, tmp1, tmp2); -#endif - - /* Allocate and return the overflow page */ - return (addr); -} - -/* - * Mark this overflow page as free. - */ -extern void -__free_ovflpage(HTAB *hashp, BUFHEAD *obufp) -{ - uint16 addr; - uint32 *freep; - uint32 bit_address, free_page, free_bit; - uint16 ndx; - - if(!obufp || !obufp->addr) - return; - - addr = obufp->addr; -#ifdef DEBUG1 - (void)fprintf(stderr, "Freeing %d\n", addr); -#endif - ndx = (((uint16)addr) >> SPLITSHIFT); - bit_address = - (ndx ? hashp->SPARES[ndx - 1] : 0) + (addr & SPLITMASK) - 1; - if (bit_address < (uint32)hashp->LAST_FREED) - hashp->LAST_FREED = bit_address; - free_page = (bit_address >> (hashp->BSHIFT + BYTE_SHIFT)); - free_bit = bit_address & ((hashp->BSIZE << BYTE_SHIFT) - 1); - - if (!(freep = hashp->mapp[free_page])) - freep = fetch_bitmap(hashp, free_page); - -#ifdef DEBUG - /* - * This had better never happen. It means we tried to read a bitmap - * that has already had overflow pages allocated off it, and we - * failed to read it from the file. - */ - if (!freep) - { - assert(0); - return; - } -#endif - CLRBIT(freep, free_bit); -#ifdef DEBUG2 - (void)fprintf(stderr, "FREE_OVFLPAGE: ADDR: %d BIT: %d PAGE %d\n", - obufp->addr, free_bit, free_page); -#endif - __reclaim_buf(hashp, obufp); -} - -/* - * Returns: - * 0 success - * -1 failure - */ -static int -open_temp(HTAB *hashp) -{ -#ifdef XP_OS2 - hashp->fp = mkstemp(NULL); -#else -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) - sigset_t set, oset; -#endif -#if !defined(macintosh) - char * tmpdir; - size_t len; - char last; -#endif - static const char namestr[] = "/_hashXXXXXX"; - char filename[1024]; - -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) - /* Block signals; make sure file goes away at process exit. */ - (void)sigfillset(&set); - (void)sigprocmask(SIG_BLOCK, &set, &oset); -#endif - - filename[0] = 0; -#if defined(macintosh) - strcat(filename, namestr + 1); -#else - tmpdir = getenv("TMP"); - if (!tmpdir) - tmpdir = getenv("TMPDIR"); - if (!tmpdir) - tmpdir = getenv("TEMP"); - if (!tmpdir) - tmpdir = "."; - len = strlen(tmpdir); - if (len && len < (sizeof filename - sizeof namestr)) { - strcpy(filename, tmpdir); - } - len = strlen(filename); - last = tmpdir[len - 1]; - strcat(filename, (last == '/' || last == '\\') ? namestr + 1 : namestr); -#endif - -#if defined(_WIN32) || defined(_WINDOWS) - if ((hashp->fp = mkstempflags(filename, _O_BINARY|_O_TEMPORARY)) != -1) { - if (hashp->filename) { - free(hashp->filename); - } - hashp->filename = strdup(filename); - hashp->is_temp = 1; - } -#else - if ((hashp->fp = mkstemp(filename)) != -1) { - (void)unlink(filename); -#if !defined(macintosh) - (void)fcntl(hashp->fp, F_SETFD, 1); -#endif - } -#endif - -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) - (void)sigprocmask(SIG_SETMASK, &oset, (sigset_t *)NULL); -#endif -#endif /* !OS2 */ - return (hashp->fp != -1 ? 0 : -1); -} - -/* - * We have to know that the key will fit, but the last entry on the page is - * an overflow pair, so we need to shift things. - */ -static void -squeeze_key(uint16 *sp, const DBT * key, const DBT * val) -{ - register char *p; - uint16 free_space, n, off, pageno; - - p = (char *)sp; - n = sp[0]; - free_space = FREESPACE(sp); - off = OFFSET(sp); - - pageno = sp[n - 1]; - off -= key->size; - sp[n - 1] = off; - memmove(p + off, key->data, key->size); - off -= val->size; - sp[n] = off; - memmove(p + off, val->data, val->size); - sp[0] = n + 2; - sp[n + 1] = pageno; - sp[n + 2] = OVFLPAGE; - FREESPACE(sp) = free_space - PAIRSIZE(key, val); - OFFSET(sp) = off; -} - -static uint32 * -fetch_bitmap(HTAB *hashp, uint32 ndx) -{ - if (ndx >= (unsigned)hashp->nmaps) - return (NULL); - if ((hashp->mapp[ndx] = (uint32 *)malloc((size_t)hashp->BSIZE)) == NULL) - return (NULL); - if (__get_page(hashp, - (char *)hashp->mapp[ndx], hashp->BITMAPS[ndx], 0, 1, 1)) { - free(hashp->mapp[ndx]); - hashp->mapp[ndx] = NULL; /* NEW: 9-11-95 */ - return (NULL); - } - return (hashp->mapp[ndx]); -} - -#ifdef DEBUG4 -int -print_chain(int addr) -{ - BUFHEAD *bufp; - short *bp, oaddr; - - (void)fprintf(stderr, "%d ", addr); - bufp = __get_buf(hashp, addr, NULL, 0); - bp = (short *)bufp->page; - while (bp[0] && ((bp[bp[0]] == OVFLPAGE) || - ((bp[0] > 2) && bp[2] < REAL_KEY))) { - oaddr = bp[bp[0] - 1]; - (void)fprintf(stderr, "%d ", (int)oaddr); - bufp = __get_buf(hashp, (int)oaddr, bufp, 0); - bp = (short *)bufp->page; - } - (void)fprintf(stderr, "\n"); -} -#endif diff --git a/dbm/src/hash.c b/dbm/src/hash.c deleted file mode 100644 index 0058cf3d6e..0000000000 --- a/dbm/src/hash.c +++ /dev/null @@ -1,1179 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)hash.c 8.9 (Berkeley) 6/16/94"; -#endif /* LIBC_SCCS and not lint */ - -#include "watcomfx.h" - -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP) -#include -#endif - -#if !defined(macintosh) -#ifdef XP_OS2_EMX -#include -#endif -#include -#endif - -#if defined(macintosh) -#include -#include -#endif - -#include -#include -#include -#include -#include - -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP) -#include -#endif -#if defined(_WIN32) || defined(_WINDOWS) -#include -#endif - -#include - -#include "mcom_db.h" -#include "hash.h" -#include "page.h" - -/* -#include "extern.h" -*/ -static int alloc_segs __P((HTAB *, int)); -static int flush_meta __P((HTAB *)); -static int hash_access __P((HTAB *, ACTION, DBT *, DBT *)); -static int hash_close __P((DB *)); -static int hash_delete __P((const DB *, const DBT *, uint)); -static int hash_fd __P((const DB *)); -static int hash_get __P((const DB *, const DBT *, DBT *, uint)); -static int hash_put __P((const DB *, DBT *, const DBT *, uint)); -static void *hash_realloc __P((SEGMENT **, size_t, size_t)); -static int hash_seq __P((const DB *, DBT *, DBT *, uint)); -static int hash_sync __P((const DB *, uint)); -static int hdestroy __P((HTAB *)); -static HTAB *init_hash __P((HTAB *, const char *, HASHINFO *)); -static int init_htab __P((HTAB *, int)); -#if BYTE_ORDER == LITTLE_ENDIAN -static void swap_header __P((HTAB *)); -static void swap_header_copy __P((HASHHDR *, HASHHDR *)); -#endif - -/* Fast arithmetic, relying on powers of 2, */ -#define MOD(x, y) ((x) & ((y) - 1)) - -#define RETURN_ERROR(ERR, LOC) { save_errno = ERR; goto LOC; } - -/* Return values */ -#define SUCCESS (0) -#define DBM_ERROR (-1) -#define ABNORMAL (1) - -#ifdef HASH_STATISTICS -int hash_accesses, hash_collisions, hash_expansions, hash_overflows; -#endif - -/* A new Lou (montulli@mozilla.com) routine. - * - * The database is screwed. - * - * This closes the file, flushing buffers as appropriate. - */ -static void -__remove_database(DB *dbp) -{ - HTAB *hashp = (HTAB *)dbp->internal; - - assert(0); - - if (!hashp) - return; - hdestroy(hashp); - dbp->internal = NULL; -} - -/************************** INTERFACE ROUTINES ***************************/ -/* OPEN/CLOSE */ - - -extern DB * -__hash_open(const char *file, int flags, int mode, const HASHINFO *info, int dflags) -{ - HTAB *hashp=NULL; - struct stat statbuf; - DB *dbp; - int bpages, hdrsize, new_table, nsegs, save_errno; - - if ((flags & O_ACCMODE) == O_WRONLY) { - errno = EINVAL; - return NULL; - } - - /* zero the statbuffer so that - * we can check it for a non-zero - * date to see if stat succeeded - */ - memset(&statbuf, 0, sizeof(struct stat)); - - if (!(hashp = (HTAB *)calloc(1, sizeof(HTAB)))) { - errno = ENOMEM; - return NULL; - } - hashp->fp = NO_FILE; - if(file) - hashp->filename = strdup(file); - - /* - * Even if user wants write only, we need to be able to read - * the actual file, so we need to open it read/write. But, the - * field in the hashp structure needs to be accurate so that - * we can check accesses. - */ - hashp->flags = flags; - - new_table = 0; - if (!file || (flags & O_TRUNC) || (stat(file, &statbuf) && (errno == ENOENT))) - { - if (errno == ENOENT) - errno = 0; /* Just in case someone looks at errno */ - new_table = 1; - } - else if(statbuf.st_mtime && statbuf.st_size == 0) - { - /* check for a zero length file and delete it - * if it exists - */ - new_table = 1; - } - hashp->file_size = statbuf.st_size; - - if (file) { -#if defined(_WIN32) || defined(_WINDOWS) || defined (macintosh) || defined(XP_OS2) - if ((hashp->fp = DBFILE_OPEN(file, flags | O_BINARY, mode)) == -1) - RETURN_ERROR(errno, error1); -#else - if ((hashp->fp = open(file, flags, mode)) == -1) - RETURN_ERROR(errno, error1); - (void)fcntl(hashp->fp, F_SETFD, 1); -#endif - } - if (new_table) { - if (!init_hash(hashp, file, (HASHINFO *)info)) - RETURN_ERROR(errno, error1); - } else { - /* Table already exists */ - if (info && info->hash) - hashp->hash = info->hash; - else - hashp->hash = __default_hash; - - hdrsize = read(hashp->fp, (char *)&hashp->hdr, sizeof(HASHHDR)); - if (hdrsize == -1) - RETURN_ERROR(errno, error1); - if (hdrsize != sizeof(HASHHDR)) - RETURN_ERROR(EFTYPE, error1); -#if BYTE_ORDER == LITTLE_ENDIAN - swap_header(hashp); -#endif - /* Verify file type, versions and hash function */ - if (hashp->MAGIC != HASHMAGIC) - RETURN_ERROR(EFTYPE, error1); -#define OLDHASHVERSION 1 - if (hashp->VERSION != HASHVERSION && - hashp->VERSION != OLDHASHVERSION) - RETURN_ERROR(EFTYPE, error1); - if (hashp->hash(CHARKEY, sizeof(CHARKEY)) != hashp->H_CHARKEY) - RETURN_ERROR(EFTYPE, error1); - if (hashp->NKEYS < 0) /* Old bad database. */ - RETURN_ERROR(EFTYPE, error1); - - /* - * Figure out how many segments we need. Max_Bucket is the - * maximum bucket number, so the number of buckets is - * max_bucket + 1. - */ - nsegs = (hashp->MAX_BUCKET + 1 + hashp->SGSIZE - 1) / - hashp->SGSIZE; - hashp->nsegs = 0; - if (alloc_segs(hashp, nsegs)) - /* If alloc_segs fails, errno will have been set. */ - RETURN_ERROR(errno, error1); - /* Read in bitmaps */ - bpages = (hashp->SPARES[hashp->OVFL_POINT] + - (hashp->BSIZE << BYTE_SHIFT) - 1) >> - (hashp->BSHIFT + BYTE_SHIFT); - - hashp->nmaps = bpages; - (void)memset(&hashp->mapp[0], 0, bpages * sizeof(uint32 *)); - } - - /* Initialize Buffer Manager */ - if (info && info->cachesize) - __buf_init(hashp, (int32) info->cachesize); - else - __buf_init(hashp, DEF_BUFSIZE); - - hashp->new_file = new_table; -#ifdef macintosh - hashp->save_file = file && !(hashp->flags & O_RDONLY); -#else - hashp->save_file = file && (hashp->flags & O_RDWR); -#endif - hashp->cbucket = -1; - if (!(dbp = (DB *)malloc(sizeof(DB)))) { - RETURN_ERROR(ENOMEM, error1); - } - dbp->internal = hashp; - dbp->close = hash_close; - dbp->del = hash_delete; - dbp->fd = hash_fd; - dbp->get = hash_get; - dbp->put = hash_put; - dbp->seq = hash_seq; - dbp->sync = hash_sync; - dbp->type = DB_HASH; - -#ifdef HASH_STATISTICS - hash_overflows = hash_accesses = hash_collisions = hash_expansions = 0; -#endif - return (dbp); - -error1: - hdestroy(hashp); - errno = save_errno; - return (NULL); -} - -static int -hash_close(DB *dbp) -{ - HTAB *hashp; - int retval; - - if (!dbp) - return (DBM_ERROR); - - hashp = (HTAB *)dbp->internal; - if(!hashp) - return (DBM_ERROR); - - retval = hdestroy(hashp); - free(dbp); - return (retval); -} - -static int hash_fd(const DB *dbp) -{ - HTAB *hashp; - - if (!dbp) - return (DBM_ERROR); - - hashp = (HTAB *)dbp->internal; - if(!hashp) - return (DBM_ERROR); - - if (hashp->fp == -1) { - errno = ENOENT; - return (-1); - } - return (hashp->fp); -} - -/************************** LOCAL CREATION ROUTINES **********************/ -static HTAB * -init_hash(HTAB *hashp, const char *file, HASHINFO *info) -{ - struct stat statbuf; - int nelem; - - nelem = 1; - hashp->NKEYS = 0; - hashp->LORDER = BYTE_ORDER; - hashp->BSIZE = DEF_BUCKET_SIZE; - hashp->BSHIFT = DEF_BUCKET_SHIFT; - hashp->SGSIZE = DEF_SEGSIZE; - hashp->SSHIFT = DEF_SEGSIZE_SHIFT; - hashp->DSIZE = DEF_DIRSIZE; - hashp->FFACTOR = DEF_FFACTOR; - hashp->hash = __default_hash; - memset(hashp->SPARES, 0, sizeof(hashp->SPARES)); - memset(hashp->BITMAPS, 0, sizeof (hashp->BITMAPS)); - - /* Fix bucket size to be optimal for file system */ - if (file != NULL) { - if (stat(file, &statbuf)) - return (NULL); - -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(VMS) && !defined(XP_OS2) -#if defined(__QNX__) && !defined(__QNXNTO__) - hashp->BSIZE = 512; /* preferred blk size on qnx4 */ -#else - hashp->BSIZE = statbuf.st_blksize; -#endif - - /* new code added by Lou to reduce block - * size down below MAX_BSIZE - */ - if (hashp->BSIZE > MAX_BSIZE) - hashp->BSIZE = MAX_BSIZE; -#endif - hashp->BSHIFT = __log2((uint32)hashp->BSIZE); - } - - if (info) { - if (info->bsize) { - /* Round pagesize up to power of 2 */ - hashp->BSHIFT = __log2(info->bsize); - hashp->BSIZE = 1 << hashp->BSHIFT; - if (hashp->BSIZE > MAX_BSIZE) { - errno = EINVAL; - return (NULL); - } - } - if (info->ffactor) - hashp->FFACTOR = info->ffactor; - if (info->hash) - hashp->hash = info->hash; - if (info->nelem) - nelem = info->nelem; - if (info->lorder) { - if (info->lorder != BIG_ENDIAN && - info->lorder != LITTLE_ENDIAN) { - errno = EINVAL; - return (NULL); - } - hashp->LORDER = info->lorder; - } - } - /* init_htab sets errno if it fails */ - if (init_htab(hashp, nelem)) - return (NULL); - else - return (hashp); -} -/* - * This calls alloc_segs which may run out of memory. Alloc_segs will - * set errno, so we just pass the error information along. - * - * Returns 0 on No Error - */ -static int -init_htab(HTAB *hashp, int nelem) -{ - register int nbuckets, nsegs; - int l2; - - /* - * Divide number of elements by the fill factor and determine a - * desired number of buckets. Allocate space for the next greater - * power of two number of buckets. - */ - nelem = (nelem - 1) / hashp->FFACTOR + 1; - - l2 = __log2((uint32)PR_MAX(nelem, 2)); - nbuckets = 1 << l2; - - hashp->SPARES[l2] = l2 + 1; - hashp->SPARES[l2 + 1] = l2 + 1; - hashp->OVFL_POINT = l2; - hashp->LAST_FREED = 2; - - /* First bitmap page is at: splitpoint l2 page offset 1 */ - if (__ibitmap(hashp, (int)OADDR_OF(l2, 1), l2 + 1, 0)) - return (-1); - - hashp->MAX_BUCKET = hashp->LOW_MASK = nbuckets - 1; - hashp->HIGH_MASK = (nbuckets << 1) - 1; - hashp->HDRPAGES = ((PR_MAX(sizeof(HASHHDR), MINHDRSIZE) - 1) >> - hashp->BSHIFT) + 1; - - nsegs = (nbuckets - 1) / hashp->SGSIZE + 1; - nsegs = 1 << __log2((uint32)nsegs); - - if (nsegs > hashp->DSIZE) - hashp->DSIZE = nsegs; - return (alloc_segs(hashp, nsegs)); -} - -/********************** DESTROY/CLOSE ROUTINES ************************/ - -/* - * Flushes any changes to the file if necessary and destroys the hashp - * structure, freeing all allocated space. - */ -static int -hdestroy(HTAB *hashp) -{ - int i, save_errno; - - save_errno = 0; - -#ifdef HASH_STATISTICS - (void)fprintf(stderr, "hdestroy: accesses %ld collisions %ld\n", - hash_accesses, hash_collisions); - (void)fprintf(stderr, "hdestroy: expansions %ld\n", - hash_expansions); - (void)fprintf(stderr, "hdestroy: overflows %ld\n", - hash_overflows); - (void)fprintf(stderr, "keys %ld maxp %d segmentcount %d\n", - hashp->NKEYS, hashp->MAX_BUCKET, hashp->nsegs); - - for (i = 0; i < NCACHED; i++) - (void)fprintf(stderr, - "spares[%d] = %d\n", i, hashp->SPARES[i]); -#endif - /* - * Call on buffer manager to free buffers, and if required, - * write them to disk. - */ - if (__buf_free(hashp, 1, hashp->save_file)) - save_errno = errno; - if (hashp->dir) { - free(*hashp->dir); /* Free initial segments */ - /* Free extra segments */ - while (hashp->exsegs--) - free(hashp->dir[--hashp->nsegs]); - free(hashp->dir); - } - if (flush_meta(hashp) && !save_errno) - save_errno = errno; - /* Free Bigmaps */ - for (i = 0; i < hashp->nmaps; i++) - if (hashp->mapp[i]) - free(hashp->mapp[i]); - - if (hashp->fp != -1) - (void)close(hashp->fp); - - if(hashp->filename) { -#if defined(_WIN32) || defined(_WINDOWS) || defined(XP_OS2) - if (hashp->is_temp) - (void)unlink(hashp->filename); -#endif - free(hashp->filename); - } - if (hashp->tmp_buf) - free(hashp->tmp_buf); - if (hashp->tmp_key) - free(hashp->tmp_key); - free(hashp); - if (save_errno) { - errno = save_errno; - return (DBM_ERROR); - } - return (SUCCESS); -} - -#if defined(_WIN32) || defined(_WINDOWS) -/* - * Close and reopen file to force file length update on windows. - * - * Returns: - * 0 == OK - * -1 DBM_ERROR - */ -static int -update_EOF(HTAB *hashp) -{ -#if defined(DBM_REOPEN_ON_FLUSH) - char * file = hashp->filename; - off_t file_size; - int flags; - int mode = -1; - struct stat statbuf; - - memset(&statbuf, 0, sizeof statbuf); - - /* make sure we won't lose the file by closing it. */ - if (!file || (stat(file, &statbuf) && (errno == ENOENT))) { - /* pretend we did it. */ - return 0; - } - - (void)close(hashp->fp); - - flags = hashp->flags & ~(O_TRUNC | O_CREAT | O_EXCL); - - if ((hashp->fp = DBFILE_OPEN(file, flags | O_BINARY, mode)) == -1) - return -1; - file_size = lseek(hashp->fp, (off_t)0, SEEK_END); - if (file_size == -1) - return -1; - hashp->file_size = file_size; - return 0; -#else - int fd = hashp->fp; - off_t file_size = lseek(fd, (off_t)0, SEEK_END); - HANDLE handle = (HANDLE)_get_osfhandle(fd); - BOOL cool = FlushFileBuffers(handle); -#ifdef DEBUG3 - if (!cool) { - DWORD err = GetLastError(); - (void)fprintf(stderr, - "FlushFileBuffers failed, last error = %d, 0x%08x\n", - err, err); - } -#endif - if (file_size == -1) - return -1; - hashp->file_size = file_size; - return cool ? 0 : -1; -#endif -} -#endif - -/* - * Write modified pages to disk - * - * Returns: - * 0 == OK - * -1 DBM_ERROR - */ -static int -hash_sync(const DB *dbp, uint flags) -{ - HTAB *hashp; - - if (flags != 0) { - errno = EINVAL; - return (DBM_ERROR); - } - - if (!dbp) - return (DBM_ERROR); - - hashp = (HTAB *)dbp->internal; - if(!hashp) - return (DBM_ERROR); - - if (!hashp->save_file) - return (0); - if (__buf_free(hashp, 0, 1) || flush_meta(hashp)) - return (DBM_ERROR); -#if defined(_WIN32) || defined(_WINDOWS) - if (hashp->updateEOF && hashp->filename && !hashp->is_temp) { - int status = update_EOF(hashp); - hashp->updateEOF = 0; - if (status) - return status; - } -#endif - hashp->new_file = 0; - return (0); -} - -/* - * Returns: - * 0 == OK - * -1 indicates that errno should be set - */ -static int -flush_meta(HTAB *hashp) -{ - HASHHDR *whdrp; -#if BYTE_ORDER == LITTLE_ENDIAN - HASHHDR whdr; -#endif - int fp, i, wsize; - - if (!hashp->save_file) - return (0); - hashp->MAGIC = HASHMAGIC; - hashp->VERSION = HASHVERSION; - hashp->H_CHARKEY = hashp->hash(CHARKEY, sizeof(CHARKEY)); - - fp = hashp->fp; - whdrp = &hashp->hdr; -#if BYTE_ORDER == LITTLE_ENDIAN - whdrp = &whdr; - swap_header_copy(&hashp->hdr, whdrp); -#endif - if ((lseek(fp, (off_t)0, SEEK_SET) == -1) || - ((wsize = write(fp, (char*)whdrp, sizeof(HASHHDR))) == -1)) - return (-1); - else - if (wsize != sizeof(HASHHDR)) { - errno = EFTYPE; - hashp->dbmerrno = errno; - return (-1); - } - for (i = 0; i < NCACHED; i++) - if (hashp->mapp[i]) - if (__put_page(hashp, (char *)hashp->mapp[i], - hashp->BITMAPS[i], 0, 1)) - return (-1); - return (0); -} - -/*******************************SEARCH ROUTINES *****************************/ -/* - * All the access routines return - * - * Returns: - * 0 on SUCCESS - * 1 to indicate an external DBM_ERROR (i.e. key not found, etc) - * -1 to indicate an internal DBM_ERROR (i.e. out of memory, etc) - */ -static int -hash_get( - const DB *dbp, - const DBT *key, - DBT *data, - uint flag) -{ - HTAB *hashp; - int rv; - - hashp = (HTAB *)dbp->internal; - if (!hashp) - return (DBM_ERROR); - - if (flag) { - hashp->dbmerrno = errno = EINVAL; - return (DBM_ERROR); - } - - rv = hash_access(hashp, HASH_GET, (DBT *)key, data); - - if(rv == DATABASE_CORRUPTED_ERROR) - { -#if defined(unix) && defined(DEBUG) - printf("\n\nDBM Database has been corrupted, tell Lou...\n\n"); -#endif - __remove_database((DB *)dbp); - } - - return(rv); -} - -static int -hash_put( - const DB *dbp, - DBT *key, - const DBT *data, - uint flag) -{ - HTAB *hashp; - int rv; - - hashp = (HTAB *)dbp->internal; - if (!hashp) - return (DBM_ERROR); - - if (flag && flag != R_NOOVERWRITE) { - hashp->dbmerrno = errno = EINVAL; - return (DBM_ERROR); - } - if ((hashp->flags & O_ACCMODE) == O_RDONLY) { - hashp->dbmerrno = errno = EPERM; - return (DBM_ERROR); - } - - rv = hash_access(hashp, flag == R_NOOVERWRITE ? - HASH_PUTNEW : HASH_PUT, (DBT *)key, (DBT *)data); - - if(rv == DATABASE_CORRUPTED_ERROR) - { -#if defined(unix) && defined(DEBUG) - printf("\n\nDBM Database has been corrupted, tell Lou...\n\n"); -#endif - __remove_database((DB *)dbp); - } - - return(rv); -} - -static int -hash_delete( - const DB *dbp, - const DBT *key, - uint flag) /* Ignored */ -{ - HTAB *hashp; - int rv; - - hashp = (HTAB *)dbp->internal; - if (!hashp) - return (DBM_ERROR); - - if (flag && flag != R_CURSOR) { - hashp->dbmerrno = errno = EINVAL; - return (DBM_ERROR); - } - if ((hashp->flags & O_ACCMODE) == O_RDONLY) { - hashp->dbmerrno = errno = EPERM; - return (DBM_ERROR); - } - rv = hash_access(hashp, HASH_DELETE, (DBT *)key, NULL); - - if(rv == DATABASE_CORRUPTED_ERROR) - { -#if defined(unix) && defined(DEBUG) - printf("\n\nDBM Database has been corrupted, tell Lou...\n\n"); -#endif - __remove_database((DB *)dbp); - } - - return(rv); -} - -#define MAX_OVERFLOW_HASH_ACCESS_LOOPS 2000 -/* - * Assume that hashp has been set in wrapper routine. - */ -static int -hash_access( - HTAB *hashp, - ACTION action, - DBT *key, DBT *val) -{ - register BUFHEAD *rbufp; - BUFHEAD *bufp, *save_bufp; - register uint16 *bp; - register long n, ndx, off; - register size_t size; - register char *kp; - uint16 pageno; - uint32 ovfl_loop_count=0; - int32 last_overflow_page_no = -1; - -#ifdef HASH_STATISTICS - hash_accesses++; -#endif - - off = hashp->BSIZE; - size = key->size; - kp = (char *)key->data; - rbufp = __get_buf(hashp, __call_hash(hashp, kp, size), NULL, 0); - if (!rbufp) - return (DATABASE_CORRUPTED_ERROR); - save_bufp = rbufp; - - /* Pin the bucket chain */ - rbufp->flags |= BUF_PIN; - for (bp = (uint16 *)rbufp->page, n = *bp++, ndx = 1; ndx < n;) - { - - if (bp[1] >= REAL_KEY) { - /* Real key/data pair */ - if (size == (unsigned long)(off - *bp) && - memcmp(kp, rbufp->page + *bp, size) == 0) - goto found; - off = bp[1]; -#ifdef HASH_STATISTICS - hash_collisions++; -#endif - bp += 2; - ndx += 2; - } else if (bp[1] == OVFLPAGE) { - - /* database corruption: overflow loop detection */ - if(last_overflow_page_no == (int32)*bp) - return (DATABASE_CORRUPTED_ERROR); - - last_overflow_page_no = *bp; - - rbufp = __get_buf(hashp, *bp, rbufp, 0); - if (!rbufp) { - save_bufp->flags &= ~BUF_PIN; - return (DBM_ERROR); - } - - ovfl_loop_count++; - if(ovfl_loop_count > MAX_OVERFLOW_HASH_ACCESS_LOOPS) - return (DATABASE_CORRUPTED_ERROR); - - /* FOR LOOP INIT */ - bp = (uint16 *)rbufp->page; - n = *bp++; - ndx = 1; - off = hashp->BSIZE; - } else if (bp[1] < REAL_KEY) { - if ((ndx = - __find_bigpair(hashp, rbufp, ndx, kp, (int)size)) > 0) - goto found; - if (ndx == -2) { - bufp = rbufp; - if (!(pageno = - __find_last_page(hashp, &bufp))) { - ndx = 0; - rbufp = bufp; - break; /* FOR */ - } - rbufp = __get_buf(hashp, pageno, bufp, 0); - if (!rbufp) { - save_bufp->flags &= ~BUF_PIN; - return (DBM_ERROR); - } - /* FOR LOOP INIT */ - bp = (uint16 *)rbufp->page; - n = *bp++; - ndx = 1; - off = hashp->BSIZE; - } else { - save_bufp->flags &= ~BUF_PIN; - return (DBM_ERROR); - - } - } - } - - /* Not found */ - switch (action) { - case HASH_PUT: - case HASH_PUTNEW: - if (__addel(hashp, rbufp, key, val)) { - save_bufp->flags &= ~BUF_PIN; - return (DBM_ERROR); - } else { - save_bufp->flags &= ~BUF_PIN; - return (SUCCESS); - } - case HASH_GET: - case HASH_DELETE: - default: - save_bufp->flags &= ~BUF_PIN; - return (ABNORMAL); - } - -found: - switch (action) { - case HASH_PUTNEW: - save_bufp->flags &= ~BUF_PIN; - return (ABNORMAL); - case HASH_GET: - bp = (uint16 *)rbufp->page; - if (bp[ndx + 1] < REAL_KEY) { - if (__big_return(hashp, rbufp, ndx, val, 0)) - return (DBM_ERROR); - } else { - val->data = (uint8 *)rbufp->page + (int)bp[ndx + 1]; - val->size = bp[ndx] - bp[ndx + 1]; - } - break; - case HASH_PUT: - if ((__delpair(hashp, rbufp, ndx)) || - (__addel(hashp, rbufp, key, val))) { - save_bufp->flags &= ~BUF_PIN; - return (DBM_ERROR); - } - break; - case HASH_DELETE: - if (__delpair(hashp, rbufp, ndx)) - return (DBM_ERROR); - break; - default: - abort(); - } - save_bufp->flags &= ~BUF_PIN; - return (SUCCESS); -} - -static int -hash_seq( - const DB *dbp, - DBT *key, DBT *data, - uint flag) -{ - register uint32 bucket; - register BUFHEAD *bufp; - HTAB *hashp; - uint16 *bp, ndx; - - hashp = (HTAB *)dbp->internal; - if (!hashp) - return (DBM_ERROR); - - if (flag && flag != R_FIRST && flag != R_NEXT) { - hashp->dbmerrno = errno = EINVAL; - return (DBM_ERROR); - } -#ifdef HASH_STATISTICS - hash_accesses++; -#endif - if ((hashp->cbucket < 0) || (flag == R_FIRST)) { - hashp->cbucket = 0; - hashp->cndx = 1; - hashp->cpage = NULL; - } - - for (bp = NULL; !bp || !bp[0]; ) { - if (!(bufp = hashp->cpage)) { - for (bucket = hashp->cbucket; - bucket <= (uint32)hashp->MAX_BUCKET; - bucket++, hashp->cndx = 1) { - bufp = __get_buf(hashp, bucket, NULL, 0); - if (!bufp) - return (DBM_ERROR); - hashp->cpage = bufp; - bp = (uint16 *)bufp->page; - if (bp[0]) - break; - } - hashp->cbucket = bucket; - if (hashp->cbucket > hashp->MAX_BUCKET) { - hashp->cbucket = -1; - return (ABNORMAL); - } - } else - bp = (uint16 *)hashp->cpage->page; - -#ifdef DEBUG - assert(bp); - assert(bufp); -#endif - while (bp[hashp->cndx + 1] == OVFLPAGE) { - bufp = hashp->cpage = - __get_buf(hashp, bp[hashp->cndx], bufp, 0); - if (!bufp) - return (DBM_ERROR); - bp = (uint16 *)(bufp->page); - hashp->cndx = 1; - } - if (!bp[0]) { - hashp->cpage = NULL; - ++hashp->cbucket; - } - } - ndx = hashp->cndx; - if (bp[ndx + 1] < REAL_KEY) { - if (__big_keydata(hashp, bufp, key, data, 1)) - return (DBM_ERROR); - } else { - key->data = (uint8 *)hashp->cpage->page + bp[ndx]; - key->size = (ndx > 1 ? bp[ndx - 1] : hashp->BSIZE) - bp[ndx]; - data->data = (uint8 *)hashp->cpage->page + bp[ndx + 1]; - data->size = bp[ndx] - bp[ndx + 1]; - ndx += 2; - if (ndx > bp[0]) { - hashp->cpage = NULL; - hashp->cbucket++; - hashp->cndx = 1; - } else - hashp->cndx = ndx; - } - return (SUCCESS); -} - -/********************************* UTILITIES ************************/ - -/* - * Returns: - * 0 ==> OK - * -1 ==> Error - */ -extern int -__expand_table(HTAB *hashp) -{ - uint32 old_bucket, new_bucket; - int new_segnum, spare_ndx; - size_t dirsize; - -#ifdef HASH_STATISTICS - hash_expansions++; -#endif - new_bucket = ++hashp->MAX_BUCKET; - old_bucket = (hashp->MAX_BUCKET & hashp->LOW_MASK); - - new_segnum = new_bucket >> hashp->SSHIFT; - - /* Check if we need a new segment */ - if (new_segnum >= hashp->nsegs) { - /* Check if we need to expand directory */ - if (new_segnum >= hashp->DSIZE) { - /* Reallocate directory */ - dirsize = hashp->DSIZE * sizeof(SEGMENT *); - if (!hash_realloc(&hashp->dir, dirsize, dirsize << 1)) - return (-1); - hashp->DSIZE = dirsize << 1; - } - if ((hashp->dir[new_segnum] = - (SEGMENT)calloc((size_t)hashp->SGSIZE, sizeof(SEGMENT))) == NULL) - return (-1); - hashp->exsegs++; - hashp->nsegs++; - } - /* - * If the split point is increasing (MAX_BUCKET's log base 2 - * * increases), we need to copy the current contents of the spare - * split bucket to the next bucket. - */ - spare_ndx = __log2((uint32)(hashp->MAX_BUCKET + 1)); - if (spare_ndx > hashp->OVFL_POINT) { - hashp->SPARES[spare_ndx] = hashp->SPARES[hashp->OVFL_POINT]; - hashp->OVFL_POINT = spare_ndx; - } - - if (new_bucket > (uint32)hashp->HIGH_MASK) { - /* Starting a new doubling */ - hashp->LOW_MASK = hashp->HIGH_MASK; - hashp->HIGH_MASK = new_bucket | hashp->LOW_MASK; - } - /* Relocate records to the new bucket */ - return (__split_page(hashp, old_bucket, new_bucket)); -} - -/* - * If realloc guarantees that the pointer is not destroyed if the realloc - * fails, then this routine can go away. - */ -static void * -hash_realloc( - SEGMENT **p_ptr, - size_t oldsize, size_t newsize) -{ - register void *p; - - if ((p = malloc(newsize))) { - memmove(p, *p_ptr, oldsize); - memset((char *)p + oldsize, 0, newsize - oldsize); - free(*p_ptr); - *p_ptr = (SEGMENT *)p; - } - return (p); -} - -extern uint32 -__call_hash(HTAB *hashp, char *k, size_t len) -{ - uint32 n, bucket; - - n = hashp->hash(k, len); - bucket = n & hashp->HIGH_MASK; - if (bucket > (uint32)hashp->MAX_BUCKET) - bucket = bucket & hashp->LOW_MASK; - return (bucket); -} - -/* - * Allocate segment table. On error, set errno. - * - * Returns 0 on success - */ -static int -alloc_segs( - HTAB *hashp, - int nsegs) -{ - register int i; - register SEGMENT store; - - if ((hashp->dir = - (SEGMENT *)calloc((size_t)hashp->DSIZE, sizeof(SEGMENT *))) == NULL) { - errno = ENOMEM; - return (-1); - } - /* Allocate segments */ - if ((store = - (SEGMENT)calloc((size_t)nsegs << hashp->SSHIFT, sizeof(SEGMENT))) == NULL) { - errno = ENOMEM; - return (-1); - } - for (i = 0; i < nsegs; i++, hashp->nsegs++) - hashp->dir[i] = &store[i << hashp->SSHIFT]; - return (0); -} - -#if BYTE_ORDER == LITTLE_ENDIAN -/* - * Hashp->hdr needs to be byteswapped. - */ -static void -swap_header_copy( - HASHHDR *srcp, HASHHDR *destp) -{ - int i; - - P_32_COPY(srcp->magic, destp->magic); - P_32_COPY(srcp->version, destp->version); - P_32_COPY(srcp->lorder, destp->lorder); - P_32_COPY(srcp->bsize, destp->bsize); - P_32_COPY(srcp->bshift, destp->bshift); - P_32_COPY(srcp->dsize, destp->dsize); - P_32_COPY(srcp->ssize, destp->ssize); - P_32_COPY(srcp->sshift, destp->sshift); - P_32_COPY(srcp->ovfl_point, destp->ovfl_point); - P_32_COPY(srcp->last_freed, destp->last_freed); - P_32_COPY(srcp->max_bucket, destp->max_bucket); - P_32_COPY(srcp->high_mask, destp->high_mask); - P_32_COPY(srcp->low_mask, destp->low_mask); - P_32_COPY(srcp->ffactor, destp->ffactor); - P_32_COPY(srcp->nkeys, destp->nkeys); - P_32_COPY(srcp->hdrpages, destp->hdrpages); - P_32_COPY(srcp->h_charkey, destp->h_charkey); - for (i = 0; i < NCACHED; i++) { - P_32_COPY(srcp->spares[i], destp->spares[i]); - P_16_COPY(srcp->bitmaps[i], destp->bitmaps[i]); - } -} - -static void -swap_header(HTAB *hashp) -{ - HASHHDR *hdrp; - int i; - - hdrp = &hashp->hdr; - - M_32_SWAP(hdrp->magic); - M_32_SWAP(hdrp->version); - M_32_SWAP(hdrp->lorder); - M_32_SWAP(hdrp->bsize); - M_32_SWAP(hdrp->bshift); - M_32_SWAP(hdrp->dsize); - M_32_SWAP(hdrp->ssize); - M_32_SWAP(hdrp->sshift); - M_32_SWAP(hdrp->ovfl_point); - M_32_SWAP(hdrp->last_freed); - M_32_SWAP(hdrp->max_bucket); - M_32_SWAP(hdrp->high_mask); - M_32_SWAP(hdrp->low_mask); - M_32_SWAP(hdrp->ffactor); - M_32_SWAP(hdrp->nkeys); - M_32_SWAP(hdrp->hdrpages); - M_32_SWAP(hdrp->h_charkey); - for (i = 0; i < NCACHED; i++) { - M_32_SWAP(hdrp->spares[i]); - M_16_SWAP(hdrp->bitmaps[i]); - } -} -#endif diff --git a/dbm/src/hash_buf.c b/dbm/src/hash_buf.c deleted file mode 100644 index d1193de6fb..0000000000 --- a/dbm/src/hash_buf.c +++ /dev/null @@ -1,414 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)hash_buf.c 8.5 (Berkeley) 7/15/94"; -#endif /* LIBC_SCCS and not lint */ - -#include "watcomfx.h" - -/* - * PACKAGE: hash - * - * DESCRIPTION: - * Contains buffer management - * - * ROUTINES: - * External - * __buf_init - * __get_buf - * __buf_free - * __reclaim_buf - * Internal - * newbuf - */ -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP) -#include -#endif - -#include -#include -#include -#include -#include - -#ifdef DEBUG -#include -#endif - -#include "mcom_db.h" -#include "hash.h" -#include "page.h" -/* #include "extern.h" */ - -static BUFHEAD *newbuf __P((HTAB *, uint32, BUFHEAD *)); - -/* Unlink B from its place in the lru */ -#define BUF_REMOVE(B) { \ - (B)->prev->next = (B)->next; \ - (B)->next->prev = (B)->prev; \ -} - -/* Insert B after P */ -#define BUF_INSERT(B, P) { \ - (B)->next = (P)->next; \ - (B)->prev = (P); \ - (P)->next = (B); \ - (B)->next->prev = (B); \ -} - -#define MRU hashp->bufhead.next -#define LRU hashp->bufhead.prev - -#define MRU_INSERT(B) BUF_INSERT((B), &hashp->bufhead) -#define LRU_INSERT(B) BUF_INSERT((B), LRU) - -/* - * We are looking for a buffer with address "addr". If prev_bp is NULL, then - * address is a bucket index. If prev_bp is not NULL, then it points to the - * page previous to an overflow page that we are trying to find. - * - * CAVEAT: The buffer header accessed via prev_bp's ovfl field may no longer - * be valid. Therefore, you must always verify that its address matches the - * address you are seeking. - */ -extern BUFHEAD * -__get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage) -/* If prev_bp set, indicates a new overflow page. */ -{ - register BUFHEAD *bp; - register uint32 is_disk_mask; - register int is_disk, segment_ndx = 0; - SEGMENT segp = 0; - - is_disk = 0; - is_disk_mask = 0; - if (prev_bp) { - bp = prev_bp->ovfl; - if (!bp || (bp->addr != addr)) - bp = NULL; - if (!newpage) - is_disk = BUF_DISK; - } else { - /* Grab buffer out of directory */ - segment_ndx = addr & (hashp->SGSIZE - 1); - - /* valid segment ensured by __call_hash() */ - segp = hashp->dir[addr >> hashp->SSHIFT]; -#ifdef DEBUG - assert(segp != NULL); -#endif - - bp = PTROF(segp[segment_ndx]); - - is_disk_mask = ISDISK(segp[segment_ndx]); - is_disk = is_disk_mask || !hashp->new_file; - } - - if (!bp) { - bp = newbuf(hashp, addr, prev_bp); - if (!bp) - return(NULL); - if(__get_page(hashp, bp->page, addr, !prev_bp, is_disk, 0)) - { - /* free bp and its page */ - if(prev_bp) - { - /* if prev_bp is set then the new page that - * failed is hooked onto prev_bp as an overflow page. - * if we don't remove the pointer to the bad page - * we may try and access it later and we will die - * horribly because it will have already been - * free'd and overwritten with bogus data. - */ - prev_bp->ovfl = NULL; - } - BUF_REMOVE(bp); - free(bp->page); - free(bp); - return (NULL); - } - - if (!prev_bp) - { -#if 0 - /* 16 bit windows and mac can't handle the - * oring of the is disk flag. - */ - segp[segment_ndx] = - (BUFHEAD *)((ptrdiff_t)bp | is_disk_mask); -#else - /* set the is_disk thing inside the structure - */ - bp->is_disk = is_disk_mask; - segp[segment_ndx] = bp; -#endif - } - } else { - BUF_REMOVE(bp); - MRU_INSERT(bp); - } - return (bp); -} - -/* - * We need a buffer for this page. Either allocate one, or evict a resident - * one (if we have as many buffers as we're allowed) and put this one in. - * - * If newbuf finds an error (returning NULL), it also sets errno. - */ -static BUFHEAD * -newbuf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp) -{ - register BUFHEAD *bp; /* The buffer we're going to use */ - register BUFHEAD *xbp; /* Temp pointer */ - register BUFHEAD *next_xbp; - SEGMENT segp; - int segment_ndx; - uint16 oaddr, *shortp; - - oaddr = 0; - bp = LRU; - /* - * If LRU buffer is pinned, the buffer pool is too small. We need to - * allocate more buffers. - */ - if (hashp->nbufs || (bp->flags & BUF_PIN)) { - /* Allocate a new one */ - if ((bp = (BUFHEAD *)malloc(sizeof(BUFHEAD))) == NULL) - return (NULL); - - /* this memset is supposedly unnecessary but lets add - * it anyways. - */ - memset(bp, 0xff, sizeof(BUFHEAD)); - - if ((bp->page = (char *)malloc((size_t)hashp->BSIZE)) == NULL) { - free(bp); - return (NULL); - } - - /* this memset is supposedly unnecessary but lets add - * it anyways. - */ - memset(bp->page, 0xff, (size_t)hashp->BSIZE); - - if (hashp->nbufs) - hashp->nbufs--; - } else { - /* Kick someone out */ - BUF_REMOVE(bp); - /* - * If this is an overflow page with addr 0, it's already been - * flushed back in an overflow chain and initialized. - */ - if ((bp->addr != 0) || (bp->flags & BUF_BUCKET)) { - /* - * Set oaddr before __put_page so that you get it - * before bytes are swapped. - */ - shortp = (uint16 *)bp->page; - if (shortp[0]) - { - if(shortp[0] > (hashp->BSIZE / sizeof(uint16))) - { - return(NULL); - } - oaddr = shortp[shortp[0] - 1]; - } - if ((bp->flags & BUF_MOD) && __put_page(hashp, bp->page, - bp->addr, (int)IS_BUCKET(bp->flags), 0)) - return (NULL); - /* - * Update the pointer to this page (i.e. invalidate it). - * - * If this is a new file (i.e. we created it at open - * time), make sure that we mark pages which have been - * written to disk so we retrieve them from disk later, - * rather than allocating new pages. - */ - if (IS_BUCKET(bp->flags)) { - segment_ndx = bp->addr & (hashp->SGSIZE - 1); - segp = hashp->dir[bp->addr >> hashp->SSHIFT]; -#ifdef DEBUG - assert(segp != NULL); -#endif - - if (hashp->new_file && - ((bp->flags & BUF_MOD) || - ISDISK(segp[segment_ndx]))) - segp[segment_ndx] = (BUFHEAD *)BUF_DISK; - else - segp[segment_ndx] = NULL; - } - /* - * Since overflow pages can only be access by means of - * their bucket, free overflow pages associated with - * this bucket. - */ - for (xbp = bp; xbp->ovfl;) { - next_xbp = xbp->ovfl; - xbp->ovfl = 0; - xbp = next_xbp; - - /* leave pinned pages alone, we are still using - * them. */ - if (xbp->flags & BUF_PIN) { - continue; - } - - /* Check that ovfl pointer is up date. */ - if (IS_BUCKET(xbp->flags) || - (oaddr != xbp->addr)) - break; - - shortp = (uint16 *)xbp->page; - if (shortp[0]) - { - /* LJM is the number of reported - * pages way too much? - */ - if(shortp[0] > hashp->BSIZE/sizeof(uint16)) - return NULL; - /* set before __put_page */ - oaddr = shortp[shortp[0] - 1]; - } - if ((xbp->flags & BUF_MOD) && __put_page(hashp, - xbp->page, xbp->addr, 0, 0)) - return (NULL); - xbp->addr = 0; - xbp->flags = 0; - BUF_REMOVE(xbp); - LRU_INSERT(xbp); - } - } - } - - /* Now assign this buffer */ - bp->addr = addr; -#ifdef DEBUG1 - (void)fprintf(stderr, "NEWBUF1: %d->ovfl was %d is now %d\n", - bp->addr, (bp->ovfl ? bp->ovfl->addr : 0), 0); -#endif - bp->ovfl = NULL; - if (prev_bp) { - /* - * If prev_bp is set, this is an overflow page, hook it in to - * the buffer overflow links. - */ -#ifdef DEBUG1 - (void)fprintf(stderr, "NEWBUF2: %d->ovfl was %d is now %d\n", - prev_bp->addr, (prev_bp->ovfl ? bp->ovfl->addr : 0), - (bp ? bp->addr : 0)); -#endif - prev_bp->ovfl = bp; - bp->flags = 0; - } else - bp->flags = BUF_BUCKET; - MRU_INSERT(bp); - return (bp); -} - -extern void __buf_init(HTAB *hashp, int32 nbytes) -{ - BUFHEAD *bfp; - int npages; - - bfp = &(hashp->bufhead); - npages = (nbytes + hashp->BSIZE - 1) >> hashp->BSHIFT; - npages = PR_MAX(npages, MIN_BUFFERS); - - hashp->nbufs = npages; - bfp->next = bfp; - bfp->prev = bfp; - /* - * This space is calloc'd so these are already null. - * - * bfp->ovfl = NULL; - * bfp->flags = 0; - * bfp->page = NULL; - * bfp->addr = 0; - */ -} - -extern int -__buf_free(HTAB *hashp, int do_free, int to_disk) -{ - BUFHEAD *bp; - int status = -1; - - /* Need to make sure that buffer manager has been initialized */ - if (!LRU) - return (0); - for (bp = LRU; bp != &hashp->bufhead;) { - /* Check that the buffer is valid */ - if (bp->addr || IS_BUCKET(bp->flags)) { - if (to_disk && (bp->flags & BUF_MOD) && - (status = __put_page(hashp, bp->page, - bp->addr, IS_BUCKET(bp->flags), 0))) { - - if (do_free) { - if (bp->page) - free(bp->page); - BUF_REMOVE(bp); - free(bp); - } - - return (status); - } - } - /* Check if we are freeing stuff */ - if (do_free) { - if (bp->page) - free(bp->page); - BUF_REMOVE(bp); - free(bp); - bp = LRU; - } else - bp = bp->prev; - } - return (0); -} - -extern void -__reclaim_buf(HTAB *hashp, BUFHEAD *bp) -{ - bp->ovfl = 0; - bp->addr = 0; - bp->flags = 0; - BUF_REMOVE(bp); - LRU_INSERT(bp); -} diff --git a/dbm/src/hsearch.c b/dbm/src/hsearch.c deleted file mode 100644 index fb8a58bad2..0000000000 --- a/dbm/src/hsearch.c +++ /dev/null @@ -1,108 +0,0 @@ -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)hsearch.c 8.4 (Berkeley) 7/21/94"; -#endif /* LIBC_SCCS and not lint */ - -#include "watcomfx.h" - -#ifndef macintosh -#include -#endif - -#include -#include - -#include "mcom_db.h" -#include "hsearch.h" - -static DB *dbp = NULL; -static ENTRY retval; - -extern int -hcreate(uint nel) -{ - HASHINFO info; - - info.nelem = nel; - info.bsize = 256; - info.ffactor = 8; - info.cachesize = 0; - info.hash = NULL; - info.lorder = 0; - dbp = (DB *)__hash_open(NULL, O_CREAT | O_RDWR, 0600, &info, 0); - return ((int)dbp); -} - -extern ENTRY * -hsearch(ENTRY item, ACTION action) -{ - DBT key, val; - int status; - - if (!dbp) - return (NULL); - key.data = (uint8 *)item.key; - key.size = strlen(item.key) + 1; - - if (action == ENTER) { - val.data = (uint8 *)item.data; - val.size = strlen(item.data) + 1; - status = (dbp->put)(dbp, &key, &val, R_NOOVERWRITE); - if (status) - return (NULL); - } else { - /* FIND */ - status = (dbp->get)(dbp, &key, &val, 0); - if (status) - return (NULL); - else - item.data = (char *)val.data; - } - retval.key = item.key; - retval.data = item.data; - return (&retval); -} - -extern void -hdestroy() -{ - if (dbp) { - (void)(dbp->close)(dbp); - dbp = NULL; - } -} diff --git a/dbm/src/memmove.c b/dbm/src/memmove.c deleted file mode 100644 index 70eb1e5d24..0000000000 --- a/dbm/src/memmove.c +++ /dev/null @@ -1,150 +0,0 @@ -#if defined(__sun) && !defined(__SVR4) -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Chris Torek. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)bcopy.c 8.1 (Berkeley) 6/4/93"; -#endif /* LIBC_SCCS and not lint */ - -#include "watcomfx.h" - -#ifdef HAVE_SYS_CDEFS_H -#include -#else -#include "cdefs.h" -#endif -#include - -/* - * sizeof(word) MUST BE A POWER OF TWO - * SO THAT wmask BELOW IS ALL ONES - */ -typedef int word; /* "word" used for optimal copy speed */ - -#define wsize sizeof(word) -#define wmask (wsize - 1) - -/* - * Copy a block of memory, handling overlap. - * This is the routine that actually implements - * (the portable versions of) bcopy, memcpy, and memmove. - */ -#ifdef MEMCOPY -void * -memcpy(dst0, src0, length) -#else -#ifdef MEMMOVE -void * -memmove(dst0, src0, length) -#else -void -bcopy(src0, dst0, length) -#endif -#endif - void *dst0; - const void *src0; - register size_t length; -{ - register char *dst = dst0; - register const char *src = src0; - register size_t t; - - if (length == 0 || dst == src) /* nothing to do */ - goto done; - - /* - * Macros: loop-t-times; and loop-t-times, t>0 - */ -#define TLOOP(s) if (t) TLOOP1(s) -#define TLOOP1(s) do { s; } while (--t) - - if ((unsigned long)dst < (unsigned long)src) { - /* - * Copy forward. - */ - t = (int)src; /* only need low bits */ - if ((t | (int)dst) & wmask) { - /* - * Try to align operands. This cannot be done - * unless the low bits match. - */ - if ((t ^ (int)dst) & wmask || length < wsize) - t = length; - else - t = wsize - (t & wmask); - length -= t; - TLOOP1(*dst++ = *src++); - } - /* - * Copy whole words, then mop up any trailing bytes. - */ - t = length / wsize; - TLOOP(*(word *)dst = *(word *)src; src += wsize; dst += wsize); - t = length & wmask; - TLOOP(*dst++ = *src++); - } else { - /* - * Copy backwards. Otherwise essentially the same. - * Alignment works as before, except that it takes - * (t&wmask) bytes to align, not wsize-(t&wmask). - */ - src += length; - dst += length; - t = (int)src; - if ((t | (int)dst) & wmask) { - if ((t ^ (int)dst) & wmask || length <= wsize) - t = length; - else - t &= wmask; - length -= t; - TLOOP1(*--dst = *--src); - } - t = length / wsize; - TLOOP(src -= wsize; dst -= wsize; *(word *)dst = *(word *)src); - t = length & wmask; - TLOOP(*--dst = *--src); - } -done: -#if defined(MEMCOPY) || defined(MEMMOVE) - return (dst0); -#else - return; -#endif -} -#endif /* no __sgi */ - -/* Some compilers don't like an empty source file. */ -static int dummy = 0; diff --git a/dbm/src/mktemp.c b/dbm/src/mktemp.c deleted file mode 100644 index 78cbc9edb3..0000000000 --- a/dbm/src/mktemp.c +++ /dev/null @@ -1,166 +0,0 @@ -/* - * Copyright (c) 1987, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)mktemp.c 8.1 (Berkeley) 6/4/93"; -#endif /* LIBC_SCCS and not lint */ - -#include "watcomfx.h" - -#ifdef macintosh -#include -#else -#include -#include -#endif -#include -#include -#include -#include -#include "mcom_db.h" - -#if !defined(_WINDOWS) && !defined(XP_OS2_VACPP) -#include -#endif - -#ifdef XP_OS2_VACPP -#include -#endif - -#ifdef _WINDOWS -#include -#include "winfile.h" -#endif - -static int _gettemp(char *path, register int *doopen, int extraFlags); - -int -mkstemp(char *path) -{ -#ifdef XP_OS2 - FILE *temp = tmpfile(); - - return (temp ? fileno(temp) : -1); -#else - int fd; - - return (_gettemp(path, &fd, 0) ? fd : -1); -#endif -} - -int -mkstempflags(char *path, int extraFlags) -{ - int fd; - - return (_gettemp(path, &fd, extraFlags) ? fd : -1); -} - -char * -mktemp(char *path) -{ - return(_gettemp(path, (int *)NULL, 0) ? path : (char *)NULL); -} - -/* NB: This routine modifies its input string, and does not always restore it. -** returns 1 on success, 0 on failure. -*/ -static int -_gettemp(char *path, register int *doopen, int extraFlags) -{ -#if !defined(_WINDOWS) || defined(_WIN32) - extern int errno; -#endif - register char *start, *trv; - struct stat sbuf; - unsigned int pid; - - pid = getpid(); - for (trv = path; *trv; ++trv); /* extra X's get set to 0's */ - while (*--trv == 'X') { - *trv = (pid % 10) + '0'; - pid /= 10; - } - - /* - * check the target directory; if you have six X's and it - * doesn't exist this runs for a *very* long time. - */ - for (start = trv + 1;; --trv) { - char saved; - if (trv <= path) - break; - saved = *trv; - if (saved == '/' || saved == '\\') { - int rv; - *trv = '\0'; - rv = stat(path, &sbuf); - *trv = saved; - if (rv) - return(0); - if (!S_ISDIR(sbuf.st_mode)) { - errno = ENOTDIR; - return(0); - } - break; - } - } - - for (;;) { - if (doopen) { - if ((*doopen = - open(path, O_CREAT|O_EXCL|O_RDWR|extraFlags, 0600)) >= 0) - return(1); - if (errno != EEXIST) - return(0); - } - else if (stat(path, &sbuf)) - return(errno == ENOENT ? 1 : 0); - - /* tricky little algorithm for backward compatibility */ - for (trv = start;;) { - if (!*trv) - return(0); - if (*trv == 'z') - *trv++ = 'a'; - else { - if (isdigit(*trv)) - *trv = 'a'; - else - ++*trv; - break; - } - } - } - /*NOTREACHED*/ -} diff --git a/dbm/src/ndbm.c b/dbm/src/ndbm.c deleted file mode 100644 index ca008de0c3..0000000000 --- a/dbm/src/ndbm.c +++ /dev/null @@ -1,195 +0,0 @@ -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Margo Seltzer. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)ndbm.c 8.4 (Berkeley) 7/21/94"; -#endif /* LIBC_SCCS and not lint */ - -#include "watcomfx.h" - -/* - * This package provides a dbm compatible interface to the new hashing - * package described in db(3). - */ -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(XP_OS2_VACPP) -#include -#endif - -#if defined(__linux) -#include -#endif - -#include -#include - -#include "ndbm.h" -#include "hash.h" - -/* - * Returns: - * *DBM on success - * NULL on failure - */ -extern DBM * -dbm_open(const char *file, int flags, int mode) -{ - HASHINFO info; - char path[MAXPATHLEN]; - - info.bsize = 4096; - info.ffactor = 40; - info.nelem = 1; - info.cachesize = 0; - info.hash = NULL; - info.lorder = 0; - (void)strcpy(path, file); - (void)strcat(path, DBM_SUFFIX); - return ((DBM *)__hash_open(path, flags, mode, &info, 0)); -} - -extern void -dbm_close(DBM *db) -{ - (void)(db->close)(db); -} - -/* - * Returns: - * DATUM on success - * NULL on failure - */ -extern datum -dbm_fetch(DBM *db, datum key) -{ - datum retval; - int status; - - status = (db->get)(db, (DBT *)&key, (DBT *)&retval, 0); - if (status) { - retval.dptr = NULL; - retval.dsize = 0; - } - return (retval); -} - -/* - * Returns: - * DATUM on success - * NULL on failure - */ -extern datum -dbm_firstkey(DBM *db) -{ - int status; - datum retdata, retkey; - - status = (db->seq)(db, (DBT *)&retkey, (DBT *)&retdata, R_FIRST); - if (status) - retkey.dptr = NULL; - return (retkey); -} - -/* - * Returns: - * DATUM on success - * NULL on failure - */ -extern datum -dbm_nextkey(DBM *db) -{ - int status; - datum retdata, retkey; - - status = (db->seq)(db, (DBT *)&retkey, (DBT *)&retdata, R_NEXT); - if (status) - retkey.dptr = NULL; - return (retkey); -} -/* - * Returns: - * 0 on success - * <0 failure - */ -extern int -dbm_delete(DBM *db, datum key) -{ - int status; - - status = (db->del)(db, (DBT *)&key, 0); - if (status) - return (-1); - else - return (0); -} - -/* - * Returns: - * 0 on success - * <0 failure - * 1 if DBM_INSERT and entry exists - */ -extern int -dbm_store(DBM *db, datum key, datum content, int flags) -{ - return ((db->put)(db, (DBT *)&key, (DBT *)&content, - (flags == DBM_INSERT) ? R_NOOVERWRITE : 0)); -} - - -extern int -dbm_error(DBM *db) -{ - HTAB *hp; - - hp = (HTAB *)db->internal; - return (hp->dbmerrno); -} - -extern int -dbm_clearerr(DBM *db) -{ - HTAB *hp; - - hp = (HTAB *)db->internal; - hp->dbmerrno = 0; - return (0); -} - -extern int -dbm_dirfno(DBM *db) -{ - return(((HTAB *)db->internal)->fp); -} diff --git a/dbm/src/nsres.c b/dbm/src/nsres.c deleted file mode 100644 index 4b4dae4a22..0000000000 --- a/dbm/src/nsres.c +++ /dev/null @@ -1,305 +0,0 @@ -#include "watcomfx.h" - -#include "nsres.h" - -#include - -#include - -#include - -struct RESDATABASE -{ - DB *hdb; - NSRESTHREADINFO *threadinfo; - char * pbuf[MAXBUFNUM]; -} ; -typedef struct RESDATABASE * RESHANDLE; - -typedef struct STRINGDATA -{ - char *str; - unsigned int charsetid; -} STRINGDATA; - - -typedef unsigned int CHARSETTYPE; -#define RES_LOCK if (hres->threadinfo) hres->threadinfo->fn_lock(hres->threadinfo->lock); -#define RES_UNLOCK if (hres->threadinfo) hres->threadinfo->fn_unlock(hres->threadinfo->lock); - -int GenKeyData(const char *library, int32 id, DBT *key); - -/* - Right now, the page size used for resource is same as for Navigator cache - database - */ -HASHINFO res_hash_info = { - 32*1024, - 0, - 0, - 0, - 0, /* 64 * 1024U */ - 0}; - -int GenKeyData(const char *library, int32 id, DBT *key) -{ - char idstr[10]; - static char * strdata = NULL; - size_t len; - - if (strdata) - free (strdata); - - if (id == 0) - idstr[0] = '\0'; - else - { - sprintf(idstr, "%d", id); - /* itoa(id, idstr, 10); */ - } - - if (library == NULL) - len = strlen(idstr) + 1; - else - len = strlen(library) + strlen(idstr) + 1; - strdata = (char *) malloc (len); - strcpy(strdata, library); - strcat(strdata, idstr); - - key->size = len; - key->data = strdata; - - return 1; -} - -NSRESHANDLE NSResCreateTable(const char *filename, NSRESTHREADINFO *threadinfo) -{ - RESHANDLE hres; - int flag; - - flag = O_RDWR | O_CREAT; - - hres = (RESHANDLE) calloc ( 1, sizeof(struct RESDATABASE) ); - - if (threadinfo && threadinfo->lock && threadinfo->fn_lock - && threadinfo->fn_unlock) - { - hres->threadinfo = (NSRESTHREADINFO *) malloc( sizeof(NSRESTHREADINFO) ); - hres->threadinfo->lock = threadinfo->lock; - hres->threadinfo->fn_lock = threadinfo->fn_lock; - hres->threadinfo->fn_unlock = threadinfo->fn_unlock; - } - - - RES_LOCK - - hres->hdb = dbopen(filename, flag, 0644, DB_HASH, &res_hash_info); - - RES_UNLOCK - - if(!hres->hdb) - return NULL; - - return (NSRESHANDLE) hres; -} - -NSRESHANDLE NSResOpenTable(const char *filename, NSRESTHREADINFO *threadinfo) -{ - RESHANDLE hres; - int flag; - - flag = O_RDONLY; /* only open database for reading */ - - hres = (RESHANDLE) calloc ( 1, sizeof(struct RESDATABASE) ); - - if (threadinfo && threadinfo->lock && threadinfo->fn_lock - && threadinfo->fn_unlock) - { - hres->threadinfo = (NSRESTHREADINFO *) malloc( sizeof(NSRESTHREADINFO) ); - hres->threadinfo->lock = threadinfo->lock; - hres->threadinfo->fn_lock = threadinfo->fn_lock; - hres->threadinfo->fn_unlock = threadinfo->fn_unlock; - } - - - RES_LOCK - - hres->hdb = dbopen(filename, flag, 0644, DB_HASH, &res_hash_info); - - RES_UNLOCK - - if(!hres->hdb) - return NULL; - - return (NSRESHANDLE) hres; -} - - - -void NSResCloseTable(NSRESHANDLE handle) -{ - RESHANDLE hres; - int i; - - if (handle == NULL) - return; - hres = (RESHANDLE) handle; - - RES_LOCK - - (*hres->hdb->sync)(hres->hdb, 0); - (*hres->hdb->close)(hres->hdb); - - RES_UNLOCK - - for (i = 0; i < MAXBUFNUM; i++) - { - if (hres->pbuf[i]) - free (hres->pbuf[i]); - } - - if (hres->threadinfo) - free (hres->threadinfo); - free (hres); -} - - -char *NSResLoadString(NSRESHANDLE handle, const char * library, int32 id, - unsigned int charsetid, char *retbuf) -{ - int status; - RESHANDLE hres; - DBT key, data; - if (handle == NULL) - return NULL; - - hres = (RESHANDLE) handle; - GenKeyData(library, id, &key); - - RES_LOCK - - status = (*hres->hdb->get)(hres->hdb, &key, &data, 0); - - RES_UNLOCK - - if (retbuf) - { - memcpy(retbuf, (char *)data.data + sizeof(CHARSETTYPE), data.size - sizeof(CHARSETTYPE)); - return retbuf; - } - else - { - static int WhichString = 0; - static int bFirstTime = 1; - char *szLoadedString; - int i; - - RES_LOCK - - if (bFirstTime) { - for (i = 0; i < MAXBUFNUM; i++) - hres->pbuf[i] = (char *) malloc(MAXSTRINGLEN * sizeof(char)); - bFirstTime = 0; - } - - szLoadedString = hres->pbuf[WhichString]; - WhichString++; - - /* reset to 0, if WhichString reaches to the end */ - if (WhichString == MAXBUFNUM) - WhichString = 0; - - if (status == 0) - memcpy(szLoadedString, (char *) data.data + sizeof(CHARSETTYPE), - data.size - sizeof(CHARSETTYPE)); - else - szLoadedString[0] = 0; - - RES_UNLOCK - - return szLoadedString; - } -} - -int32 NSResGetSize(NSRESHANDLE handle, const char *library, int32 id) -{ - int status; - RESHANDLE hres; - DBT key, data; - if (handle == NULL) - return 0; - hres = (RESHANDLE) handle; - GenKeyData(library, id, &key); - - RES_LOCK - - status = (*hres->hdb->get)(hres->hdb, &key, &data, 0); - - RES_UNLOCK - - return data.size - sizeof(CHARSETTYPE); -} - -int32 NSResLoadResource(NSRESHANDLE handle, const char *library, int32 id, char *retbuf) -{ - int status; - RESHANDLE hres; - DBT key, data; - if (handle == NULL) - return 0; - hres = (RESHANDLE) handle; - GenKeyData(library, id, &key); - - RES_LOCK - - status = (*hres->hdb->get)(hres->hdb, &key, &data, 0); - - RES_UNLOCK - - if (retbuf) - { - memcpy(retbuf, (char *)data.data + sizeof(CHARSETTYPE), data.size - sizeof(CHARSETTYPE)); - return data.size; - } - else - return 0; -} - -int NSResAddString(NSRESHANDLE handle, const char *library, int32 id, - const char *string, unsigned int charset) -{ - int status; - RESHANDLE hres; - DBT key, data; - char * recdata; - - if (handle == NULL) - return 0; - hres = (RESHANDLE) handle; - - GenKeyData(library, id, &key); - - data.size = sizeof(CHARSETTYPE) + (strlen(string) + 1) ; - - recdata = (char *) malloc(data.size) ; - - /* set charset to the first field of record data */ - *((CHARSETTYPE *)recdata) = (CHARSETTYPE)charset; - - /* set data field */ - memcpy(recdata+sizeof(CHARSETTYPE), string, strlen(string) + 1); - - data.data = recdata; - - RES_LOCK - - status = (*hres->hdb->put)(hres->hdb, &key, &data, 0); - - - if (recdata) - free(recdata); - - RES_UNLOCK - - return status; -} diff --git a/dbm/src/snprintf.c b/dbm/src/snprintf.c deleted file mode 100644 index 4987785723..0000000000 --- a/dbm/src/snprintf.c +++ /dev/null @@ -1,75 +0,0 @@ -#ifndef HAVE_SNPRINTF - -#include "watcomfx.h" -#include -#include -#include - -#ifdef HAVE_SYS_CDEFS_H -#include -#else -#include "cdefs.h" -#endif - -#include "prtypes.h" - -#include - -/* The OS/2 VAC compiler doesn't appear to define __STDC__ and won't let us define it either */ -#if defined(__STDC__) || defined(XP_OS2_VACPP) -#include -#else -#include -#endif - -int -#if defined(__STDC__) || defined(XP_OS2_VACPP) -snprintf(char *str, size_t n, const char *fmt, ...) -#else -snprintf(str, n, fmt, va_alist) - char *str; - size_t n; - const char *fmt; - va_dcl -#endif -{ - va_list ap; -#ifdef VSPRINTF_CHARSTAR - char *rp; -#else - int rval; -#endif -#if defined(__STDC__) || defined(XP_OS2_VACPP) - va_start(ap, fmt); -#else - va_start(ap); -#endif -#ifdef VSPRINTF_CHARSTAR - rp = vsprintf(str, fmt, ap); - va_end(ap); - return (strlen(rp)); -#else - rval = vsprintf(str, fmt, ap); - va_end(ap); - return (rval); -#endif -} - -int -vsnprintf(str, n, fmt, ap) - char *str; - size_t n; - const char *fmt; - va_list ap; -{ -#ifdef VSPRINTF_CHARSTAR - return (strlen(vsprintf(str, fmt, ap))); -#else - return (vsprintf(str, fmt, ap)); -#endif -} - -#endif /* HAVE_SNPRINTF */ - -/* Some compilers don't like an empty source file. */ -static int dummy = 0; diff --git a/dbm/src/strerror.c b/dbm/src/strerror.c deleted file mode 100644 index d1ae2666aa..0000000000 --- a/dbm/src/strerror.c +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright (c) 1988, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)strerror.c 8.1 (Berkeley) 6/4/93"; -#endif /* LIBC_SCCS and not lint */ - -#include "watcomfx.h" - -#include - -#ifdef _DLL -#define sys_nerr (*_sys_nerr_dll) -#endif - -#ifndef HAVE_STRERROR -#ifndef _AFXDLL -char * -strerror(num) - int num; -{ - extern int sys_nerr; - extern char *sys_errlist[]; -#define UPREFIX "Unknown error: " - static char ebuf[40] = UPREFIX; /* 64-bit number + slop */ - register unsigned int errnum; - register char *p, *t; - char tmp[40]; - - errnum = num; /* convert to unsigned */ - if (errnum < sys_nerr) - return(sys_errlist[errnum]); - - /* Do this by hand, so we don't include stdio(3). */ - t = tmp; - do { - *t++ = "0123456789"[errnum % 10]; - } while (errnum /= 10); - for (p = ebuf + sizeof(UPREFIX) - 1;;) { - *p++ = *--t; - if (t <= tmp) - break; - } - return(ebuf); -} - -#endif -#endif /* !HAVE_STRERROR */ diff --git a/dbm/tests/.cvsignore b/dbm/tests/.cvsignore deleted file mode 100644 index a21fbfc35f..0000000000 --- a/dbm/tests/.cvsignore +++ /dev/null @@ -1,3 +0,0 @@ -Makefile -lots -test.db diff --git a/dbm/tests/Makefile.in b/dbm/tests/Makefile.in deleted file mode 100644 index ffb83f29b3..0000000000 --- a/dbm/tests/Makefile.in +++ /dev/null @@ -1,62 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is mozilla.org code. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1998 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -DEPTH = ../.. -topsrcdir = @top_srcdir@ -srcdir = @srcdir@ -VPATH = @srcdir@ - -include $(DEPTH)/config/autoconf.mk - -MODULE = dbm - -PACKAGE_FILE = dbmtest.pkg - -PROGRAM = lots$(BIN_SUFFIX) - -CSRCS = lots.c - -ifeq ($(OS_ARCH),WINNT) -EXTRA_DSO_LIBS = dbm$(MOZ_BITS) -else -EXTRA_DSO_LIBS = mozdbm_s -endif - -LIBS = $(EXTRA_DSO_LIBS) - -include $(topsrcdir)/config/rules.mk - diff --git a/dbm/tests/dbmtest.pkg b/dbm/tests/dbmtest.pkg deleted file mode 100644 index abd564bedf..0000000000 --- a/dbm/tests/dbmtest.pkg +++ /dev/null @@ -1,2 +0,0 @@ -[gecko-tests] -dist/bin/lots@BINS@ diff --git a/dbm/tests/lots.c b/dbm/tests/lots.c deleted file mode 100644 index 20b86c5943..0000000000 --- a/dbm/tests/lots.c +++ /dev/null @@ -1,638 +0,0 @@ -/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is mozilla.org code. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1998 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* use sequental numbers printed to strings - * to store lots and lots of entries in the - * database. - * - * Start with 100 entries, put them and then - * read them out. Then delete the first - * half and verify that all of the first half - * is gone and then verify that the second - * half is still there. - * Then add the first half back and verify - * again. Then delete the middle third - * and verify again. - * Then increase the size by 1000 and do - * the whole add delete thing again. - * - * The data for each object is the number string translated - * to hex and replicated a random number of times. The - * number of times that the data is replicated is the first - * int32 in the data. - */ - -#include - -#include -#ifdef STDC_HEADERS -#include -#else -#include -#endif - -#ifdef HAVE_MEMORY_H -#include -#endif -#include -#include -#include "mcom_db.h" - -DB *database=0; -int MsgPriority=5; - -#if defined(_WINDOWS) && !defined(WIN32) -#define int32 long -#define uint32 unsigned long -#else -#define int32 int -#define uint32 unsigned int -#endif - -typedef enum { -USE_LARGE_KEY, -USE_SMALL_KEY -} key_type_enum; - -#define TraceMe(priority, msg) \ - do { \ - if(priority <= MsgPriority) \ - { \ - ReportStatus msg; \ - } \ - } while(0) - -int -ReportStatus(char *string, ...) -{ - va_list args; - -#ifdef STDC_HEADERS - va_start(args, string); -#else - va_start(args); -#endif - vfprintf(stderr, string, args); - va_end(args); - - fprintf (stderr, "\n"); - - return(0); -} - -int -ReportError(char *string, ...) -{ - va_list args; - -#ifdef STDC_HEADERS - va_start(args, string); -#else - va_start(args); -#endif - fprintf (stderr, "\n "); - vfprintf(stderr, string, args); - fprintf (stderr, "\n"); - va_end(args); - - return(0); -} - -DBT * MakeLargeKey(int32 num) -{ - int32 low_bits; - static DBT rv; - static char *string_rv=0; - int rep_char; - size_t size; - - if(string_rv) - free(string_rv); - - /* generate a really large text key derived from - * an int32 - */ - low_bits = (num % 10000) + 1; - - /* get the repeat char from the low 26 */ - rep_char = (char) ((low_bits % 26) + 'a'); - - /* malloc a string low_bits wide */ - size = low_bits*sizeof(char); - string_rv = (char *)malloc(size); - - memset(string_rv, rep_char, size); - - rv.data = string_rv; - rv.size = size; - - return(&rv); -} - -DBT * MakeSmallKey(int32 num) -{ - static DBT rv; - static char data_string[64]; - - rv.data = data_string; - - sprintf(data_string, "%ld", (long)num); - rv.size = strlen(data_string); - - return(&rv); - -} - -DBT * GenKey(int32 num, key_type_enum key_type) -{ - DBT *key; - - switch(key_type) - { - case USE_LARGE_KEY: - key = MakeLargeKey(num); - break; - case USE_SMALL_KEY: - key = MakeSmallKey(num); - break; - default: - abort(); - break; - } - - return(key); -} - -int -SeqDatabase() -{ - int status; - DBT key, data; - - ReportStatus("SEQuencing through database..."); - - /* seq throught the whole database */ - if(!(status = (*database->seq)(database, &key, &data, R_FIRST))) - { - while(!(status = (database->seq) (database, &key, &data, R_NEXT))); - ; /* null body */ - } - - if(status < 0) - ReportError("Error seq'ing database"); - - return(status); -} - -int -VerifyData(DBT *data, int32 num, key_type_enum key_type) -{ - int32 count, compare_num; - size_t size; - int32 *int32_array; - - /* The first int32 is count - * The other n entries should - * all equal num - */ - if(data->size < sizeof(int32)) - { - ReportError("Data size corrupted"); - return -1; - } - - memcpy(&count, data->data, sizeof(int32)); - - size = sizeof(int32)*(count+1); - - if(size != data->size) - { - ReportError("Data size corrupted"); - return -1; - } - - int32_array = (int32*)data->data; - - for(;count > 0; count--) - { - memcpy(&compare_num, &int32_array[count], sizeof(int32)); - - if(compare_num != num) - { - ReportError("Data corrupted"); - return -1; - } - } - - return(0); -} - - -/* verify that a range of number strings exist - * or don't exist. And that the data is valid - */ -#define SHOULD_EXIST 1 -#define SHOULD_NOT_EXIST 0 -int -VerifyRange(int32 low, int32 high, int32 should_exist, key_type_enum key_type) -{ - DBT *key, data; - int32 num; - int status; - - TraceMe(1, ("Verifying: %ld to %ld, using %s keys", - low, high, key_type == USE_SMALL_KEY ? "SMALL" : "LARGE")); - - for(num = low; num <= high; num++) - { - - key = GenKey(num, key_type); - - status = (*database->get)(database, key, &data, 0); - - if(status == 0) - { - /* got the item */ - if(!should_exist) - { - ReportError("Item exists but shouldn't: %ld", num); - } - else - { - /* else verify the data */ - VerifyData(&data, num, key_type); - } - } - else if(status > 0) - { - /* item not found */ - if(should_exist) - { - ReportError("Item not found but should be: %ld", num); - } - } - else - { - /* database error */ - ReportError("Database error"); - return(-1); - } - - } - - TraceMe(1, ("Correctly verified: %ld to %ld", low, high)); - - return(0); - -} - -DBT * -GenData(int32 num) -{ - int32 n; - static DBT *data=0; - int32 *int32_array; - size_t size; - - if(!data) - { - data = (DBT*)malloc(sizeof(DBT)); - data->size = 0; - data->data = 0; - } - else if(data->data) - { - free(data->data); - } - - n = rand(); - - n = n % 512; /* bound to a 2K size */ - - - size = sizeof(int32)*(n+1); - int32_array = (int32 *) malloc(size); - - memcpy(&int32_array[0], &n, sizeof(int32)); - - for(; n > 0; n--) - { - memcpy(&int32_array[n], &num, sizeof(int32)); - } - - data->data = (void*)int32_array; - data->size = size; - - return(data); -} - -#define ADD_RANGE 1 -#define DELETE_RANGE 2 - -int -AddOrDelRange(int32 low, int32 high, int action, key_type_enum key_type) -{ - DBT *key, *data; -#if 0 /* only do this if your really analy checking the puts */ - DBT tmp_data; -#endif - int32 num; - int status; - - if(action != ADD_RANGE && action != DELETE_RANGE) - assert(0); - - if(action == ADD_RANGE) - { - TraceMe(1, ("Adding: %ld to %ld: %s keys", low, high, - key_type == USE_SMALL_KEY ? "SMALL" : "LARGE")); - } - else - { - TraceMe(1, ("Deleting: %ld to %ld: %s keys", low, high, - key_type == USE_SMALL_KEY ? "SMALL" : "LARGE")); - } - - for(num = low; num <= high; num++) - { - - key = GenKey(num, key_type); - - if(action == ADD_RANGE) - { - data = GenData(num); - status = (*database->put)(database, key, data, 0); - } - else - { - status = (*database->del)(database, key, 0); - } - - if(status < 0) - { - ReportError("Database error %s item: %ld", - action == ADD_RANGE ? "ADDING" : "DELETING", - num); - } - else if(status > 0) - { - ReportError("Could not %s item: %ld", - action == ADD_RANGE ? "ADD" : "DELETE", - num); - } - else if(action == ADD_RANGE) - { -#define SYNC_EVERY_TIME -#ifdef SYNC_EVERY_TIME - status = (*database->sync)(database, 0); - if(status != 0) - ReportError("Database error syncing after add"); -#endif - -#if 0 /* only do this if your really analy checking the puts */ - - /* make sure we can still get it - */ - status = (*database->get)(database, key, &tmp_data, 0); - - if(status != 0) - { - ReportError("Database error checking item just added: %d", - num); - } - else - { - /* now verify that none of the ones we already - * put in have disappeared - */ - VerifyRange(low, num, SHOULD_EXIST, key_type); - } -#endif - - } - } - - - if(action == ADD_RANGE) - { - TraceMe(1, ("Successfully added: %ld to %ld", low, high)); - } - else - { - TraceMe(1, ("Successfully deleted: %ld to %ld", low, high)); - } - - return(0); -} - -int -TestRange(int32 low, int32 range, key_type_enum key_type) -{ - int status; int32 low_of_range1, high_of_range1; int32 low_of_range2, high_of_range2; - int32 low_of_range3, high_of_range3; - - status = AddOrDelRange(low, low+range, ADD_RANGE, key_type); - status = VerifyRange(low, low+range, SHOULD_EXIST, key_type); - - TraceMe(1, ("Finished with sub test 1")); - - SeqDatabase(); - - low_of_range1 = low; - high_of_range1 = low+(range/2); - low_of_range2 = high_of_range1+1; - high_of_range2 = low+range; - status = AddOrDelRange(low_of_range1, high_of_range1, DELETE_RANGE, key_type); - status = VerifyRange(low_of_range1, high_of_range1, SHOULD_NOT_EXIST, key_type); - status = VerifyRange(low_of_range2, low_of_range2, SHOULD_EXIST, key_type); - - TraceMe(1, ("Finished with sub test 2")); - - SeqDatabase(); - - status = AddOrDelRange(low_of_range1, high_of_range1, ADD_RANGE, key_type); - /* the whole thing should exist now */ - status = VerifyRange(low, low+range, SHOULD_EXIST, key_type); - - TraceMe(1, ("Finished with sub test 3")); - - SeqDatabase(); - - status = AddOrDelRange(low_of_range2, high_of_range2, DELETE_RANGE, key_type); - status = VerifyRange(low_of_range1, high_of_range1, SHOULD_EXIST, key_type); - status = VerifyRange(low_of_range2, high_of_range2, SHOULD_NOT_EXIST, key_type); - - TraceMe(1, ("Finished with sub test 4")); - - SeqDatabase(); - - status = AddOrDelRange(low_of_range2, high_of_range2, ADD_RANGE, key_type); - /* the whole thing should exist now */ - status = VerifyRange(low, low+range, SHOULD_EXIST, key_type); - - TraceMe(1, ("Finished with sub test 5")); - - SeqDatabase(); - - low_of_range1 = low; - high_of_range1 = low+(range/3); - low_of_range2 = high_of_range1+1; - high_of_range2 = high_of_range1+(range/3); - low_of_range3 = high_of_range2+1; - high_of_range3 = low+range; - /* delete range 2 */ - status = AddOrDelRange(low_of_range2, high_of_range2, DELETE_RANGE, key_type); - status = VerifyRange(low_of_range1, high_of_range1, SHOULD_EXIST, key_type); - status = VerifyRange(low_of_range2, low_of_range2, SHOULD_NOT_EXIST, key_type); - status = VerifyRange(low_of_range3, low_of_range2, SHOULD_EXIST, key_type); - - TraceMe(1, ("Finished with sub test 6")); - - SeqDatabase(); - - status = AddOrDelRange(low_of_range2, high_of_range2, ADD_RANGE, key_type); - /* the whole thing should exist now */ - status = VerifyRange(low, low+range, SHOULD_EXIST, key_type); - - TraceMe(1, ("Finished with sub test 7")); - - return(0); -} - -#define START_RANGE 109876 -int -main(int argc, char **argv) -{ - int32 i, j=0; - int quick_exit = 0; - int large_keys = 0; - HASHINFO hash_info = { - 16*1024, - 0, - 0, - 0, - 0, - 0}; - - - if(argc > 1) - { - while(argc > 1) - { - if(!strcmp(argv[argc-1], "-quick")) - quick_exit = 1; - else if(!strcmp(argv[argc-1], "-large")) - { - large_keys = 1; - } - argc--; - } - } - - database = dbopen("test.db", O_RDWR | O_CREAT, 0644, DB_HASH, &hash_info); - - if(!database) - { - ReportError("Could not open database"); -#ifdef unix - perror(""); -#endif - exit(1); - } - - if(quick_exit) - { - if(large_keys) - TestRange(START_RANGE, 200, USE_LARGE_KEY); - else - TestRange(START_RANGE, 200, USE_SMALL_KEY); - - (*database->sync)(database, 0); - (*database->close)(database); - exit(0); - } - - for(i=100; i < 10000000; i+=200) - { - if(1 || j) - { - TestRange(START_RANGE, i, USE_LARGE_KEY); - j = 0; - } - else - { - TestRange(START_RANGE, i, USE_SMALL_KEY); - j = 1; - } - - if(1 == rand() % 3) - { - (*database->sync)(database, 0); - } - - if(1 == rand() % 3) - { - /* close and reopen */ - (*database->close)(database); - database = dbopen("test.db", O_RDWR | O_CREAT, 0644, DB_HASH, 0); - if(!database) - { - ReportError("Could not reopen database"); -#ifdef unix - perror(""); -#endif - exit(1); - } - } - else - { - /* reopen database without closeing the other */ - database = dbopen("test.db", O_RDWR | O_CREAT, 0644, DB_HASH, 0); - if(!database) - { - ReportError("Could not reopen database " - "after not closing the other"); -#ifdef unix - perror(""); -#endif - exit(1); - } - } - } - - return(0); -} diff --git a/security/nss/tests/perf/perf.sh b/security/coreconf/makefile.win old mode 100755 new mode 100644 similarity index 52% rename from security/nss/tests/perf/perf.sh rename to security/coreconf/makefile.win index 7fee17c1e4..6f3e244b4d --- a/security/nss/tests/perf/perf.sh +++ b/security/coreconf/makefile.win @@ -1,5 +1,4 @@ -#! /bin/sh -# +# # ***** BEGIN LICENSE BLOCK ***** # Version: MPL 1.1/GPL 2.0/LGPL 2.1 # @@ -36,57 +35,70 @@ # # ***** END LICENSE BLOCK ***** -######################################################################## # -# mozilla/security/nss/tests/perf/perf.sh +# An NMAKE file to set up and adjust coreconf's build system for +# Client build. Client build should invoke NMAKE on this file +# instead of invoking gmake directly. # -# script run from the nightly NSS QA to measure nss performance -# needs to work on all Unix and Windows platforms + +NS_DEPTH = .. +include <$(NS_DEPTH)\config\config.mak> +#include <$(NS_DEPTH)\config\rules.mak> + # -# special strings -# --------------- -# FIXME ... known problems, search for this string -# NOTE .... unexpected behavior +# Backslashes are escape characters to gmake, so flip all backslashes +# in $(MOZ_TOOLS) to forward slashes and pass that to gmake. # -######################################################################## -############################## perf_init ############################## -# local shell function to initialize this script -######################################################################## +GMAKE = $(MOZ_TOOLS)\bin\gmake.exe MOZ_TOOLS_FLIPPED=$(MOZ_TOOLS:\=/) -perf_init() -{ - SCRIPTNAME="perf.sh" - if [ -z "${INIT_SOURCED}" ] ; then - cd ../common - . ./init.sh - fi - SCRIPTNAME="perf.sh" - PERFDIR=${HOSTDIR}/perf - mkdir -p ${PERFDIR} -} +GMAKE = $(GMAKE) PR_CLIENT_BUILD=1 PR_CLIENT_BUILD_WINDOWS=1 -perf_init -RSAPERF_OUT=`rsaperf -i 300 -s -n none` -RSAPERF_OUT=`echo $RSAPERF_OUT | sed \ - -e "s/^/RSAPERF: $OBJDIR /" \ - -e 's/microseconds/us/' \ - -e 's/milliseconds/ms/' \ - -e 's/seconds/s/' \ - -e 's/ minutes, and /_min_/'` +# +# The Client's debug build uses MSVC's debug runtime library (/MDd). +# + +!ifdef MOZ_DEBUG +GMAKE = $(GMAKE) USE_DEBUG_RTL=1 +!else +GMAKE = $(GMAKE) BUILD_OPT=1 +!endif -echo "$RSAPERF_OUT" +!if "$(MOZ_BITS)" == "16" +GMAKE = $(GMAKE) OS_TARGET=WIN16 +!else +GMAKE = $(GMAKE) OS_TARGET=WIN95 +!ifdef MOZ_DEBUG +PR_OBJDIR = WIN954.0_DBG.OBJD +!else +PR_OBJDIR = WIN954.0_OPT.OBJ +!endif +!endif -#FIXME -#export RSAPERF_OUT # -#perl -e ' +# The rules. Simply invoke gmake with the same target +# for Win16, use the watcom compiler with the MSVC headers and libs +# -#@rsaperf=split(/ /, $ENV{RSAPERF_OUT}); +# this rule is needed so that nmake with no explicit target will only build +# all, and not build all the targets named below in succession! +default:: all -#echo "${RSAPERF_OUT}" | read IT_NUM T1 T2 TOT_TIM TOT_TIM_U \ - #T3 T4 T5 AVRG_TIM AVRG_TIM_U +# a rule like this one must only be used for explicitly named targets! +all depend export libs install clobber clobber_all clean:: +!if "$(MOZ_BITS)" == "16" + set PATH=%WATCPATH% + set INCLUDE=%MSVC_INC% + set LIB=%MSVC_LIB% +!endif + $(GMAKE) $@ +!if "$(MOZ_BITS)" == "16" + set PATH=%MSVCPATH% + set INCLUDE=%MSVC_INC% + set LIB=%MSVC_LIB% +!endif -#300 iterations in 8.881 seconds one operation every 29606 microseconds +show: + @echo "MAKEFLAGS = $(MAKEFLAGS)" diff --git a/security/nss/cmd/crmf-cgi/config.mk b/security/coreconf/nsinstall/nfspwd old mode 100644 new mode 100755 similarity index 84% rename from security/nss/cmd/crmf-cgi/config.mk rename to security/coreconf/nsinstall/nfspwd index f3a06d153b..66345aa071 --- a/security/nss/cmd/crmf-cgi/config.mk +++ b/security/coreconf/nsinstall/nfspwd @@ -1,4 +1,5 @@ -# +#! perl +# # ***** BEGIN LICENSE BLOCK ***** # Version: MPL 1.1/GPL 2.0/LGPL 2.1 # @@ -35,14 +36,15 @@ # # ***** END LICENSE BLOCK ***** +require "fastcwd.pl"; -# -# Override TARGETS variable so that only static libraries -# are specifed as dependencies within rules.mk. -# - -TARGETS = $(PROGRAM) -SHARED_LIBRARY = -IMPORT_LIBRARY = -LIBRARY = - +$_ = &fastcwd; +if (m@^/[uh]/@o || s@^/tmp_mnt/@/@o) { + print("$_\n"); +} elsif ((($user, $rest) = m@^/usr/people/(\w+)/(.*)@o) + && readlink("/u/$user") eq "/usr/people/$user") { + print("/u/$user/$rest\n"); +} else { + chop($host = `hostname`); + print("/h/$host$_\n"); +} diff --git a/security/nss/cmd/crmftest/config.mk b/security/coreconf/nsinstall/nfspwd.pl similarity index 84% rename from security/nss/cmd/crmftest/config.mk rename to security/coreconf/nsinstall/nfspwd.pl index ea8b592d6f..66345aa071 100644 --- a/security/nss/cmd/crmftest/config.mk +++ b/security/coreconf/nsinstall/nfspwd.pl @@ -1,3 +1,4 @@ +#! perl # # ***** BEGIN LICENSE BLOCK ***** # Version: MPL 1.1/GPL 2.0/LGPL 2.1 @@ -35,13 +36,15 @@ # # ***** END LICENSE BLOCK ***** -# -# Override TARGETS variable so that only static libraries -# are specifed as dependencies within rules.mk. -# - -TARGETS = $(PROGRAM) -SHARED_LIBRARY = -IMPORT_LIBRARY = -LIBRARY = +require "fastcwd.pl"; +$_ = &fastcwd; +if (m@^/[uh]/@o || s@^/tmp_mnt/@/@o) { + print("$_\n"); +} elsif ((($user, $rest) = m@^/usr/people/(\w+)/(.*)@o) + && readlink("/u/$user") eq "/usr/people/$user") { + print("/u/$user/$rest\n"); +} else { + chop($host = `hostname`); + print("/h/$host$_\n"); +} diff --git a/security/dbm/Makefile b/security/dbm/Makefile deleted file mode 100644 index 34cd6d8991..0000000000 --- a/security/dbm/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -coreconf_hack: - cd ../coreconf; gmake - gmake import - -RelEng_bld: coreconf_hack - gmake diff --git a/security/dbm/config/config.mk b/security/dbm/config/config.mk deleted file mode 100644 index 7533649318..0000000000 --- a/security/dbm/config/config.mk +++ /dev/null @@ -1,67 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# -# These macros are defined by mozilla's configure script. -# We define them manually here. -# - -DEFINES += -DSTDC_HEADERS -DHAVE_STRERROR - -# -# Most platforms have snprintf, so it's simpler to list the exceptions. -# -HAVE_SNPRINTF = 1 -# -# OSF1 V4.0D doesn't have snprintf but V5.0A does. -# -ifeq ($(OS_TARGET)$(OS_RELEASE),OSF1V4.0D) -HAVE_SNPRINTF = -endif -ifdef HAVE_SNPRINTF -DEFINES += -DHAVE_SNPRINTF -endif - -ifeq (,$(filter-out IRIX Linux,$(OS_TARGET))) -DEFINES += -DHAVE_SYS_CDEFS_H -endif - -ifeq (,$(filter-out DGUX NCR ReliantUNIX SCO_SV SCOOS UNIXWARE,$(OS_TARGET))) -DEFINES += -DHAVE_SYS_BYTEORDER_H -endif - -# -# None of the platforms that we are interested in need to -# define HAVE_MEMORY_H. -# diff --git a/security/dbm/include/Makefile b/security/dbm/include/Makefile deleted file mode 100644 index ba4dd8ddf3..0000000000 --- a/security/dbm/include/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - diff --git a/security/dbm/include/manifest.mn b/security/dbm/include/manifest.mn deleted file mode 100644 index 886fedd988..0000000000 --- a/security/dbm/include/manifest.mn +++ /dev/null @@ -1,57 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/include - -MODULE = dbm - -EXPORTS = nsres.h \ - cdefs.h \ - mcom_db.h \ - ncompat.h \ - winfile.h \ - $(NULL) - -PRIVATE_EXPORTS = hsearch.h \ - page.h \ - extern.h \ - ndbm.h \ - queue.h \ - hash.h \ - mpool.h \ - search.h \ - $(NULL) - diff --git a/security/dbm/manifest.mn b/security/dbm/manifest.mn deleted file mode 100644 index d4065f761a..0000000000 --- a/security/dbm/manifest.mn +++ /dev/null @@ -1,45 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = .. - -MODULE = dbm - -IMPORTS = nspr20/v4.4.1 - -RELEASE = dbm - -DIRS = include \ - src \ - $(NULL) diff --git a/security/dbm/src/Makefile b/security/dbm/src/Makefile deleted file mode 100644 index 8fce983941..0000000000 --- a/security/dbm/src/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/dbm/config/config.mk - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - diff --git a/security/dbm/src/config.mk b/security/dbm/src/config.mk deleted file mode 100644 index 370fd75d63..0000000000 --- a/security/dbm/src/config.mk +++ /dev/null @@ -1,63 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE $(SECURITY_FLAG) - -INCLUDES += -I$(CORE_DEPTH)/../dbm/include - -# -# Currently, override TARGETS variable so that only static libraries -# are specifed as dependencies within rules.mk. -# - -TARGETS = $(LIBRARY) -SHARED_LIBRARY = -IMPORT_LIBRARY = -PURE_LIBRARY = -PROGRAM = - -ifdef SHARED_LIBRARY - ifeq (,$(filter-out WINNT WIN95 WINCE,$(OS_TARGET))) # list omits WIN16 - DLLBASE=/BASE:0x30000000 - RES=$(OBJDIR)/dbm.res - RESNAME=../include/dbm.rc - endif - ifeq ($(DLL_SUFFIX),dll) - DEFINES += -D_DLL - endif -endif - -ifeq ($(OS_TARGET),AIX) - OS_LIBS += -lc_r -endif diff --git a/security/dbm/src/dirent.c b/security/dbm/src/dirent.c deleted file mode 100644 index 001a48c5c2..0000000000 --- a/security/dbm/src/dirent.c +++ /dev/null @@ -1,348 +0,0 @@ -#ifdef OS2 - -#include -#include -#include -#include - -#include -#include - -/*#ifndef __EMX__ -#include -#endif */ - -#define INCL_DOSFILEMGR -#define INCL_DOSERRORS -#include - -#if OS2 >= 2 -# define FFBUF FILEFINDBUF3 -# define Word ULONG - /* - * LS20 recommends a request count of 100, but according to the - * APAR text it does not lead to missing files, just to funny - * numbers of returned entries. - * - * LS30 HPFS386 requires a count greater than 2, or some files - * are missing (those starting with a character less that '.'). - * - * Novell looses entries which overflow the buffer. In previous - * versions of dirent2, this could have lead to missing files - * when the average length of 100 directory entries was 40 bytes - * or more (quite unlikely for files on a Novell server). - * - * Conclusion: Make sure that the entries all fit into the buffer - * and that the buffer is large enough for more than 2 entries - * (each entry is at most 300 bytes long). And ignore the LS20 - * effect. - */ -# define Count 25 -# define BufSz (25 * (sizeof(FILEFINDBUF3)+1)) -#else -# define FFBUF FILEFINDBUF -# define Word USHORT -# define BufSz 1024 -# define Count 3 -#endif - -#if defined(__IBMC__) || defined(__IBMCPP__) - #define error(rc) _doserrno = rc, errno = EOS2ERR -#elif defined(MICROSOFT) - #define error(rc) _doserrno = rc, errno = 255 -#else - #define error(rc) errno = 255 -#endif - -struct _dirdescr { - HDIR handle; /* DosFindFirst handle */ - char fstype; /* filesystem type */ - Word count; /* valid entries in */ - long number; /* absolute number of next entry */ - int index; /* relative number of next entry */ - FFBUF * next; /* pointer to next entry */ - char name[MAXPATHLEN+3]; /* directory name */ - unsigned attrmask; /* attribute mask for seekdir */ - struct dirent entry; /* buffer for directory entry */ - BYTE ffbuf[BufSz]; -}; - -/* - * Return first char of filesystem type, or 0 if unknown. - */ -static char -getFSType(const char *path) -{ - static char cache[1+26]; - char drive[3], info[512]; - Word unit, infolen; - char r; - - if (isalpha(path[0]) && path[1] == ':') { - unit = toupper(path[0]) - '@'; - path += 2; - } else { - ULONG driveMap; -#if OS2 >= 2 - if (DosQueryCurrentDisk(&unit, &driveMap)) -#else - if (DosQCurDisk(&unit, &driveMap)) -#endif - return 0; - } - - if ((path[0] == '\\' || path[0] == '/') - && (path[1] == '\\' || path[1] == '/')) - return 0; - - if (cache [unit]) - return cache [unit]; - - drive[0] = '@' + unit; - drive[1] = ':'; - drive[2] = '\0'; - infolen = sizeof info; -#if OS2 >= 2 - if (DosQueryFSAttach(drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen)) - return 0; - if (infolen >= sizeof(FSQBUFFER2)) { - FSQBUFFER2 *p = (FSQBUFFER2 *)info; - r = p->szFSDName[p->cbName]; - } else -#else - if (DosQFSAttach((PSZ)drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen, 0)) - return 0; - if (infolen >= 9) { - char *p = info + sizeof(USHORT); - p += sizeof(USHORT) + *(USHORT *)p + 1 + sizeof(USHORT); - r = *p; - } else -#endif - r = 0; - return cache [unit] = r; -} - -char * -abs_path(const char *name, char *buffer, int len) -{ - char buf[4]; - if (isalpha(name[0]) && name[1] == ':' && name[2] == '\0') { - buf[0] = name[0]; - buf[1] = name[1]; - buf[2] = '.'; - buf[3] = '\0'; - name = buf; - } -#if OS2 >= 2 - if (DosQueryPathInfo((PSZ)name, FIL_QUERYFULLNAME, buffer, len)) -#else - if (DosQPathInfo((PSZ)name, FIL_QUERYFULLNAME, (PBYTE)buffer, len, 0L)) -#endif - return NULL; - return buffer; -} - -DIR * -openxdir(const char *path, unsigned att_mask) -{ - DIR *dir; - char name[MAXPATHLEN+3]; - Word rc; - - dir = malloc(sizeof(DIR)); - if (dir == NULL) { - errno = ENOMEM; - return NULL; - } - - strncpy(name, path, MAXPATHLEN); - name[MAXPATHLEN] = '\0'; - switch (name[strlen(name)-1]) { - default: - strcat(name, "\\"); - case '\\': - case '/': - case ':': - ; - } - strcat(name, "."); - if (!abs_path(name, dir->name, MAXPATHLEN+1)) - strcpy(dir->name, name); - if (dir->name[strlen(dir->name)-1] == '\\') - strcat(dir->name, "*"); - else - strcat(dir->name, "\\*"); - - dir->fstype = getFSType(dir->name); - dir->attrmask = att_mask | A_DIR; - - dir->handle = HDIR_CREATE; - dir->count = 100; -#if OS2 >= 2 - rc = DosFindFirst(dir->name, &dir->handle, dir->attrmask, - dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD); -#else - rc = DosFindFirst((PSZ)dir->name, &dir->handle, dir->attrmask, - (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0); -#endif - switch (rc) { - default: - free(dir); - error(rc); - return NULL; - case NO_ERROR: - case ERROR_NO_MORE_FILES: - ; - } - - dir->number = 0; - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - - return (DIR *)dir; -} - -DIR * -opendir(const char *pathname) -{ - return openxdir(pathname, 0); -} - -struct dirent * -readdir(DIR *dir) -{ - static int dummy_ino = 2; - - if (dir->index == dir->count) { - Word rc; - dir->count = 100; -#if OS2 >= 2 - rc = DosFindNext(dir->handle, dir->ffbuf, - sizeof dir->ffbuf, &dir->count); -#else - rc = DosFindNext(dir->handle, (PFILEFINDBUF)dir->ffbuf, - sizeof dir->ffbuf, &dir->count); -#endif - if (rc) { - error(rc); - return NULL; - } - - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - } - - if (dir->index == dir->count) - return NULL; - - memcpy(dir->entry.d_name, dir->next->achName, dir->next->cchName); - dir->entry.d_name[dir->next->cchName] = '\0'; - dir->entry.d_ino = dummy_ino++; - dir->entry.d_reclen = dir->next->cchName; - dir->entry.d_namlen = dir->next->cchName; - dir->entry.d_size = dir->next->cbFile; - dir->entry.d_attribute = dir->next->attrFile; - dir->entry.d_time = *(USHORT *)&dir->next->ftimeLastWrite; - dir->entry.d_date = *(USHORT *)&dir->next->fdateLastWrite; - - switch (dir->fstype) { - case 'F': /* FAT */ - case 'C': /* CDFS */ - if (dir->next->attrFile & FILE_DIRECTORY) - strupr(dir->entry.d_name); - else - strlwr(dir->entry.d_name); - } - -#if OS2 >= 2 - dir->next = (FFBUF *)((BYTE *)dir->next + dir->next->oNextEntryOffset); -#else - dir->next = (FFBUF *)((BYTE *)dir->next->achName + dir->next->cchName + 1); -#endif - ++dir->number; - ++dir->index; - - return &dir->entry; -} - -long -telldir(DIR *dir) -{ - return dir->number; -} - -void -seekdir(DIR *dir, long off) -{ - if (dir->number > off) { - char name[MAXPATHLEN+2]; - Word rc; - - DosFindClose(dir->handle); - - strcpy(name, dir->name); - strcat(name, "*"); - - dir->handle = HDIR_CREATE; - dir->count = 32767; -#if OS2 >= 2 - rc = DosFindFirst(name, &dir->handle, dir->attrmask, - dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD); -#else - rc = DosFindFirst((PSZ)name, &dir->handle, dir->attrmask, - (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0); -#endif - switch (rc) { - default: - error(rc); - return; - case NO_ERROR: - case ERROR_NO_MORE_FILES: - ; - } - - dir->number = 0; - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - } - - while (dir->number < off && readdir(dir)) - ; -} - -void -closedir(DIR *dir) -{ - DosFindClose(dir->handle); - free(dir); -} - -/*****************************************************************************/ - -#ifdef TEST - -main(int argc, char **argv) -{ - int i; - DIR *dir; - struct dirent *ep; - - for (i = 1; i < argc; ++i) { - dir = opendir(argv[i]); - if (!dir) - continue; - while (ep = readdir(dir)) - if (strchr("\\/:", argv[i] [strlen(argv[i]) - 1])) - printf("%s%s\n", argv[i], ep->d_name); - else - printf("%s/%s\n", argv[i], ep->d_name); - closedir(dir); - } - - return 0; -} - -#endif - -#endif /* OS2 */ - diff --git a/security/dbm/src/dirent.h b/security/dbm/src/dirent.h deleted file mode 100644 index 07a6c0ac87..0000000000 --- a/security/dbm/src/dirent.h +++ /dev/null @@ -1,97 +0,0 @@ -#ifndef __DIRENT_H__ -#define __DIRENT_H__ -/* - * @(#)msd_dir.h 1.4 87/11/06 Public Domain. - * - * A public domain implementation of BSD directory routines for - * MS-DOS. Written by Michael Rendell ({uunet,utai}michael@garfield), - * August 1897 - * - * Extended by Peter Lim (lim@mullian.oz) to overcome some MS DOS quirks - * and returns 2 more pieces of information - file size & attribute. - * Plus a little reshuffling of some #define's positions December 1987 - * - * Some modifications by Martin Junius 02-14-89 - * - * AK900712 - * AK910410 abs_path - make absolute path - * - */ - -#ifdef __EMX__ -#include -#else -#if defined(__IBMC__) || defined(__IBMCPP__) || defined(XP_W32_MSVC) -#include -#ifdef MAXPATHLEN - #undef MAXPATHLEN -#endif -#define MAXPATHLEN (FILENAME_MAX*4) -#define MAXNAMLEN FILENAME_MAX - -#else -#include -#endif -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* attribute stuff */ -#ifndef A_RONLY -# define A_RONLY 0x01 -# define A_HIDDEN 0x02 -# define A_SYSTEM 0x04 -# define A_LABEL 0x08 -# define A_DIR 0x10 -# define A_ARCHIVE 0x20 -#endif - -struct dirent { -#if defined(OS2) || defined(WIN32) /* use the layout of EMX to avoid trouble */ - int d_ino; /* Dummy */ - int d_reclen; /* Dummy, same as d_namlen */ - int d_namlen; /* length of name */ - char d_name[MAXNAMLEN + 1]; - unsigned long d_size; - unsigned short d_attribute; /* attributes (see above) */ - unsigned short d_time; /* modification time */ - unsigned short d_date; /* modification date */ -#else - char d_name[MAXNAMLEN + 1]; /* garentee null termination */ - char d_attribute; /* .. extension .. */ - unsigned long d_size; /* .. extension .. */ -#endif -}; - -typedef struct _dirdescr DIR; -/* the structs do not have to be defined here */ - -extern DIR *opendir(const char *); -extern DIR *openxdir(const char *, unsigned); -extern struct dirent *readdir(DIR *); -extern void seekdir(DIR *, long); -extern long telldir(DIR *); -extern void closedir(DIR *); -#define rewinddir(dirp) seekdir(dirp, 0L) - -extern char * abs_path(const char *name, char *buffer, int len); - -#ifndef S_IFMT -#define S_IFMT ( S_IFDIR | S_IFREG ) -#endif - -#ifndef S_ISDIR -#define S_ISDIR( m ) (((m) & S_IFMT) == S_IFDIR) -#endif - -#ifndef S_ISREG -#define S_ISREG( m ) (((m) & S_IFMT) == S_IFREG) -#endif - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/security/dbm/src/manifest.mn b/security/dbm/src/manifest.mn deleted file mode 100644 index 80f2abfd0e..0000000000 --- a/security/dbm/src/manifest.mn +++ /dev/null @@ -1,61 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/src - -MODULE = dbm - -# -# memmove.c, snprintf.c, and strerror.c are not in CSRCS because -# the Standard C Library has memmove and strerror and DBM is not -# using snprintf. -# - -CSRCS = db.c \ - h_bigkey.c \ - h_func.c \ - h_log2.c \ - h_page.c \ - hash.c \ - hash_buf.c \ - hsearch.c \ - mktemp.c \ - ndbm.c \ - nsres.c \ - dirent.c \ - $(NULL) - -LIBRARY_NAME = dbm diff --git a/security/dbm/tests/Makefile b/security/dbm/tests/Makefile deleted file mode 100644 index fe132e19c5..0000000000 --- a/security/dbm/tests/Makefile +++ /dev/null @@ -1,69 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -DEPTH = ../.. -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/tests - -MODULE = dbm - -CSRCS = lots.c - -PROGRAM = lots - -include $(DEPTH)/coreconf/config.mk - -include $(DEPTH)/dbm/config/config.mk - -ifeq (,$(filter-out WIN%,$(OS_TARGET))) -LIBDBM = ../src/$(PLATFORM)/dbm$(STATIC_LIB_SUFFIX) -else -LIBDBM = ../src/$(PLATFORM)/libdbm$(STATIC_LIB_SUFFIX) -endif - -INCLUDES += -I$(CORE_DEPTH)/../dbm/include - -LDFLAGS = $(LDOPTS) $(LIBDBM) - -include $(DEPTH)/coreconf/rules.mk - -lots.pure: lots - purify $(CC) -o lots.pure $(CFLAGS) $(OBJS) $(MYLIBS) - -crash: crash.o $(MYLIBS) - $(CC) -o crash $(CFLAGS) $^ - -crash.pure: crash.o $(MYLIBS) - purify $(CC) -o crash.pure $(CFLAGS) $^ - diff --git a/security/nss/Makefile b/security/nss/Makefile deleted file mode 100644 index b6e9e64b45..0000000000 --- a/security/nss/Makefile +++ /dev/null @@ -1,172 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -ifeq ($(OS_TARGET),WINCE) -DIRS = lib # omit cmd since wince has no command line shell -endif - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -nss_build_all: build_coreconf build_nspr build_dbm all - -build_coreconf: - cd $(CORE_DEPTH)/coreconf ; $(MAKE) - -NSPR_CONFIG_STATUS = $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME)/config.status -NSPR_CONFIGURE = $(CORE_DEPTH)/../nsprpub/configure - -# -# Translate coreconf build options to NSPR configure options. -# - -ifdef BUILD_OPT -NSPR_CONFIGURE_OPTS += --disable-debug --enable-optimize -endif -ifdef USE_64 -NSPR_CONFIGURE_OPTS += --enable-64bit -endif -ifeq ($(OS_TARGET),WIN95) -NSPR_CONFIGURE_OPTS += --enable-win32-target=WIN95 -endif -ifdef USE_DEBUG_RTL -NSPR_CONFIGURE_OPTS += --enable-debug-rtl -endif -ifdef NS_USE_GCC -NSPR_COMPILERS = CC=gcc CXX=g++ -endif - -# -# Some pwd commands on Windows (for example, the pwd -# command in Cygwin) return a pathname that begins -# with a (forward) slash. When such a pathname is -# passed to Windows build tools (for example, cl), it -# is mistaken as a command-line option. If that is the case, -# we use a relative pathname as NSPR's prefix on Windows. -# - -USEABSPATH="YES" -ifeq (,$(filter-out WIN%,$(OS_TARGET))) -ifeq (,$(findstring :,$(shell pwd))) -USEABSPATH="NO" -endif -endif -ifeq ($(USEABSPATH),"YES") -NSPR_PREFIX = $(shell pwd)/../../dist/$(OBJDIR_NAME) -else -NSPR_PREFIX = $$(topsrcdir)/../dist/$(OBJDIR_NAME) -endif - -$(NSPR_CONFIG_STATUS): $(NSPR_CONFIGURE) - $(NSINSTALL) -D $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) - cd $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) ; \ - $(NSPR_COMPILERS) sh ../configure \ - $(NSPR_CONFIGURE_OPTS) \ - --with-dist-prefix='$(NSPR_PREFIX)' \ - --with-dist-includedir='$(NSPR_PREFIX)/include' - -build_nspr: $(NSPR_CONFIG_STATUS) - cd $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) ; $(MAKE) - -build_dbm: - cd $(CORE_DEPTH)/dbm ; $(MAKE) export libs - - - -moz_import:: -ifeq (,$(filter-out WIN%,$(OS_TARGET))) - $(NSINSTALL) -D $(DIST)/include/nspr - cp $(DIST)/../include/nspr/*.h $(DIST)/include/nspr - cp $(DIST)/../include/* $(DIST)/include -ifdef BUILD_OPT - cp $(DIST)/../WIN32_O.OBJ/lib/* $(DIST)/lib -else - cp $(DIST)/../WIN32_D.OBJ/lib/* $(DIST)/lib -endif - mv $(DIST)/lib/dbm32.lib $(DIST)/lib/dbm.lib -else -ifeq ($(OS_TARGET),OS2) - cp -rf $(DIST)/../include $(DIST) - cp -rf $(DIST)/../lib $(DIST) - cp -f $(DIST)/lib/libmozdbm_s.$(LIB_SUFFIX) $(DIST)/lib/libdbm.$(LIB_SUFFIX) -else - $(NSINSTALL) -L ../../dist include $(DIST) - $(NSINSTALL) -L ../../dist lib $(DIST) - cp $(DIST)/lib/libmozdbm_s.$(LIB_SUFFIX) $(DIST)/lib/libdbm.$(LIB_SUFFIX) -endif -endif - -nss_RelEng_bld: build_coreconf import build_dbm all - -package: - $(MAKE) -C pkg publish diff --git a/security/nss/cmd/.cvsignore b/security/nss/cmd/.cvsignore deleted file mode 100644 index 6329db22e8..0000000000 --- a/security/nss/cmd/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -.gdbinit diff --git a/security/nss/cmd/Makefile b/security/nss/cmd/Makefile deleted file mode 100644 index 5369d89044..0000000000 --- a/security/nss/cmd/Makefile +++ /dev/null @@ -1,190 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../.. -DEPTH = ../.. - -include manifest.mn -include $(CORE_DEPTH)/coreconf/config.mk - -ifndef USE_SYSTEM_ZLIB -ZLIB_SRCDIR = zlib # Add the zlib directory to DIRS. -endif - -# These sources were once in this directory, but now are gone. -MISSING_SOURCES = \ - addcert.c \ - berparse.c \ - cert.c \ - key.c \ - key_rand.c \ - keygen.c \ - sec_fe.c \ - sec_read.c \ - secarb.c \ - secutil.c \ - $(NULL) - -# we don't build these any more, but the sources are still here -OBSOLETE = \ - berdec.c \ - berdump.c \ - cypher.c \ - dumpcert.c \ - listcerts.c \ - mkdongle.c \ - p12exprt.c \ - p12imprt.c \ - rc4.c \ - sign.c \ - unwrap.c \ - vector.c \ - verify.c \ - wrap.c \ - $(NULL) - -# the base files for the executables -# hey -- keep these alphabetical, please -EXEC_SRCS = \ - $(NULL) - -# files that generate two separate objects and executables -# BI_SRCS = \ -# keyutil.c \ -# p7env.c \ -# tstclnt.c \ -# $(NULL) - -# -I$(CORE_DEPTH)/security/lib/cert \ -# -I$(CORE_DEPTH)/security/lib/key \ -# -I$(CORE_DEPTH)/security/lib/util \ - -INCLUDES += \ - -I$(DIST)/../public/security \ - -I./include \ - $(NULL) - -TBD_DIRS = rsh rshd rdist ssld - -# For the time being, sec stuff is export only -# US_FLAGS = -DEXPORT_VERSION -DUS_VERSION - -US_FLAGS = -DEXPORT_VERSION -EXPORT_FLAGS = -DEXPORT_VERSION - -BASE_LIBS = \ - $(DIST)/lib/libdbm.$(LIB_SUFFIX) \ - $(DIST)/lib/libxp.$(LIB_SUFFIX) \ - $(DIST)/lib/libnspr.$(LIB_SUFFIX) \ - $(NULL) - -# $(DIST)/lib/libpurenspr.$(LIB_SUFFIX) \ - -#There is a circular dependancy in security/lib, and here is a gross fix -SEC_LIBS = \ - $(DIST)/lib/libsecnav.$(LIB_SUFFIX) \ - $(DIST)/lib/libssl.$(LIB_SUFFIX) \ - $(DIST)/lib/libpkcs7.$(LIB_SUFFIX) \ - $(DIST)/lib/libcert.$(LIB_SUFFIX) \ - $(DIST)/lib/libkey.$(LIB_SUFFIX) \ - $(DIST)/lib/libsecmod.$(LIB_SUFFIX) \ - $(DIST)/lib/libcrypto.$(LIB_SUFFIX) \ - $(DIST)/lib/libsecutil.$(LIB_SUFFIX) \ - $(DIST)/lib/libssl.$(LIB_SUFFIX) \ - $(DIST)/lib/libpkcs7.$(LIB_SUFFIX) \ - $(DIST)/lib/libcert.$(LIB_SUFFIX) \ - $(DIST)/lib/libkey.$(LIB_SUFFIX) \ - $(DIST)/lib/libsecmod.$(LIB_SUFFIX) \ - $(DIST)/lib/libcrypto.$(LIB_SUFFIX) \ - $(DIST)/lib/libsecutil.$(LIB_SUFFIX) \ - $(DIST)/lib/libhash.$(LIB_SUFFIX) \ - $(NULL) - -MYLIB = lib/$(OBJDIR)/libsectool.$(LIB_SUFFIX) - -US_LIBS = $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS) -EX_LIBS = $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS) - -REQUIRES = libxp nspr security - -CSRCS = $(EXEC_SRCS) $(BI_SRCS) - -OBJS = $(CSRCS:.c=.o) $(BI_SRCS:.c=-us.o) $(BI_SRCS:.c=-ex.o) - -PROGS = $(addprefix $(OBJDIR)/, $(EXEC_SRCS:.c=$(BIN_SUFFIX))) -US_PROGS = $(addprefix $(OBJDIR)/, $(BI_SRCS:.c=-us$(BIN_SUFFIX))) -EX_PROGS = $(addprefix $(OBJDIR)/, $(BI_SRCS:.c=-ex$(BIN_SUFFIX))) - - -NON_DIRS = $(PROGS) $(US_PROGS) $(EX_PROGS) -TARGETS = $(NON_DIRS) - -include $(CORE_DEPTH)/coreconf/rules.mk - - -ifneq ($(OS_TARGET),OS2) -$(OBJDIR)/%-us.o: %.c - @$(MAKE_OBJDIR) - $(CCF) -o $@ $(US_FLAGS) -c $*.c - -$(OBJDIR)/%-ex.o: %.c - @$(MAKE_OBJDIR) - $(CCF) -o $@ $(EXPORT_FLAGS) -c $*.c - -$(OBJDIR)/%.o: %.c - @$(MAKE_OBJDIR) - $(CCF) -o $@ $(EXPORT_FLAGS) -c $*.c - -$(US_PROGS):$(OBJDIR)/%-us: $(OBJDIR)/%-us.o $(US_LIBS) - @$(MAKE_OBJDIR) - $(CCF) -o $@ $(OBJDIR)/$*-us.o $(LDFLAGS) $(US_LIBS) $(OS_LIBS) - -$(EX_PROGS):$(OBJDIR)/%-ex: $(OBJDIR)/%-ex.o $(EX_LIBS) - @$(MAKE_OBJDIR) - $(CCF) -o $@ $(OBJDIR)/$*-ex.o $(LDFLAGS) $(EX_LIBS) $(OS_LIBS) - -$(PROGS):$(OBJDIR)/%: $(OBJDIR)/%.o $(EX_LIBS) - @$(MAKE_OBJDIR) - $(CCF) -o $@ $@.o $(LDFLAGS) $(EX_LIBS) $(OS_LIBS) - -#install:: $(TARGETS) -# $(INSTALL) $(TARGETS) $(DIST)/bin -endif - -symbols:: - @echo "TARGETS = $(TARGETS)" diff --git a/security/nss/cmd/SSLsample/Makefile b/security/nss/cmd/SSLsample/Makefile deleted file mode 100644 index f62d2a3d09..0000000000 --- a/security/nss/cmd/SSLsample/Makefile +++ /dev/null @@ -1,48 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -# do these once for each target program -all default export libs program install release_export:: - $(MAKE) -f make.client $@ - $(MAKE) -f make.server $@ - -# only do these things once for the whole directory -depend dependclean clean clobber realclean clobber_all release_classes release_clean release_cpdistdir release_export release_jars release_md release_policy show:: - $(MAKE) -f make.client $@ - - diff --git a/security/nss/cmd/SSLsample/NSPRerrs.h b/security/nss/cmd/SSLsample/NSPRerrs.h deleted file mode 100644 index 8a6a49f633..0000000000 --- a/security/nss/cmd/SSLsample/NSPRerrs.h +++ /dev/null @@ -1,136 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* General NSPR 2.0 errors */ -/* Caller must #include "prerror.h" */ - -ER2( PR_OUT_OF_MEMORY_ERROR, "Memory allocation attempt failed." ) -ER2( PR_BAD_DESCRIPTOR_ERROR, "Invalid file descriptor." ) -ER2( PR_WOULD_BLOCK_ERROR, "The operation would have blocked." ) -ER2( PR_ACCESS_FAULT_ERROR, "Invalid memory address argument." ) -ER2( PR_INVALID_METHOD_ERROR, "Invalid function for file type." ) -ER2( PR_ILLEGAL_ACCESS_ERROR, "Invalid memory address argument." ) -ER2( PR_UNKNOWN_ERROR, "Some unknown error has occurred." ) -ER2( PR_PENDING_INTERRUPT_ERROR,"Operation interrupted by another thread." ) -ER2( PR_NOT_IMPLEMENTED_ERROR, "function not implemented." ) -ER2( PR_IO_ERROR, "I/O function error." ) -ER2( PR_IO_TIMEOUT_ERROR, "I/O operation timed out." ) -ER2( PR_IO_PENDING_ERROR, "I/O operation on busy file descriptor." ) -ER2( PR_DIRECTORY_OPEN_ERROR, "The directory could not be opened." ) -ER2( PR_INVALID_ARGUMENT_ERROR, "Invalid function argument." ) -ER2( PR_ADDRESS_NOT_AVAILABLE_ERROR, "Network address not available (in use?)." ) -ER2( PR_ADDRESS_NOT_SUPPORTED_ERROR, "Network address type not supported." ) -ER2( PR_IS_CONNECTED_ERROR, "Already connected." ) -ER2( PR_BAD_ADDRESS_ERROR, "Network address is invalid." ) -ER2( PR_ADDRESS_IN_USE_ERROR, "Local Network address is in use." ) -ER2( PR_CONNECT_REFUSED_ERROR, "Connection refused by peer." ) -ER2( PR_NETWORK_UNREACHABLE_ERROR, "Network address is presently unreachable." ) -ER2( PR_CONNECT_TIMEOUT_ERROR, "Connection attempt timed out." ) -ER2( PR_NOT_CONNECTED_ERROR, "Network file descriptor is not connected." ) -ER2( PR_LOAD_LIBRARY_ERROR, "Failure to load dynamic library." ) -ER2( PR_UNLOAD_LIBRARY_ERROR, "Failure to unload dynamic library." ) -ER2( PR_FIND_SYMBOL_ERROR, -"Symbol not found in any of the loaded dynamic libraries." ) -ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." ) -ER2( PR_DIRECTORY_LOOKUP_ERROR, -"A directory lookup on a network address has failed." ) -ER2( PR_TPD_RANGE_ERROR, -"Attempt to access a TPD key that is out of range." ) -ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." ) -ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." ) -ER2( PR_NOT_SOCKET_ERROR, -"Network operation attempted on non-network file descriptor." ) -ER2( PR_NOT_TCP_SOCKET_ERROR, -"TCP-specific function attempted on a non-TCP file descriptor." ) -ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." ) -ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." ) -ER2( PR_OPERATION_NOT_SUPPORTED_ERROR, -"The requested operation is not supported by the platform." ) -ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR, -"The host operating system does not support the protocol requested." ) -ER2( PR_REMOTE_FILE_ERROR, "Access to the remote file has been severed." ) -ER2( PR_BUFFER_OVERFLOW_ERROR, -"The value requested is too large to be stored in the data buffer provided." ) -ER2( PR_CONNECT_RESET_ERROR, "TCP connection reset by peer." ) -ER2( PR_RANGE_ERROR, "Unused." ) -ER2( PR_DEADLOCK_ERROR, "The operation would have deadlocked." ) -ER2( PR_FILE_IS_LOCKED_ERROR, "The file is already locked." ) -ER2( PR_FILE_TOO_BIG_ERROR, -"Write would result in file larger than the system allows." ) -ER2( PR_NO_DEVICE_SPACE_ERROR, "The device for storing the file is full." ) -ER2( PR_PIPE_ERROR, "Unused." ) -ER2( PR_NO_SEEK_DEVICE_ERROR, "Unused." ) -ER2( PR_IS_DIRECTORY_ERROR, -"Cannot perform a normal file operation on a directory." ) -ER2( PR_LOOP_ERROR, "Symbolic link loop." ) -ER2( PR_NAME_TOO_LONG_ERROR, "File name is too long." ) -ER2( PR_FILE_NOT_FOUND_ERROR, "File not found." ) -ER2( PR_NOT_DIRECTORY_ERROR, -"Cannot perform directory operation on a normal file." ) -ER2( PR_READ_ONLY_FILESYSTEM_ERROR, -"Cannot write to a read-only file system." ) -ER2( PR_DIRECTORY_NOT_EMPTY_ERROR, -"Cannot delete a directory that is not empty." ) -ER2( PR_FILESYSTEM_MOUNTED_ERROR, -"Cannot delete or rename a file object while the file system is busy." ) -ER2( PR_NOT_SAME_DEVICE_ERROR, -"Cannot rename a file to a file system on another device." ) -ER2( PR_DIRECTORY_CORRUPTED_ERROR, -"The directory object in the file system is corrupted." ) -ER2( PR_FILE_EXISTS_ERROR, -"Cannot create or rename a filename that already exists." ) -ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR, -"Directory is full. No additional filenames may be added." ) -ER2( PR_INVALID_DEVICE_STATE_ERROR, -"The required device was in an invalid state." ) -ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." ) -ER2( PR_NO_MORE_FILES_ERROR, "No more entries in the directory." ) -ER2( PR_END_OF_FILE_ERROR, "Encountered end of file." ) -ER2( PR_FILE_SEEK_ERROR, "Seek error." ) -ER2( PR_FILE_IS_BUSY_ERROR, "The file is busy." ) -ER2( PR_IN_PROGRESS_ERROR, -"Operation is still in progress (probably a non-blocking connect)." ) -ER2( PR_ALREADY_INITIATED_ERROR, -"Operation has already been initiated (probably a non-blocking connect)." ) - -#ifdef PR_GROUP_EMPTY_ERROR -ER2( PR_GROUP_EMPTY_ERROR, "The wait group is empty." ) -#endif - -#ifdef PR_INVALID_STATE_ERROR -ER2( PR_INVALID_STATE_ERROR, "Object state improper for request." ) -#endif - -ER2( PR_MAX_ERROR, "Placeholder for the end of the list" ) diff --git a/security/nss/cmd/SSLsample/README b/security/nss/cmd/SSLsample/README deleted file mode 100644 index 5672cfac8f..0000000000 --- a/security/nss/cmd/SSLsample/README +++ /dev/null @@ -1,35 +0,0 @@ -These sample programs can be built in either of two ways: -1) is the NSS source tree, using the coreconf build system, and -2) stand alone (as part of the NSS distribution). - -The following makefiles are used only when building in the NSS source tree -using coreconf. These are NOT part of the distribution. - -Makefile -client.mn -server.mn -config.mk -make.client -make.server - -The following source files are common to both build environments and are -part of the distribution. - -NSPRerrs.h -SECerrs.h -SSLerrs.h -client.c -getopt.c -server.c -sslerror.h - -In the NSS 2.0 distribution, the sample code and makefiles are in a -directory named "samples". The directories relevant to building -in the distributed tree are: - -./samples -./include/dbm -./include/nspr -./include/security -./lib - diff --git a/security/nss/cmd/SSLsample/SECerrs.h b/security/nss/cmd/SSLsample/SECerrs.h deleted file mode 100644 index 90f7a2e9f1..0000000000 --- a/security/nss/cmd/SSLsample/SECerrs.h +++ /dev/null @@ -1,444 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* General security error codes */ -/* Caller must #include "secerr.h" */ - -ER3(SEC_ERROR_IO, SEC_ERROR_BASE + 0, -"An I/O error occurred during security authorization.") - -ER3(SEC_ERROR_LIBRARY_FAILURE, SEC_ERROR_BASE + 1, -"security library failure.") - -ER3(SEC_ERROR_BAD_DATA, SEC_ERROR_BASE + 2, -"security library: received bad data.") - -ER3(SEC_ERROR_OUTPUT_LEN, SEC_ERROR_BASE + 3, -"security library: output length error.") - -ER3(SEC_ERROR_INPUT_LEN, SEC_ERROR_BASE + 4, -"security library has experienced an input length error.") - -ER3(SEC_ERROR_INVALID_ARGS, SEC_ERROR_BASE + 5, -"security library: invalid arguments.") - -ER3(SEC_ERROR_INVALID_ALGORITHM, SEC_ERROR_BASE + 6, -"security library: invalid algorithm.") - -ER3(SEC_ERROR_INVALID_AVA, SEC_ERROR_BASE + 7, -"security library: invalid AVA.") - -ER3(SEC_ERROR_INVALID_TIME, SEC_ERROR_BASE + 8, -"Improperly formatted time string.") - -ER3(SEC_ERROR_BAD_DER, SEC_ERROR_BASE + 9, -"security library: improperly formatted DER-encoded message.") - -ER3(SEC_ERROR_BAD_SIGNATURE, SEC_ERROR_BASE + 10, -"Peer's certificate has an invalid signature.") - -ER3(SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_BASE + 11, -"Peer's Certificate has expired.") - -ER3(SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_BASE + 12, -"Peer's Certificate has been revoked.") - -ER3(SEC_ERROR_UNKNOWN_ISSUER, SEC_ERROR_BASE + 13, -"Peer's Certificate issuer is not recognized.") - -ER3(SEC_ERROR_BAD_KEY, SEC_ERROR_BASE + 14, -"Peer's public key is invalid.") - -ER3(SEC_ERROR_BAD_PASSWORD, SEC_ERROR_BASE + 15, -"The security password entered is incorrect.") - -ER3(SEC_ERROR_RETRY_PASSWORD, SEC_ERROR_BASE + 16, -"New password entered incorrectly. Please try again.") - -ER3(SEC_ERROR_NO_NODELOCK, SEC_ERROR_BASE + 17, -"security library: no nodelock.") - -ER3(SEC_ERROR_BAD_DATABASE, SEC_ERROR_BASE + 18, -"security library: bad database.") - -ER3(SEC_ERROR_NO_MEMORY, SEC_ERROR_BASE + 19, -"security library: memory allocation failure.") - -ER3(SEC_ERROR_UNTRUSTED_ISSUER, SEC_ERROR_BASE + 20, -"Peer's certificate issuer has been marked as not trusted by the user.") - -ER3(SEC_ERROR_UNTRUSTED_CERT, SEC_ERROR_BASE + 21, -"Peer's certificate has been marked as not trusted by the user.") - -ER3(SEC_ERROR_DUPLICATE_CERT, (SEC_ERROR_BASE + 22), -"Certificate already exists in your database.") - -ER3(SEC_ERROR_DUPLICATE_CERT_NAME, (SEC_ERROR_BASE + 23), -"Downloaded certificate's name duplicates one already in your database.") - -ER3(SEC_ERROR_ADDING_CERT, (SEC_ERROR_BASE + 24), -"Error adding certificate to database.") - -ER3(SEC_ERROR_FILING_KEY, (SEC_ERROR_BASE + 25), -"Error refiling the key for this certificate.") - -ER3(SEC_ERROR_NO_KEY, (SEC_ERROR_BASE + 26), -"The private key for this certificate cannot be found in key database") - -ER3(SEC_ERROR_CERT_VALID, (SEC_ERROR_BASE + 27), -"This certificate is valid.") - -ER3(SEC_ERROR_CERT_NOT_VALID, (SEC_ERROR_BASE + 28), -"This certificate is not valid.") - -ER3(SEC_ERROR_CERT_NO_RESPONSE, (SEC_ERROR_BASE + 29), -"Cert Library: No Response") - -ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, (SEC_ERROR_BASE + 30), -"The certificate issuer's certificate has expired. Check your system date and time.") - -ER3(SEC_ERROR_CRL_EXPIRED, (SEC_ERROR_BASE + 31), -"The CRL for the certificate's issuer has expired. Update it or check your system data and time.") - -ER3(SEC_ERROR_CRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 32), -"The CRL for the certificate's issuer has an invalid signature.") - -ER3(SEC_ERROR_CRL_INVALID, (SEC_ERROR_BASE + 33), -"New CRL has an invalid format.") - -ER3(SEC_ERROR_EXTENSION_VALUE_INVALID, (SEC_ERROR_BASE + 34), -"Certificate extension value is invalid.") - -ER3(SEC_ERROR_EXTENSION_NOT_FOUND, (SEC_ERROR_BASE + 35), -"Certificate extension not found.") - -ER3(SEC_ERROR_CA_CERT_INVALID, (SEC_ERROR_BASE + 36), -"Issuer certificate is invalid.") - -ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID, (SEC_ERROR_BASE + 37), -"Certificate path length constraint is invalid.") - -ER3(SEC_ERROR_CERT_USAGES_INVALID, (SEC_ERROR_BASE + 38), -"Certificate usages field is invalid.") - -ER3(SEC_INTERNAL_ONLY, (SEC_ERROR_BASE + 39), -"**Internal ONLY module**") - -ER3(SEC_ERROR_INVALID_KEY, (SEC_ERROR_BASE + 40), -"The key does not support the requested operation.") - -ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 41), -"Certificate contains unknown critical extension.") - -ER3(SEC_ERROR_OLD_CRL, (SEC_ERROR_BASE + 42), -"New CRL is not later than the current one.") - -ER3(SEC_ERROR_NO_EMAIL_CERT, (SEC_ERROR_BASE + 43), -"Not encrypted or signed: you do not yet have an email certificate.") - -ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY, (SEC_ERROR_BASE + 44), -"Not encrypted: you do not have certificates for each of the recipients.") - -ER3(SEC_ERROR_NOT_A_RECIPIENT, (SEC_ERROR_BASE + 45), -"Cannot decrypt: you are not a recipient, or matching certificate and \ -private key not found.") - -ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH, (SEC_ERROR_BASE + 46), -"Cannot decrypt: key encryption algorithm does not match your certificate.") - -ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE, (SEC_ERROR_BASE + 47), -"Signature verification failed: no signer found, too many signers found, \ -or improper or corrupted data.") - -ER3(SEC_ERROR_UNSUPPORTED_KEYALG, (SEC_ERROR_BASE + 48), -"Unsupported or unknown key algorithm.") - -ER3(SEC_ERROR_DECRYPTION_DISALLOWED, (SEC_ERROR_BASE + 49), -"Cannot decrypt: encrypted using a disallowed algorithm or key size.") - - -/* Fortezza Alerts */ -ER3(XP_SEC_FORTEZZA_BAD_CARD, (SEC_ERROR_BASE + 50), -"Fortezza card has not been properly initialized. \ -Please remove it and return it to your issuer.") - -ER3(XP_SEC_FORTEZZA_NO_CARD, (SEC_ERROR_BASE + 51), -"No Fortezza cards Found") - -ER3(XP_SEC_FORTEZZA_NONE_SELECTED, (SEC_ERROR_BASE + 52), -"No Fortezza card selected") - -ER3(XP_SEC_FORTEZZA_MORE_INFO, (SEC_ERROR_BASE + 53), -"Please select a personality to get more info on") - -ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND, (SEC_ERROR_BASE + 54), -"Personality not found") - -ER3(XP_SEC_FORTEZZA_NO_MORE_INFO, (SEC_ERROR_BASE + 55), -"No more information on that Personality") - -ER3(XP_SEC_FORTEZZA_BAD_PIN, (SEC_ERROR_BASE + 56), -"Invalid Pin") - -ER3(XP_SEC_FORTEZZA_PERSON_ERROR, (SEC_ERROR_BASE + 57), -"Couldn't initialize Fortezza personalities.") -/* end fortezza alerts. */ - -ER3(SEC_ERROR_NO_KRL, (SEC_ERROR_BASE + 58), -"No KRL for this site's certificate has been found.") - -ER3(SEC_ERROR_KRL_EXPIRED, (SEC_ERROR_BASE + 59), -"The KRL for this site's certificate has expired.") - -ER3(SEC_ERROR_KRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 60), -"The KRL for this site's certificate has an invalid signature.") - -ER3(SEC_ERROR_REVOKED_KEY, (SEC_ERROR_BASE + 61), -"The key for this site's certificate has been revoked.") - -ER3(SEC_ERROR_KRL_INVALID, (SEC_ERROR_BASE + 62), -"New KRL has an invalid format.") - -ER3(SEC_ERROR_NEED_RANDOM, (SEC_ERROR_BASE + 63), -"security library: need random data.") - -ER3(SEC_ERROR_NO_MODULE, (SEC_ERROR_BASE + 64), -"security library: no security module can perform the requested operation.") - -ER3(SEC_ERROR_NO_TOKEN, (SEC_ERROR_BASE + 65), -"The security card or token does not exist, needs to be initialized, or has been removed.") - -ER3(SEC_ERROR_READ_ONLY, (SEC_ERROR_BASE + 66), -"security library: read-only database.") - -ER3(SEC_ERROR_NO_SLOT_SELECTED, (SEC_ERROR_BASE + 67), -"No slot or token was selected.") - -ER3(SEC_ERROR_CERT_NICKNAME_COLLISION, (SEC_ERROR_BASE + 68), -"A certificate with the same nickname already exists.") - -ER3(SEC_ERROR_KEY_NICKNAME_COLLISION, (SEC_ERROR_BASE + 69), -"A key with the same nickname already exists.") - -ER3(SEC_ERROR_SAFE_NOT_CREATED, (SEC_ERROR_BASE + 70), -"error while creating safe object") - -ER3(SEC_ERROR_BAGGAGE_NOT_CREATED, (SEC_ERROR_BASE + 71), -"error while creating baggage object") - -ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR, (SEC_ERROR_BASE + 72), -"Couldn't remove the principal") - -ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR, (SEC_ERROR_BASE + 73), -"Couldn't delete the privilege") - -ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR, (SEC_ERROR_BASE + 74), -"This principal doesn't have a certificate") - -ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM, (SEC_ERROR_BASE + 75), -"Required algorithm is not allowed.") - -ER3(SEC_ERROR_EXPORTING_CERTIFICATES, (SEC_ERROR_BASE + 76), -"Error attempting to export certificates.") - -ER3(SEC_ERROR_IMPORTING_CERTIFICATES, (SEC_ERROR_BASE + 77), -"Error attempting to import certificates.") - -ER3(SEC_ERROR_PKCS12_DECODING_PFX, (SEC_ERROR_BASE + 78), -"Unable to import. Decoding error. File not valid.") - -ER3(SEC_ERROR_PKCS12_INVALID_MAC, (SEC_ERROR_BASE + 79), -"Unable to import. Invalid MAC. Incorrect password or corrupt file.") - -ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM, (SEC_ERROR_BASE + 80), -"Unable to import. MAC algorithm not supported.") - -ER3(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE,(SEC_ERROR_BASE + 81), -"Unable to import. Only password integrity and privacy modes supported.") - -ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE, (SEC_ERROR_BASE + 82), -"Unable to import. File structure is corrupt.") - -ER3(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, (SEC_ERROR_BASE + 83), -"Unable to import. Encryption algorithm not supported.") - -ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION, (SEC_ERROR_BASE + 84), -"Unable to import. File version not supported.") - -ER3(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT,(SEC_ERROR_BASE + 85), -"Unable to import. Incorrect privacy password.") - -ER3(SEC_ERROR_PKCS12_CERT_COLLISION, (SEC_ERROR_BASE + 86), -"Unable to import. Same nickname already exists in database.") - -ER3(SEC_ERROR_USER_CANCELLED, (SEC_ERROR_BASE + 87), -"The user pressed cancel.") - -ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA, (SEC_ERROR_BASE + 88), -"Not imported, already in database.") - -ER3(SEC_ERROR_MESSAGE_SEND_ABORTED, (SEC_ERROR_BASE + 89), -"Message not sent.") - -ER3(SEC_ERROR_INADEQUATE_KEY_USAGE, (SEC_ERROR_BASE + 90), -"Certificate key usage inadequate for attempted operation.") - -ER3(SEC_ERROR_INADEQUATE_CERT_TYPE, (SEC_ERROR_BASE + 91), -"Certificate type not approved for application.") - -ER3(SEC_ERROR_CERT_ADDR_MISMATCH, (SEC_ERROR_BASE + 92), -"Address in signing certificate does not match address in message headers.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY, (SEC_ERROR_BASE + 93), -"Unable to import. Error attempting to import private key.") - -ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN, (SEC_ERROR_BASE + 94), -"Unable to import. Error attempting to import certificate chain.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, (SEC_ERROR_BASE + 95), -"Unable to export. Unable to locate certificate or key by nickname.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY, (SEC_ERROR_BASE + 96), -"Unable to export. Private Key could not be located and exported.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, (SEC_ERROR_BASE + 97), -"Unable to export. Unable to write the export file.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ, (SEC_ERROR_BASE + 98), -"Unable to import. Unable to read the import file.") - -ER3(SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, (SEC_ERROR_BASE + 99), -"Unable to export. Key database corrupt or deleted.") - -ER3(SEC_ERROR_KEYGEN_FAIL, (SEC_ERROR_BASE + 100), -"Unable to generate public/private key pair.") - -ER3(SEC_ERROR_INVALID_PASSWORD, (SEC_ERROR_BASE + 101), -"Password entered is invalid. Please pick a different one.") - -ER3(SEC_ERROR_RETRY_OLD_PASSWORD, (SEC_ERROR_BASE + 102), -"Old password entered incorrectly. Please try again.") - -ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103), -"Certificate nickname already in use.") - -ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104), -"Peer FORTEZZA chain has a non-FORTEZZA Certificate.") - -/* ER3(SEC_ERROR_UNKNOWN, (SEC_ERROR_BASE + 105), */ - -ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, (SEC_ERROR_BASE + 106), -"Invalid module name.") - -ER3(SEC_ERROR_JS_INVALID_DLL, (SEC_ERROR_BASE + 107), -"Invalid module path/filename") - -ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, (SEC_ERROR_BASE + 108), -"Unable to add module") - -ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, (SEC_ERROR_BASE + 109), -"Unable to delete module") - -ER3(SEC_ERROR_OLD_KRL, (SEC_ERROR_BASE + 110), -"New KRL is not later than the current one.") - -ER3(SEC_ERROR_CKL_CONFLICT, (SEC_ERROR_BASE + 111), -"New CKL has different issuer than current CKL. Delete current CKL.") - -ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, (SEC_ERROR_BASE + 112), -"The Certifying Authority for this certificate is not permitted to issue a \ -certificate with this name.") - -ER3(SEC_ERROR_KRL_NOT_YET_VALID, (SEC_ERROR_BASE + 113), -"The key revocation list for this certificate is not yet valid.") - -ER3(SEC_ERROR_CRL_NOT_YET_VALID, (SEC_ERROR_BASE + 114), -"The certificate revocation list for this certificate is not yet valid.") - -ER3(SEC_ERROR_UNKNOWN_CERT, (SEC_ERROR_BASE + 115), -"The requested certificate could not be found.") - -ER3(SEC_ERROR_UNKNOWN_SIGNER, (SEC_ERROR_BASE + 116), -"The signer's certificate could not be found.") - -ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, (SEC_ERROR_BASE + 117), -"The location for the certificate status server has invalid format.") - -ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE, (SEC_ERROR_BASE + 118), -"The OCSP response cannot be fully decoded; it is of an unknown type.") - -ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 119), -"The OCSP server returned unexpected/invalid HTTP data.") - -ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST, (SEC_ERROR_BASE + 120), -"The OCSP server found the request to be corrupted or improperly formed.") - -ER3(SEC_ERROR_OCSP_SERVER_ERROR, (SEC_ERROR_BASE + 121), -"The OCSP server experienced an internal error.") - -ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER, (SEC_ERROR_BASE + 122), -"The OCSP server suggests trying again later.") - -ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, (SEC_ERROR_BASE + 123), -"The OCSP server requires a signature on this request.") - -ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, (SEC_ERROR_BASE + 124), -"The OCSP server has refused this request as unauthorized.") - -ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, (SEC_ERROR_BASE + 125), -"The OCSP server returned an unrecognizable status.") - -ER3(SEC_ERROR_OCSP_UNKNOWN_CERT, (SEC_ERROR_BASE + 126), -"The OCSP server has no status for the certificate.") - -ER3(SEC_ERROR_OCSP_NOT_ENABLED, (SEC_ERROR_BASE + 127), -"You must enable OCSP before performing this operation.") - -ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER, (SEC_ERROR_BASE + 128), -"You must set the OCSP default responder before performing this operation.") - -ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE, (SEC_ERROR_BASE + 129), -"The response from the OCSP server was corrupted or improperly formed.") - -ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE, (SEC_ERROR_BASE + 130), -"The signer of the OCSP response is not authorized to give status for \ -this certificate.") - -ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE, (SEC_ERROR_BASE + 131), -"The OCSP response is not yet valid (contains a date in the future).") - -ER3(SEC_ERROR_OCSP_OLD_RESPONSE, (SEC_ERROR_BASE + 132), -"The OCSP response contains out-of-date information.") diff --git a/security/nss/cmd/SSLsample/SSLerrs.h b/security/nss/cmd/SSLsample/SSLerrs.h deleted file mode 100644 index f502c523e6..0000000000 --- a/security/nss/cmd/SSLsample/SSLerrs.h +++ /dev/null @@ -1,369 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* SSL-specific security error codes */ -/* caller must include "sslerr.h" */ - -ER3(SSL_ERROR_EXPORT_ONLY_SERVER, SSL_ERROR_BASE + 0, -"Unable to communicate securely. Peer does not support high-grade encryption.") - -ER3(SSL_ERROR_US_ONLY_SERVER, SSL_ERROR_BASE + 1, -"Unable to communicate securely. Peer requires high-grade encryption which is not supported.") - -ER3(SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BASE + 2, -"Cannot communicate securely with peer: no common encryption algorithm(s).") - -ER3(SSL_ERROR_NO_CERTIFICATE, SSL_ERROR_BASE + 3, -"Unable to find the certificate or key necessary for authentication.") - -ER3(SSL_ERROR_BAD_CERTIFICATE, SSL_ERROR_BASE + 4, -"Unable to communicate securely with peer: peers's certificate was rejected.") - -/* unused (SSL_ERROR_BASE + 5),*/ - -ER3(SSL_ERROR_BAD_CLIENT, SSL_ERROR_BASE + 6, -"The server has encountered bad data from the client.") - -ER3(SSL_ERROR_BAD_SERVER, SSL_ERROR_BASE + 7, -"The client has encountered bad data from the server.") - -ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, SSL_ERROR_BASE + 8, -"Unsupported certificate type.") - -ER3(SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_BASE + 9, -"Peer using unsupported version of security protocol.") - -/* unused (SSL_ERROR_BASE + 10),*/ - -ER3(SSL_ERROR_WRONG_CERTIFICATE, SSL_ERROR_BASE + 11, -"Client authentication failed: private key in key database does not match public key in certificate database.") - -ER3(SSL_ERROR_BAD_CERT_DOMAIN, SSL_ERROR_BASE + 12, -"Unable to communicate securely with peer: requested domain name does not match the server's certificate.") - -/* SSL_ERROR_POST_WARNING (SSL_ERROR_BASE + 13), - defined in sslerr.h -*/ - -ER3(SSL_ERROR_SSL2_DISABLED, (SSL_ERROR_BASE + 14), -"Peer only supports SSL version 2, which is locally disabled.") - - -ER3(SSL_ERROR_BAD_MAC_READ, (SSL_ERROR_BASE + 15), -"SSL received a record with an incorrect Message Authentication Code.") - -ER3(SSL_ERROR_BAD_MAC_ALERT, (SSL_ERROR_BASE + 16), -"SSL peer reports incorrect Message Authentication Code.") - -ER3(SSL_ERROR_BAD_CERT_ALERT, (SSL_ERROR_BASE + 17), -"SSL peer cannot verify your certificate.") - -ER3(SSL_ERROR_REVOKED_CERT_ALERT, (SSL_ERROR_BASE + 18), -"SSL peer rejected your certificate as revoked.") - -ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19), -"SSL peer rejected your certificate as expired.") - -ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20), -"Cannot connect: SSL is disabled.") - -ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21), -"Cannot connect: SSL peer is in another FORTEZZA domain.") - - -ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE , (SSL_ERROR_BASE + 22), -"An unknown SSL cipher suite has been requested.") - -ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED , (SSL_ERROR_BASE + 23), -"No cipher suites are present and enabled in this program.") - -ER3(SSL_ERROR_BAD_BLOCK_PADDING , (SSL_ERROR_BASE + 24), -"SSL received a record with bad block padding.") - -ER3(SSL_ERROR_RX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 25), -"SSL received a record that exceeded the maximum permissible length.") - -ER3(SSL_ERROR_TX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 26), -"SSL attempted to send a record that exceeded the maximum permissible length.") - -/* - * Received a malformed (too long or short or invalid content) SSL handshake. - */ -ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST , (SSL_ERROR_BASE + 27), -"SSL received a malformed Hello Request handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO , (SSL_ERROR_BASE + 28), -"SSL received a malformed Client Hello handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO , (SSL_ERROR_BASE + 29), -"SSL received a malformed Server Hello handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE , (SSL_ERROR_BASE + 30), -"SSL received a malformed Certificate handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 31), -"SSL received a malformed Server Key Exchange handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST , (SSL_ERROR_BASE + 32), -"SSL received a malformed Certificate Request handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE , (SSL_ERROR_BASE + 33), -"SSL received a malformed Server Hello Done handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY , (SSL_ERROR_BASE + 34), -"SSL received a malformed Certificate Verify handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 35), -"SSL received a malformed Client Key Exchange handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_FINISHED , (SSL_ERROR_BASE + 36), -"SSL received a malformed Finished handshake message.") - -/* - * Received a malformed (too long or short) SSL record. - */ -ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER , (SSL_ERROR_BASE + 37), -"SSL received a malformed Change Cipher Spec record.") - -ER3(SSL_ERROR_RX_MALFORMED_ALERT , (SSL_ERROR_BASE + 38), -"SSL received a malformed Alert record.") - -ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE , (SSL_ERROR_BASE + 39), -"SSL received a malformed Handshake record.") - -ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40), -"SSL received a malformed Application Data record.") - -/* - * Received an SSL handshake that was inappropriate for the state we're in. - * E.g. Server received message from server, or wrong state in state machine. - */ -ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST , (SSL_ERROR_BASE + 41), -"SSL received an unexpected Hello Request handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO , (SSL_ERROR_BASE + 42), -"SSL received an unexpected Client Hello handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO , (SSL_ERROR_BASE + 43), -"SSL received an unexpected Server Hello handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE , (SSL_ERROR_BASE + 44), -"SSL received an unexpected Certificate handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45), -"SSL received an unexpected Server Key Exchange handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST , (SSL_ERROR_BASE + 46), -"SSL received an unexpected Certificate Request handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE , (SSL_ERROR_BASE + 47), -"SSL received an unexpected Server Hello Done handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY , (SSL_ERROR_BASE + 48), -"SSL received an unexpected Certificate Verify handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49), -"SSL received an unexpected Cllient Key Exchange handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED , (SSL_ERROR_BASE + 50), -"SSL received an unexpected Finished handshake message.") - -/* - * Received an SSL record that was inappropriate for the state we're in. - */ -ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER , (SSL_ERROR_BASE + 51), -"SSL received an unexpected Change Cipher Spec record.") - -ER3(SSL_ERROR_RX_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 52), -"SSL received an unexpected Alert record.") - -ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE , (SSL_ERROR_BASE + 53), -"SSL received an unexpected Handshake record.") - -ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54), -"SSL received an unexpected Application Data record.") - -/* - * Received record/message with unknown discriminant. - */ -ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE , (SSL_ERROR_BASE + 55), -"SSL received a record with an unknown content type.") - -ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE , (SSL_ERROR_BASE + 56), -"SSL received a handshake message with an unknown message type.") - -ER3(SSL_ERROR_RX_UNKNOWN_ALERT , (SSL_ERROR_BASE + 57), -"SSL received an alert record with an unknown alert description.") - -/* - * Received an alert reporting what we did wrong. (more alerts above) - */ -ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT , (SSL_ERROR_BASE + 58), -"SSL peer has closed this connection.") - -ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 59), -"SSL peer was not expecting a handshake message it received.") - -ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT , (SSL_ERROR_BASE + 60), -"SSL peer was unable to succesfully decompress an SSL record it received.") - -ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT , (SSL_ERROR_BASE + 61), -"SSL peer was unable to negotiate an acceptable set of security parameters.") - -ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT , (SSL_ERROR_BASE + 62), -"SSL peer rejected a handshake message for unacceptable content.") - -ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT , (SSL_ERROR_BASE + 63), -"SSL peer does not support certificates of the type it received.") - -ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT , (SSL_ERROR_BASE + 64), -"SSL peer had some unspecified issue with the certificate it received.") - - -ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE , (SSL_ERROR_BASE + 65), -"SSL experienced a failure of its random number generator.") - -ER3(SSL_ERROR_SIGN_HASHES_FAILURE , (SSL_ERROR_BASE + 66), -"Unable to digitally sign data required to verify your certificate.") - -ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE , (SSL_ERROR_BASE + 67), -"SSL was unable to extract the public key from the peer's certificate.") - -ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 68), -"Unspecified failure while processing SSL Server Key Exchange handshake.") - -ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 69), -"Unspecified failure while processing SSL Client Key Exchange handshake.") - -ER3(SSL_ERROR_ENCRYPTION_FAILURE , (SSL_ERROR_BASE + 70), -"Bulk data encryption algorithm failed in selected cipher suite.") - -ER3(SSL_ERROR_DECRYPTION_FAILURE , (SSL_ERROR_BASE + 71), -"Bulk data decryption algorithm failed in selected cipher suite.") - -ER3(SSL_ERROR_SOCKET_WRITE_FAILURE , (SSL_ERROR_BASE + 72), -"Attempt to write encrypted data to underlying socket failed.") - -ER3(SSL_ERROR_MD5_DIGEST_FAILURE , (SSL_ERROR_BASE + 73), -"MD5 digest function failed.") - -ER3(SSL_ERROR_SHA_DIGEST_FAILURE , (SSL_ERROR_BASE + 74), -"SHA-1 digest function failed.") - -ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE , (SSL_ERROR_BASE + 75), -"MAC computation failed.") - -ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE , (SSL_ERROR_BASE + 76), -"Failure to create Symmetric Key context.") - -ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE , (SSL_ERROR_BASE + 77), -"Failure to unwrap the Symmetric key in Client Key Exchange message.") - -ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED , (SSL_ERROR_BASE + 78), -"SSL Server attempted to use domestic-grade public key with export cipher suite.") - -ER3(SSL_ERROR_IV_PARAM_FAILURE , (SSL_ERROR_BASE + 79), -"PKCS11 code failed to translate an IV into a param.") - -ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE , (SSL_ERROR_BASE + 80), -"Failed to initialize the selected cipher suite.") - -ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE , (SSL_ERROR_BASE + 81), -"Client failed to generate session keys for SSL session.") - -ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG , (SSL_ERROR_BASE + 82), -"Server has no key for the attempted key exchange algorithm.") - -ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL , (SSL_ERROR_BASE + 83), -"PKCS#11 token was inserted or removed while operation was in progress.") - -ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND , (SSL_ERROR_BASE + 84), -"No PKCS#11 token could be found to do a required operation.") - -ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP , (SSL_ERROR_BASE + 85), -"Cannot communicate securely with peer: no common compression algorithm(s).") - -ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED , (SSL_ERROR_BASE + 86), -"Cannot initiate another SSL handshake until current handshake is complete.") - -ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE , (SSL_ERROR_BASE + 87), -"Received incorrect handshakes hash values from peer.") - -ER3(SSL_ERROR_CERT_KEA_MISMATCH , (SSL_ERROR_BASE + 88), -"The certificate provided cannot be used with the selected key exchange algorithm.") - -ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA , (SSL_ERROR_BASE + 89), -"No certificate authority is trusted for SSL client authentication.") - -ER3(SSL_ERROR_SESSION_NOT_FOUND , (SSL_ERROR_BASE + 90), -"Client's SSL session ID not found in server's session cache.") - -ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT , (SSL_ERROR_BASE + 91), -"Peer was unable to decrypt an SSL record it received.") - -ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT , (SSL_ERROR_BASE + 92), -"Peer received an SSL record that was longer than is permitted.") - -ER3(SSL_ERROR_UNKNOWN_CA_ALERT , (SSL_ERROR_BASE + 93), -"Peer does not recognize and trust the CA that issued your certificate.") - -ER3(SSL_ERROR_ACCESS_DENIED_ALERT , (SSL_ERROR_BASE + 94), -"Peer received a valid certificate, but access was denied.") - -ER3(SSL_ERROR_DECODE_ERROR_ALERT , (SSL_ERROR_BASE + 95), -"Peer could not decode an SSL handshake message.") - -ER3(SSL_ERROR_DECRYPT_ERROR_ALERT , (SSL_ERROR_BASE + 96), -"Peer reports failure of signature verification or key exchange.") - -ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT , (SSL_ERROR_BASE + 97), -"Peer reports negotiation not in compliance with export regulations.") - -ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT , (SSL_ERROR_BASE + 98), -"Peer reports incompatible or unsupported protocol version.") - -ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT , (SSL_ERROR_BASE + 99), -"Server requires ciphers more secure than those supported by client.") - -ER3(SSL_ERROR_INTERNAL_ERROR_ALERT , (SSL_ERROR_BASE + 100), -"Peer reports it experienced an internal error.") - -ER3(SSL_ERROR_USER_CANCELED_ALERT , (SSL_ERROR_BASE + 101), -"Peer user canceled handshake.") - -ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT , (SSL_ERROR_BASE + 102), -"Peer does not permit renegotiation of SSL security parameters.") - diff --git a/security/nss/cmd/SSLsample/client.c b/security/nss/cmd/SSLsample/client.c deleted file mode 100644 index ffb7d9d385..0000000000 --- a/security/nss/cmd/SSLsample/client.c +++ /dev/null @@ -1,456 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/**************************************************************************** - * SSL client program that sets up a connection to SSL server, transmits * - * some data and then reads the reply * - ****************************************************************************/ - -#include -#include - -#if defined(XP_UNIX) -#include -#endif - -#include "prerror.h" - -#include "pk11func.h" -#include "secitem.h" - - -#include -#include -#include -#include - -#include "nspr.h" -#include "plgetopt.h" -#include "prio.h" -#include "prnetdb.h" -#include "nss.h" - -#include "sslsample.h" - -#define RD_BUF_SIZE (60 * 1024) - -extern int ssl2CipherSuites[]; -extern int ssl3CipherSuites[]; - -GlobalThreadMgr threadMGR; -char *certNickname = NULL; -char *hostName = NULL; -char *password = NULL; -unsigned short port = 0; - -static void -Usage(const char *progName) -{ - fprintf(stderr, - "Usage: %s [-n rsa_nickname] [-p port] [-d dbdir] [-c connections]\n" - " [-w dbpasswd] [-C cipher(s)] hostname\n", - progName); - exit(1); -} - -PRFileDesc * -setupSSLSocket(PRNetAddr *addr) -{ - PRFileDesc *tcpSocket; - PRFileDesc *sslSocket; - PRSocketOptionData socketOption; - PRStatus prStatus; - SECStatus secStatus; - -#if 0 -retry: -#endif - - tcpSocket = PR_NewTCPSocket(); - if (tcpSocket == NULL) { - errWarn("PR_NewTCPSocket"); - } - - /* Make the socket blocking. */ - socketOption.option = PR_SockOpt_Nonblocking; - socketOption.value.non_blocking = PR_FALSE; - - prStatus = PR_SetSocketOption(tcpSocket, &socketOption); - if (prStatus != PR_SUCCESS) { - errWarn("PR_SetSocketOption"); - goto loser; - } - -#if 0 - /* Verify that a connection can be made to the socket. */ - prStatus = PR_Connect(tcpSocket, addr, PR_INTERVAL_NO_TIMEOUT); - if (prStatus != PR_SUCCESS) { - PRErrorCode err = PR_GetError(); - if (err == PR_CONNECT_REFUSED_ERROR) { - PR_Close(tcpSocket); - PR_Sleep(PR_MillisecondsToInterval(10)); - fprintf(stderr, "Connection to port refused, retrying.\n"); - goto retry; - } - errWarn("PR_Connect"); - goto loser; - } -#endif - - /* Import the socket into the SSL layer. */ - sslSocket = SSL_ImportFD(NULL, tcpSocket); - if (!sslSocket) { - errWarn("SSL_ImportFD"); - goto loser; - } - - /* Set configuration options. */ - secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_SECURITY"); - goto loser; - } - - secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_CLIENT"); - goto loser; - } - - /* Set SSL callback routines. */ - secStatus = SSL_GetClientAuthDataHook(sslSocket, - (SSLGetClientAuthData)myGetClientAuthData, - (void *)certNickname); - if (secStatus != SECSuccess) { - errWarn("SSL_GetClientAuthDataHook"); - goto loser; - } - - secStatus = SSL_AuthCertificateHook(sslSocket, - (SSLAuthCertificate)myAuthCertificate, - (void *)CERT_GetDefaultCertDB()); - if (secStatus != SECSuccess) { - errWarn("SSL_AuthCertificateHook"); - goto loser; - } - - secStatus = SSL_BadCertHook(sslSocket, - (SSLBadCertHandler)myBadCertHandler, NULL); - if (secStatus != SECSuccess) { - errWarn("SSL_BadCertHook"); - goto loser; - } - - secStatus = SSL_HandshakeCallback(sslSocket, - (SSLHandshakeCallback)myHandshakeCallback, - NULL); - if (secStatus != SECSuccess) { - errWarn("SSL_HandshakeCallback"); - goto loser; - } - - return sslSocket; - -loser: - - PR_Close(tcpSocket); - return NULL; -} - - -const char requestString[] = {"GET /testfile HTTP/1.0\r\n\r\n" }; - -SECStatus -handle_connection(PRFileDesc *sslSocket, int connection) -{ - int countRead = 0; - PRInt32 numBytes; - char *readBuffer; - - readBuffer = PORT_Alloc(RD_BUF_SIZE); - if (!readBuffer) { - exitErr("PORT_Alloc"); - } - - /* compose the http request here. */ - - numBytes = PR_Write(sslSocket, requestString, strlen(requestString)); - if (numBytes <= 0) { - errWarn("PR_Write"); - PR_Free(readBuffer); - readBuffer = NULL; - return SECFailure; - } - - /* read until EOF */ - while (PR_TRUE) { - numBytes = PR_Read(sslSocket, readBuffer, RD_BUF_SIZE); - if (numBytes == 0) { - break; /* EOF */ - } - if (numBytes < 0) { - errWarn("PR_Read"); - break; - } - countRead += numBytes; - fprintf(stderr, "***** Connection %d read %d bytes (%d total).\n", - connection, numBytes, countRead ); - readBuffer[numBytes] = '\0'; - fprintf(stderr, "************\n%s\n************\n", readBuffer); - } - - printSecurityInfo(sslSocket); - - PR_Free(readBuffer); - readBuffer = NULL; - - /* Caller closes the socket. */ - - fprintf(stderr, - "***** Connection %d read %d bytes total.\n", - connection, countRead); - - return SECSuccess; /* success */ -} - -/* one copy of this function is launched in a separate thread for each -** connection to be made. -*/ -SECStatus -do_connects(void *a, int connection) -{ - PRNetAddr *addr = (PRNetAddr *)a; - PRFileDesc *sslSocket; - PRHostEnt hostEntry; - char buffer[PR_NETDB_BUF_SIZE]; - PRStatus prStatus; - PRIntn hostenum; - SECStatus secStatus; - - /* Set up SSL secure socket. */ - sslSocket = setupSSLSocket(addr); - if (sslSocket == NULL) { - errWarn("setupSSLSocket"); - return SECFailure; - } - - secStatus = SSL_SetPKCS11PinArg(sslSocket, password); - if (secStatus != SECSuccess) { - errWarn("SSL_SetPKCS11PinArg"); - return secStatus; - } - - secStatus = SSL_SetURL(sslSocket, hostName); - if (secStatus != SECSuccess) { - errWarn("SSL_SetURL"); - return secStatus; - } - - /* Prepare and setup network connection. */ - prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry); - if (prStatus != PR_SUCCESS) { - errWarn("PR_GetHostByName"); - return SECFailure; - } - - hostenum = PR_EnumerateHostEnt(0, &hostEntry, port, addr); - if (hostenum == -1) { - errWarn("PR_EnumerateHostEnt"); - return SECFailure; - } - - prStatus = PR_Connect(sslSocket, addr, PR_INTERVAL_NO_TIMEOUT); - if (prStatus != PR_SUCCESS) { - errWarn("PR_Connect"); - return SECFailure; - } - - /* Established SSL connection, ready to send data. */ -#if 0 - secStatus = SSL_ForceHandshake(sslSocket); - if (secStatus != SECSuccess) { - errWarn("SSL_ForceHandshake"); - return secStatus; - } -#endif - - secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_FALSE); - if (secStatus != SECSuccess) { - errWarn("SSL_ResetHandshake"); - prStatus = PR_Close(sslSocket); - if (prStatus != PR_SUCCESS) { - errWarn("PR_Close"); - } - return secStatus; - } - - secStatus = handle_connection(sslSocket, connection); - if (secStatus != SECSuccess) { - errWarn("handle_connection"); - return secStatus; - } - - PR_Close(sslSocket); - return SECSuccess; -} - -void -client_main(unsigned short port, - int connections, - const char * hostName) -{ - int i; - SECStatus secStatus; - PRStatus prStatus; - PRInt32 rv; - PRNetAddr addr; - PRHostEnt hostEntry; - char buffer[256]; - - /* Setup network connection. */ - prStatus = PR_GetHostByName(hostName, buffer, 256, &hostEntry); - if (prStatus != PR_SUCCESS) { - exitErr("PR_GetHostByName"); - } - - rv = PR_EnumerateHostEnt(0, &hostEntry, port, &addr); - if (rv < 0) { - exitErr("PR_EnumerateHostEnt"); - } - - secStatus = launch_thread(&threadMGR, do_connects, &addr, 1); - if (secStatus != SECSuccess) { - exitErr("launch_thread"); - } - - if (connections > 1) { - /* wait for the first connection to terminate, then launch the rest. */ - reap_threads(&threadMGR); - /* Start up the connections */ - for (i = 2; i <= connections; ++i) { - secStatus = launch_thread(&threadMGR, do_connects, &addr, i); - if (secStatus != SECSuccess) { - errWarn("launch_thread"); - } - } - } - - reap_threads(&threadMGR); - destroy_thread_data(&threadMGR); -} - -int -main(int argc, char **argv) -{ - char * certDir = "."; - char * progName = NULL; - int connections = 1; - char * cipherString = NULL; - SECStatus secStatus; - PLOptState * optstate; - PLOptStatus status; - - /* Call the NSPR initialization routines */ - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - - progName = PL_strdup(argv[0]); - - hostName = NULL; - optstate = PL_CreateOptState(argc, argv, "C:c:d:n:p:w:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch(optstate->option) { - case 'C' : cipherString = PL_strdup(optstate->value); break; - case 'c' : connections = PORT_Atoi(optstate->value); break; - case 'd' : certDir = PL_strdup(optstate->value); break; - case 'n' : certNickname = PL_strdup(optstate->value); break; - case 'p' : port = PORT_Atoi(optstate->value); break; - case 'w' : password = PL_strdup(optstate->value); break; - case '\0': hostName = PL_strdup(optstate->value); break; - default : Usage(progName); - } - } - - if (port == 0 || hostName == NULL) - Usage(progName); - - if (certDir == NULL) { - certDir = PR_smprintf("%s/.netscape", getenv("HOME")); - } - - /* Set our password function callback. */ - PK11_SetPasswordFunc(myPasswd); - - /* Initialize the NSS libraries. */ - secStatus = NSS_Init(certDir); - if (secStatus != SECSuccess) { - exitErr("NSS_Init"); - } - - /* All cipher suites except RSA_NULL_MD5 are enabled by Domestic Policy. */ - NSS_SetDomesticPolicy(); - SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE); - - /* all the SSL2 and SSL3 cipher suites are enabled by default. */ - if (cipherString) { - int ndx; - - /* disable all the ciphers, then enable the ones we want. */ - disableAllSSLCiphers(); - - while (0 != (ndx = *cipherString++)) { - int *cptr; - int cipher; - - if (! isalpha(ndx)) - Usage(progName); - cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites; - for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) - /* do nothing */; - if (cipher) { - SSL_CipherPrefSetDefault(cipher, PR_TRUE); - } - } - } - - client_main(port, connections, hostName); - - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - PR_Cleanup(); - return 0; -} - diff --git a/security/nss/cmd/SSLsample/client.mn b/security/nss/cmd/SSLsample/client.mn deleted file mode 100644 index 4ede63e2dc..0000000000 --- a/security/nss/cmd/SSLsample/client.mn +++ /dev/null @@ -1,54 +0,0 @@ -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -MODULE = nss - -EXPORTS = - -CSRCS = client.c \ - sslsample.c \ - $(NULL) - -PROGRAM = client - -REQUIRES = dbm - -IMPORTS = nss/lib/nss - -DEFINES = -DNSPR20 - diff --git a/security/nss/cmd/SSLsample/gencerts b/security/nss/cmd/SSLsample/gencerts deleted file mode 100755 index 61f13e5fab..0000000000 --- a/security/nss/cmd/SSLsample/gencerts +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/sh -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -# Directory for db's, use in all subsequent -d flags. -rm -rf SampleCertDBs -mkdir SampleCertDBs - -# Password to use. -echo sample > passfile - -# Generate the db files, using the above password. -certutil -N -d SampleCertDBs -f passfile - -# Generate the CA cert. This cert is self-signed and only useful for -# test purposes. Set the trust bits to allow it to sign SSL client/server -# certs. -certutil -S -n SampleRootCA -x -t "CTu,CTu,CTu" \ - -s "CN=My Sample Root CA, O=My Organization" \ - -m 25000 -o ./SampleCertDBs/SampleRootCA.crt \ - -d SampleCertDBs -f passfile - -# Generate the server cert. This cert is signed by the CA cert generated -# above. The CN must be hostname.domain.[com|org|net|...]. -certutil -S -n SampleSSLServerCert -c SampleRootCA -t "u,u,u" \ - -s "CN=$HOSTNAME.$MYDOMAIN, O=$HOSTNAME Corp." \ - -m 25001 -o ./SampleCertDBs/SampleSSLServer.crt \ - -d SampleCertDBs -f passfile - -# Generate the client cert. This cert is signed by the CA cert generated -# above. -certutil -S -n SampleSSLClientCert -c SampleRootCA -t "u,u,u" \ - -s "CN=My Client Cert, O=Client Organization" \ - -m 25002 -o ./SampleCertDBs/SampleSSLClient.crt \ - -d SampleCertDBs -f passfile - -# Verify the certificates. -certutil -V -u V -n SampleSSLServerCert -d SampleCertDBs -certutil -V -u C -n SampleSSLClientCert -d SampleCertDBs - -# Remove unneccessary files. -rm -f passfile -rm -f tempcert* - -# You are now ready to run your client/server! Example command lines: -# server -n SampleSSLServerCert -p 8080 -d SampleCertDBs -w sample -c e -R -# client -n SampleSSLClientCert -p 8080 -d SampleCertDBs -w sample -c 2 trane.mcom.com diff --git a/security/nss/cmd/SSLsample/make.client b/security/nss/cmd/SSLsample/make.client deleted file mode 100644 index 4bf4c40cd7..0000000000 --- a/security/nss/cmd/SSLsample/make.client +++ /dev/null @@ -1,81 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include client.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -#include $(CORE_DEPTH)/$(MODULE)/config/config.mk - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -#CC = cc - - diff --git a/security/nss/cmd/SSLsample/make.server b/security/nss/cmd/SSLsample/make.server deleted file mode 100644 index ce90a2f86c..0000000000 --- a/security/nss/cmd/SSLsample/make.server +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include server.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -#include $(CORE_DEPTH)/$(MODULE)/config/config.mk - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - diff --git a/security/nss/cmd/SSLsample/server.c b/security/nss/cmd/SSLsample/server.c deleted file mode 100644 index 5965d4723f..0000000000 --- a/security/nss/cmd/SSLsample/server.c +++ /dev/null @@ -1,821 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/**************************************************************************** - * SSL server program listens on a port, accepts client connection, reads * - * request and responds to it * - ****************************************************************************/ - -/* Generic header files */ - -#include -#include - -/* NSPR header files */ - -#include "nspr.h" -#include "plgetopt.h" -#include "prerror.h" -#include "prnetdb.h" - -/* NSS header files */ - -#include "pk11func.h" -#include "secitem.h" -#include "ssl.h" -#include "certt.h" -#include "nss.h" -#include "secder.h" -#include "key.h" -#include "sslproto.h" - -/* Custom header files */ - -#include "sslsample.h" - -#ifndef PORT_Sprintf -#define PORT_Sprintf sprintf -#endif - -#define REQUEST_CERT_ONCE 1 -#define REQUIRE_CERT_ONCE 2 -#define REQUEST_CERT_ALL 3 -#define REQUIRE_CERT_ALL 4 - -/* Global variables */ -GlobalThreadMgr threadMGR; -char *password = NULL; -CERTCertificate *cert = NULL; -SECKEYPrivateKey *privKey = NULL; -int stopping; - -static void -Usage(const char *progName) -{ - fprintf(stderr, - -"Usage: %s -n rsa_nickname -p port [-3RFrf] [-w password]\n" -" [-c ciphers] [-d dbdir] \n" -"-3 means disable SSL v3\n" -"-r means request certificate on first handshake.\n" -"-f means require certificate on first handshake.\n" -"-R means request certificate on all handshakes.\n" -"-F means require certificate on all handshakes.\n" -"-c ciphers Letter(s) chosen from the following list\n" -"A SSL2 RC4 128 WITH MD5\n" -"B SSL2 RC4 128 EXPORT40 WITH MD5\n" -"C SSL2 RC2 128 CBC WITH MD5\n" -"D SSL2 RC2 128 CBC EXPORT40 WITH MD5\n" -"E SSL2 DES 64 CBC WITH MD5\n" -"F SSL2 DES 192 EDE3 CBC WITH MD5\n" -"\n" -"c SSL3 RSA WITH RC4 128 MD5\n" -"d SSL3 RSA WITH 3DES EDE CBC SHA\n" -"e SSL3 RSA WITH DES CBC SHA\n" -"f SSL3 RSA EXPORT WITH RC4 40 MD5\n" -"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n" -"i SSL3 RSA WITH NULL MD5\n" -"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n" -"k SSL3 RSA FIPS WITH DES CBC SHA\n" -"l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n" -"m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n", - progName); - exit(1); -} - -/* Function: readDataFromSocket() - * - * Purpose: Parse an HTTP request by reading data from a GET or POST. - * - */ -SECStatus -readDataFromSocket(PRFileDesc *sslSocket, DataBuffer *buffer, char **fileName) -{ - char *post; - int numBytes = 0; - int newln = 0; /* # of consecutive newlns */ - - /* Read data while it comes in from the socket. */ - while (PR_TRUE) { - buffer->index = 0; - newln = 0; - - /* Read the buffer. */ - numBytes = PR_Read(sslSocket, &buffer->data[buffer->index], - buffer->remaining); - if (numBytes <= 0) { - errWarn("PR_Read"); - return SECFailure; - } - buffer->dataEnd = buffer->dataStart + numBytes; - - /* Parse the input, starting at the beginning of the buffer. - * Stop when we detect two consecutive \n's (or \r\n's) - * as this signifies the end of the GET or POST portion. - * The posted data follows. - */ - while (buffer->index < buffer->dataEnd && newln < 2) { - int octet = buffer->data[buffer->index++]; - if (octet == '\n') { - newln++; - } else if (octet != '\r') { - newln = 0; - } - } - - /* Came to the end of the buffer, or second newline. - * If we didn't get an empty line ("\r\n\r\n"), then keep on reading. - */ - if (newln < 2) - continue; - - /* we're at the end of the HTTP request. - * If the request is a POST, then there will be one more - * line of data. - * This parsing is a hack, but ok for SSL test purposes. - */ - post = PORT_Strstr(buffer->data, "POST "); - if (!post || *post != 'P') - break; - - /* It's a post, so look for the next and final CR/LF. */ - /* We should parse content length here, but ... */ - while (buffer->index < buffer->dataEnd && newln < 3) { - int octet = buffer->data[buffer->index++]; - if (octet == '\n') { - newln++; - } - } - - if (newln == 3) - break; - } - - /* Have either (a) a complete get, (b) a complete post, (c) EOF */ - - /* Execute a "GET " operation. */ - if (buffer->index > 0 && PORT_Strncmp(buffer->data, "GET ", 4) == 0) { - int fnLength; - - /* File name is the part after "GET ". */ - fnLength = strcspn(buffer->data + 5, " \r\n"); - *fileName = (char *)PORT_Alloc(fnLength + 1); - PORT_Strncpy(*fileName, buffer->data + 5, fnLength); - (*fileName)[fnLength] = '\0'; - } - - return SECSuccess; -} - -/* Function: authenticateSocket() - * - * Purpose: Configure a socket for SSL. - * - * - */ -PRFileDesc * -setupSSLSocket(PRFileDesc *tcpSocket, int requestCert) -{ - PRFileDesc *sslSocket; - SSLKEAType certKEA; - int certErr = 0; - SECStatus secStatus; - - /* Set the appropriate flags. */ - - sslSocket = SSL_ImportFD(NULL, tcpSocket); - if (sslSocket == NULL) { - errWarn("SSL_ImportFD"); - goto loser; - } - - secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet SSL_SECURITY"); - goto loser; - } - - secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_SERVER, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_SERVER"); - goto loser; - } - - secStatus = SSL_OptionSet(sslSocket, SSL_REQUEST_CERTIFICATE, - (requestCert >= REQUEST_CERT_ONCE)); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_REQUEST_CERTIFICATE"); - goto loser; - } - - secStatus = SSL_OptionSet(sslSocket, SSL_REQUIRE_CERTIFICATE, - (requestCert == REQUIRE_CERT_ONCE)); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_REQUIRE_CERTIFICATE"); - goto loser; - } - - /* Set the appropriate callback routines. */ - - secStatus = SSL_AuthCertificateHook(sslSocket, myAuthCertificate, - CERT_GetDefaultCertDB()); - if (secStatus != SECSuccess) { - errWarn("SSL_AuthCertificateHook"); - goto loser; - } - - secStatus = SSL_BadCertHook(sslSocket, - (SSLBadCertHandler)myBadCertHandler, &certErr); - if (secStatus != SECSuccess) { - errWarn("SSL_BadCertHook"); - goto loser; - } - - secStatus = SSL_HandshakeCallback(sslSocket, - (SSLHandshakeCallback)myHandshakeCallback, - NULL); - if (secStatus != SECSuccess) { - errWarn("SSL_HandshakeCallback"); - goto loser; - } - - secStatus = SSL_SetPKCS11PinArg(sslSocket, password); - if (secStatus != SECSuccess) { - errWarn("SSL_HandshakeCallback"); - goto loser; - } - - certKEA = NSS_FindCertKEAType(cert); - - secStatus = SSL_ConfigSecureServer(sslSocket, cert, privKey, certKEA); - if (secStatus != SECSuccess) { - errWarn("SSL_ConfigSecureServer"); - goto loser; - } - - return sslSocket; - -loser: - - PR_Close(tcpSocket); - return NULL; -} - -/* Function: authenticateSocket() - * - * Purpose: Perform client authentication on the socket. - * - */ -SECStatus -authenticateSocket(PRFileDesc *sslSocket, PRBool requireCert) -{ - CERTCertificate *cert; - SECStatus secStatus; - - /* Returns NULL if client authentication is not enabled or if the - * client had no certificate. */ - cert = SSL_PeerCertificate(sslSocket); - if (cert) { - /* Client had a certificate, so authentication is through. */ - CERT_DestroyCertificate(cert); - return SECSuccess; - } - - /* Request client to authenticate itself. */ - secStatus = SSL_OptionSet(sslSocket, SSL_REQUEST_CERTIFICATE, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_REQUEST_CERTIFICATE"); - return SECFailure; - } - - /* If desired, require client to authenticate itself. Note - * SSL_REQUEST_CERTIFICATE must also be on, as above. */ - secStatus = SSL_OptionSet(sslSocket, SSL_REQUIRE_CERTIFICATE, requireCert); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_REQUIRE_CERTIFICATE"); - return SECFailure; - } - - /* Having changed socket configuration parameters, redo handshake. */ - secStatus = SSL_ReHandshake(sslSocket, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_ReHandshake"); - return SECFailure; - } - - /* Force the handshake to complete before moving on. */ - secStatus = SSL_ForceHandshake(sslSocket); - if (secStatus != SECSuccess) { - errWarn("SSL_ForceHandshake"); - return SECFailure; - } - - return SECSuccess; -} - -/* Function: writeDataToSocket - * - * Purpose: Write the client's request back to the socket. If the client - * requested a file, dump it to the socket. - * - */ -SECStatus -writeDataToSocket(PRFileDesc *sslSocket, DataBuffer *buffer, char *fileName) -{ - int headerLength; - int numBytes; - char messageBuffer[120]; - PRFileDesc *local_file_fd = NULL; - char header[] = "

Sample SSL server



"; - char filehd[] = "

The file you requested:


"; - char reqhd[] = "

This is your request:


"; - char link[] = "Try getting a file
"; - char footer[] = "

End of request.


"; - - headerLength = PORT_Strlen(defaultHeader); - - /* Write a header to the socket. */ - numBytes = PR_Write(sslSocket, header, PORT_Strlen(header)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - - if (fileName) { - PRFileInfo info; - PRStatus prStatus; - - /* Try to open the local file named. - * If successful, then write it to the client. - */ - prStatus = PR_GetFileInfo(fileName, &info); - if (prStatus != PR_SUCCESS || - info.type != PR_FILE_FILE || - info.size < 0) { - PORT_Free(fileName); - /* Maybe a GET not sent from client.c? */ - goto writerequest; - } - - local_file_fd = PR_Open(fileName, PR_RDONLY, 0); - if (local_file_fd == NULL) { - PORT_Free(fileName); - goto writerequest; - } - - /* Write a header to the socket. */ - numBytes = PR_Write(sslSocket, filehd, PORT_Strlen(filehd)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - - /* Transmit the local file prepended by the default header - * across the socket. - */ - numBytes = PR_TransmitFile(sslSocket, local_file_fd, - defaultHeader, headerLength, - PR_TRANSMITFILE_KEEP_OPEN, - PR_INTERVAL_NO_TIMEOUT); - - /* Error in transmission. */ - if (numBytes < 0) { - errWarn("PR_TransmitFile"); - /* - i = PORT_Strlen(errString); - PORT_Memcpy(buf, errString, i); - */ - /* Transmitted bytes successfully. */ - } else { - numBytes -= headerLength; - fprintf(stderr, "PR_TransmitFile wrote %d bytes from %s\n", - numBytes, fileName); - } - - PORT_Free(fileName); - PR_Close(local_file_fd); - } - -writerequest: - - /* Write a header to the socket. */ - numBytes = PR_Write(sslSocket, reqhd, PORT_Strlen(reqhd)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - - /* Write the buffer data to the socket. */ - if (buffer->index <= 0) { - /* Reached the EOF. Report incomplete transaction to socket. */ - PORT_Sprintf(messageBuffer, - "GET or POST incomplete after %d bytes.\r\n", - buffer->dataEnd); - numBytes = PR_Write(sslSocket, messageBuffer, - PORT_Strlen(messageBuffer)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - } else { - /* Display the buffer data. */ - fwrite(buffer->data, 1, buffer->index, stdout); - /* Write the buffer data to the socket. */ - numBytes = PR_Write(sslSocket, buffer->data, buffer->index); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - /* Display security information for the socket. */ - printSecurityInfo(sslSocket); - /* Write any discarded data out to the socket. */ - if (buffer->index < buffer->dataEnd) { - PORT_Sprintf(buffer->data, "Discarded %d characters.\r\n", - buffer->dataEnd - buffer->index); - numBytes = PR_Write(sslSocket, buffer->data, - PORT_Strlen(buffer->data)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - } - } - - /* Write a footer to the socket. */ - numBytes = PR_Write(sslSocket, footer, PORT_Strlen(footer)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - - /* Write a link to the socket. */ - numBytes = PR_Write(sslSocket, link, PORT_Strlen(link)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - - /* Complete the HTTP transaction. */ - numBytes = PR_Write(sslSocket, "EOF\r\n\r\n\r\n", 9); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - - /* Do a nice shutdown if asked. */ - if (!strncmp(buffer->data, stopCmd, strlen(stopCmd))) { - stopping = 1; - } - return SECSuccess; - -loser: - - /* Do a nice shutdown if asked. */ - if (!strncmp(buffer->data, stopCmd, strlen(stopCmd))) { - stopping = 1; - } - return SECFailure; -} - -/* Function: int handle_connection() - * - * Purpose: Thread to handle a connection to a socket. - * - */ -SECStatus -handle_connection(void *tcp_sock, int requestCert) -{ - PRFileDesc * tcpSocket = (PRFileDesc *)tcp_sock; - PRFileDesc * sslSocket = NULL; - SECStatus secStatus = SECFailure; - PRStatus prStatus; - PRSocketOptionData socketOption; - DataBuffer buffer; - char * fileName = NULL; - - /* Initialize the data buffer. */ - memset(buffer.data, 0, BUFFER_SIZE); - buffer.remaining = BUFFER_SIZE; - buffer.index = 0; - buffer.dataStart = 0; - buffer.dataEnd = 0; - - /* Make sure the socket is blocking. */ - socketOption.option = PR_SockOpt_Nonblocking; - socketOption.value.non_blocking = PR_FALSE; - PR_SetSocketOption(tcpSocket, &socketOption); - - sslSocket = setupSSLSocket(tcpSocket, requestCert); - if (sslSocket == NULL) { - errWarn("setupSSLSocket"); - goto cleanup; - } - - secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_ResetHandshake"); - goto cleanup; - } - - /* Read data from the socket, parse it for HTTP content. - * If the user is requesting/requiring authentication, authenticate - * the socket. Then write the result back to the socket. */ - fprintf(stdout, "\nReading data from socket...\n\n"); - secStatus = readDataFromSocket(sslSocket, &buffer, &fileName); - if (secStatus != SECSuccess) { - goto cleanup; - } - if (requestCert >= REQUEST_CERT_ALL) { - fprintf(stdout, "\nAuthentication requested.\n\n"); - secStatus = authenticateSocket(sslSocket, - (requestCert == REQUIRE_CERT_ALL)); - if (secStatus != SECSuccess) { - goto cleanup; - } - } - - fprintf(stdout, "\nWriting data to socket...\n\n"); - secStatus = writeDataToSocket(sslSocket, &buffer, fileName); - -cleanup: - - /* Close down the socket. */ - prStatus = PR_Close(tcpSocket); - if (prStatus != PR_SUCCESS) { - errWarn("PR_Close"); - } - - return secStatus; -} - -/* Function: int accept_connection() - * - * Purpose: Thread to accept a connection to the socket. - * - */ -SECStatus -accept_connection(void *listener, int requestCert) -{ - PRFileDesc *listenSocket = (PRFileDesc*)listener; - PRNetAddr addr; - PRStatus prStatus; - - /* XXX need an SSL socket here? */ - while (!stopping) { - PRFileDesc *tcpSocket; - SECStatus result; - - fprintf(stderr, "\n\n\nAbout to call accept.\n"); - - /* Accept a connection to the socket. */ - tcpSocket = PR_Accept(listenSocket, &addr, PR_INTERVAL_NO_TIMEOUT); - if (tcpSocket == NULL) { - errWarn("PR_Accept"); - break; - } - - /* Accepted the connection, now handle it. */ - result = launch_thread(&threadMGR, handle_connection, - tcpSocket, requestCert); - - if (result != SECSuccess) { - prStatus = PR_Close(tcpSocket); - if (prStatus != PR_SUCCESS) { - exitErr("PR_Close"); - } - break; - } - } - - fprintf(stderr, "Closing listen socket.\n"); - - prStatus = PR_Close(listenSocket); - if (prStatus != PR_SUCCESS) { - exitErr("PR_Close"); - } - return SECSuccess; -} - -/* Function: void server_main() - * - * Purpose: This is the server's main function. It configures a socket - * and listens to it. - * - */ -void -server_main( - unsigned short port, - int requestCert, - SECKEYPrivateKey * privKey, - CERTCertificate * cert, - PRBool disableSSL3) -{ - SECStatus secStatus; - PRStatus prStatus; - PRFileDesc * listenSocket; - PRNetAddr addr; - PRSocketOptionData socketOption; - - /* Create a new socket. */ - listenSocket = PR_NewTCPSocket(); - if (listenSocket == NULL) { - exitErr("PR_NewTCPSocket"); - } - - /* Set socket to be blocking - - * on some platforms the default is nonblocking. - */ - socketOption.option = PR_SockOpt_Nonblocking; - socketOption.value.non_blocking = PR_FALSE; - - prStatus = PR_SetSocketOption(listenSocket, &socketOption); - if (prStatus != PR_SUCCESS) { - exitErr("PR_SetSocketOption"); - } - - /* This cipher is not on by default. The Acceptance test - * would like it to be. Turn this cipher on. - */ - secStatus = SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE); - if (secStatus != SECSuccess) { - exitErr("SSL_CipherPrefSetDefault:SSL_RSA_WITH_NULL_MD5"); - } - - /* Configure the network connection. */ - addr.inet.family = PR_AF_INET; - addr.inet.ip = PR_INADDR_ANY; - addr.inet.port = PR_htons(port); - - /* Bind the address to the listener socket. */ - prStatus = PR_Bind(listenSocket, &addr); - if (prStatus != PR_SUCCESS) { - exitErr("PR_Bind"); - } - - /* Listen for connection on the socket. The second argument is - * the maximum size of the queue for pending connections. - */ - prStatus = PR_Listen(listenSocket, 5); - if (prStatus != PR_SUCCESS) { - exitErr("PR_Listen"); - } - - /* Launch thread to handle connections to the socket. */ - secStatus = launch_thread(&threadMGR, accept_connection, - listenSocket, requestCert); - if (secStatus != SECSuccess) { - PR_Close(listenSocket); - } else { - reap_threads(&threadMGR); - destroy_thread_data(&threadMGR); - } -} - -/* Function: int main() - * - * Purpose: Parses command arguments and configures SSL server. - * - */ -int -main(int argc, char **argv) -{ - char * progName = NULL; - char * nickName = NULL; - char * cipherString = NULL; - char * dir = "."; - int requestCert = 0; - unsigned short port = 0; - SECStatus secStatus; - PRBool disableSSL3 = PR_FALSE; - PLOptState * optstate; - PLOptStatus status; - - /* Zero out the thread manager. */ - PORT_Memset(&threadMGR, 0, sizeof(threadMGR)); - - progName = PL_strdup(argv[0]); - - optstate = PL_CreateOptState(argc, argv, "3FRc:d:fp:n:rw:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch(optstate->option) { - case '3': disableSSL3 = PR_TRUE; break; - case 'F': requestCert = REQUIRE_CERT_ALL; break; - case 'R': requestCert = REQUEST_CERT_ALL; break; - case 'c': cipherString = PL_strdup(optstate->value); break; - case 'd': dir = PL_strdup(optstate->value); break; - case 'f': requestCert = REQUIRE_CERT_ONCE; break; - case 'n': nickName = PL_strdup(optstate->value); break; - case 'p': port = PORT_Atoi(optstate->value); break; - case 'r': requestCert = REQUEST_CERT_ONCE; break; - case 'w': password = PL_strdup(optstate->value); break; - default: - case '?': Usage(progName); - } - } - - if (nickName == NULL || port == 0) - Usage(progName); - - /* Call the NSPR initialization routines. */ - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - - /* Set the cert database password callback. */ - PK11_SetPasswordFunc(myPasswd); - - /* Initialize NSS. */ - secStatus = NSS_Init(dir); - if (secStatus != SECSuccess) { - exitErr("NSS_Init"); - } - - /* Set the policy for this server (REQUIRED - no default). */ - secStatus = NSS_SetDomesticPolicy(); - if (secStatus != SECSuccess) { - exitErr("NSS_SetDomesticPolicy"); - } - - /* XXX keep this? */ - /* all the SSL2 and SSL3 cipher suites are enabled by default. */ - if (cipherString) { - int ndx; - - /* disable all the ciphers, then enable the ones we want. */ - disableAllSSLCiphers(); - - while (0 != (ndx = *cipherString++)) { - int *cptr; - int cipher; - - if (! isalpha(ndx)) - Usage(progName); - cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites; - for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) - /* do nothing */; - if (cipher) { - SECStatus status; - status = SSL_CipherPrefSetDefault(cipher, PR_TRUE); - if (status != SECSuccess) - errWarn("SSL_CipherPrefSetDefault()"); - } - } - } - - /* Get own certificate and private key. */ - cert = PK11_FindCertFromNickname(nickName, password); - if (cert == NULL) { - exitErr("PK11_FindCertFromNickname"); - } - - privKey = PK11_FindKeyByAnyCert(cert, password); - if (privKey == NULL) { - exitErr("PK11_FindKeyByAnyCert"); - } - - /* Configure the server's cache for a multi-process application - * using default timeout values (24 hrs) and directory location (/tmp). - */ - SSL_ConfigMPServerSIDCache(256, 0, 0, NULL); - - /* Launch server. */ - server_main(port, requestCert, privKey, cert, disableSSL3); - - /* Shutdown NSS and exit NSPR gracefully. */ - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - PR_Cleanup(); - return 0; -} diff --git a/security/nss/cmd/SSLsample/server.mn b/security/nss/cmd/SSLsample/server.mn deleted file mode 100644 index 50ec860c7f..0000000000 --- a/security/nss/cmd/SSLsample/server.mn +++ /dev/null @@ -1,52 +0,0 @@ -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -MODULE = nss - -EXPORTS = - -CSRCS = server.c \ - sslsample.c \ - $(NULL) - -PROGRAM = server - -REQUIRES = dbm - -DEFINES = -DNSPR20 - diff --git a/security/nss/cmd/SSLsample/sslerror.h b/security/nss/cmd/SSLsample/sslerror.h deleted file mode 100644 index aa64dc4d65..0000000000 --- a/security/nss/cmd/SSLsample/sslerror.h +++ /dev/null @@ -1,113 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include -#include -#include "nspr.h" - -struct tuple_str { - PRErrorCode errNum; - const char * errString; -}; - -typedef struct tuple_str tuple_str; - -#define ER2(a,b) {a, b}, -#define ER3(a,b,c) {a, c}, - -#include "secerr.h" -#include "sslerr.h" - -const tuple_str errStrings[] = { - -/* keep this list in asceding order of error numbers */ -#include "SSLerrs.h" -#include "SECerrs.h" -#include "NSPRerrs.h" - -}; - -const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str); - -/* Returns a UTF-8 encoded constant error string for "errNum". - * Returns NULL of errNum is unknown. - */ -const char * -SSL_Strerror(PRErrorCode errNum) { - PRInt32 low = 0; - PRInt32 high = numStrings - 1; - PRInt32 i; - PRErrorCode num; - static int initDone; - - /* make sure table is in ascending order. - * binary search depends on it. - */ - if (!initDone) { - PRErrorCode lastNum = (PRInt32)0x80000000; - for (i = low; i <= high; ++i) { - num = errStrings[i].errNum; - if (num <= lastNum) { - fprintf(stderr, -"sequence error in error strings at item %d\n" -"error %d (%s)\n" -"should come after \n" -"error %d (%s)\n", - i, lastNum, errStrings[i-1].errString, - num, errStrings[i].errString); - } - lastNum = num; - } - initDone = 1; - } - - /* Do binary search of table. */ - while (low + 1 < high) { - i = (low + high) / 2; - num = errStrings[i].errNum; - if (errNum == num) - return errStrings[i].errString; - if (errNum < num) - high = i; - else - low = i; - } - if (errNum == errStrings[low].errNum) - return errStrings[low].errString; - if (errNum == errStrings[high].errNum) - return errStrings[high].errString; - return NULL; -} diff --git a/security/nss/cmd/SSLsample/sslsample.c b/security/nss/cmd/SSLsample/sslsample.c deleted file mode 100644 index 422d453de5..0000000000 --- a/security/nss/cmd/SSLsample/sslsample.c +++ /dev/null @@ -1,594 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include "sslsample.h" -#include "sslerror.h" - -/* Declare SSL cipher suites. */ - -int ssl2CipherSuites[] = { - SSL_EN_RC4_128_WITH_MD5, /* A */ - SSL_EN_RC4_128_EXPORT40_WITH_MD5, /* B */ - SSL_EN_RC2_128_CBC_WITH_MD5, /* C */ - SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */ - SSL_EN_DES_64_CBC_WITH_MD5, /* E */ - SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* F */ - 0 -}; - -int ssl3CipherSuites[] = { - -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA a */ - -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */ - SSL_RSA_WITH_RC4_128_MD5, /* c */ - SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ - SSL_RSA_WITH_DES_CBC_SHA, /* e */ - SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ - -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */ - SSL_RSA_WITH_NULL_MD5, /* i */ - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ - SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ - 0 -}; - -/************************************************************************** -** -** SSL callback routines. -** -**************************************************************************/ - -/* Function: char * myPasswd() - * - * Purpose: This function is our custom password handler that is called by - * SSL when retreiving private certs and keys from the database. Returns a - * pointer to a string that with a password for the database. Password pointer - * should point to dynamically allocated memory that will be freed later. - */ -char * -myPasswd(PK11SlotInfo *info, PRBool retry, void *arg) -{ - char * passwd = NULL; - - if ( (!retry) && arg ) { - passwd = PORT_Strdup((char *)arg); - } - - return passwd; -} - -/* Function: SECStatus myAuthCertificate() - * - * Purpose: This function is our custom certificate authentication handler. - * - * Note: This implementation is essentially the same as the default - * SSL_AuthCertificate(). - */ -SECStatus -myAuthCertificate(void *arg, PRFileDesc *socket, - PRBool checksig, PRBool isServer) -{ - - SECCertUsage certUsage; - CERTCertificate * cert; - void * pinArg; - char * hostName; - SECStatus secStatus; - - if (!arg || !socket) { - errWarn("myAuthCertificate"); - return SECFailure; - } - - /* Define how the cert is being used based upon the isServer flag. */ - - certUsage = isServer ? certUsageSSLClient : certUsageSSLServer; - - cert = SSL_PeerCertificate(socket); - - pinArg = SSL_RevealPinArg(socket); - - secStatus = CERT_VerifyCertNow((CERTCertDBHandle *)arg, - cert, - checksig, - certUsage, - pinArg); - - /* If this is a server, we're finished. */ - if (isServer || secStatus != SECSuccess) { - CERT_DestroyCertificate(cert); - return secStatus; - } - - /* Certificate is OK. Since this is the client side of an SSL - * connection, we need to verify that the name field in the cert - * matches the desired hostname. This is our defense against - * man-in-the-middle attacks. - */ - - /* SSL_RevealURL returns a hostName, not an URL. */ - hostName = SSL_RevealURL(socket); - - if (hostName && hostName[0]) { - secStatus = CERT_VerifyCertName(cert, hostName); - } else { - PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0); - secStatus = SECFailure; - } - - if (hostName) - PR_Free(hostName); - - CERT_DestroyCertificate(cert); - return secStatus; -} - -/* Function: SECStatus myBadCertHandler() - * - * Purpose: This callback is called when the incoming certificate is not - * valid. We define a certain set of parameters that still cause the - * certificate to be "valid" for this session, and return SECSuccess to cause - * the server to continue processing the request when any of these conditions - * are met. Otherwise, SECFailure is return and the server rejects the - * request. - */ -SECStatus -myBadCertHandler(void *arg, PRFileDesc *socket) -{ - - SECStatus secStatus = SECFailure; - PRErrorCode err; - - /* log invalid cert here */ - - if (!arg) { - return secStatus; - } - - *(PRErrorCode *)arg = err = PORT_GetError(); - - /* If any of the cases in the switch are met, then we will proceed */ - /* with the processing of the request anyway. Otherwise, the default */ - /* case will be reached and we will reject the request. */ - - switch (err) { - case SEC_ERROR_INVALID_AVA: - case SEC_ERROR_INVALID_TIME: - case SEC_ERROR_BAD_SIGNATURE: - case SEC_ERROR_EXPIRED_CERTIFICATE: - case SEC_ERROR_UNKNOWN_ISSUER: - case SEC_ERROR_UNTRUSTED_CERT: - case SEC_ERROR_CERT_VALID: - case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: - case SEC_ERROR_CRL_EXPIRED: - case SEC_ERROR_CRL_BAD_SIGNATURE: - case SEC_ERROR_EXTENSION_VALUE_INVALID: - case SEC_ERROR_CA_CERT_INVALID: - case SEC_ERROR_CERT_USAGES_INVALID: - case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION: - secStatus = SECSuccess; - break; - default: - secStatus = SECFailure; - break; - } - - printf("Bad certificate: %d, %s\n", err, SSL_Strerror(err)); - - return secStatus; -} - -/* Function: SECStatus ownGetClientAuthData() - * - * Purpose: This callback is used by SSL to pull client certificate - * information upon server request. - */ -SECStatus -myGetClientAuthData(void *arg, - PRFileDesc *socket, - struct CERTDistNamesStr *caNames, - struct CERTCertificateStr **pRetCert, - struct SECKEYPrivateKeyStr **pRetKey) -{ - - CERTCertificate * cert; - SECKEYPrivateKey * privKey; - char * chosenNickName = (char *)arg; - void * proto_win = NULL; - SECStatus secStatus = SECFailure; - - proto_win = SSL_RevealPinArg(socket); - - if (chosenNickName) { - cert = PK11_FindCertFromNickname(chosenNickName, proto_win); - if (cert) { - privKey = PK11_FindKeyByAnyCert(cert, proto_win); - if (privKey) { - secStatus = SECSuccess; - } else { - CERT_DestroyCertificate(cert); - } - } - } else { /* no nickname given, automatically find the right cert */ - CERTCertNicknames *names; - int i; - - names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(), - SEC_CERT_NICKNAMES_USER, proto_win); - - if (names != NULL) { - for(i = 0; i < names->numnicknames; i++ ) { - - cert = PK11_FindCertFromNickname(names->nicknames[i], - proto_win); - if (!cert) { - continue; - } - - /* Only check unexpired certs */ - if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE) - != secCertTimeValid ) { - CERT_DestroyCertificate(cert); - continue; - } - - secStatus = NSS_CmpCertChainWCANames(cert, caNames); - if (secStatus == SECSuccess) { - privKey = PK11_FindKeyByAnyCert(cert, proto_win); - if (privKey) { - break; - } - secStatus = SECFailure; - break; - } - } /* for loop */ - CERT_FreeNicknames(names); - } - } - - if (secStatus == SECSuccess) { - *pRetCert = cert; - *pRetKey = privKey; - } - - return secStatus; -} - -/* Function: SECStatus myHandshakeCallback() - * - * Purpose: Called by SSL to inform application that the handshake is - * complete. This function is mostly used on the server side of an SSL - * connection, although it is provided for a client as well. - * Useful when a non-blocking SSL_ReHandshake or SSL_ResetHandshake - * is used to initiate a handshake. - * - * A typical scenario would be: - * - * 1. Server accepts an SSL connection from the client without client auth. - * 2. Client sends a request. - * 3. Server determines that to service request it needs to authenticate the - * client and initiates another handshake requesting client auth. - * 4. While handshake is in progress, server can do other work or spin waiting - * for the handshake to complete. - * 5. Server is notified that handshake has been successfully completed by - * the custom handshake callback function and it can service the client's - * request. - * - * Note: This function is not implemented in this sample, as we are using - * blocking sockets. - */ -SECStatus -myHandshakeCallback(PRFileDesc *socket, void *arg) -{ - printf("Handshake has completed, ready to send data securely.\n"); - return SECSuccess; -} - - -/************************************************************************** -** -** Routines for disabling SSL ciphers. -** -**************************************************************************/ - -void -disableAllSSLCiphers(void) -{ - const PRUint16 *cipherSuites = SSL_ImplementedCiphers; - int i = SSL_NumImplementedCiphers; - SECStatus rv; - - /* disable all the SSL3 cipher suites */ - while (--i >= 0) { - PRUint16 suite = cipherSuites[i]; - rv = SSL_CipherPrefSetDefault(suite, PR_FALSE); - if (rv != SECSuccess) { - printf("SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n", - suite, i); - errWarn("SSL_CipherPrefSetDefault"); - exit(2); - } - } -} - -/************************************************************************** -** -** Error and information routines. -** -**************************************************************************/ - -void -errWarn(char *function) -{ - PRErrorCode errorNumber = PR_GetError(); - const char * errorString = SSL_Strerror(errorNumber); - - printf("Error in function %s: %d\n - %s\n", - function, errorNumber, errorString); -} - -void -exitErr(char *function) -{ - errWarn(function); - /* Exit gracefully. */ - /* ignoring return value of NSS_Shutdown as code exits with 1*/ - (void) NSS_Shutdown(); - PR_Cleanup(); - exit(1); -} - -void -printSecurityInfo(PRFileDesc *fd) -{ - char * cp; /* bulk cipher name */ - char * ip; /* cert issuer DN */ - char * sp; /* cert subject DN */ - int op; /* High, Low, Off */ - int kp0; /* total key bits */ - int kp1; /* secret key bits */ - int result; - SSL3Statistics * ssl3stats = SSL_GetStatistics(); - - result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp); - if (result != SECSuccess) - return; - printf("bulk cipher %s, %d secret key bits, %d key bits, status: %d\n" - "subject DN: %s\n" - "issuer DN: %s\n", cp, kp1, kp0, op, sp, ip); - PR_Free(cp); - PR_Free(ip); - PR_Free(sp); - - printf("%ld cache hits; %ld cache misses, %ld cache not reusable\n", - ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses, - ssl3stats->hch_sid_cache_not_ok); - -} - - -/************************************************************************** -** Begin thread management routines and data. -**************************************************************************/ - -void -thread_wrapper(void * arg) -{ - GlobalThreadMgr *threadMGR = (GlobalThreadMgr *)arg; - perThread *slot = &threadMGR->threads[threadMGR->index]; - - /* wait for parent to finish launching us before proceeding. */ - PR_Lock(threadMGR->threadLock); - PR_Unlock(threadMGR->threadLock); - - slot->rv = (* slot->startFunc)(slot->a, slot->b); - - PR_Lock(threadMGR->threadLock); - slot->running = rs_zombie; - - /* notify the thread exit handler. */ - PR_NotifyCondVar(threadMGR->threadEndQ); - - PR_Unlock(threadMGR->threadLock); -} - -SECStatus -launch_thread(GlobalThreadMgr *threadMGR, - startFn *startFunc, - void *a, - int b) -{ - perThread *slot; - int i; - - if (!threadMGR->threadStartQ) { - threadMGR->threadLock = PR_NewLock(); - threadMGR->threadStartQ = PR_NewCondVar(threadMGR->threadLock); - threadMGR->threadEndQ = PR_NewCondVar(threadMGR->threadLock); - } - PR_Lock(threadMGR->threadLock); - while (threadMGR->numRunning >= MAX_THREADS) { - PR_WaitCondVar(threadMGR->threadStartQ, PR_INTERVAL_NO_TIMEOUT); - } - for (i = 0; i < threadMGR->numUsed; ++i) { - slot = &threadMGR->threads[i]; - if (slot->running == rs_idle) - break; - } - if (i >= threadMGR->numUsed) { - if (i >= MAX_THREADS) { - /* something's really wrong here. */ - PORT_Assert(i < MAX_THREADS); - PR_Unlock(threadMGR->threadLock); - return SECFailure; - } - ++(threadMGR->numUsed); - PORT_Assert(threadMGR->numUsed == i + 1); - slot = &threadMGR->threads[i]; - } - - slot->a = a; - slot->b = b; - slot->startFunc = startFunc; - - threadMGR->index = i; - - slot->prThread = PR_CreateThread(PR_USER_THREAD, - thread_wrapper, threadMGR, - PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, - PR_JOINABLE_THREAD, 0); - - if (slot->prThread == NULL) { - PR_Unlock(threadMGR->threadLock); - printf("Failed to launch thread!\n"); - return SECFailure; - } - - slot->inUse = 1; - slot->running = 1; - ++(threadMGR->numRunning); - PR_Unlock(threadMGR->threadLock); - printf("Launched thread in slot %d \n", threadMGR->index); - - return SECSuccess; -} - -SECStatus -reap_threads(GlobalThreadMgr *threadMGR) -{ - perThread * slot; - int i; - - if (!threadMGR->threadLock) - return 0; - PR_Lock(threadMGR->threadLock); - while (threadMGR->numRunning > 0) { - PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT); - for (i = 0; i < threadMGR->numUsed; ++i) { - slot = &threadMGR->threads[i]; - if (slot->running == rs_zombie) { - /* Handle cleanup of thread here. */ - printf("Thread in slot %d returned %d\n", i, slot->rv); - - /* Now make sure the thread has ended OK. */ - PR_JoinThread(slot->prThread); - slot->running = rs_idle; - --threadMGR->numRunning; - - /* notify the thread launcher. */ - PR_NotifyCondVar(threadMGR->threadStartQ); - } - } - } - - /* Safety Sam sez: make sure count is right. */ - for (i = 0; i < threadMGR->numUsed; ++i) { - slot = &threadMGR->threads[i]; - if (slot->running != rs_idle) { - fprintf(stderr, "Thread in slot %d is in state %d!\n", - i, slot->running); - } - } - PR_Unlock(threadMGR->threadLock); - return 0; -} - -void -destroy_thread_data(GlobalThreadMgr *threadMGR) -{ - PORT_Memset(threadMGR->threads, 0, sizeof(threadMGR->threads)); - - if (threadMGR->threadEndQ) { - PR_DestroyCondVar(threadMGR->threadEndQ); - threadMGR->threadEndQ = NULL; - } - if (threadMGR->threadStartQ) { - PR_DestroyCondVar(threadMGR->threadStartQ); - threadMGR->threadStartQ = NULL; - } - if (threadMGR->threadLock) { - PR_DestroyLock(threadMGR->threadLock); - threadMGR->threadLock = NULL; - } -} - -/************************************************************************** -** End thread management routines. -**************************************************************************/ - -void -lockedVars_Init( lockedVars * lv) -{ - lv->count = 0; - lv->waiters = 0; - lv->lock = PR_NewLock(); - lv->condVar = PR_NewCondVar(lv->lock); -} - -void -lockedVars_Destroy( lockedVars * lv) -{ - PR_DestroyCondVar(lv->condVar); - lv->condVar = NULL; - - PR_DestroyLock(lv->lock); - lv->lock = NULL; -} - -void -lockedVars_WaitForDone(lockedVars * lv) -{ - PR_Lock(lv->lock); - while (lv->count > 0) { - PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT); - } - PR_Unlock(lv->lock); -} - -int /* returns count */ -lockedVars_AddToCount(lockedVars * lv, int addend) -{ - int rv; - - PR_Lock(lv->lock); - rv = lv->count += addend; - if (rv <= 0) { - PR_NotifyCondVar(lv->condVar); - } - PR_Unlock(lv->lock); - return rv; -} diff --git a/security/nss/cmd/SSLsample/sslsample.h b/security/nss/cmd/SSLsample/sslsample.h deleted file mode 100644 index f1ce3a6196..0000000000 --- a/security/nss/cmd/SSLsample/sslsample.h +++ /dev/null @@ -1,180 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#ifndef SSLSAMPLE_H -#define SSLSAMPLE_H - -/* Generic header files */ - -#include -#include - -/* NSPR header files */ - -#include "nspr.h" -#include "prerror.h" -#include "prnetdb.h" - -/* NSS header files */ - -#include "pk11func.h" -#include "secitem.h" -#include "ssl.h" -#include "certt.h" -#include "nss.h" -#include "secder.h" -#include "key.h" -#include "sslproto.h" - -/* Custom header files */ - -/* -#include "sslerror.h" -*/ - -#define BUFFER_SIZE 10240 - -/* Declare SSL cipher suites. */ - -extern int cipherSuites[]; -extern int ssl2CipherSuites[]; -extern int ssl3CipherSuites[]; - -/* Data buffer read from a socket. */ -typedef struct DataBufferStr { - char data[BUFFER_SIZE]; - int index; - int remaining; - int dataStart; - int dataEnd; -} DataBuffer; - -/* SSL callback routines. */ - -char * myPasswd(PK11SlotInfo *info, PRBool retry, void *arg); - -SECStatus myAuthCertificate(void *arg, PRFileDesc *socket, - PRBool checksig, PRBool isServer); - -SECStatus myBadCertHandler(void *arg, PRFileDesc *socket); - -SECStatus myHandshakeCallback(PRFileDesc *socket, void *arg); - -SECStatus myGetClientAuthData(void *arg, PRFileDesc *socket, - struct CERTDistNamesStr *caNames, - struct CERTCertificateStr **pRetCert, - struct SECKEYPrivateKeyStr **pRetKey); - -/* Disable all v2/v3 SSL ciphers. */ - -void disableAllSSLCiphers(void); - - -/* Error and information utilities. */ - -void errWarn(char *function); - -void exitErr(char *function); - -void printSecurityInfo(PRFileDesc *fd); - -/* Some simple thread management routines. */ - -#define MAX_THREADS 32 - -typedef SECStatus startFn(void *a, int b); - -typedef enum { rs_idle = 0, rs_running = 1, rs_zombie = 2 } runState; - -typedef struct perThreadStr { - PRFileDesc *a; - int b; - int rv; - startFn *startFunc; - PRThread *prThread; - PRBool inUse; - runState running; -} perThread; - -typedef struct GlobalThreadMgrStr { - PRLock *threadLock; - PRCondVar *threadStartQ; - PRCondVar *threadEndQ; - perThread threads[MAX_THREADS]; - int index; - int numUsed; - int numRunning; -} GlobalThreadMgr; - -void thread_wrapper(void * arg); - -SECStatus launch_thread(GlobalThreadMgr *threadMGR, - startFn *startFunc, void *a, int b); - -SECStatus reap_threads(GlobalThreadMgr *threadMGR); - -void destroy_thread_data(GlobalThreadMgr *threadMGR); - -/* Management of locked variables. */ - -struct lockedVarsStr { - PRLock * lock; - int count; - int waiters; - PRCondVar * condVar; -}; - -typedef struct lockedVarsStr lockedVars; - -void lockedVars_Init(lockedVars *lv); - -void lockedVars_Destroy(lockedVars *lv); - -void lockedVars_WaitForDone(lockedVars *lv); - -int lockedVars_AddToCount(lockedVars *lv, int addend); - -/* Buffer stuff. */ - -static const char stopCmd[] = { "GET /stop " }; -static const char defaultHeader[] = { - "HTTP/1.0 200 OK\r\n" - "Server: SSL sample server\r\n" - "Content-type: text/plain\r\n" - "\r\n" -}; - -#endif diff --git a/security/nss/cmd/addbuiltin/Makefile b/security/nss/cmd/addbuiltin/Makefile deleted file mode 100644 index fe7991878f..0000000000 --- a/security/nss/cmd/addbuiltin/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/addbuiltin/addbuiltin.c b/security/nss/cmd/addbuiltin/addbuiltin.c deleted file mode 100644 index 94de6f4907..0000000000 --- a/security/nss/cmd/addbuiltin/addbuiltin.c +++ /dev/null @@ -1,389 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* - * Tool for converting builtin CA certs. - * - * $Id$ - */ - -#include "nssrenam.h" -#include "nss.h" -#include "cert.h" -#include "certdb.h" -#include "secutil.h" -#include "pk11func.h" - -#if defined(WIN32) -#include -#include -#endif - -void dumpbytes(unsigned char *buf, int len) -{ - int i; - for (i=0; i < len; i++) { - if ((i !=0) && ((i & 0xf) == 0)) { - printf("\n"); - } - printf("\\%03o",buf[i]); - } - printf("\n"); -} - -char *getTrustString(unsigned int trust) -{ - if (trust & CERTDB_TRUSTED) { - if (trust & CERTDB_TRUSTED_CA) { - return "CKT_NETSCAPE_TRUSTED_DELEGATOR|CKT_NETSCAPE_TRUSTED"; - } else { - return "CKT_NETSCAPE_TRUSTED"; - } - } else { - if (trust & CERTDB_TRUSTED_CA) { - return "CKT_NETSCAPE_TRUSTED_DELEGATOR"; - } else { - return "CKT_NETSCAPE_VALID"; - } - } - return "CKT_NETSCAPE_VALID"; /* not reached */ -} - -static const SEC_ASN1Template serialTemplate[] = { - { SEC_ASN1_INTEGER, offsetof(CERTCertificate,serialNumber) }, - { 0 } -}; - -static SECStatus -ConvertCertificate(SECItem *sdder, char *nickname, CERTCertTrust *trust) -{ - SECStatus rv = SECSuccess; - CERTCertificate *cert; - unsigned char sha1_hash[SHA1_LENGTH]; - unsigned char md5_hash[MD5_LENGTH]; - SECItem *serial = NULL; - - cert = CERT_DecodeDERCertificate(sdder, PR_FALSE, nickname); - if (!cert) { - return SECFailure; - } - serial = SEC_ASN1EncodeItem(NULL,NULL,cert,serialTemplate); - if (!serial) { - return SECFailure; - } - - printf("\n#\n# Certificate \"%s\"\n#\n",nickname); - printf("CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n"); - printf("CKA_TOKEN CK_BBOOL CK_TRUE\n"); - printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n"); - printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"); - printf("CKA_LABEL UTF8 \"%s\"\n",nickname); - printf("CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n"); - printf("CKA_SUBJECT MULTILINE_OCTAL\n"); - dumpbytes(cert->derSubject.data,cert->derSubject.len); - printf("END\n"); - printf("CKA_ID UTF8 \"0\"\n"); - printf("CKA_ISSUER MULTILINE_OCTAL\n"); - dumpbytes(cert->derIssuer.data,cert->derIssuer.len); - printf("END\n"); - printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n"); - dumpbytes(serial->data,serial->len); - printf("END\n"); - printf("CKA_VALUE MULTILINE_OCTAL\n"); - dumpbytes(sdder->data,sdder->len); - printf("END\n"); - - PK11_HashBuf(SEC_OID_SHA1, sha1_hash, sdder->data, sdder->len); - PK11_HashBuf(SEC_OID_MD5, md5_hash, sdder->data, sdder->len); - printf("\n# Trust for Certificate \"%s\"\n",nickname); - printf("CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST\n"); - printf("CKA_TOKEN CK_BBOOL CK_TRUE\n"); - printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n"); - printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"); - printf("CKA_LABEL UTF8 \"%s\"\n",nickname); - printf("CKA_CERT_SHA1_HASH MULTILINE_OCTAL\n"); - dumpbytes(sha1_hash,SHA1_LENGTH); - printf("END\n"); - printf("CKA_CERT_MD5_HASH MULTILINE_OCTAL\n"); - dumpbytes(md5_hash,MD5_LENGTH); - printf("END\n"); - - printf("CKA_ISSUER MULTILINE_OCTAL\n"); - dumpbytes(cert->derIssuer.data,cert->derIssuer.len); - printf("END\n"); - printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n"); - dumpbytes(serial->data,serial->len); - printf("END\n"); - - printf("CKA_TRUST_SERVER_AUTH CK_TRUST %s\n", - getTrustString(trust->sslFlags)); - printf("CKA_TRUST_EMAIL_PROTECTION CK_TRUST %s\n", - getTrustString(trust->emailFlags)); - printf("CKA_TRUST_CODE_SIGNING CK_TRUST %s\n", - getTrustString(trust->objectSigningFlags)); -#ifdef notdef - printf("CKA_TRUST_CLIENT_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED\n");*/ - printf("CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n"); - printf("CKA_TRUST_NON_REPUDIATION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n"); - printf("CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n"); - printf("CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n"); - printf("CKA_TRUST_KEY_AGREEMENT CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n"); - printf("CKA_TRUST_KEY_CERT_SIGN CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n"); -#endif - printf("CKA_TRUST_STEP_UP_APPROVED CK_BBOOL %s\n", - trust->sslFlags & CERTDB_GOVT_APPROVED_CA ? - "CK_TRUE" : "CK_FALSE"); - - - PORT_Free(sdder->data); - return(rv); - -} - -void printheader() { - printf("# \n" -"# ***** BEGIN LICENSE BLOCK *****\n" -"# Version: MPL 1.1/GPL 2.0/LGPL 2.1\n" -"#\n" -"# The contents of this file are subject to the Mozilla Public License Version\n" -"# 1.1 (the \"License\"); you may not use this file except in compliance with\n" -"# the License. You may obtain a copy of the License at\n" -"# http://www.mozilla.org/MPL/\n" -"#\n" -"# Software distributed under the License is distributed on an \"AS IS\" basis,\n" -"# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License\n" -"# for the specific language governing rights and limitations under the\n" -"# License.\n" -"#\n" -"# The Original Code is the Netscape security libraries..\n" -"#\n" -"# The Initial Developer of the Original Code is\n" -"# Netscape Communications Corporation.\n" -"# Portions created by the Initial Developer are Copyright (C) 1994-2000\n" -"# the Initial Developer. All Rights Reserved.\n" -"#\n" -"# Contributor(s):\n" -"#\n" -"# Alternatively, the contents of this file may be used under the terms of\n" -"# either the GNU General Public License Version 2 or later (the \"GPL\"), or\n" -"# the GNU Lesser General Public License Version 2.1 or later (the \"LGPL\"),\n" -"# in which case the provisions of the GPL or the LGPL are applicable instead\n" -"# of those above. If you wish to allow use of your version of this file only\n" -"# under the terms of either the GPL or the LGPL, and not to allow others to\n" -"# use your version of this file under the terms of the MPL, indicate your\n" -"# decision by deleting the provisions above and replace them with the notice\n" -"# and other provisions required by the GPL or the LGPL. If you do not delete\n" -"# the provisions above, a recipient may use your version of this file under\n" -"# the terms of any one of the MPL, the GPL or the LGPL.\n" -"#\n" -"# ***** END LICENSE BLOCK *****\n" - "#\n" - "CVS_ID \"@(#) $RCSfile$ $Revision$ $Date$\"\n" - "\n" - "#\n" - "# certdata.txt\n" - "#\n" - "# This file contains the object definitions for the certs and other\n" - "# information \"built into\" NSS.\n" - "#\n" - "# Object definitions:\n" - "#\n" - "# Certificates\n" - "#\n" - "# -- Attribute -- -- type -- -- value --\n" - "# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n" - "# CKA_TOKEN CK_BBOOL CK_TRUE\n" - "# CKA_PRIVATE CK_BBOOL CK_FALSE\n" - "# CKA_MODIFIABLE CK_BBOOL CK_FALSE\n" - "# CKA_LABEL UTF8 (varies)\n" - "# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n" - "# CKA_SUBJECT DER+base64 (varies)\n" - "# CKA_ID byte array (varies)\n" - "# CKA_ISSUER DER+base64 (varies)\n" - "# CKA_SERIAL_NUMBER DER+base64 (varies)\n" - "# CKA_VALUE DER+base64 (varies)\n" - "# CKA_NETSCAPE_EMAIL ASCII7 (unused here)\n" - "#\n" - "# Trust\n" - "#\n" - "# -- Attribute -- -- type -- -- value --\n" - "# CKA_CLASS CK_OBJECT_CLASS CKO_TRUST\n" - "# CKA_TOKEN CK_BBOOL CK_TRUE\n" - "# CKA_PRIVATE CK_BBOOL CK_FALSE\n" - "# CKA_MODIFIABLE CK_BBOOL CK_FALSE\n" - "# CKA_LABEL UTF8 (varies)\n" - "# CKA_ISSUER DER+base64 (varies)\n" - "# CKA_SERIAL_NUMBER DER+base64 (varies)\n" - "# CKA_CERT_HASH binary+base64 (varies)\n" - "# CKA_EXPIRES CK_DATE (not used here)\n" - "# CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST (varies)\n" - "# CKA_TRUST_NON_REPUDIATION CK_TRUST (varies)\n" - "# CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST (varies)\n" - "# CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST (varies)\n" - "# CKA_TRUST_KEY_AGREEMENT CK_TRUST (varies)\n" - "# CKA_TRUST_KEY_CERT_SIGN CK_TRUST (varies)\n" - "# CKA_TRUST_CRL_SIGN CK_TRUST (varies)\n" - "# CKA_TRUST_SERVER_AUTH CK_TRUST (varies)\n" - "# CKA_TRUST_CLIENT_AUTH CK_TRUST (varies)\n" - "# CKA_TRUST_CODE_SIGNING CK_TRUST (varies)\n" - "# CKA_TRUST_EMAIL_PROTECTION CK_TRUST (varies)\n" - "# CKA_TRUST_IPSEC_END_SYSTEM CK_TRUST (varies)\n" - "# CKA_TRUST_IPSEC_TUNNEL CK_TRUST (varies)\n" - "# CKA_TRUST_IPSEC_USER CK_TRUST (varies)\n" - "# CKA_TRUST_TIME_STAMPING CK_TRUST (varies)\n" - "# (other trust attributes can be defined)\n" - "#\n" - "\n" - "#\n" - "# The object to tell NSS that this is a root list and we don't\n" - "# have to go looking for others.\n" - "#\n" - "BEGINDATA\n" - "CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_BUILTIN_ROOT_LIST\n" - "CKA_TOKEN CK_BBOOL CK_TRUE\n" - "CKA_PRIVATE CK_BBOOL CK_FALSE\n" - "CKA_MODIFIABLE CK_BBOOL CK_FALSE\n" - "CKA_LABEL UTF8 \"Mozilla Builtin Roots\"\n"); -} - -static void Usage(char *progName) -{ - fprintf(stderr, "%s -n nickname -t trust [-i certfile]\n", progName); - fprintf(stderr, - "\tRead a der-encoded cert from certfile or stdin, and output\n" - "\tit to stdout in a format suitable for the builtin root module.\n" - "\tExample: %s -n MyCA -t \"C,C,C\" -i myca.der >> certdata.txt\n" - "\t(pipe through atob if the cert is b64-encoded)\n", progName); - fprintf(stderr, "%-15s nickname to assign to builtin cert.\n", - "-n nickname"); - fprintf(stderr, "%-15s trust flags (cCTpPuw).\n", "-t trust"); - fprintf(stderr, "%-15s file to read (default stdin)\n", "-i certfile"); - exit(-1); -} - -enum { - opt_Input = 0, - opt_Nickname, - opt_Trust -}; - -static secuCommandFlag addbuiltin_options[] = -{ - { /* opt_Input */ 'i', PR_TRUE, 0, PR_FALSE }, - { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE }, - { /* opt_Trust */ 't', PR_TRUE, 0, PR_FALSE } -}; - -int main(int argc, char **argv) -{ - SECStatus rv; - char *nickname; - char *trusts; - char *progName; - PRFileDesc *infile; - CERTCertTrust trust = { 0 }; - SECItem derCert = { 0 }; - - secuCommand addbuiltin = { 0 }; - addbuiltin.numOptions = sizeof(addbuiltin_options)/sizeof(secuCommandFlag); - addbuiltin.options = addbuiltin_options; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - rv = SECU_ParseCommandLine(argc, argv, progName, &addbuiltin); - - if (rv != SECSuccess) - Usage(progName); - - if (!addbuiltin.options[opt_Nickname].activated && - !addbuiltin.options[opt_Trust].activated) { - fprintf(stderr, "%s: you must specify both a nickname and trust.\n", - progName); - Usage(progName); - } - - if (addbuiltin.options[opt_Input].activated) { - infile = PR_Open(addbuiltin.options[opt_Input].arg, PR_RDONLY, 00660); - if (!infile) { - fprintf(stderr, "%s: failed to open input file.\n", progName); - exit(1); - } - } else { -#if defined(WIN32) - /* If we're going to read binary data from stdin, we must put stdin - ** into O_BINARY mode or else incoming \r\n's will become \n's, - ** and latin-1 characters will be altered. - */ - - int smrv = _setmode(_fileno(stdin), _O_BINARY); - if (smrv == -1) { - fprintf(stderr, - "%s: Cannot change stdin to binary mode. Use -i option instead.\n", - progName); - exit(1); - } -#endif - infile = PR_STDIN; - } - - nickname = strdup(addbuiltin.options[opt_Nickname].arg); - trusts = strdup(addbuiltin.options[opt_Trust].arg); - - NSS_NoDB_Init(NULL); - - rv = CERT_DecodeTrustString(&trust, trusts); - if (rv) { - fprintf(stderr, "%s: incorrectly formatted trust string.\n", progName); - Usage(progName); - } - - SECU_FileToItem(&derCert, infile); - - /*printheader();*/ - - rv = ConvertCertificate(&derCert, nickname, &trust); - if (rv) { - fprintf(stderr, "%s: failed to convert certificate.\n", progName); - exit(1); - } - - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - - return(SECSuccess); -} diff --git a/security/nss/cmd/addbuiltin/manifest.mn b/security/nss/cmd/addbuiltin/manifest.mn deleted file mode 100644 index 0729834a72..0000000000 --- a/security/nss/cmd/addbuiltin/manifest.mn +++ /dev/null @@ -1,52 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = \ - addbuiltin.c \ - $(NULL) - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd - -PROGRAM = addbuiltin - diff --git a/security/nss/cmd/atob/Makefile b/security/nss/cmd/atob/Makefile deleted file mode 100644 index 61e2cb3598..0000000000 --- a/security/nss/cmd/atob/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/atob/atob.c b/security/nss/cmd/atob/atob.c deleted file mode 100644 index e5fad05ecf..0000000000 --- a/security/nss/cmd/atob/atob.c +++ /dev/null @@ -1,180 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include "plgetopt.h" -#include "secutil.h" -#include "nssb64.h" -#include - -#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4)) -#if !defined(WIN32) -extern int fread(char *, size_t, size_t, FILE*); -extern int fwrite(char *, size_t, size_t, FILE*); -extern int fprintf(FILE *, char *, ...); -#endif -#endif - -#if defined(WIN32) -#include "fcntl.h" -#include "io.h" -#endif - -static PRInt32 -output_binary (void *arg, const unsigned char *obuf, PRInt32 size) -{ - FILE *outFile = arg; - int nb; - - nb = fwrite(obuf, 1, size, outFile); - if (nb != size) { - PORT_SetError(SEC_ERROR_IO); - return -1; - } - - return nb; -} - -static SECStatus -decode_file(FILE *outFile, FILE *inFile) -{ - NSSBase64Decoder *cx; - int nb; - SECStatus status = SECFailure; - char ibuf[4096]; - - cx = NSSBase64Decoder_Create(output_binary, outFile); - if (!cx) { - return -1; - } - - for (;;) { - if (feof(inFile)) break; - nb = fread(ibuf, 1, sizeof(ibuf), inFile); - if (nb != sizeof(ibuf)) { - if (nb == 0) { - if (ferror(inFile)) { - PORT_SetError(SEC_ERROR_IO); - goto loser; - } - /* eof */ - break; - } - } - - status = NSSBase64Decoder_Update(cx, ibuf, nb); - if (status != SECSuccess) goto loser; - } - - return NSSBase64Decoder_Destroy(cx, PR_FALSE); - - loser: - (void) NSSBase64Decoder_Destroy(cx, PR_TRUE); - return status; -} - -static void Usage(char *progName) -{ - fprintf(stderr, - "Usage: %s [-i input] [-o output]\n", - progName); - fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n", - "-i input"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", - "-o output"); - exit(-1); -} - -int main(int argc, char **argv) -{ - char *progName; - SECStatus rv; - FILE *inFile, *outFile; - PLOptState *optstate; - PLOptStatus status; - - inFile = 0; - outFile = 0; - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - /* Parse command line arguments */ - optstate = PL_CreateOptState(argc, argv, "i:o:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case '?': - Usage(progName); - break; - - case 'i': - inFile = fopen(optstate->value, "r"); - if (!inFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - return -1; - } - break; - - case 'o': - outFile = fopen(optstate->value, "wb"); - if (!outFile) { - fprintf(stderr, "%s: unable to open \"%s\" for writing\n", - progName, optstate->value); - return -1; - } - break; - } - } - if (!inFile) inFile = stdin; - if (!outFile) { -#if defined(WIN32) - int smrv = _setmode(_fileno(stdout), _O_BINARY); - if (smrv == -1) { - fprintf(stderr, - "%s: Cannot change stdout to binary mode. Use -o option instead.\n", - progName); - return smrv; - } -#endif - outFile = stdout; - } - rv = decode_file(outFile, inFile); - if (rv != SECSuccess) { - fprintf(stderr, "%s: lossage: error=%d errno=%d\n", - progName, PORT_GetError(), errno); - return -1; - } - return 0; -} diff --git a/security/nss/cmd/atob/manifest.mn b/security/nss/cmd/atob/manifest.mn deleted file mode 100644 index 363cad1923..0000000000 --- a/security/nss/cmd/atob/manifest.mn +++ /dev/null @@ -1,54 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = atob.c - -PROGRAM = atob - diff --git a/security/nss/cmd/bltest/Makefile b/security/nss/cmd/bltest/Makefile deleted file mode 100644 index 115886cd75..0000000000 --- a/security/nss/cmd/bltest/Makefile +++ /dev/null @@ -1,86 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn -#MKPROG = purify -cache-dir=/u/mcgreer/pcache -best-effort \ -# -always-use-cache-dir $(CC) - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -#EXTRA_SHARED_LIBS += \ -# -L/usr/lib \ -# -lposix4 \ -# $(NULL) - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -include ../platrules.mk diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c deleted file mode 100644 index 72182a1276..0000000000 --- a/security/nss/cmd/bltest/blapitest.c +++ /dev/null @@ -1,3570 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * Douglas Stebila , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include -#include - -#include "blapi.h" -#include "secrng.h" -#include "prmem.h" -#include "prprf.h" -#include "prtime.h" -#include "prsystem.h" -#include "plstr.h" -#include "nssb64.h" -#include "secutil.h" -#include "plgetopt.h" -#include "softoken.h" -#include "nspr.h" -#include "nss.h" - -#ifdef NSS_ENABLE_ECC -#include "ecl-curve.h" -SECStatus EC_DecodeParams(const SECItem *encodedParams, - ECParams **ecparams); -SECStatus EC_CopyParams(PRArenaPool *arena, ECParams *dstParams, - const ECParams *srcParams); -SECStatus secoid_Init(void); -#endif - -/* Temporary - add debugging ouput on windows for RSA to track QA failure */ -#ifdef _WIN32 -#define TRACK_BLTEST_BUG - char __bltDBG[] = "BLTEST DEBUG"; -#endif - -char *progName; -char *testdir = NULL; - -#define BLTEST_DEFAULT_CHUNKSIZE 4096 - -#define WORDSIZE sizeof(unsigned long) - -#define CHECKERROR(rv, ln) \ - if (rv) { \ - PRErrorCode prerror = PR_GetError(); \ - PR_fprintf(PR_STDERR, "%s: ERR %d (%s) at line %d.\n", progName, \ - prerror, SECU_Strerror(prerror), ln); \ - exit(-1); \ - } - -/* Macros for performance timing. */ -#define TIMESTART() \ - time1 = PR_IntervalNow(); - -#define TIMEFINISH(time, reps) \ - time2 = (PRIntervalTime)(PR_IntervalNow() - time1); \ - time1 = PR_IntervalToMilliseconds(time2); \ - time = ((double)(time1))/reps; - -#define TIMEMARK(seconds) \ - time1 = PR_SecondsToInterval(seconds); \ - { \ - PRInt64 tmp, L100; \ - LL_I2L(L100, 100); \ - if (time2 == 0) { \ - time2 = 1; \ - } \ - LL_DIV(tmp, time1, time2); \ - if (tmp < 10) { \ - if (tmp == 0) { \ - opsBetweenChecks = 1; \ - } else { \ - LL_L2I(opsBetweenChecks, tmp); \ - } \ - } else { \ - opsBetweenChecks = 10; \ - } \ - } \ - time2 = time1; \ - time1 = PR_IntervalNow(); - -#define TIMETOFINISH() \ - PR_IntervalNow() - time1 >= time2 - -static void Usage() -{ -#define PRINTUSAGE(subject, option, predicate) \ - fprintf(stderr, "%10s %s\t%s\n", subject, option, predicate); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "[-DEHSV]", "List available cipher modes"); /* XXX */ - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-E -m mode ", "Encrypt a buffer"); - PRINTUSAGE("", "", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]"); - PRINTUSAGE("", "", "[-b bufsize] [-g keysize] [-e exp] [-r rounds]"); - PRINTUSAGE("", "", "[-w wordsize] [-p repetitions | -5 time_interval]"); - PRINTUSAGE("", "", "[-4 th_num]"); - PRINTUSAGE("", "-m", "cipher mode to use"); - PRINTUSAGE("", "-i", "file which contains input buffer"); - PRINTUSAGE("", "-o", "file for output buffer"); - PRINTUSAGE("", "-k", "file which contains key"); - PRINTUSAGE("", "-v", "file which contains initialization vector"); - PRINTUSAGE("", "-b", "size of input buffer"); - PRINTUSAGE("", "-g", "key size (in bytes)"); - PRINTUSAGE("", "-p", "do performance test"); - PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads"); - PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)"); - PRINTUSAGE("(rsa)", "-e", "rsa public exponent"); - PRINTUSAGE("(rc5)", "-r", "number of rounds"); - PRINTUSAGE("(rc5)", "-w", "wordsize (32 or 64)"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-D -m mode", "Decrypt a buffer"); - PRINTUSAGE("", "", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]"); - PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]"); - PRINTUSAGE("", "-m", "cipher mode to use"); - PRINTUSAGE("", "-i", "file which contains input buffer"); - PRINTUSAGE("", "-o", "file for output buffer"); - PRINTUSAGE("", "-k", "file which contains key"); - PRINTUSAGE("", "-v", "file which contains initialization vector"); - PRINTUSAGE("", "-p", "do performance test"); - PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads"); - PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-H -m mode", "Hash a buffer"); - PRINTUSAGE("", "", "[-i plaintext] [-o hash]"); - PRINTUSAGE("", "", "[-b bufsize]"); - PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]"); - PRINTUSAGE("", "-m", "cipher mode to use"); - PRINTUSAGE("", "-i", "file which contains input buffer"); - PRINTUSAGE("", "-o", "file for hash"); - PRINTUSAGE("", "-b", "size of input buffer"); - PRINTUSAGE("", "-p", "do performance test"); - PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads"); - PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-S -m mode", "Sign a buffer"); - PRINTUSAGE("", "", "[-i plaintext] [-o signature] [-k key]"); - PRINTUSAGE("", "", "[-b bufsize]"); -#ifdef NSS_ENABLE_ECC - PRINTUSAGE("", "", "[-n curvename]"); -#endif - PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]"); - PRINTUSAGE("", "-m", "cipher mode to use"); - PRINTUSAGE("", "-i", "file which contains input buffer"); - PRINTUSAGE("", "-o", "file for signature"); - PRINTUSAGE("", "-k", "file which contains key"); -#ifdef NSS_ENABLE_ECC - PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:"); - PRINTUSAGE("", "", " sect163k1, nistk163, sect163r1, sect163r2,"); - PRINTUSAGE("", "", " nistb163, sect193r1, sect193r2, sect233k1, nistk233,"); - PRINTUSAGE("", "", " sect233r1, nistb233, sect239k1, sect283k1, nistk283,"); - PRINTUSAGE("", "", " sect283r1, nistb283, sect409k1, nistk409, sect409r1,"); - PRINTUSAGE("", "", " nistb409, sect571k1, nistk571, sect571r1, nistb571,"); - PRINTUSAGE("", "", " secp169k1, secp160r1, secp160r2, secp192k1, secp192r1,"); - PRINTUSAGE("", "", " nistp192, secp224k1, secp224r1, nistp224, secp256k1,"); - PRINTUSAGE("", "", " secp256r1, nistp256, secp384r1, nistp384, secp521r1,"); - PRINTUSAGE("", "", " nistp521, prime192v1, prime192v2, prime192v3,"); - PRINTUSAGE("", "", " prime239v1, prime239v2, prime239v3, c2pnb163v1,"); - PRINTUSAGE("", "", " c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,"); - PRINTUSAGE("", "", " c2tnb191v2, c2tnb191v3, c2onb191v4, c2onb191v5,"); - PRINTUSAGE("", "", " c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,"); - PRINTUSAGE("", "", " c2onb239v4, c2onb239v5, c2pnb272w1, c2pnb304w1,"); - PRINTUSAGE("", "", " c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,"); - PRINTUSAGE("", "", " secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,"); - PRINTUSAGE("", "", " sect131r1, sect131r2"); -#endif - PRINTUSAGE("", "-p", "do performance test"); - PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads"); - PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-V -m mode", "Verify a signed buffer"); - PRINTUSAGE("", "", "[-i plaintext] [-s signature] [-k key]"); - PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]"); - PRINTUSAGE("", "-m", "cipher mode to use"); - PRINTUSAGE("", "-i", "file which contains input buffer"); - PRINTUSAGE("", "-s", "file which contains signature of input buffer"); - PRINTUSAGE("", "-k", "file which contains key"); - PRINTUSAGE("", "-p", "do performance test"); - PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads"); - PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-N -m mode -b bufsize", - "Create a nonce plaintext and key"); - PRINTUSAGE("", "", "[-g keysize] [-u cxreps]"); - PRINTUSAGE("", "-g", "key size (in bytes)"); - PRINTUSAGE("", "-u", "number of repetitions of context creation"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-F", "Run the FIPS self-test"); - fprintf(stderr, "\n"); - PRINTUSAGE(progName, "-T [-m mode1,mode2...]", "Run the BLAPI self-test"); - fprintf(stderr, "\n"); - exit(1); -} - -/* Helper functions for ascii<-->binary conversion/reading/writing */ - -/* XXX argh */ -struct item_with_arena { - SECItem *item; - PRArenaPool *arena; -}; - -static PRInt32 -get_binary(void *arg, const unsigned char *ibuf, PRInt32 size) -{ - struct item_with_arena *it = arg; - SECItem *binary = it->item; - SECItem *tmp; - int index; - if (binary->data == NULL) { - tmp = SECITEM_AllocItem(it->arena, NULL, size); - binary->data = tmp->data; - binary->len = tmp->len; - index = 0; - } else { - SECITEM_ReallocItem(NULL, binary, binary->len, binary->len + size); - index = binary->len; - } - PORT_Memcpy(&binary->data[index], ibuf, size); - return binary->len; -} - -static SECStatus -atob(SECItem *ascii, SECItem *binary, PRArenaPool *arena) -{ - SECStatus status; - NSSBase64Decoder *cx; - struct item_with_arena it; - int len; - binary->data = NULL; - binary->len = 0; - it.item = binary; - it.arena = arena; - len = (strcmp(&ascii->data[ascii->len-2],"\r\n")) ? - ascii->len : ascii->len-2; - cx = NSSBase64Decoder_Create(get_binary, &it); - status = NSSBase64Decoder_Update(cx, (const char *)ascii->data, len); - status = NSSBase64Decoder_Destroy(cx, PR_FALSE); - return status; -} - -static PRInt32 -output_ascii(void *arg, const char *obuf, PRInt32 size) -{ - PRFileDesc *outfile = arg; - PRInt32 nb = PR_Write(outfile, obuf, size); - if (nb != size) { - PORT_SetError(SEC_ERROR_IO); - return -1; - } - return nb; -} - -static SECStatus -btoa_file(SECItem *binary, PRFileDesc *outfile) -{ - SECStatus status; - NSSBase64Encoder *cx; - SECItem ascii; - ascii.data = NULL; - ascii.len = 0; - if (binary->len == 0) - return SECSuccess; - cx = NSSBase64Encoder_Create(output_ascii, outfile); - status = NSSBase64Encoder_Update(cx, binary->data, binary->len); - status = NSSBase64Encoder_Destroy(cx, PR_FALSE); - status = PR_Write(outfile, "\r\n", 2); - return status; -} - -SECStatus -hex_from_2char(unsigned char *c2, unsigned char *byteval) -{ - int i; - unsigned char offset; - *byteval = 0; - for (i=0; i<2; i++) { - if (c2[i] >= '0' && c2[i] <= '9') { - offset = c2[i] - '0'; - *byteval |= offset << 4*(1-i); - } else if (c2[i] >= 'a' && c2[i] <= 'f') { - offset = c2[i] - 'a'; - *byteval |= (offset + 10) << 4*(1-i); - } else if (c2[i] >= 'A' && c2[i] <= 'F') { - offset = c2[i] - 'A'; - *byteval |= (offset + 10) << 4*(1-i); - } else { - return SECFailure; - } - } - return SECSuccess; -} - -SECStatus -char2_from_hex(unsigned char byteval, unsigned char *c2) -{ - int i; - unsigned char offset; - for (i=0; i<2; i++) { - offset = (byteval >> 4*(1-i)) & 0x0f; - if (offset < 10) { - c2[i] = '0' + offset; - } else { - c2[i] = 'A' + offset - 10; - } - } - return SECSuccess; -} - -void -serialize_key(SECItem *it, int ni, PRFileDesc *file) -{ - unsigned char len[4]; - int i; - SECStatus status; - NSSBase64Encoder *cx; - SECItem ascii; - ascii.data = NULL; - ascii.len = 0; - cx = NSSBase64Encoder_Create(output_ascii, file); - for (i=0; ilen >> 24) & 0xff; - len[1] = (it->len >> 16) & 0xff; - len[2] = (it->len >> 8) & 0xff; - len[3] = (it->len & 0xff); - status = NSSBase64Encoder_Update(cx, len, 4); - status = NSSBase64Encoder_Update(cx, it->data, it->len); - } - status = NSSBase64Encoder_Destroy(cx, PR_FALSE); - status = PR_Write(file, "\r\n", 2); -} - -void -key_from_filedata(PRArenaPool *arena, SECItem *it, int ns, int ni, SECItem *filedata) -{ - int fpos = 0; - int i, len; - unsigned char *buf = filedata->data; - for (i=0; i 0) { - it->len = len; - it->data = PORT_ArenaAlloc(arena, it->len); - PORT_Memcpy(it->data, &buf[fpos], it->len); - } else { - it->len = 0; - it->data = NULL; - } - it++; - } - fpos += len; - } -} - -static RSAPrivateKey * -rsakey_from_filedata(SECItem *filedata) -{ - RSAPrivateKey *key; - PRArenaPool *arena; - arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); - key = (RSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(RSAPrivateKey)); - key->arena = arena; - key_from_filedata(arena, &key->version, 0, 9, filedata); - return key; -} - -static PQGParams * -pqg_from_filedata(SECItem *filedata) -{ - PQGParams *pqg; - PRArenaPool *arena; - arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); - pqg = (PQGParams *)PORT_ArenaZAlloc(arena, sizeof(PQGParams)); - pqg->arena = arena; - key_from_filedata(arena, &pqg->prime, 0, 3, filedata); - return pqg; -} - -static DSAPrivateKey * -dsakey_from_filedata(SECItem *filedata) -{ - DSAPrivateKey *key; - PRArenaPool *arena; - arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); - key = (DSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DSAPrivateKey)); - key->params.arena = arena; - key_from_filedata(arena, &key->params.prime, 0, 5, filedata); - return key; -} - -#ifdef NSS_ENABLE_ECC -static ECPrivateKey * -eckey_from_filedata(SECItem *filedata) -{ - ECPrivateKey *key; - PRArenaPool *arena; - SECStatus rv; - ECParams *tmpECParams = NULL; - arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); - key = (ECPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(ECPrivateKey)); - /* read and convert params */ - key->ecParams.arena = arena; - key_from_filedata(arena, &key->ecParams.DEREncoding, 0, 1, filedata); - rv = secoid_Init(); - CHECKERROR(rv, __LINE__); - rv = EC_DecodeParams(&key->ecParams.DEREncoding, &tmpECParams); - CHECKERROR(rv, __LINE__); - rv = EC_CopyParams(key->ecParams.arena, &key->ecParams, tmpECParams); - CHECKERROR(rv, __LINE__); - rv = SECOID_Shutdown(); - CHECKERROR(rv, __LINE__); - PORT_FreeArena(tmpECParams->arena, PR_TRUE); - /* read key */ - key_from_filedata(arena, &key->publicValue, 1, 3, filedata); - return key; -} - -typedef struct curveNameTagPairStr { - char *curveName; - SECOidTag curveOidTag; -} CurveNameTagPair; - -#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1 -/* #define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP160R1 */ - -static CurveNameTagPair nameTagPair[] = -{ - { "sect163k1", SEC_OID_SECG_EC_SECT163K1}, - { "nistk163", SEC_OID_SECG_EC_SECT163K1}, - { "sect163r1", SEC_OID_SECG_EC_SECT163R1}, - { "sect163r2", SEC_OID_SECG_EC_SECT163R2}, - { "nistb163", SEC_OID_SECG_EC_SECT163R2}, - { "sect193r1", SEC_OID_SECG_EC_SECT193R1}, - { "sect193r2", SEC_OID_SECG_EC_SECT193R2}, - { "sect233k1", SEC_OID_SECG_EC_SECT233K1}, - { "nistk233", SEC_OID_SECG_EC_SECT233K1}, - { "sect233r1", SEC_OID_SECG_EC_SECT233R1}, - { "nistb233", SEC_OID_SECG_EC_SECT233R1}, - { "sect239k1", SEC_OID_SECG_EC_SECT239K1}, - { "sect283k1", SEC_OID_SECG_EC_SECT283K1}, - { "nistk283", SEC_OID_SECG_EC_SECT283K1}, - { "sect283r1", SEC_OID_SECG_EC_SECT283R1}, - { "nistb283", SEC_OID_SECG_EC_SECT283R1}, - { "sect409k1", SEC_OID_SECG_EC_SECT409K1}, - { "nistk409", SEC_OID_SECG_EC_SECT409K1}, - { "sect409r1", SEC_OID_SECG_EC_SECT409R1}, - { "nistb409", SEC_OID_SECG_EC_SECT409R1}, - { "sect571k1", SEC_OID_SECG_EC_SECT571K1}, - { "nistk571", SEC_OID_SECG_EC_SECT571K1}, - { "sect571r1", SEC_OID_SECG_EC_SECT571R1}, - { "nistb571", SEC_OID_SECG_EC_SECT571R1}, - { "secp160k1", SEC_OID_SECG_EC_SECP160K1}, - { "secp160r1", SEC_OID_SECG_EC_SECP160R1}, - { "secp160r2", SEC_OID_SECG_EC_SECP160R2}, - { "secp192k1", SEC_OID_SECG_EC_SECP192K1}, - { "secp192r1", SEC_OID_SECG_EC_SECP192R1}, - { "nistp192", SEC_OID_SECG_EC_SECP192R1}, - { "secp224k1", SEC_OID_SECG_EC_SECP224K1}, - { "secp224r1", SEC_OID_SECG_EC_SECP224R1}, - { "nistp224", SEC_OID_SECG_EC_SECP224R1}, - { "secp256k1", SEC_OID_SECG_EC_SECP256K1}, - { "secp256r1", SEC_OID_SECG_EC_SECP256R1}, - { "nistp256", SEC_OID_SECG_EC_SECP256R1}, - { "secp384r1", SEC_OID_SECG_EC_SECP384R1}, - { "nistp384", SEC_OID_SECG_EC_SECP384R1}, - { "secp521r1", SEC_OID_SECG_EC_SECP521R1}, - { "nistp521", SEC_OID_SECG_EC_SECP521R1}, - - { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 }, - { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 }, - { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 }, - { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 }, - { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 }, - { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 }, - - { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 }, - { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 }, - { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 }, - { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 }, - { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 }, - { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 }, - { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 }, - { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 }, - { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 }, - { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 }, - { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 }, - { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 }, - { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 }, - { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 }, - { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 }, - { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 }, - { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 }, - { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 }, - { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 }, - { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 }, - - { "secp112r1", SEC_OID_SECG_EC_SECP112R1}, - { "secp112r2", SEC_OID_SECG_EC_SECP112R2}, - { "secp128r1", SEC_OID_SECG_EC_SECP128R1}, - { "secp128r2", SEC_OID_SECG_EC_SECP128R2}, - - { "sect113r1", SEC_OID_SECG_EC_SECT113R1}, - { "sect113r2", SEC_OID_SECG_EC_SECT113R2}, - { "sect131r1", SEC_OID_SECG_EC_SECT131R1}, - { "sect131r2", SEC_OID_SECG_EC_SECT131R2}, -}; - -static SECKEYECParams * -getECParams(char *curve) -{ - SECKEYECParams *ecparams; - SECOidData *oidData = NULL; - SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */ - int i, numCurves; - - if (curve != NULL) { - numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair); - for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); - i++) { - if (PL_strcmp(curve, nameTagPair[i].curveName) == 0) - curveOidTag = nameTagPair[i].curveOidTag; - } - } - - /* Return NULL if curve name is not recognized */ - if ((curveOidTag == SEC_OID_UNKNOWN) || - (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) { - fprintf(stderr, "Unrecognized elliptic curve %s\n", curve); - return NULL; - } - - ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len)); - - /* - * ecparams->data needs to contain the ASN encoding of an object ID (OID) - * representing the named curve. The actual OID is in - * oidData->oid.data so we simply prepend 0x06 and OID length - */ - ecparams->data[0] = SEC_ASN1_OBJECT_ID; - ecparams->data[1] = oidData->oid.len; - memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len); - - return ecparams; -} -#endif /* NSS_ENABLE_ECC */ - -static void -dump_pqg(PQGParams *pqg) -{ - SECU_PrintInteger(stdout, &pqg->prime, "PRIME:", 0); - SECU_PrintInteger(stdout, &pqg->subPrime, "SUBPRIME:", 0); - SECU_PrintInteger(stdout, &pqg->base, "BASE:", 0); -} - -static void -dump_dsakey(DSAPrivateKey *key) -{ - dump_pqg(&key->params); - SECU_PrintInteger(stdout, &key->publicValue, "PUBLIC VALUE:", 0); - SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0); -} - -#ifdef NSS_ENABLE_ECC -static void -dump_ecp(ECParams *ecp) -{ - /* TODO other fields */ - SECU_PrintInteger(stdout, &ecp->base, "BASE POINT:", 0); -} - -static void -dump_eckey(ECPrivateKey *key) -{ - dump_ecp(&key->ecParams); - SECU_PrintInteger(stdout, &key->publicValue, "PUBLIC VALUE:", 0); - SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0); -} -#endif - -static void -dump_rsakey(RSAPrivateKey *key) -{ - SECU_PrintInteger(stdout, &key->version, "VERSION:", 0); - SECU_PrintInteger(stdout, &key->modulus, "MODULUS:", 0); - SECU_PrintInteger(stdout, &key->publicExponent, "PUBLIC EXP:", 0); - SECU_PrintInteger(stdout, &key->privateExponent, "PRIVATE EXP:", 0); - SECU_PrintInteger(stdout, &key->prime1, "CRT PRIME 1:", 0); - SECU_PrintInteger(stdout, &key->prime2, "CRT PRIME 2:", 0); - SECU_PrintInteger(stdout, &key->exponent1, "CRT EXP 1:", 0); - SECU_PrintInteger(stdout, &key->exponent2, "CRT EXP 2:", 0); - SECU_PrintInteger(stdout, &key->coefficient, "CRT COEFFICIENT:", 0); -} - -typedef enum { - bltestBase64Encoded, /* Base64 encoded ASCII */ - bltestBinary, /* straight binary */ - bltestHexSpaceDelim, /* 0x12 0x34 0xab 0xCD ... */ - bltestHexStream /* 1234abCD ... */ -} bltestIOMode; - -typedef struct -{ - SECItem buf; - SECItem pBuf; - bltestIOMode mode; - PRFileDesc* file; -} bltestIO; - -typedef SECStatus (* bltestSymmCipherFn)(void *cx, - unsigned char *output, - unsigned int *outputLen, - unsigned int maxOutputLen, - const unsigned char *input, - unsigned int inputLen); - -typedef SECStatus (* bltestPubKeyCipherFn)(void *key, - SECItem *output, - const SECItem *input); - -typedef SECStatus (* bltestHashCipherFn)(unsigned char *dest, - const unsigned char *src, - uint32 src_length); - -typedef enum { - bltestINVALID = -1, - bltestDES_ECB, /* Symmetric Key Ciphers */ - bltestDES_CBC, /* . */ - bltestDES_EDE_ECB, /* . */ - bltestDES_EDE_CBC, /* . */ - bltestRC2_ECB, /* . */ - bltestRC2_CBC, /* . */ - bltestRC4, /* . */ - bltestRC5_ECB, /* . */ - bltestRC5_CBC, /* . */ - bltestAES_ECB, /* . */ - bltestAES_CBC, /* . */ - bltestRSA, /* Public Key Ciphers */ -#ifdef NSS_ENABLE_ECC - bltestECDSA, /* . (Public Key Sig.) */ -#endif - bltestDSA, /* . */ - bltestMD2, /* Hash algorithms */ - bltestMD5, /* . */ - bltestSHA1, /* . */ - bltestSHA256, /* . */ - bltestSHA384, /* . */ - bltestSHA512, /* . */ - NUMMODES -} bltestCipherMode; - -static char *mode_strings[] = -{ - "des_ecb", - "des_cbc", - "des3_ecb", - "des3_cbc", - "rc2_ecb", - "rc2_cbc", - "rc4", - "rc5_ecb", - "rc5_cbc", - "aes_ecb", - "aes_cbc", - "rsa", -#ifdef NSS_ENABLE_ECC - "ecdsa", -#endif - /*"pqg",*/ - "dsa", - "md2", - "md5", - "sha1", - "sha256", - "sha384", - "sha512", -}; - -typedef struct -{ - bltestIO key; - bltestIO iv; -} bltestSymmKeyParams; - -typedef struct -{ - bltestIO key; - bltestIO iv; - int rounds; - int wordsize; -} bltestRC5Params; - -typedef struct -{ - bltestIO key; - int keysizeInBits; - RSAPrivateKey *rsakey; -} bltestRSAParams; - -typedef struct -{ - bltestIO key; - bltestIO pqgdata; - unsigned int j; - bltestIO keyseed; - bltestIO sigseed; - bltestIO sig; /* if doing verify, have additional input */ - PQGParams *pqg; - DSAPrivateKey *dsakey; -} bltestDSAParams; - -#ifdef NSS_ENABLE_ECC -typedef struct -{ - bltestIO key; - char *curveName; - bltestIO sigseed; - bltestIO sig; /* if doing verify, have additional input */ - ECPrivateKey *eckey; -} bltestECDSAParams; -#endif - -typedef struct -{ - bltestIO key; /* unused */ - PRBool restart; -} bltestHashParams; - -typedef union -{ - bltestIO key; - bltestSymmKeyParams sk; - bltestRC5Params rc5; - bltestRSAParams rsa; - bltestDSAParams dsa; -#ifdef NSS_ENABLE_ECC - bltestECDSAParams ecdsa; -#endif - bltestHashParams hash; -} bltestParams; - -typedef struct bltestCipherInfoStr bltestCipherInfo; - -struct bltestCipherInfoStr { - PRArenaPool *arena; - /* link to next in multithreaded test */ - bltestCipherInfo *next; - PRThread *cipherThread; - - /* MonteCarlo test flag*/ - PRBool mCarlo; - /* cipher context */ - void *cx; - /* I/O streams */ - bltestIO input; - bltestIO output; - /* Cipher-specific parameters */ - bltestParams params; - /* Cipher mode */ - bltestCipherMode mode; - /* Cipher function (encrypt/decrypt/sign/verify/hash) */ - union { - bltestSymmCipherFn symmkeyCipher; - bltestPubKeyCipherFn pubkeyCipher; - bltestHashCipherFn hashCipher; - } cipher; - /* performance testing */ - int repetitionsToPerfom; - int seconds; - int repetitions; - int cxreps; - double cxtime; - double optime; -}; - -PRBool -is_symmkeyCipher(bltestCipherMode mode) -{ - /* change as needed! */ - if (mode >= bltestDES_ECB && mode <= bltestAES_CBC) - return PR_TRUE; - return PR_FALSE; -} - -PRBool -is_pubkeyCipher(bltestCipherMode mode) -{ - /* change as needed! */ - if (mode >= bltestRSA && mode <= bltestDSA) - return PR_TRUE; - return PR_FALSE; -} - -PRBool -is_hashCipher(bltestCipherMode mode) -{ - /* change as needed! */ - if (mode >= bltestMD2 && mode <= bltestSHA512) - return PR_TRUE; - return PR_FALSE; -} - -PRBool -is_sigCipher(bltestCipherMode mode) -{ - /* change as needed! */ -#ifdef NSS_ENABLE_ECC - if (mode >= bltestECDSA && mode <= bltestDSA) -#else - if (mode >= bltestDSA && mode <= bltestDSA) -#endif - return PR_TRUE; - return PR_FALSE; -} - -PRBool -cipher_requires_IV(bltestCipherMode mode) -{ - /* change as needed! */ - if (mode == bltestDES_CBC || mode == bltestDES_EDE_CBC || - mode == bltestRC2_CBC || mode == bltestRC5_CBC || - mode == bltestAES_CBC) - return PR_TRUE; - return PR_FALSE; -} - -SECStatus finishIO(bltestIO *output, PRFileDesc *file); - -SECStatus -setupIO(PRArenaPool *arena, bltestIO *input, PRFileDesc *file, - char *str, int numBytes) -{ - SECStatus rv = SECSuccess; - SECItem fileData; - SECItem *in; - unsigned char *tok; - unsigned int i, j; - - if (file && (numBytes == 0 || file == PR_STDIN)) { - /* grabbing data from a file */ - rv = SECU_FileToItem(&fileData, file); - if (rv != SECSuccess) { - PR_Close(file); - return SECFailure; - } - in = &fileData; - } else if (str) { - /* grabbing data from command line */ - fileData.data = str; - fileData.len = PL_strlen(str); - in = &fileData; - } else if (file) { - /* create nonce */ - SECITEM_AllocItem(arena, &input->buf, numBytes); - RNG_GenerateGlobalRandomBytes(input->buf.data, numBytes); - return finishIO(input, file); - } else { - return SECFailure; - } - - switch (input->mode) { - case bltestBase64Encoded: - rv = atob(in, &input->buf, arena); - break; - case bltestBinary: - if (in->data[in->len-1] == '\n') --in->len; - if (in->data[in->len-1] == '\r') --in->len; - SECITEM_CopyItem(arena, &input->buf, in); - break; - case bltestHexSpaceDelim: - SECITEM_AllocItem(arena, &input->buf, in->len/5); - for (i=0, j=0; ilen; i+=5, j++) { - tok = &in->data[i]; - if (tok[0] != '0' || tok[1] != 'x' || tok[4] != ' ') - /* bad hex token */ - break; - - rv = hex_from_2char(&tok[2], input->buf.data + j); - if (rv) - break; - } - break; - case bltestHexStream: - SECITEM_AllocItem(arena, &input->buf, in->len/2); - for (i=0, j=0; ilen; i+=2, j++) { - tok = &in->data[i]; - rv = hex_from_2char(tok, input->buf.data + j); - if (rv) - break; - } - break; - } - - if (file) - SECITEM_FreeItem(&fileData, PR_FALSE); - return rv; -} - -SECStatus -finishIO(bltestIO *output, PRFileDesc *file) -{ - SECStatus rv = SECSuccess; - PRInt32 nb; - unsigned char byteval; - SECItem *it; - char hexstr[5]; - unsigned int i; - if (output->pBuf.len > 0) { - it = &output->pBuf; - } else { - it = &output->buf; - } - switch (output->mode) { - case bltestBase64Encoded: - rv = btoa_file(it, file); - break; - case bltestBinary: - nb = PR_Write(file, it->data, it->len); - rv = (nb == (PRInt32)it->len) ? SECSuccess : SECFailure; - break; - case bltestHexSpaceDelim: - hexstr[0] = '0'; - hexstr[1] = 'x'; - hexstr[4] = ' '; - for (i=0; ilen; i++) { - byteval = it->data[i]; - rv = char2_from_hex(byteval, hexstr + 2); - nb = PR_Write(file, hexstr, 5); - if (rv) - break; - } - PR_Write(file, "\n", 1); - break; - case bltestHexStream: - for (i=0; ilen; i++) { - byteval = it->data[i]; - rv = char2_from_hex(byteval, hexstr); - if (rv) - break; - nb = PR_Write(file, hexstr, 2); - } - PR_Write(file, "\n", 1); - break; - } - return rv; -} - -void -bltestCopyIO(PRArenaPool *arena, bltestIO *dest, bltestIO *src) -{ - SECITEM_CopyItem(arena, &dest->buf, &src->buf); - if (src->pBuf.len > 0) { - dest->pBuf.len = src->pBuf.len; - dest->pBuf.data = dest->buf.data + (src->pBuf.data - src->buf.data); - } - dest->mode = src->mode; - dest->file = src->file; -} - -void -misalignBuffer(PRArenaPool *arena, bltestIO *io, int off) -{ - ptrdiff_t offset = (ptrdiff_t)io->buf.data % WORDSIZE; - int length = io->buf.len; - if (offset != off) { - SECITEM_ReallocItem(arena, &io->buf, length, length + 2*WORDSIZE); - io->buf.len = length + 2*WORDSIZE; /* why doesn't realloc do this? */ - /* offset may have changed? */ - offset = (ptrdiff_t)io->buf.data % WORDSIZE; - if (offset != off) { - memmove(io->buf.data + off, io->buf.data, length); - io->pBuf.data = io->buf.data + off; - io->pBuf.len = length; - } else { - io->pBuf.data = io->buf.data; - io->pBuf.len = length; - } - } else { - io->pBuf.data = io->buf.data; - io->pBuf.len = length; - } -} - -SECStatus -des_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return DES_Encrypt((DESContext *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -des_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return DES_Decrypt((DESContext *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -rc2_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return RC2_Encrypt((RC2Context *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -rc2_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return RC2_Decrypt((RC2Context *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -rc4_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return RC4_Encrypt((RC4Context *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -rc4_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return RC4_Decrypt((RC4Context *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -aes_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return AES_Encrypt((AESContext *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -aes_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, - unsigned int maxOutputLen, const unsigned char *input, - unsigned int inputLen) -{ - return AES_Decrypt((AESContext *)cx, output, outputLen, maxOutputLen, - input, inputLen); -} - -SECStatus -rsa_PublicKeyOp(void *key, SECItem *output, const SECItem *input) -{ - return RSA_PublicKeyOp((RSAPublicKey *)key, output->data, input->data); -} - -SECStatus -rsa_PrivateKeyOp(void *key, SECItem *output, const SECItem *input) -{ - return RSA_PrivateKeyOp((RSAPrivateKey *)key, output->data, input->data); -} - -SECStatus -dsa_signDigest(void *key, SECItem *output, const SECItem *input) -{ - return DSA_SignDigest((DSAPrivateKey *)key, output, input); -} - -SECStatus -dsa_verifyDigest(void *key, SECItem *output, const SECItem *input) -{ - return DSA_VerifyDigest((DSAPublicKey *)key, output, input); -} - -#ifdef NSS_ENABLE_ECC -SECStatus -ecdsa_signDigest(void *key, SECItem *output, const SECItem *input) -{ - return ECDSA_SignDigest((ECPrivateKey *)key, output, input); -} - -SECStatus -ecdsa_verifyDigest(void *key, SECItem *output, const SECItem *input) -{ - return ECDSA_VerifyDigest((ECPublicKey *)key, output, input); -} -#endif - -SECStatus -bltest_des_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - PRIntervalTime time1, time2; - bltestSymmKeyParams *desp = &cipherInfo->params.sk; - int minorMode; - int i; - switch (cipherInfo->mode) { - case bltestDES_ECB: minorMode = NSS_DES; break; - case bltestDES_CBC: minorMode = NSS_DES_CBC; break; - case bltestDES_EDE_ECB: minorMode = NSS_DES_EDE3; break; - case bltestDES_EDE_CBC: minorMode = NSS_DES_EDE3_CBC; break; - default: - return SECFailure; - } - cipherInfo->cx = (void*)DES_CreateContext(desp->key.buf.data, - desp->iv.buf.data, - minorMode, encrypt); - if (cipherInfo->cxreps > 0) { - DESContext **dummycx; - dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(DESContext *)); - TIMESTART(); - for (i=0; icxreps; i++) { - dummycx[i] = (void*)DES_CreateContext(desp->key.buf.data, - desp->iv.buf.data, - minorMode, encrypt); - } - TIMEFINISH(cipherInfo->cxtime, 1.0); - for (i=0; icxreps; i++) { - DES_DestroyContext(dummycx[i], PR_TRUE); - } - PORT_Free(dummycx); - } - if (encrypt) - cipherInfo->cipher.symmkeyCipher = des_Encrypt; - else - cipherInfo->cipher.symmkeyCipher = des_Decrypt; - return SECSuccess; -} - -SECStatus -bltest_rc2_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - PRIntervalTime time1, time2; - bltestSymmKeyParams *rc2p = &cipherInfo->params.sk; - int minorMode; - int i; - switch (cipherInfo->mode) { - case bltestRC2_ECB: minorMode = NSS_RC2; break; - case bltestRC2_CBC: minorMode = NSS_RC2_CBC; break; - default: - return SECFailure; - } - cipherInfo->cx = (void*)RC2_CreateContext(rc2p->key.buf.data, - rc2p->key.buf.len, - rc2p->iv.buf.data, - minorMode, - rc2p->key.buf.len); - if (cipherInfo->cxreps > 0) { - RC2Context **dummycx; - dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(RC2Context *)); - TIMESTART(); - for (i=0; icxreps; i++) { - dummycx[i] = (void*)RC2_CreateContext(rc2p->key.buf.data, - rc2p->key.buf.len, - rc2p->iv.buf.data, - minorMode, - rc2p->key.buf.len); - } - TIMEFINISH(cipherInfo->cxtime, 1.0); - for (i=0; icxreps; i++) { - RC2_DestroyContext(dummycx[i], PR_TRUE); - } - PORT_Free(dummycx); - } - if (encrypt) - cipherInfo->cipher.symmkeyCipher = rc2_Encrypt; - else - cipherInfo->cipher.symmkeyCipher = rc2_Decrypt; - return SECSuccess; -} - -SECStatus -bltest_rc4_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - PRIntervalTime time1, time2; - int i; - bltestSymmKeyParams *rc4p = &cipherInfo->params.sk; - cipherInfo->cx = (void*)RC4_CreateContext(rc4p->key.buf.data, - rc4p->key.buf.len); - if (cipherInfo->cxreps > 0) { - RC4Context **dummycx; - dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(RC4Context *)); - TIMESTART(); - for (i=0; icxreps; i++) { - dummycx[i] = (void*)RC4_CreateContext(rc4p->key.buf.data, - rc4p->key.buf.len); - } - TIMEFINISH(cipherInfo->cxtime, 1.0); - for (i=0; icxreps; i++) { - RC4_DestroyContext(dummycx[i], PR_TRUE); - } - PORT_Free(dummycx); - } - if (encrypt) - cipherInfo->cipher.symmkeyCipher = rc4_Encrypt; - else - cipherInfo->cipher.symmkeyCipher = rc4_Decrypt; - return SECSuccess; -} - -SECStatus -bltest_rc5_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ -#if NSS_SOFTOKEN_DOES_RC5 - PRIntervalTime time1, time2; - bltestRC5Params *rc5p = &cipherInfo->params.rc5; - int minorMode; - switch (cipherInfo->mode) { - case bltestRC5_ECB: minorMode = NSS_RC5; break; - case bltestRC5_CBC: minorMode = NSS_RC5_CBC; break; - default: - return SECFailure; - } - TIMESTART(); - cipherInfo->cx = (void*)RC5_CreateContext(&rc5p->key.buf, - rc5p->rounds, rc5p->wordsize, - rc5p->iv.buf.data, minorMode); - TIMEFINISH(cipherInfo->cxtime, 1.0); - if (encrypt) - cipherInfo->cipher.symmkeyCipher = RC5_Encrypt; - else - cipherInfo->cipher.symmkeyCipher = RC5_Decrypt; - return SECSuccess; -#else - return SECFailure; -#endif -} - -SECStatus -bltest_aes_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - bltestSymmKeyParams *aesp = &cipherInfo->params.sk; - int minorMode; - int i; - int keylen = aesp->key.buf.len; - int blocklen = AES_BLOCK_SIZE; - PRIntervalTime time1, time2; - - switch (cipherInfo->mode) { - case bltestAES_ECB: minorMode = NSS_AES; break; - case bltestAES_CBC: minorMode = NSS_AES_CBC; break; - default: - return SECFailure; - } - cipherInfo->cx = (void*)AES_CreateContext(aesp->key.buf.data, - aesp->iv.buf.data, - minorMode, encrypt, - keylen, blocklen); - if (cipherInfo->cxreps > 0) { - AESContext **dummycx; - dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(AESContext *)); - TIMESTART(); - for (i=0; icxreps; i++) { - dummycx[i] = (void*)AES_CreateContext(aesp->key.buf.data, - aesp->iv.buf.data, - minorMode, encrypt, - keylen, blocklen); - } - TIMEFINISH(cipherInfo->cxtime, 1.0); - for (i=0; icxreps; i++) { - AES_DestroyContext(dummycx[i], PR_TRUE); - } - PORT_Free(dummycx); - } - if (encrypt) - cipherInfo->cipher.symmkeyCipher = aes_Encrypt; - else - cipherInfo->cipher.symmkeyCipher = aes_Decrypt; - return SECSuccess; -} - -SECStatus -bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - int i; - RSAPrivateKey **dummyKey; - PRIntervalTime time1, time2; - bltestRSAParams *rsap = &cipherInfo->params.rsa; - /* RSA key gen was done during parameter setup */ - cipherInfo->cx = cipherInfo->params.rsa.rsakey; - /* For performance testing */ - if (cipherInfo->cxreps > 0) { - /* Create space for n private key objects */ - dummyKey = (RSAPrivateKey **)PORT_Alloc(cipherInfo->cxreps * - sizeof(RSAPrivateKey *)); - /* Time n keygens, storing in the array */ - TIMESTART(); - for (i=0; icxreps; i++) - dummyKey[i] = RSA_NewKey(rsap->keysizeInBits, - &rsap->rsakey->publicExponent); - TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps); - /* Free the n key objects */ - for (i=0; icxreps; i++) - PORT_FreeArena(dummyKey[i]->arena, PR_TRUE); - PORT_Free(dummyKey); - } - if (encrypt) { - /* Have to convert private key to public key. Memory - * is freed with private key's arena */ - RSAPublicKey *pubkey; - RSAPrivateKey *key = (RSAPrivateKey *)cipherInfo->cx; - pubkey = (RSAPublicKey *)PORT_ArenaAlloc(key->arena, - sizeof(RSAPublicKey)); - pubkey->modulus.len = key->modulus.len; - pubkey->modulus.data = key->modulus.data; - pubkey->publicExponent.len = key->publicExponent.len; - pubkey->publicExponent.data = key->publicExponent.data; - cipherInfo->cx = (void *)pubkey; - cipherInfo->cipher.pubkeyCipher = rsa_PublicKeyOp; - } else { - cipherInfo->cipher.pubkeyCipher = rsa_PrivateKeyOp; - } - return SECSuccess; -} - -SECStatus -bltest_pqg_init(bltestDSAParams *dsap) -{ - SECStatus rv, res; - PQGVerify *vfy = NULL; - rv = PQG_ParamGen(dsap->j, &dsap->pqg, &vfy); - CHECKERROR(rv, __LINE__); - rv = PQG_VerifyParams(dsap->pqg, vfy, &res); - CHECKERROR(res, __LINE__); - CHECKERROR(rv, __LINE__); - return rv; -} - -SECStatus -bltest_dsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - int i; - DSAPrivateKey **dummyKey; - PQGParams *dummypqg; - PRIntervalTime time1, time2; - bltestDSAParams *dsap = &cipherInfo->params.dsa; - PQGVerify *ignore = NULL; - /* DSA key gen was done during parameter setup */ - cipherInfo->cx = cipherInfo->params.dsa.dsakey; - /* For performance testing */ - if (cipherInfo->cxreps > 0) { - /* Create space for n private key objects */ - dummyKey = (DSAPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps * - sizeof(DSAPrivateKey *)); - /* Time n keygens, storing in the array */ - TIMESTART(); - for (i=0; icxreps; i++) { - dummypqg = NULL; - PQG_ParamGen(dsap->j, &dummypqg, &ignore); - DSA_NewKey(dummypqg, &dummyKey[i]); - } - TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps); - /* Free the n key objects */ - for (i=0; icxreps; i++) - PORT_FreeArena(dummyKey[i]->params.arena, PR_TRUE); - PORT_Free(dummyKey); - } - if (!dsap->pqg && dsap->pqgdata.buf.len > 0) { - dsap->pqg = pqg_from_filedata(&dsap->pqgdata.buf); - } - if (!cipherInfo->cx && dsap->key.buf.len > 0) { - cipherInfo->cx = dsakey_from_filedata(&dsap->key.buf); - } - if (encrypt) { - cipherInfo->cipher.pubkeyCipher = dsa_signDigest; - } else { - /* Have to convert private key to public key. Memory - * is freed with private key's arena */ - DSAPublicKey *pubkey; - DSAPrivateKey *key = (DSAPrivateKey *)cipherInfo->cx; - pubkey = (DSAPublicKey *)PORT_ArenaZAlloc(key->params.arena, - sizeof(DSAPublicKey)); - pubkey->params.prime.len = key->params.prime.len; - pubkey->params.prime.data = key->params.prime.data; - pubkey->params.subPrime.len = key->params.subPrime.len; - pubkey->params.subPrime.data = key->params.subPrime.data; - pubkey->params.base.len = key->params.base.len; - pubkey->params.base.data = key->params.base.data; - pubkey->publicValue.len = key->publicValue.len; - pubkey->publicValue.data = key->publicValue.data; - cipherInfo->cipher.pubkeyCipher = dsa_verifyDigest; - } - return SECSuccess; -} - -#ifdef NSS_ENABLE_ECC -SECStatus -bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - int i; - ECPrivateKey **dummyKey; - PRIntervalTime time1, time2; - bltestECDSAParams *ecdsap = &cipherInfo->params.ecdsa; - /* ECDSA key gen was done during parameter setup */ - cipherInfo->cx = cipherInfo->params.ecdsa.eckey; - /* For performance testing */ - if (cipherInfo->cxreps > 0) { - /* Create space for n private key objects */ - dummyKey = (ECPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps * - sizeof(ECPrivateKey *)); - /* Time n keygens, storing in the array */ - TIMESTART(); - for (i=0; icxreps; i++) { - EC_NewKey(&ecdsap->eckey->ecParams, &dummyKey[i]); - } - TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps); - /* Free the n key objects */ - for (i=0; icxreps; i++) - PORT_FreeArena(dummyKey[i]->ecParams.arena, PR_TRUE); - PORT_Free(dummyKey); - } - if (!cipherInfo->cx && ecdsap->key.buf.len > 0) { - cipherInfo->cx = eckey_from_filedata(&ecdsap->key.buf); - } - if (encrypt) { - cipherInfo->cipher.pubkeyCipher = ecdsa_signDigest; - } else { - /* Have to convert private key to public key. Memory - * is freed with private key's arena */ - ECPublicKey *pubkey; - ECPrivateKey *key = (ECPrivateKey *)cipherInfo->cx; - pubkey = (ECPublicKey *)PORT_ArenaZAlloc(key->ecParams.arena, - sizeof(ECPublicKey)); - pubkey->ecParams.type = key->ecParams.type; - pubkey->ecParams.fieldID.size = key->ecParams.fieldID.size; - pubkey->ecParams.fieldID.type = key->ecParams.fieldID.type; - pubkey->ecParams.fieldID.u.prime.len = key->ecParams.fieldID.u.prime.len; - pubkey->ecParams.fieldID.u.prime.data = key->ecParams.fieldID.u.prime.data; - pubkey->ecParams.fieldID.k1 = key->ecParams.fieldID.k1; - pubkey->ecParams.fieldID.k2 = key->ecParams.fieldID.k2; - pubkey->ecParams.fieldID.k3 = key->ecParams.fieldID.k3; - pubkey->ecParams.curve.a.len = key->ecParams.curve.a.len; - pubkey->ecParams.curve.a.data = key->ecParams.curve.a.data; - pubkey->ecParams.curve.b.len = key->ecParams.curve.b.len; - pubkey->ecParams.curve.b.data = key->ecParams.curve.b.data; - pubkey->ecParams.curve.seed.len = key->ecParams.curve.seed.len; - pubkey->ecParams.curve.seed.data = key->ecParams.curve.seed.data; - pubkey->ecParams.base.len = key->ecParams.base.len; - pubkey->ecParams.base.data = key->ecParams.base.data; - pubkey->ecParams.order.len = key->ecParams.order.len; - pubkey->ecParams.order.data = key->ecParams.order.data; - pubkey->ecParams.cofactor = key->ecParams.cofactor; - pubkey->ecParams.DEREncoding.len = key->ecParams.DEREncoding.len; - pubkey->ecParams.DEREncoding.data = key->ecParams.DEREncoding.data; - pubkey->ecParams.name= key->ecParams.name; - pubkey->publicValue.len = key->publicValue.len; - pubkey->publicValue.data = key->publicValue.data; - cipherInfo->cipher.pubkeyCipher = ecdsa_verifyDigest; - } - return SECSuccess; -} -#endif - -/* XXX unfortunately, this is not defined in blapi.h */ -SECStatus -md2_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - unsigned int len; - MD2Context *cx = MD2_NewContext(); - if (cx == NULL) return SECFailure; - MD2_Begin(cx); - MD2_Update(cx, src, src_length); - MD2_End(cx, dest, &len, MD2_LENGTH); - MD2_DestroyContext(cx, PR_TRUE); - return SECSuccess; -} - -SECStatus -md2_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - MD2Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - SECStatus rv = SECSuccess; - cx = MD2_NewContext(); - MD2_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - MD2_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = MD2_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - MD2_Flatten(cx, cxbytes); - cx_cpy = MD2_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: MD2_Resurrect failed!\n", progName); - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - MD2_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: MD2_restart failed!\n", progName); - goto finish; - } - MD2_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - MD2_End(cx, dest, &len, MD2_LENGTH); -finish: - MD2_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -md5_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - SECStatus rv = SECSuccess; - MD5Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - cx = MD5_NewContext(); - MD5_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - MD5_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = MD5_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - MD5_Flatten(cx, cxbytes); - cx_cpy = MD5_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: MD5_Resurrect failed!\n", progName); - rv = SECFailure; - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - MD5_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: MD5_restart failed!\n", progName); - goto finish; - } - MD5_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - MD5_End(cx, dest, &len, MD5_LENGTH); -finish: - MD5_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -sha1_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - SECStatus rv = SECSuccess; - SHA1Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - cx = SHA1_NewContext(); - SHA1_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - SHA1_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = SHA1_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - SHA1_Flatten(cx, cxbytes); - cx_cpy = SHA1_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: SHA1_Resurrect failed!\n", progName); - rv = SECFailure; - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - SHA1_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: SHA1_restart failed!\n", progName); - goto finish; - } - SHA1_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - SHA1_End(cx, dest, &len, MD5_LENGTH); -finish: - SHA1_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -SHA256_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - SECStatus rv = SECSuccess; - SHA256Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - cx = SHA256_NewContext(); - SHA256_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - SHA256_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = SHA256_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - SHA256_Flatten(cx, cxbytes); - cx_cpy = SHA256_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: SHA256_Resurrect failed!\n", progName); - rv = SECFailure; - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - SHA256_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: SHA256_restart failed!\n", progName); - goto finish; - } - SHA256_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - SHA256_End(cx, dest, &len, MD5_LENGTH); -finish: - SHA256_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -SHA384_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - SECStatus rv = SECSuccess; - SHA384Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - cx = SHA384_NewContext(); - SHA384_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - SHA384_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = SHA384_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - SHA384_Flatten(cx, cxbytes); - cx_cpy = SHA384_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: SHA384_Resurrect failed!\n", progName); - rv = SECFailure; - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - SHA384_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: SHA384_restart failed!\n", progName); - goto finish; - } - SHA384_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - SHA384_End(cx, dest, &len, MD5_LENGTH); -finish: - SHA384_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -SHA512_restart(unsigned char *dest, const unsigned char *src, uint32 src_length) -{ - SECStatus rv = SECSuccess; - SHA512Context *cx, *cx_cpy; - unsigned char *cxbytes; - unsigned int len; - unsigned int i, quarter; - cx = SHA512_NewContext(); - SHA512_Begin(cx); - /* divide message by 4, restarting 3 times */ - quarter = (src_length + 3)/ 4; - for (i=0; i < 4 && src_length > 0; i++) { - SHA512_Update(cx, src + i*quarter, PR_MIN(quarter, src_length)); - len = SHA512_FlattenSize(cx); - cxbytes = PORT_Alloc(len); - SHA512_Flatten(cx, cxbytes); - cx_cpy = SHA512_Resurrect(cxbytes, NULL); - if (!cx_cpy) { - PR_fprintf(PR_STDERR, "%s: SHA512_Resurrect failed!\n", progName); - rv = SECFailure; - goto finish; - } - rv = PORT_Memcmp(cx, cx_cpy, len); - if (rv) { - SHA512_DestroyContext(cx_cpy, PR_TRUE); - PR_fprintf(PR_STDERR, "%s: SHA512_restart failed!\n", progName); - goto finish; - } - SHA512_DestroyContext(cx_cpy, PR_TRUE); - PORT_Free(cxbytes); - src_length -= quarter; - } - SHA512_End(cx, dest, &len, MD5_LENGTH); -finish: - SHA512_DestroyContext(cx, PR_TRUE); - return rv; -} - -SECStatus -pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file, -#ifdef NSS_ENABLE_ECC - int keysize, int exponent, char *curveName) -#else - int keysize, int exponent) -#endif -{ - int i; - SECStatus rv = SECSuccess; - bltestRSAParams *rsap; - bltestDSAParams *dsap; -#ifdef NSS_ENABLE_ECC - bltestECDSAParams *ecdsap; - SECItem *tmpECParamsDER; - ECParams *tmpECParams = NULL; - SECItem ecSerialize[3]; -#endif - switch (cipherInfo->mode) { - case bltestRSA: - rsap = &cipherInfo->params.rsa; - if (keysize > 0) { - SECItem expitem = { 0, 0, 0 }; - SECITEM_AllocItem(cipherInfo->arena, &expitem, sizeof(int)); - for (i = 1; i <= sizeof(int); i++) - expitem.data[i-1] = exponent >> (8*(sizeof(int) - i)); - rsap->rsakey = RSA_NewKey(keysize * 8, &expitem); - serialize_key(&rsap->rsakey->version, 9, file); - rsap->keysizeInBits = keysize * 8; - } else { - setupIO(cipherInfo->arena, &cipherInfo->params.key, file, NULL, 0); - rsap->rsakey = rsakey_from_filedata(&cipherInfo->params.key.buf); - rsap->keysizeInBits = rsap->rsakey->modulus.len * 8; - } - break; - case bltestDSA: - dsap = &cipherInfo->params.dsa; - if (keysize > 0) { - dsap->j = PQG_PBITS_TO_INDEX(8*keysize); - if (!dsap->pqg) - bltest_pqg_init(dsap); - rv = DSA_NewKey(dsap->pqg, &dsap->dsakey); - CHECKERROR(rv, __LINE__); - serialize_key(&dsap->dsakey->params.prime, 5, file); - } else { - setupIO(cipherInfo->arena, &cipherInfo->params.key, file, NULL, 0); - dsap->dsakey = dsakey_from_filedata(&cipherInfo->params.key.buf); - dsap->j = PQG_PBITS_TO_INDEX(8*dsap->dsakey->params.prime.len); - } - break; -#ifdef NSS_ENABLE_ECC - case bltestECDSA: - ecdsap = &cipherInfo->params.ecdsa; - if (curveName != NULL) { - tmpECParamsDER = getECParams(curveName); - rv = secoid_Init(); - CHECKERROR(rv, __LINE__); - rv = EC_DecodeParams(tmpECParamsDER, &tmpECParams) == SECFailure; - CHECKERROR(rv, __LINE__); - rv = EC_NewKey(tmpECParams, &ecdsap->eckey); - CHECKERROR(rv, __LINE__); - ecSerialize[0].type = tmpECParamsDER->type; - ecSerialize[0].data = tmpECParamsDER->data; - ecSerialize[0].len = tmpECParamsDER->len; - ecSerialize[1].type = ecdsap->eckey->publicValue.type; - ecSerialize[1].data = ecdsap->eckey->publicValue.data; - ecSerialize[1].len = ecdsap->eckey->publicValue.len; - ecSerialize[2].type = ecdsap->eckey->privateValue.type; - ecSerialize[2].data = ecdsap->eckey->privateValue.data; - ecSerialize[2].len = ecdsap->eckey->privateValue.len; - serialize_key(&(ecSerialize[0]), 3, file); - free(tmpECParamsDER); - PORT_FreeArena(tmpECParams->arena, PR_TRUE); - rv = SECOID_Shutdown(); - CHECKERROR(rv, __LINE__); - } else { - setupIO(cipherInfo->arena, &cipherInfo->params.key, file, NULL, 0); - ecdsap->eckey = eckey_from_filedata(&cipherInfo->params.key.buf); - } - break; -#endif - default: - return SECFailure; - } - return SECSuccess; -} - -SECStatus -cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt) -{ - PRBool restart; - switch (cipherInfo->mode) { - case bltestDES_ECB: - case bltestDES_CBC: - case bltestDES_EDE_ECB: - case bltestDES_EDE_CBC: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); - return bltest_des_init(cipherInfo, encrypt); - break; - case bltestRC2_ECB: - case bltestRC2_CBC: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); - return bltest_rc2_init(cipherInfo, encrypt); - break; - case bltestRC4: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); - return bltest_rc4_init(cipherInfo, encrypt); - break; - case bltestRC5_ECB: - case bltestRC5_CBC: -#if NSS_SOFTOKEN_DOES_RC5 - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); -#endif - return bltest_rc5_init(cipherInfo, encrypt); - break; - case bltestAES_ECB: - case bltestAES_CBC: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); - return bltest_aes_init(cipherInfo, encrypt); - break; - case bltestRSA: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - cipherInfo->input.pBuf.len); - return bltest_rsa_init(cipherInfo, encrypt); - break; - case bltestDSA: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - DSA_SIGNATURE_LEN); - return bltest_dsa_init(cipherInfo, encrypt); - break; -#ifdef NSS_ENABLE_ECC - case bltestECDSA: - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - 2 * MAX_ECKEY_LEN); - return bltest_ecdsa_init(cipherInfo, encrypt); - break; -#endif - case bltestMD2: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - MD2_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? md2_restart : md2_HashBuf; - return SECSuccess; - break; - case bltestMD5: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - MD5_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? md5_restart : MD5_HashBuf; - return SECSuccess; - break; - case bltestSHA1: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - SHA1_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf; - return SECSuccess; - break; - case bltestSHA256: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - SHA256_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? SHA256_restart - : SHA256_HashBuf; - return SECSuccess; - break; - case bltestSHA384: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - SHA384_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? SHA384_restart - : SHA384_HashBuf; - return SECSuccess; - break; - case bltestSHA512: - restart = cipherInfo->params.hash.restart; - SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, - SHA512_LENGTH); - cipherInfo->cipher.hashCipher = (restart) ? SHA512_restart - : SHA512_HashBuf; - return SECSuccess; - break; - default: - return SECFailure; - } - return SECSuccess; -} - -SECStatus -dsaOp(bltestCipherInfo *cipherInfo) -{ - PRIntervalTime time1, time2; - SECStatus rv = SECSuccess; - int i; - int maxLen = cipherInfo->output.pBuf.len; - SECItem dummyOut = { 0, 0, 0 }; - SECITEM_AllocItem(NULL, &dummyOut, maxLen); - if (cipherInfo->cipher.pubkeyCipher == dsa_signDigest) { - if (cipherInfo->params.dsa.sigseed.buf.len > 0) { - bltestDSAParams *dsa = &cipherInfo->params.dsa; - DSAPrivateKey *key = (DSAPrivateKey *)cipherInfo->cx; - - TIMESTART(); - rv = DSA_SignDigestWithSeed(key, - &cipherInfo->output.pBuf, - &cipherInfo->input.pBuf, - dsa->sigseed.buf.data); - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - cipherInfo->repetitions = 0; - if (cipherInfo->repetitionsToPerfom != 0) { - TIMESTART(); - for (i=0; irepetitionsToPerfom; - i++, cipherInfo->repetitions++) { - rv = DSA_SignDigestWithSeed(key, &dummyOut, - &cipherInfo->input.pBuf, - dsa->sigseed.buf.data); - CHECKERROR(rv, __LINE__); - } - } else { - int opsBetweenChecks = 0; - TIMEMARK(cipherInfo->seconds); - while (! (TIMETOFINISH())) { - int j = 0; - for (;j < opsBetweenChecks;j++) { - rv = DSA_SignDigestWithSeed(key, &dummyOut, - &cipherInfo->input.pBuf, - dsa->sigseed.buf.data); - CHECKERROR(rv, __LINE__); - } - cipherInfo->repetitions += j; - } - } - TIMEFINISH(cipherInfo->optime, 1.0); - } else { - TIMESTART(); - rv = DSA_SignDigest((DSAPrivateKey *)cipherInfo->cx, - &cipherInfo->output.pBuf, - &cipherInfo->input.pBuf); - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - cipherInfo->repetitions = 0; - if (cipherInfo->repetitionsToPerfom != 0) { - TIMESTART(); - for (i=0; irepetitionsToPerfom; - i++, cipherInfo->repetitions++) { - rv = DSA_SignDigest((DSAPrivateKey *)cipherInfo->cx, - &dummyOut, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - } else { - int opsBetweenChecks = 0; - TIMEMARK(cipherInfo->seconds); - while (! (TIMETOFINISH())) { - int j = 0; - for (;j < opsBetweenChecks;j++) { - rv = DSA_SignDigest((DSAPrivateKey *)cipherInfo->cx, - &dummyOut, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - cipherInfo->repetitions += j; - } - } - TIMEFINISH(cipherInfo->optime, 1.0); - } - bltestCopyIO(cipherInfo->arena, &cipherInfo->params.dsa.sig, - &cipherInfo->output); - } else { - TIMESTART(); - rv = DSA_VerifyDigest((DSAPublicKey *)cipherInfo->cx, - &cipherInfo->params.dsa.sig.buf, - &cipherInfo->input.pBuf); - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - cipherInfo->repetitions = 0; - if (cipherInfo->repetitionsToPerfom != 0) { - TIMESTART(); - for (i=0; irepetitionsToPerfom; - i++, cipherInfo->repetitions++) { - rv = DSA_VerifyDigest((DSAPublicKey *)cipherInfo->cx, - &cipherInfo->params.dsa.sig.buf, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - } else { - int opsBetweenChecks = 0; - TIMEMARK(cipherInfo->seconds); - while (! (TIMETOFINISH())) { - int j = 0; - for (;j < opsBetweenChecks;j++) { - rv = DSA_VerifyDigest((DSAPublicKey *)cipherInfo->cx, - &cipherInfo->params.dsa.sig.buf, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - cipherInfo->repetitions += j; - } - } - TIMEFINISH(cipherInfo->optime, 1.0); - } - SECITEM_FreeItem(&dummyOut, PR_FALSE); - return rv; -} - -#ifdef NSS_ENABLE_ECC -SECStatus -ecdsaOp(bltestCipherInfo *cipherInfo) -{ - PRIntervalTime time1, time2; - SECStatus rv = SECSuccess; - int i; - int maxLen = cipherInfo->output.pBuf.len; - SECItem dummyOut = { 0, 0, 0 }; - SECITEM_AllocItem(NULL, &dummyOut, maxLen); - if (cipherInfo->cipher.pubkeyCipher == ecdsa_signDigest) { - if (cipherInfo->params.ecdsa.sigseed.buf.len > 0) { - ECPrivateKey *key = (ECPrivateKey *)cipherInfo->cx; - bltestECDSAParams *ecdsa = &cipherInfo->params.ecdsa; - - TIMESTART(); - rv = ECDSA_SignDigestWithSeed(key, - &cipherInfo->output.pBuf, - &cipherInfo->input.pBuf, - ecdsa->sigseed.buf.data, - ecdsa->sigseed.buf.len); - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - cipherInfo->repetitions = 0; - if (cipherInfo->repetitionsToPerfom != 0) { - TIMESTART(); - for (i=0; irepetitionsToPerfom; - i++, cipherInfo->repetitions++) { - rv = ECDSA_SignDigestWithSeed(key, &dummyOut, - &cipherInfo->input.pBuf, - ecdsa->sigseed.buf.data, - ecdsa->sigseed.buf.len); - CHECKERROR(rv, __LINE__); - } - } else { - int opsBetweenChecks = 0; - TIMEMARK(cipherInfo->seconds); - while (! (TIMETOFINISH())) { - int j = 0; - for (;j < opsBetweenChecks;j++) { - rv = ECDSA_SignDigestWithSeed(key, &dummyOut, - &cipherInfo->input.pBuf, - ecdsa->sigseed.buf.data, - ecdsa->sigseed.buf.len); - CHECKERROR(rv, __LINE__); - } - cipherInfo->repetitions += j; - } - } - TIMEFINISH(cipherInfo->optime, 1.0); - } else { - TIMESTART(); - rv = ECDSA_SignDigest((ECPrivateKey *)cipherInfo->cx, - &cipherInfo->output.pBuf, - &cipherInfo->input.pBuf); - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - cipherInfo->repetitions = 0; - if (cipherInfo->repetitionsToPerfom != 0) { - TIMESTART(); - for (i=0; irepetitionsToPerfom; - i++, cipherInfo->repetitions++) { - rv = ECDSA_SignDigest((ECPrivateKey *)cipherInfo->cx, - &dummyOut, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - } else { - int opsBetweenChecks = 0; - TIMEMARK(cipherInfo->seconds); - while (! (TIMETOFINISH())) { - int j = 0; - for (;j < opsBetweenChecks;j++) { - rv = ECDSA_SignDigest((ECPrivateKey *)cipherInfo->cx, - &dummyOut, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - cipherInfo->repetitions += j; - } - } - TIMEFINISH(cipherInfo->optime, 1.0); - } - bltestCopyIO(cipherInfo->arena, &cipherInfo->params.ecdsa.sig, - &cipherInfo->output); - } else { - TIMESTART(); - rv = ECDSA_VerifyDigest((ECPublicKey *)cipherInfo->cx, - &cipherInfo->params.ecdsa.sig.buf, - &cipherInfo->input.pBuf); - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - cipherInfo->repetitions = 0; - if (cipherInfo->repetitionsToPerfom != 0) { - TIMESTART(); - for (i=0; irepetitionsToPerfom; - i++, cipherInfo->repetitions++) { - rv = ECDSA_VerifyDigest((ECPublicKey *)cipherInfo->cx, - &cipherInfo->params.ecdsa.sig.buf, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - } else { - int opsBetweenChecks = 0; - TIMEMARK(cipherInfo->seconds); - while (! (TIMETOFINISH())) { - int j = 0; - for (;j < opsBetweenChecks;j++) { - rv = ECDSA_VerifyDigest((ECPublicKey *)cipherInfo->cx, - &cipherInfo->params.ecdsa.sig.buf, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - cipherInfo->repetitions += j; - } - } - TIMEFINISH(cipherInfo->optime, 1.0); - } - SECITEM_FreeItem(&dummyOut, PR_FALSE); - return rv; -} -#endif - -SECStatus -cipherDoOp(bltestCipherInfo *cipherInfo) -{ - PRIntervalTime time1, time2; - SECStatus rv = SECSuccess; - int i, len; - int maxLen = cipherInfo->output.pBuf.len; - unsigned char *dummyOut; - if (cipherInfo->mode == bltestDSA) - return dsaOp(cipherInfo); -#ifdef NSS_ENABLE_ECC - else if (cipherInfo->mode == bltestECDSA) - return ecdsaOp(cipherInfo); -#endif - dummyOut = PORT_Alloc(maxLen); - if (is_symmkeyCipher(cipherInfo->mode)) { - TIMESTART(); - rv = (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx, - cipherInfo->output.pBuf.data, - &len, maxLen, - cipherInfo->input.pBuf.data, - cipherInfo->input.pBuf.len); - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - cipherInfo->repetitions = 0; - if (cipherInfo->repetitionsToPerfom != 0) { - TIMESTART(); - for (i=0; irepetitionsToPerfom; i++, - cipherInfo->repetitions++) { - (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx, dummyOut, - &len, maxLen, - cipherInfo->input.pBuf.data, - cipherInfo->input.pBuf.len); - - CHECKERROR(rv, __LINE__); - } - } else { - int opsBetweenChecks = 0; - bltestIO *input = &cipherInfo->input; - TIMEMARK(cipherInfo->seconds); - while (! (TIMETOFINISH())) { - int j = 0; - for (;j < opsBetweenChecks;j++) { - (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx, - dummyOut, - &len, maxLen, - input->pBuf.data, - input->pBuf.len); - } - cipherInfo->repetitions += j; - } - } - TIMEFINISH(cipherInfo->optime, 1.0); - } else if (is_pubkeyCipher(cipherInfo->mode)) { - TIMESTART(); - rv = (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, - &cipherInfo->output.pBuf, - &cipherInfo->input.pBuf); - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - cipherInfo->repetitions = 0; - if (cipherInfo->repetitionsToPerfom != 0) { - TIMESTART(); - for (i=0; irepetitionsToPerfom; - i++, cipherInfo->repetitions++) { - SECItem dummy; - dummy.data = dummyOut; - dummy.len = maxLen; - (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, &dummy, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - } else { - int opsBetweenChecks = 0; - TIMEMARK(cipherInfo->seconds); - while (! (TIMETOFINISH())) { - int j = 0; - for (;j < opsBetweenChecks;j++) { - SECItem dummy; - dummy.data = dummyOut; - dummy.len = maxLen; - (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, &dummy, - &cipherInfo->input.pBuf); - CHECKERROR(rv, __LINE__); - } - cipherInfo->repetitions += j; - } - } - TIMEFINISH(cipherInfo->optime, 1.0); - } else if (is_hashCipher(cipherInfo->mode)) { - TIMESTART(); - rv = (*cipherInfo->cipher.hashCipher)(cipherInfo->output.pBuf.data, - cipherInfo->input.pBuf.data, - cipherInfo->input.pBuf.len); - TIMEFINISH(cipherInfo->optime, 1.0); - CHECKERROR(rv, __LINE__); - cipherInfo->repetitions = 0; - if (cipherInfo->repetitionsToPerfom != 0) { - TIMESTART(); - for (i=0; irepetitionsToPerfom; - i++, cipherInfo->repetitions++) { - (*cipherInfo->cipher.hashCipher)(dummyOut, - cipherInfo->input.pBuf.data, - cipherInfo->input.pBuf.len); - CHECKERROR(rv, __LINE__); - } - } else { - int opsBetweenChecks = 0; - TIMEMARK(cipherInfo->seconds); - while (! (TIMETOFINISH())) { - int j = 0; - for (;j < opsBetweenChecks;j++) { - bltestIO *input = &cipherInfo->input; - (*cipherInfo->cipher.hashCipher)(dummyOut, - input->pBuf.data, - input->pBuf.len); - CHECKERROR(rv, __LINE__); - } - cipherInfo->repetitions += j; - } - } - TIMEFINISH(cipherInfo->optime, 1.0); - } - PORT_Free(dummyOut); - return rv; -} - -SECStatus -cipherFinish(bltestCipherInfo *cipherInfo) -{ - switch (cipherInfo->mode) { - case bltestDES_ECB: - case bltestDES_CBC: - case bltestDES_EDE_ECB: - case bltestDES_EDE_CBC: - DES_DestroyContext((DESContext *)cipherInfo->cx, PR_TRUE); - break; - case bltestAES_ECB: - case bltestAES_CBC: - AES_DestroyContext((AESContext *)cipherInfo->cx, PR_TRUE); - break; - case bltestRC2_ECB: - case bltestRC2_CBC: - RC2_DestroyContext((RC2Context *)cipherInfo->cx, PR_TRUE); - break; - case bltestRC4: - RC4_DestroyContext((RC4Context *)cipherInfo->cx, PR_TRUE); - break; -#if NSS_SOFTOKEN_DOES_RC5 - case bltestRC5_ECB: - case bltestRC5_CBC: - RC5_DestroyContext((RC5Context *)cipherInfo->cx, PR_TRUE); - break; -#endif - case bltestRSA: /* keys are alloc'ed within cipherInfo's arena, */ - case bltestDSA: /* will be freed with it. */ -#ifdef NSS_ENABLE_ECC - case bltestECDSA: -#endif - case bltestMD2: /* hash contexts are ephemeral */ - case bltestMD5: - case bltestSHA1: - case bltestSHA256: - case bltestSHA384: - case bltestSHA512: - return SECSuccess; - break; - default: - return SECFailure; - } - return SECSuccess; -} - -void -print_exponent(SECItem *exp) -{ - int i; - int e = 0; - if (exp->len <= 4) { - for (i=exp->len; i >=0; --i) e |= exp->data[exp->len-i] << 8*(i-1); - fprintf(stdout, "%12d", e); - } else { - e = 8*exp->len; - fprintf(stdout, "~2**%-8d", e); - } -} - -static void -splitToReportUnit(PRInt64 res, int *resArr, int *del, int size) -{ - PRInt64 remaining = res, tmp = 0; - PRInt64 Ldel; - int i = -1; - - while (remaining > 0 && ++i < size) { - LL_I2L(Ldel, del[i]); - LL_MOD(tmp, remaining, Ldel); - LL_L2I(resArr[i], tmp); - LL_DIV(remaining, remaining, Ldel); - } -} - -static char* -getHighUnitBytes(PRInt64 res) -{ - int spl[] = {0, 0, 0, 0}; - int del[] = {1024, 1024, 1024, 1024}; - char *marks[] = {"b", "Kb", "Mb", "Gb"}; - int i = 3; - - splitToReportUnit(res, spl, del, 4); - - for (;i>0;i--) { - if (spl[i] != 0) { - break; - } - } - - return PR_smprintf("%d%s", spl[i], marks[i]); -} - - -static void -printPR_smpString(const char *sformat, char *reportStr, - const char *nformat, PRInt64 rNum) -{ - if (reportStr) { - fprintf(stdout, sformat, reportStr); - PR_smprintf_free(reportStr); - } else { - int prnRes; - LL_L2I(prnRes, rNum); - fprintf(stdout, nformat, rNum); - } -} - -static char* -getHighUnitOps(PRInt64 res) -{ - int spl[] = {0, 0, 0, 0}; - int del[] = {1000, 1000, 1000, 1000}; - char *marks[] = {"", "T", "M", "B"}; - int i = 3; - - splitToReportUnit(res, spl, del, 4); - - for (;i>0;i--) { - if (spl[i] != 0) { - break; - } - } - - return PR_smprintf("%d%s", spl[i], marks[i]); -} - -void -dump_performance_info(bltestCipherInfo *infoList, double totalTimeInt, - PRBool encrypt, PRBool cxonly) -{ - bltestCipherInfo *info = infoList; - - PRInt64 totalIn = 0; - PRBool td = PR_TRUE; - - int repetitions = 0; - int cxreps = 0; - double cxtime = 0; - double optime = 0; - while (info != NULL) { - repetitions += info->repetitions; - cxreps += info->cxreps; - cxtime += info->cxtime; - optime += info->optime; - totalIn += info->input.buf.len * info->repetitions; - - info = info->next; - } - info = infoList; - - fprintf(stdout, "#%9s", "mode"); - fprintf(stdout, "%12s", "in"); -print_td: - switch (info->mode) { - case bltestDES_ECB: - case bltestDES_CBC: - case bltestDES_EDE_ECB: - case bltestDES_EDE_CBC: - case bltestAES_ECB: - case bltestAES_CBC: - case bltestRC2_ECB: - case bltestRC2_CBC: - case bltestRC4: - if (td) - fprintf(stdout, "%8s", "symmkey"); - else - fprintf(stdout, "%8d", 8*info->params.sk.key.buf.len); - break; -#if NSS_SOFTOKEN_DOES_RC5 - case bltestRC5_ECB: - case bltestRC5_CBC: - if (info->params.sk.key.buf.len > 0) - printf("symmetric key(bytes)=%d,", info->params.sk.key.buf.len); - if (info->rounds > 0) - printf("rounds=%d,", info->params.rc5.rounds); - if (info->wordsize > 0) - printf("wordsize(bytes)=%d,", info->params.rc5.wordsize); - break; -#endif - case bltestRSA: - if (td) { - fprintf(stdout, "%8s", "rsa_mod"); - fprintf(stdout, "%12s", "rsa_pe"); - } else { - fprintf(stdout, "%8d", info->params.rsa.keysizeInBits); - print_exponent(&info->params.rsa.rsakey->publicExponent); - } - break; - case bltestDSA: - if (td) - fprintf(stdout, "%8s", "pqg_mod"); - else - fprintf(stdout, "%8d", PQG_INDEX_TO_PBITS(info->params.dsa.j)); - break; -#ifdef NSS_ENABLE_ECC - case bltestECDSA: - if (td) - fprintf(stdout, "%12s", "ec_curve"); - else - fprintf(stdout, "%12s", - ecCurve_map[info->params.ecdsa.eckey->ecParams.name]->text); - break; -#endif - case bltestMD2: - case bltestMD5: - case bltestSHA1: - case bltestSHA256: - case bltestSHA384: - case bltestSHA512: - default: - break; - } - if (!td) { - PRInt64 totalThroughPut; - - printPR_smpString("%8s", getHighUnitOps(repetitions), - "%8d", repetitions); - - printPR_smpString("%8s", getHighUnitOps(cxreps), "%8d", cxreps); - - fprintf(stdout, "%12.3f", cxtime); - fprintf(stdout, "%12.3f", optime); - fprintf(stdout, "%12.03f", totalTimeInt / 1000); - - totalThroughPut = (PRInt64)(totalIn / totalTimeInt * 1000); - printPR_smpString("%12s", getHighUnitBytes(totalThroughPut), - "%12d", totalThroughPut); - - fprintf(stdout, "\n"); - return; - } - - fprintf(stdout, "%8s", "opreps"); - fprintf(stdout, "%8s", "cxreps"); - fprintf(stdout, "%12s", "context"); - fprintf(stdout, "%12s", "op"); - fprintf(stdout, "%12s", "time(sec)"); - fprintf(stdout, "%12s", "thrgput"); - fprintf(stdout, "\n"); - fprintf(stdout, "%8s", mode_strings[info->mode]); - fprintf(stdout, "_%c", (cxonly) ? 'c' : (encrypt) ? 'e' : 'd'); - printPR_smpString("%12s", getHighUnitBytes(totalIn), "%12d", totalIn); - - td = !td; - goto print_td; -} - -void -printmodes() -{ - bltestCipherMode mode; - int nummodes = sizeof(mode_strings) / sizeof(char *); - fprintf(stderr, "%s: Available modes (specify with -m):\n", progName); - for (mode=0; modemode = ioMode; - data->file = NULL; /* don't use -- not saving anything */ - data->pBuf.data = NULL; - data->pBuf.len = 0; - file = PR_Open(fn, PR_RDONLY, 00660); - if (file) - setupIO(arena, data, file, NULL, 0); -} - -void -get_params(PRArenaPool *arena, bltestParams *params, - bltestCipherMode mode, int j) -{ - char filename[256]; - char *modestr = mode_strings[mode]; -#if NSS_SOFTOKEN_DOES_RC5 - FILE *file; - char *mark, *param, *val; - int index = 0; -#endif - switch (mode) { - case bltestDES_CBC: - case bltestDES_EDE_CBC: - case bltestRC2_CBC: - case bltestAES_CBC: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j); - load_file_data(arena, ¶ms->sk.iv, filename, bltestBinary); - case bltestDES_ECB: - case bltestDES_EDE_ECB: - case bltestRC2_ECB: - case bltestRC4: - case bltestAES_ECB: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); - load_file_data(arena, ¶ms->sk.key, filename, bltestBinary); - break; -#if NSS_SOFTOKEN_DOES_RC5 - case bltestRC5_ECB: - case bltestRC5_CBC: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j); - load_file_data(arena, ¶ms->sk.iv, filename, bltestBinary); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); - load_file_data(arena, ¶ms->sk.key, filename, bltestBinary); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, - "params", j); - file = fopen(filename, "r"); - if (!file) return; - param = malloc(100); - len = fread(param, 1, 100, file); - while (index < len) { - mark = PL_strchr(param, '='); - *mark = '\0'; - val = mark + 1; - mark = PL_strchr(val, '\n'); - *mark = '\0'; - if (PL_strcmp(param, "rounds") == 0) { - params->rc5.rounds = atoi(val); - } else if (PL_strcmp(param, "wordsize") == 0) { - params->rc5.wordsize = atoi(val); - } - index += PL_strlen(param) + PL_strlen(val) + 2; - param = mark + 1; - } - break; -#endif - case bltestRSA: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); - load_file_data(arena, ¶ms->rsa.key, filename, bltestBase64Encoded); - params->rsa.rsakey = rsakey_from_filedata(¶ms->key.buf); - break; - case bltestDSA: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); - load_file_data(arena, ¶ms->dsa.key, filename, bltestBase64Encoded); - params->dsa.dsakey = dsakey_from_filedata(¶ms->key.buf); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "pqg", j); - load_file_data(arena, ¶ms->dsa.pqgdata, filename, - bltestBase64Encoded); - params->dsa.pqg = pqg_from_filedata(¶ms->dsa.pqgdata.buf); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "keyseed", j); - load_file_data(arena, ¶ms->dsa.keyseed, filename, - bltestBase64Encoded); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j); - load_file_data(arena, ¶ms->dsa.sigseed, filename, - bltestBase64Encoded); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j); - load_file_data(arena, ¶ms->dsa.sig, filename, bltestBase64Encoded); - break; -#ifdef NSS_ENABLE_ECC - case bltestECDSA: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); - load_file_data(arena, ¶ms->ecdsa.key, filename, bltestBase64Encoded); - params->ecdsa.eckey = eckey_from_filedata(¶ms->key.buf); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j); - load_file_data(arena, ¶ms->ecdsa.sigseed, filename, - bltestBase64Encoded); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j); - load_file_data(arena, ¶ms->ecdsa.sig, filename, bltestBase64Encoded); - break; -#endif - case bltestMD2: - case bltestMD5: - case bltestSHA1: - case bltestSHA256: - case bltestSHA384: - case bltestSHA512: - /*params->hash.restart = PR_TRUE;*/ - params->hash.restart = PR_FALSE; - break; - default: - break; - } -} - -SECStatus -verify_self_test(bltestIO *result, bltestIO *cmp, bltestCipherMode mode, - PRBool forward, SECStatus sigstatus) -{ - int res; - char *modestr = mode_strings[mode]; - res = SECITEM_CompareItem(&result->pBuf, &cmp->buf); - if (is_sigCipher(mode)) { - if (forward) { - if (res == 0) { - printf("Signature self-test for %s passed.\n", modestr); - } else { - printf("Signature self-test for %s failed!\n", modestr); - } - } else { - if (sigstatus == SECSuccess) { - printf("Verification self-test for %s passed.\n", modestr); - } else { - printf("Verification self-test for %s failed!\n", modestr); - } - } - return sigstatus; - } else if (is_hashCipher(mode)) { - if (res == 0) { - printf("Hash self-test for %s passed.\n", modestr); - } else { - printf("Hash self-test for %s failed!\n", modestr); - } - } else { - if (forward) { - if (res == 0) { - printf("Encryption self-test for %s passed.\n", modestr); - } else { - printf("Encryption self-test for %s failed!\n", modestr); - } - } else { - if (res == 0) { - printf("Decryption self-test for %s passed.\n", modestr); - } else { - printf("Decryption self-test for %s failed!\n", modestr); - } - } - } - return (res != 0); -} - -static SECStatus -blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, - PRBool encrypt, PRBool decrypt) -{ - bltestCipherInfo cipherInfo; - bltestIO pt, ct; - bltestCipherMode mode; - bltestParams *params; - int i, j, nummodes, numtests; - char *modestr; - char filename[256]; - PRFileDesc *file; - PRArenaPool *arena; - SECItem item; - PRBool finished; - SECStatus rv = SECSuccess, srv; - - PORT_Memset(&cipherInfo, 0, sizeof(cipherInfo)); - arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); - cipherInfo.arena = arena; - - finished = PR_FALSE; - nummodes = (numModes == 0) ? NUMMODES : numModes; - for (i=0; i < nummodes && !finished; i++) { - if (i == bltestRC5_ECB || i == bltestRC5_CBC) continue; - if (numModes > 0) - mode = modes[i]; - else - mode = i; - if (mode == bltestINVALID) { - fprintf(stderr, "%s: Skipping invalid mode.\n",progName); - continue; - } - modestr = mode_strings[mode]; - cipherInfo.mode = mode; - params = &cipherInfo.params; -#ifdef TRACK_BLTEST_BUG - if (mode == bltestRSA) { - fprintf(stderr, "[%s] Self-Testing RSA\n", __bltDBG); - } -#endif - /* get the number of tests in the directory */ - sprintf(filename, "%s/tests/%s/%s", testdir, modestr, "numtests"); - file = PR_Open(filename, PR_RDONLY, 00660); - if (!file) { - fprintf(stderr, "%s: File %s does not exist.\n", progName,filename); - return SECFailure; - } - rv = SECU_FileToItem(&item, file); -#ifdef TRACK_BLTEST_BUG - if (mode == bltestRSA) { - fprintf(stderr, "[%s] Loaded data from %s\n", __bltDBG, filename); - } -#endif - PR_Close(file); - /* loop over the tests in the directory */ - numtests = 0; - for (j=0; jmCarlo == PR_TRUE) { - int mciter; - for (mciter=0; mciter<10000; mciter++) { - cipherDoOp(cipherInfo); - memcpy(cipherInfo->input.buf.data, - cipherInfo->output.buf.data, - cipherInfo->input.buf.len); - } - } else { - cipherDoOp(cipherInfo); - } - cipherFinish(cipherInfo); -} - -/* bltest commands */ -enum { - cmd_Decrypt = 0, - cmd_Encrypt, - cmd_FIPS, - cmd_Hash, - cmd_Nonce, - cmd_Dump, - cmd_Sign, - cmd_SelfTest, - cmd_Verify -}; - -/* bltest options */ -enum { - opt_B64 = 0, - opt_BufSize, - opt_Restart, - opt_SelfTestDir, - opt_Exponent, - opt_SigFile, - opt_KeySize, - opt_Hex, - opt_Input, - opt_PQGFile, - opt_Key, - opt_HexWSpc, - opt_Mode, -#ifdef NSS_ENABLE_ECC - opt_CurveName, -#endif - opt_Output, - opt_Repetitions, - opt_ZeroBuf, - opt_Rounds, - opt_Seed, - opt_SigSeedFile, - opt_CXReps, - opt_IV, - opt_WordSize, - opt_UseSeed, - opt_UseSigSeed, - opt_SeedFile, - opt_InputOffset, - opt_OutputOffset, - opt_MonteCarlo, - opt_ThreadNum, - opt_SecondsToRun, - opt_CmdLine -}; - -static secuCommandFlag bltest_commands[] = -{ - { /* cmd_Decrypt */ 'D', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Encrypt */ 'E', PR_FALSE, 0, PR_FALSE }, - { /* cmd_FIPS */ 'F', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Hash */ 'H', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Nonce */ 'N', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Dump */ 'P', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Sign */ 'S', PR_FALSE, 0, PR_FALSE }, - { /* cmd_SelfTest */ 'T', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Verify */ 'V', PR_FALSE, 0, PR_FALSE } -}; - -static secuCommandFlag bltest_options[] = -{ - { /* opt_B64 */ 'a', PR_FALSE, 0, PR_FALSE }, - { /* opt_BufSize */ 'b', PR_TRUE, 0, PR_FALSE }, - { /* opt_Restart */ 'c', PR_FALSE, 0, PR_FALSE }, - { /* opt_SelfTestDir */ 'd', PR_TRUE, 0, PR_FALSE }, - { /* opt_Exponent */ 'e', PR_TRUE, 0, PR_FALSE }, - { /* opt_SigFile */ 'f', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeySize */ 'g', PR_TRUE, 0, PR_FALSE }, - { /* opt_Hex */ 'h', PR_FALSE, 0, PR_FALSE }, - { /* opt_Input */ 'i', PR_TRUE, 0, PR_FALSE }, - { /* opt_PQGFile */ 'j', PR_TRUE, 0, PR_FALSE }, - { /* opt_Key */ 'k', PR_TRUE, 0, PR_FALSE }, - { /* opt_HexWSpc */ 'l', PR_FALSE, 0, PR_FALSE }, - { /* opt_Mode */ 'm', PR_TRUE, 0, PR_FALSE }, -#ifdef NSS_ENABLE_ECC - { /* opt_CurveName */ 'n', PR_TRUE, 0, PR_FALSE }, -#endif - { /* opt_Output */ 'o', PR_TRUE, 0, PR_FALSE }, - { /* opt_Repetitions */ 'p', PR_TRUE, 0, PR_FALSE }, - { /* opt_ZeroBuf */ 'q', PR_FALSE, 0, PR_FALSE }, - { /* opt_Rounds */ 'r', PR_TRUE, 0, PR_FALSE }, - { /* opt_Seed */ 's', PR_TRUE, 0, PR_FALSE }, - { /* opt_SigSeedFile */ 't', PR_TRUE, 0, PR_FALSE }, - { /* opt_CXReps */ 'u', PR_TRUE, 0, PR_FALSE }, - { /* opt_IV */ 'v', PR_TRUE, 0, PR_FALSE }, - { /* opt_WordSize */ 'w', PR_TRUE, 0, PR_FALSE }, - { /* opt_UseSeed */ 'x', PR_FALSE, 0, PR_FALSE }, - { /* opt_UseSigSeed */ 'y', PR_FALSE, 0, PR_FALSE }, - { /* opt_SeedFile */ 'z', PR_FALSE, 0, PR_FALSE }, - { /* opt_InputOffset */ '1', PR_TRUE, 0, PR_FALSE }, - { /* opt_OutputOffset */ '2', PR_TRUE, 0, PR_FALSE }, - { /* opt_MonteCarlo */ '3', PR_FALSE, 0, PR_FALSE }, - { /* opt_ThreadNum */ '4', PR_TRUE, 0, PR_FALSE }, - { /* opt_SecondsToRun */ '5', PR_TRUE, 0, PR_FALSE }, - { /* opt_CmdLine */ '-', PR_FALSE, 0, PR_FALSE } -}; - -int main(int argc, char **argv) -{ - char *infileName, *outfileName, *keyfileName, *ivfileName; - SECStatus rv = SECFailure; - - double totalTime; - PRIntervalTime time1, time2; - PRFileDesc *outfile; - bltestCipherInfo *cipherInfoListHead, *cipherInfo; - bltestIOMode ioMode; - int bufsize, exponent, curThrdNum; -#ifdef NSS_ENABLE_ECC - char *curveName = NULL; -#endif - int i, commandsEntered; - int inoff, outoff; - int threads = 1; - - secuCommand bltest; - bltest.numCommands = sizeof(bltest_commands) / sizeof(secuCommandFlag); - bltest.numOptions = sizeof(bltest_options) / sizeof(secuCommandFlag); - bltest.commands = bltest_commands; - bltest.options = bltest_options; - - progName = strrchr(argv[0], '/'); - if (!progName) - progName = strrchr(argv[0], '\\'); - progName = progName ? progName+1 : argv[0]; - - rv = RNG_RNGInit(); - if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - return -1; - } - RNG_SystemInfoForRNG(); - - rv = SECU_ParseCommandLine(argc, argv, progName, &bltest); - if (rv == SECFailure) { - fprintf(stderr, "%s: command line parsing error!\n", progName); - goto print_usage; - } - rv = SECFailure; - - cipherInfo = PORT_ZNew(bltestCipherInfo); - cipherInfoListHead = cipherInfo; - /* set some defaults */ - infileName = outfileName = keyfileName = ivfileName = NULL; - - /* Check the number of commands entered on the command line. */ - commandsEntered = 0; - for (i=0; i 1 && - !(commandsEntered == 2 && bltest.commands[cmd_SelfTest].activated)) { - fprintf(stderr, "%s: one command at a time!\n", progName); - goto print_usage; - } - - if (commandsEntered == 0) { - fprintf(stderr, "%s: you must enter a command!\n", progName); - goto print_usage; - } - - if (bltest.commands[cmd_Sign].activated) - bltest.commands[cmd_Encrypt].activated = PR_TRUE; - if (bltest.commands[cmd_Verify].activated) - bltest.commands[cmd_Decrypt].activated = PR_TRUE; - if (bltest.commands[cmd_Hash].activated) - bltest.commands[cmd_Encrypt].activated = PR_TRUE; - - inoff = outoff = 0; - if (bltest.options[opt_InputOffset].activated) - inoff = PORT_Atoi(bltest.options[opt_InputOffset].arg); - if (bltest.options[opt_OutputOffset].activated) - outoff = PORT_Atoi(bltest.options[opt_OutputOffset].arg); - - testdir = (bltest.options[opt_SelfTestDir].activated) ? - strdup(bltest.options[opt_SelfTestDir].arg) : "."; - - /* - * Handle three simple cases first - */ - - /* Do BLAPI self-test */ - if (bltest.commands[cmd_SelfTest].activated) { - PRBool encrypt = PR_TRUE, decrypt = PR_TRUE; - /* user may specified a set of ciphers to test. parse them. */ - bltestCipherMode modesToTest[NUMMODES]; - int numModesToTest = 0; - char *tok, *str; - str = bltest.options[opt_Mode].arg; - while (str) { - tok = strchr(str, ','); - if (tok) *tok = '\0'; - modesToTest[numModesToTest++] = get_mode(str); - if (tok) { - *tok = ','; - str = tok + 1; - } else { - break; - } - } - if (bltest.commands[cmd_Decrypt].activated && - !bltest.commands[cmd_Encrypt].activated) - encrypt = PR_FALSE; - if (bltest.commands[cmd_Encrypt].activated && - !bltest.commands[cmd_Decrypt].activated) - decrypt = PR_FALSE; - rv = blapi_selftest(modesToTest, numModesToTest, inoff, outoff, - encrypt, decrypt); - PORT_Free(cipherInfo); - return rv; - } - - /* Do FIPS self-test */ - if (bltest.commands[cmd_FIPS].activated) { - CK_RV ckrv = sftk_fipsPowerUpSelfTest(); - fprintf(stdout, "CK_RV: %ld.\n", ckrv); - PORT_Free(cipherInfo); - if (ckrv == CKR_OK) - return SECSuccess; - return SECFailure; - } - - /* - * Check command line arguments for Encrypt/Decrypt/Hash/Sign/Verify - */ - - if ((bltest.commands[cmd_Decrypt].activated || - bltest.commands[cmd_Verify].activated) && - bltest.options[opt_BufSize].activated) { - fprintf(stderr, "%s: Cannot use a nonce as input to decrypt/verify.\n", - progName); - goto print_usage; - } - - if (bltest.options[opt_Mode].activated) { - cipherInfo->mode = get_mode(bltest.options[opt_Mode].arg); - if (cipherInfo->mode == bltestINVALID) { - goto print_usage; - } - } else { - fprintf(stderr, "%s: You must specify a cipher mode with -m.\n", - progName); - goto print_usage; - } - - - if (bltest.options[opt_Repetitions].activated && - bltest.options[opt_SecondsToRun].activated) { - fprintf(stderr, "%s: Operation time should be defined in either " - "repetitions(-p) or seconds(-5) not both", - progName); - goto print_usage; - } - - if (bltest.options[opt_Repetitions].activated) { - cipherInfo->repetitionsToPerfom = - PORT_Atoi(bltest.options[opt_Repetitions].arg); - } else { - cipherInfo->repetitionsToPerfom = 0; - } - - if (bltest.options[opt_SecondsToRun].activated) { - cipherInfo->seconds = PORT_Atoi(bltest.options[opt_SecondsToRun].arg); - } else { - cipherInfo->seconds = 0; - } - - - if (bltest.options[opt_CXReps].activated) { - cipherInfo->cxreps = PORT_Atoi(bltest.options[opt_CXReps].arg); - } else { - cipherInfo->cxreps = 0; - } - - if (bltest.options[opt_ThreadNum].activated) { - threads = PORT_Atoi(bltest.options[opt_ThreadNum].arg); - if (threads <= 0) { - threads = 1; - } - } - - /* Dump a file (rsakey, dsakey, etc.) */ - if (bltest.commands[cmd_Dump].activated) { - rv = dump_file(cipherInfo->mode, bltest.options[opt_Input].arg); - PORT_Free(cipherInfo); - return rv; - } - - /* default input mode is binary */ - ioMode = (bltest.options[opt_B64].activated) ? bltestBase64Encoded : - (bltest.options[opt_Hex].activated) ? bltestHexStream : - (bltest.options[opt_HexWSpc].activated) ? bltestHexSpaceDelim : - bltestBinary; - - if (bltest.options[opt_Exponent].activated) - exponent = PORT_Atoi(bltest.options[opt_Exponent].arg); - else - exponent = 65537; - -#ifdef NSS_ENABLE_ECC - if (bltest.options[opt_CurveName].activated) - curveName = PORT_Strdup(bltest.options[opt_CurveName].arg); - else - curveName = NULL; -#endif - - if (bltest.commands[cmd_Verify].activated && - !bltest.options[opt_SigFile].activated) { - fprintf(stderr, "%s: You must specify a signature file with -f.\n", - progName); - - print_usage: - PORT_Free(cipherInfo); - Usage(); - } - - if (bltest.options[opt_MonteCarlo].activated) { - cipherInfo->mCarlo = PR_TRUE; - } else { - cipherInfo->mCarlo = PR_FALSE; - } - - for (curThrdNum = 0;curThrdNum < threads;curThrdNum++) { - int keysize = 0; - PRFileDesc *file = NULL, *infile; - bltestParams *params; - char *instr = NULL; - PRArenaPool *arena; - - if (curThrdNum > 0) { - bltestCipherInfo *newCInfo = PORT_ZNew(bltestCipherInfo); - if (!newCInfo) { - fprintf(stderr, "%s: Can not allocate memory.\n", progName); - goto exit_point; - } - newCInfo->mode = cipherInfo->mode; - newCInfo->mCarlo = cipherInfo->mCarlo; - newCInfo->repetitionsToPerfom = - cipherInfo->repetitionsToPerfom; - newCInfo->seconds = cipherInfo->seconds; - newCInfo->cxreps = cipherInfo->cxreps; - cipherInfo->next = newCInfo; - cipherInfo = newCInfo; - } - arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE); - if (!arena) { - fprintf(stderr, "%s: Can not allocate memory.\n", progName); - goto exit_point; - } - cipherInfo->arena = arena; - params = &cipherInfo->params; - - /* Set up an encryption key. */ - keysize = 0; - file = NULL; - if (is_symmkeyCipher(cipherInfo->mode)) { - char *keystr = NULL; /* if key is on command line */ - if (bltest.options[opt_Key].activated) { - if (bltest.options[opt_CmdLine].activated) { - keystr = bltest.options[opt_Key].arg; - } else { - file = PR_Open(bltest.options[opt_Key].arg, - PR_RDONLY, 00660); - } - } else { - if (bltest.options[opt_KeySize].activated) - keysize = PORT_Atoi(bltest.options[opt_KeySize].arg); - else - keysize = 8; /* use 64-bit default (DES) */ - /* save the random key for reference */ - file = PR_Open("tmp.key", PR_WRONLY|PR_CREATE_FILE, 00660); - } - params->key.mode = ioMode; - setupIO(cipherInfo->arena, ¶ms->key, file, keystr, keysize); - if (file) - PR_Close(file); - } else if (is_pubkeyCipher(cipherInfo->mode)) { - if (bltest.options[opt_Key].activated) { - file = PR_Open(bltest.options[opt_Key].arg, PR_RDONLY, 00660); - } else { - if (bltest.options[opt_KeySize].activated) - keysize = PORT_Atoi(bltest.options[opt_KeySize].arg); - else - keysize = 64; /* use 512-bit default */ - file = PR_Open("tmp.key", PR_WRONLY|PR_CREATE_FILE, 00660); - } - params->key.mode = bltestBase64Encoded; -#ifdef NSS_ENABLE_ECC - pubkeyInitKey(cipherInfo, file, keysize, exponent, curveName); -#else - pubkeyInitKey(cipherInfo, file, keysize, exponent); -#endif - PR_Close(file); - } - - /* set up an initialization vector. */ - if (cipher_requires_IV(cipherInfo->mode)) { - char *ivstr = NULL; - bltestSymmKeyParams *skp; - file = NULL; - if (cipherInfo->mode == bltestRC5_CBC) - skp = (bltestSymmKeyParams *)¶ms->rc5; - else - skp = ¶ms->sk; - if (bltest.options[opt_IV].activated) { - if (bltest.options[opt_CmdLine].activated) { - ivstr = bltest.options[opt_IV].arg; - } else { - file = PR_Open(bltest.options[opt_IV].arg, - PR_RDONLY, 00660); - } - } else { - /* save the random iv for reference */ - file = PR_Open("tmp.iv", PR_WRONLY|PR_CREATE_FILE, 00660); - } - memset(&skp->iv, 0, sizeof skp->iv); - skp->iv.mode = ioMode; - setupIO(cipherInfo->arena, &skp->iv, file, ivstr, keysize); - if (file) { - PR_Close(file); - } - } - - if (bltest.commands[cmd_Verify].activated) { - file = PR_Open(bltest.options[opt_SigFile].arg, PR_RDONLY, 00660); - if (cipherInfo->mode == bltestDSA) { - memset(&cipherInfo->params.dsa.sig, 0, sizeof(bltestIO)); - cipherInfo->params.dsa.sig.mode = ioMode; - setupIO(cipherInfo->arena, &cipherInfo->params.dsa.sig, - file, NULL, 0); -#ifdef NSS_ENABLE_ECC - } else if (cipherInfo->mode == bltestECDSA) { - memset(&cipherInfo->params.ecdsa.sig, 0, sizeof(bltestIO)); - cipherInfo->params.ecdsa.sig.mode = ioMode; - setupIO(cipherInfo->arena, &cipherInfo->params.ecdsa.sig, - file, NULL, 0); -#endif - } - if (file) { - PR_Close(file); - } - } - - if (bltest.options[opt_PQGFile].activated) { - file = PR_Open(bltest.options[opt_PQGFile].arg, PR_RDONLY, 00660); - params->dsa.pqgdata.mode = bltestBase64Encoded; - setupIO(cipherInfo->arena, ¶ms->dsa.pqgdata, file, NULL, 0); - if (file) { - PR_Close(file); - } - } - - /* Set up the input buffer */ - if (bltest.options[opt_Input].activated) { - if (bltest.options[opt_CmdLine].activated) { - instr = bltest.options[opt_Input].arg; - infile = NULL; - } else { - /* form file name from testdir and input arg. */ - char * filename = bltest.options[opt_Input].arg; - if (bltest.options[opt_SelfTestDir].activated && - testdir && filename && filename[0] != '/') { - filename = PR_smprintf("%s/tests/%s/%s", testdir, - mode_strings[cipherInfo->mode], - filename); - if (!filename) { - fprintf(stderr, "%s: Can not allocate memory.\n", - progName); - goto exit_point; - } - infile = PR_Open(filename, PR_RDONLY, 00660); - PR_smprintf_free(filename); - } else { - infile = PR_Open(filename, PR_RDONLY, 00660); - } - } - } else if (bltest.options[opt_BufSize].activated) { - /* save the random plaintext for reference */ - char *tmpFName = PR_smprintf("tmp.in.%d", curThrdNum); - if (!tmpFName) { - fprintf(stderr, "%s: Can not allocate memory.\n", progName); - goto exit_point; - } - infile = PR_Open(tmpFName, PR_WRONLY|PR_CREATE_FILE, 00660); - PR_smprintf_free(tmpFName); - } else { - infile = PR_STDIN; - } - if (!infile) { - fprintf(stderr, "%s: Failed to open input file.\n", progName); - goto exit_point; - } - cipherInfo->input.mode = ioMode; - - /* Set up the output stream */ - if (bltest.options[opt_Output].activated) { - /* form file name from testdir and input arg. */ - char * filename = bltest.options[opt_Output].arg; - if (bltest.options[opt_SelfTestDir].activated && - testdir && filename && filename[0] != '/') { - filename = PR_smprintf("%s/tests/%s/%s", testdir, - mode_strings[cipherInfo->mode], - filename); - if (!filename) { - fprintf(stderr, "%s: Can not allocate memory.\n", progName); - goto exit_point; - } - outfile = PR_Open(filename, PR_WRONLY|PR_CREATE_FILE, 00660); - PR_smprintf_free(filename); - } else { - outfile = PR_Open(filename, PR_WRONLY|PR_CREATE_FILE, 00660); - } - } else { - outfile = PR_STDOUT; - } - if (!outfile) { - fprintf(stderr, "%s: Failed to open output file.\n", progName); - rv = SECFailure; - goto exit_point; - } - cipherInfo->output.mode = ioMode; - if (bltest.options[opt_SelfTestDir].activated && ioMode == bltestBinary) - cipherInfo->output.mode = bltestBase64Encoded; - - if (is_hashCipher(cipherInfo->mode)) - cipherInfo->params.hash.restart = - bltest.options[opt_Restart].activated; - - bufsize = 0; - if (bltest.options[opt_BufSize].activated) - bufsize = PORT_Atoi(bltest.options[opt_BufSize].arg); - - /*infile = NULL;*/ - setupIO(cipherInfo->arena, &cipherInfo->input, infile, instr, bufsize); - if (infile && infile != PR_STDIN) - PR_Close(infile); - misalignBuffer(cipherInfo->arena, &cipherInfo->input, inoff); - - cipherInit(cipherInfo, bltest.commands[cmd_Encrypt].activated); - misalignBuffer(cipherInfo->arena, &cipherInfo->output, outoff); - } - - if (!bltest.commands[cmd_Nonce].activated) { - TIMESTART(); - cipherInfo = cipherInfoListHead; - while (cipherInfo != NULL) { - cipherInfo->cipherThread = - PR_CreateThread(PR_USER_THREAD, - ThreadExecTest, - cipherInfo, - PR_PRIORITY_NORMAL, - PR_GLOBAL_THREAD, - PR_JOINABLE_THREAD, - 0); - cipherInfo = cipherInfo->next; - } - - cipherInfo = cipherInfoListHead; - while (cipherInfo != NULL) { - PR_JoinThread(cipherInfo->cipherThread); - finishIO(&cipherInfo->output, outfile); - cipherInfo = cipherInfo->next; - } - TIMEFINISH(totalTime, 1); - } - - cipherInfo = cipherInfoListHead; - if (cipherInfo->repetitions > 0 || cipherInfo->cxreps > 0 || - threads > 1) - dump_performance_info(cipherInfoListHead, totalTime, - bltest.commands[cmd_Encrypt].activated, - (cipherInfo->repetitions == 0)); - - rv = SECSuccess; - - exit_point: - if (outfile && outfile != PR_STDOUT) - PR_Close(outfile); - cipherInfo = cipherInfoListHead; - while (cipherInfo != NULL) { - bltestCipherInfo *tmpInfo = cipherInfo; - - if (cipherInfo->arena) - PORT_FreeArena(cipherInfo->arena, PR_TRUE); - cipherInfo = cipherInfo->next; - PORT_Free(tmpInfo); - } - - /*NSS_Shutdown();*/ - - return SECSuccess; -} diff --git a/security/nss/cmd/bltest/manifest.mn b/security/nss/cmd/bltest/manifest.mn deleted file mode 100644 index 1fd6325a78..0000000000 --- a/security/nss/cmd/bltest/manifest.mn +++ /dev/null @@ -1,62 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** -CORE_DEPTH = ../../.. - -MODULE = nss - -REQUIRES = seccmd dbm softoken - -INCLUDES += -I$(CORE_DEPTH)/nss/lib/softoken - -PROGRAM = bltest - - USE_STATIC_LIBS = 1 - -EXPORTS = \ - $(NULL) - -PRIVATE_EXPORTS = \ - $(NULL) - -CSRCS = \ - blapitest.c \ - $(NULL) - -ifdef NSS_ENABLE_ECC -DEFINES += -DNSS_ENABLE_ECC -endif - diff --git a/security/nss/cmd/bltest/tests/README b/security/nss/cmd/bltest/tests/README deleted file mode 100644 index 9982a2f150..0000000000 --- a/security/nss/cmd/bltest/tests/README +++ /dev/null @@ -1,49 +0,0 @@ -This directory contains a set of tests for each cipher supported by -BLAPI. Each subdirectory contains known plaintext and ciphertext pairs -(and keys and/or iv's if needed). The tests can be run as a full set -with: - bltest -T -or as subsets, for example: - bltest -T -m des_ecb,md2,rsa - -In each subdirectory, the plaintext, key, and iv are ascii, and treated -as such. The ciphertext is base64-encoded to avoid the hassle of binary -files. - -To add a test, incremement the value in the numtests file. Create a -plaintext, key, and iv file, such that the name of the file is -incrememted one from the last set of tests. For example, if you are -adding the second test, put your data in files named plaintext1, key1, -and iv1 (ignoring key and iv if they are not needed, of course). Make -sure your key and iv are the correct number of bytes for your cipher (a -trailing \n is okay, but any other trailing bytes will be used!). Once -you have your input data, create output data by running bltest on a -trusted implementation. For example, for a new DES ECB test, run - bltest -E -m des_ecb -i plaintext1 -k key1 -o ciphertext1 -a in the -tests/des_ecb directory. Then run - bltest -T des_ecb from the cmd/bltest directory in the tree of the -implementation you want to test. - -Note that the -a option above is important, it tells bltest to expect -the input to be straight ASCII, and not base64 encoded binary! - -Special cases: - -RC5: -RC5 can take additional parameters, the number of rounds to perform and -the wordsize to use. The number of rounds is between is between 0 and -255, and the wordsize is either is either 16, 32, or 64 bits (at this -time only 32-bit is supported). These parameters are specified in a -paramsN file, where N is an index as above. The format of the file is -"rounds=R\nwordsize=W\n". - -public key modes (RSA and DSA): -Asymmetric key ciphers use keys with special properties, so creating a -key file with "Mozilla!" in it will not get you very far! To create a -public key, run bltest with the plaintext you want to encrypt, using a -trusted implementation. bltest will generate a key and store it in -"tmp.key", rename that file to keyN. For example: - bltest -E -m rsa -i plaintext0 -o ciphertext0 -e 65537 -g 32 -a - mv tmp.key key0 - -[note: specifying a keysize (-g) when using RSA is important!] diff --git a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/aes_cbc/ciphertext0 deleted file mode 100644 index 040a397d75..0000000000 --- a/security/nss/cmd/bltest/tests/aes_cbc/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -oJLgOzZ1GiWt3DGo2sPKaA== diff --git a/security/nss/cmd/bltest/tests/aes_cbc/iv0 b/security/nss/cmd/bltest/tests/aes_cbc/iv0 deleted file mode 100644 index 4e65bc0347..0000000000 --- a/security/nss/cmd/bltest/tests/aes_cbc/iv0 +++ /dev/null @@ -1 +0,0 @@ -qwertyuiopasdfgh diff --git a/security/nss/cmd/bltest/tests/aes_cbc/key0 b/security/nss/cmd/bltest/tests/aes_cbc/key0 deleted file mode 100644 index 13911cc29a..0000000000 --- a/security/nss/cmd/bltest/tests/aes_cbc/key0 +++ /dev/null @@ -1 +0,0 @@ -fedcba9876543210 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/numtests b/security/nss/cmd/bltest/tests/aes_cbc/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/aes_cbc/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/aes_cbc/plaintext0 b/security/nss/cmd/bltest/tests/aes_cbc/plaintext0 deleted file mode 100644 index 8d6a8d555b..0000000000 --- a/security/nss/cmd/bltest/tests/aes_cbc/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -0123456789abcdef diff --git a/security/nss/cmd/bltest/tests/aes_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/aes_ecb/ciphertext0 deleted file mode 100644 index d6818c1d0b..0000000000 --- a/security/nss/cmd/bltest/tests/aes_ecb/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -PVuaCIiaKQhblgFCbVMTTg== diff --git a/security/nss/cmd/bltest/tests/aes_ecb/key0 b/security/nss/cmd/bltest/tests/aes_ecb/key0 deleted file mode 100644 index 13911cc29a..0000000000 --- a/security/nss/cmd/bltest/tests/aes_ecb/key0 +++ /dev/null @@ -1 +0,0 @@ -fedcba9876543210 diff --git a/security/nss/cmd/bltest/tests/aes_ecb/numtests b/security/nss/cmd/bltest/tests/aes_ecb/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/aes_ecb/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/aes_ecb/plaintext0 b/security/nss/cmd/bltest/tests/aes_ecb/plaintext0 deleted file mode 100644 index 8d6a8d555b..0000000000 --- a/security/nss/cmd/bltest/tests/aes_ecb/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -0123456789abcdef diff --git a/security/nss/cmd/bltest/tests/des3_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/des3_cbc/ciphertext0 deleted file mode 100644 index 61dae3192e..0000000000 --- a/security/nss/cmd/bltest/tests/des3_cbc/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -KV3MDNGKWOc= diff --git a/security/nss/cmd/bltest/tests/des3_cbc/iv0 b/security/nss/cmd/bltest/tests/des3_cbc/iv0 deleted file mode 100644 index 97b5955f78..0000000000 --- a/security/nss/cmd/bltest/tests/des3_cbc/iv0 +++ /dev/null @@ -1 +0,0 @@ -12345678 diff --git a/security/nss/cmd/bltest/tests/des3_cbc/key0 b/security/nss/cmd/bltest/tests/des3_cbc/key0 deleted file mode 100644 index 588efd1118..0000000000 --- a/security/nss/cmd/bltest/tests/des3_cbc/key0 +++ /dev/null @@ -1 +0,0 @@ -abcdefghijklmnopqrstuvwx diff --git a/security/nss/cmd/bltest/tests/des3_cbc/numtests b/security/nss/cmd/bltest/tests/des3_cbc/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/des3_cbc/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/des3_cbc/plaintext0 b/security/nss/cmd/bltest/tests/des3_cbc/plaintext0 deleted file mode 100644 index 5513e438c0..0000000000 --- a/security/nss/cmd/bltest/tests/des3_cbc/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/des3_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/des3_ecb/ciphertext0 deleted file mode 100644 index 76dc820d3b..0000000000 --- a/security/nss/cmd/bltest/tests/des3_ecb/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -RgckVNh4QcM= diff --git a/security/nss/cmd/bltest/tests/des3_ecb/key0 b/security/nss/cmd/bltest/tests/des3_ecb/key0 deleted file mode 100644 index 588efd1118..0000000000 --- a/security/nss/cmd/bltest/tests/des3_ecb/key0 +++ /dev/null @@ -1 +0,0 @@ -abcdefghijklmnopqrstuvwx diff --git a/security/nss/cmd/bltest/tests/des3_ecb/numtests b/security/nss/cmd/bltest/tests/des3_ecb/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/des3_ecb/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/des3_ecb/plaintext0 b/security/nss/cmd/bltest/tests/des3_ecb/plaintext0 deleted file mode 100644 index 5513e438c0..0000000000 --- a/security/nss/cmd/bltest/tests/des3_ecb/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/des_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/des_cbc/ciphertext0 deleted file mode 100644 index 67d2ad1aac..0000000000 --- a/security/nss/cmd/bltest/tests/des_cbc/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -Perdg9FMYQ4= diff --git a/security/nss/cmd/bltest/tests/des_cbc/iv0 b/security/nss/cmd/bltest/tests/des_cbc/iv0 deleted file mode 100644 index 97b5955f78..0000000000 --- a/security/nss/cmd/bltest/tests/des_cbc/iv0 +++ /dev/null @@ -1 +0,0 @@ -12345678 diff --git a/security/nss/cmd/bltest/tests/des_cbc/key0 b/security/nss/cmd/bltest/tests/des_cbc/key0 deleted file mode 100644 index 65513c116c..0000000000 --- a/security/nss/cmd/bltest/tests/des_cbc/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/des_cbc/numtests b/security/nss/cmd/bltest/tests/des_cbc/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/des_cbc/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/des_cbc/plaintext0 b/security/nss/cmd/bltest/tests/des_cbc/plaintext0 deleted file mode 100644 index 5513e438c0..0000000000 --- a/security/nss/cmd/bltest/tests/des_cbc/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/des_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/des_ecb/ciphertext0 deleted file mode 100644 index 8be22fa5c6..0000000000 --- a/security/nss/cmd/bltest/tests/des_ecb/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -3bNoWzzNiFc= diff --git a/security/nss/cmd/bltest/tests/des_ecb/key0 b/security/nss/cmd/bltest/tests/des_ecb/key0 deleted file mode 100644 index 65513c116c..0000000000 --- a/security/nss/cmd/bltest/tests/des_ecb/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/des_ecb/numtests b/security/nss/cmd/bltest/tests/des_ecb/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/des_ecb/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/des_ecb/plaintext0 b/security/nss/cmd/bltest/tests/des_ecb/plaintext0 deleted file mode 100644 index 5513e438c0..0000000000 --- a/security/nss/cmd/bltest/tests/des_ecb/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/dsa/ciphertext0 b/security/nss/cmd/bltest/tests/dsa/ciphertext0 deleted file mode 100644 index 8e7150562e..0000000000 --- a/security/nss/cmd/bltest/tests/dsa/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -fB0bnKWvjT6X5NIkZ5l/Y/DXZ6QNI6j0iPhR/ZERkfj67xRnTWY1cg== diff --git a/security/nss/cmd/bltest/tests/dsa/key0 b/security/nss/cmd/bltest/tests/dsa/key0 deleted file mode 100644 index e582eeb044..0000000000 --- a/security/nss/cmd/bltest/tests/dsa/key0 +++ /dev/null @@ -1,6 +0,0 @@ -AAAAQI3ypJRJInaqPSV1m7BoacvqwNg6+40M98u4Mk8NeILl0HYvxbchDq/C6a2s -Mqt6rElpPfv4NyTC7Ac27jHIApEAAAAUx3MhjHN+yO6ZO08t7TD0jtrOkV8AAABA -Ym0CeDnqChNBMWOlW0y1ACmdVSKVbO/LO/8Q85nOLC5xy53l+iS6v1jlt5Uhklyc -xC6fb0ZLCIzFcq9T5teIAgAAAEAZExhx11sWEqgZ8p140bDXNG96p3u2KoWb/WxW -ddqdIS06Nu8Wcu9mC4x8JVzA7HSFj7oz9EwGaZYwp2sDDuMzAAAAFCBwsyI9ujcv -3hwP/HsuO0mLJgYU diff --git a/security/nss/cmd/bltest/tests/dsa/keyseed0 b/security/nss/cmd/bltest/tests/dsa/keyseed0 deleted file mode 100644 index 6eea359dbd..0000000000 --- a/security/nss/cmd/bltest/tests/dsa/keyseed0 +++ /dev/null @@ -1 +0,0 @@ -AAAAAAAAAAAAAAAAAAAAAAAAAAA= diff --git a/security/nss/cmd/bltest/tests/dsa/numtests b/security/nss/cmd/bltest/tests/dsa/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/dsa/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/dsa/plaintext0 b/security/nss/cmd/bltest/tests/dsa/plaintext0 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/dsa/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/dsa/pqg0 b/security/nss/cmd/bltest/tests/dsa/pqg0 deleted file mode 100644 index f16326cccb..0000000000 --- a/security/nss/cmd/bltest/tests/dsa/pqg0 +++ /dev/null @@ -1,4 +0,0 @@ -AAAAQI3ypJRJInaqPSV1m7BoacvqwNg6+40M98u4Mk8NeILl0HYvxbchDq/C6a2s -Mqt6rElpPfv4NyTC7Ac27jHIApEAAAAUx3MhjHN+yO6ZO08t7TD0jtrOkV8AAABA -Ym0CeDnqChNBMWOlW0y1ACmdVSKVbO/LO/8Q85nOLC5xy53l+iS6v1jlt5Uhklyc -xC6fb0ZLCIzFcq9T5teIAg== diff --git a/security/nss/cmd/bltest/tests/dsa/sigseed0 b/security/nss/cmd/bltest/tests/dsa/sigseed0 deleted file mode 100644 index 05d7fd2d65..0000000000 --- a/security/nss/cmd/bltest/tests/dsa/sigseed0 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/README b/security/nss/cmd/bltest/tests/ecdsa/README deleted file mode 100644 index 764aeec810..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/README +++ /dev/null @@ -1,22 +0,0 @@ -0 secp160k1 -1 secp160r1 -2 secp160r2 -3 nistk163 -4 sect163r1 -5 nistb163 -6 secp192k1 -7 nistp192 -8 secp224k1 -9 nistp224 -10 nistk233 -11 nistb233 -12 nistp256 -13 nistk283 -14 nistb283 -15 nistp384 -16 nistk409 -17 nistb409 -18 nistk571 -19 nistb571 -# the following tests are not yet implemented -#20 nistp521 diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext0 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext0 deleted file mode 100644 index 14d8e0ece7..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -GoWqve3YezF7HOABQjioFL/3oq32oM9pHsGTQTJE7aFE62nItVqAdg== diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext1 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext1 deleted file mode 100644 index 4484aae614..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext1 +++ /dev/null @@ -1 +0,0 @@ -PM6xHbiwP6Xcb44mg7BHtaJvd8PkxgvHAB1sh2cF0so3naFf0Tj6vQ== diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext10 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext10 deleted file mode 100644 index a956d53a61..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext10 +++ /dev/null @@ -1,2 +0,0 @@ -AF3bbyED08NTrUgKmag9HiuUbaW0skXA/Bp9RPjRAD6M0rp3nvLDKozI940jxPP1 -nWpHF7VcyCVzJeV6 diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext11 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext11 deleted file mode 100644 index 8cc2c26234..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext11 +++ /dev/null @@ -1,2 +0,0 @@ -AOLrxy4FWd29ToUjOwLs6GyQ+dYZN6NkZ8oVO6dsAEXt55ePlCWZbOtmk6v9PrNG -JOsY/MHnGhDeAGRl diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext12 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext12 deleted file mode 100644 index 5a05a78637..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext12 +++ /dev/null @@ -1,2 +0,0 @@ -aQHMte9cFByD9Ff3rZOPOtPI75luPoxemmgjXIgh/9jEeoTdDk8xuAYQUkayCfs+ -DpDaGnOLkfAyZ8GcuaCujg== diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext13 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext13 deleted file mode 100644 index 690c00a715..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext13 +++ /dev/null @@ -1,2 +0,0 @@ -AaeVCRJQPbpTqa1+zLd/8xAbkz3KKTr0dlS4tuGC8hc9j5esAeEv+7IklbA3v5Jz -jC+nJy4p81iNO5E9H8nfGGckfQSiFzHG diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext14 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext14 deleted file mode 100644 index fe527c6256..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext14 +++ /dev/null @@ -1,2 +0,0 @@ -AgU0N7zJPg/1UxmCWD5Z+DqDqkRKjy4heFgayCyopb/u4XErAZArgsjashAxzMKC -PSDJasPT90T5Va8sNtjXtSpHWxc2roV9 diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext15 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext15 deleted file mode 100644 index d1090942a2..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext15 +++ /dev/null @@ -1,2 +0,0 @@ -NXo8is+7lAoOwWGt7+GBbT/UX8LGs8TXEHBI+tX9311pJ4J3pfBYobgN0ZK6ZBtp -dS6PkrPaQp0S9nrfTOS5uAH95eD1eymRfCbOnjTUKzLuIn53V17vRjdcDtLzrhzX diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext16 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext16 deleted file mode 100644 index d5fe14482a..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext16 +++ /dev/null @@ -1,3 +0,0 @@ -ADhxjBz/ACTy4GJlL0tYZpyNpC4DsXND9lJuU7x9N7g6gkpJyBPw3vBYU1olw6PH -dnegpgAm4Gh6MCsZB4KBcLwl1wjt4B3p2eqEqDYn5fiie5f4XuRomvI92jR5Sb+I -nBLCHIppt/Q= diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext17 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext17 deleted file mode 100644 index 486bf664f9..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext17 +++ /dev/null @@ -1,3 +0,0 @@ -AGhHQ6kfdZRgu1svQTXEIewvFVglnUy6ANPumyUbM14AEfRkCUNa1uzvhV1sbWYj -qT3egQCA9MTjThDNJeDOvvL6hVVOryUv4+C3RtkpQGCtdml+CSsjVTej8h9JbMds -Dme40b2G6fE= diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext18 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext18 deleted file mode 100644 index 7eeef38118..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext18 +++ /dev/null @@ -1,3 +0,0 @@ -AGBuqk48tufy0bKEWpu+xEHsmi+6KCfdwOSRwLDnpVetGe9AWknHDzeTSwe0QxcE -RsEkUZGDpxfzUlCLSSSU+ErrYY/uyLV2AJTb3prB6A2YNwdmFGeRbDoxeOu7FuQA -3gxBQhR+TGMuskeM+BdHFmFrwvTTdHCGzjTBa5S8mbgEJTfeik/it28T/9i+duZ8 diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext19 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext19 deleted file mode 100644 index ef8e5f3818..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext19 +++ /dev/null @@ -1,3 +0,0 @@ -AaiotJfCiWU1d2LFe+t0CcWHDSF7EOlApWYJ+RNRSq8TbkXJIzi6abbb7BovtRwf -i/COYwjS7OnkFQ6x5Pdrb7OZ0dTAdDRXAKtXWSKR20Y4fhnx/HUxisFwKrsCEQ3O -uVtwDG8rh5V8zjBnCEcs5Iy9CsklucibR0PIyglVmW+ZuY42YNebuOC2VUKqHNF7 diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext2 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext2 deleted file mode 100644 index a3837a4105..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext2 +++ /dev/null @@ -1 +0,0 @@ -Vli8Hau3xL8oder6ZdM9Y3fMd92jbguiMq6F+9CUjlUQXy5EwAVGeg== diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext20 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext20 deleted file mode 100644 index 67c99244a0..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext20 +++ /dev/null @@ -1,3 +0,0 @@ -ALAM5hGnex7TvBbSEzDlfv+n5g7aWyRyZsBbl2Y6wW1plSovbq2GcV6w1ZV1Vlot -70zbqkKyNApvTi3xoD4Ens6pAeLMYDILwaQhnyJZWQv3etbWqUKJZNgfH1IDj03k -n9hbjYLX3y4bc4CnrhOiv5Ab34s7M8wUYcjC+DbHwhLl/S6N diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext3 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext3 deleted file mode 100644 index e9a480882b..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext3 +++ /dev/null @@ -1 +0,0 @@ -AFohw5TN/dpmqbhp/T4z1Rl1boAUA6r9eEPJbYN0zf+eHZzyvezxqjxU diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext4 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext4 deleted file mode 100644 index 57ce239ab3..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext4 +++ /dev/null @@ -1 +0,0 @@ -AtJdCPXn5yQW34jekhsnsNmaMOeeA3KIVl1d2+7pb6QycUAzYccgwSrp diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext5 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext5 deleted file mode 100644 index e476c80bfc..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext5 +++ /dev/null @@ -1 +0,0 @@ -AzEg0sOGHwxd0o3cv+o9dsRPOzXMAdpgtI6O0uUmVN2+a5qI5FYQlItz diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext6 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext6 deleted file mode 100644 index bdea7171d0..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext6 +++ /dev/null @@ -1 +0,0 @@ -5+HDXH/ieN8Bzxd3dfxKZoqbbhsm7jyeqWdemt6Xy0kx+7zwSYsh9Ng5KRdy6wtA diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext7 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext7 deleted file mode 100644 index 3273fd9f73..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext7 +++ /dev/null @@ -1 +0,0 @@ -WcS9umnUASP0X6lHvkWJwPY37ZVvAMLBERHLjL3Vzg6QVjwcS8kDVortTFei3aTx diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext8 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext8 deleted file mode 100644 index 636392e435..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext8 +++ /dev/null @@ -1,2 +0,0 @@ -ItpmPaGAaoe2feXPbh5+EASLGnEzyYbEnwJ+JFNSOQcoY4a/cMV2rn8FYyBsEDiZ -LPDBU0i2uOg= diff --git a/security/nss/cmd/bltest/tests/ecdsa/ciphertext9 b/security/nss/cmd/bltest/tests/ecdsa/ciphertext9 deleted file mode 100644 index 0c43fa3d79..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/ciphertext9 +++ /dev/null @@ -1,2 +0,0 @@ -QjzCVGRUjulOLqeBqC5xpY0GWomOrmQUCtImY0czn98a/jHrdgsSRKiMHukBUxM1 -TIRGjkV2L+A= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key0 b/security/nss/cmd/bltest/tests/ecdsa/key0 deleted file mode 100644 index 7c6d61b361..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key0 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAAkAAAApBPiF0ntSFtn41JULxlA1l/lHE/zUPGJWkCqtdOryS6yD -WFCoF/IHwHsAAAAUcw+b2b1AJUlmezgu5EjmAGPC0YQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key1 b/security/nss/cmd/bltest/tests/ecdsa/key1 deleted file mode 100644 index 049aa1edbc..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key1 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAAgAAAApBI80VWK9xatmkFRiDTcdeFQ0T9h3h6iVOinMURyWZw0T -5vZqd8/gvwwAAAAUYOQMjDdtNSL5zY0nVWPWY+UJoqQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key10 b/security/nss/cmd/bltest/tests/ecdsa/key10 deleted file mode 100644 index 3e33417143..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key10 +++ /dev/null @@ -1,3 +0,0 @@ -AAAABwYFK4EEABoAAAA9BACmzalMQJBOWV2FoyV0tXSpT07Xajq4bB1SUwSY7QGn -dgGC3GBqjPs9vEpqfMMQ2M9k3+5oubWnexNFhQAAAB4BRha/6sE7VSHl92ZqCj5p -LYtBpK23jzfdVWO8SAY= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key11 b/security/nss/cmd/bltest/tests/ecdsa/key11 deleted file mode 100644 index 6111d52ad7..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key11 +++ /dev/null @@ -1,3 +0,0 @@ -AAAABwYFK4EEABsAAAA9BAD2/x9HSYYVEQ9AU4MivlIKPypJjsm0sTrp8BftlQGv -KaYrKpZCg/CEw3C2kqvke7HAu+10hafK9asRxQAAAB4AXyFCurtsXhahkyJpkb5J -LUg3xVL00vviR0KyFZY= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key12 b/security/nss/cmd/bltest/tests/ecdsa/key12 deleted file mode 100644 index 491fdba1b8..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key12 +++ /dev/null @@ -1,3 +0,0 @@ -AAAACgYIKoZIzj0DAQcAAABBBNGB7n4kH15tKA/SMpetaQVqg6WxIuuUuMQT2tDX -NN5jKZfaxD47NsTjTr3x3D5t1qRBYuL6VtdgIuxBIHGG9dcAAAAgaGjyZBL+LN3a -7NkGiHJBfqh7XKNH0AnPF3vFWpostIQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key13 b/security/nss/cmd/bltest/tests/ecdsa/key13 deleted file mode 100644 index fc8057a57e..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key13 +++ /dev/null @@ -1,3 +0,0 @@ -AAAABwYFK4EEABAAAABJBAT3klWkt7+1Pr6QGEcvEIZplopwt1alrsJUThDOxvUF -7KvBpQLVjB+DQTwYQnEREb/WFyRgUBuIbII0+zd/g0fLHE4PQ8SNlAAAACQFPsMX -mqSVRreUVasUOIZQFB2jnpwCUyoq+xa9SRril5LeOCY= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key14 b/security/nss/cmd/bltest/tests/ecdsa/key14 deleted file mode 100644 index 2e158236cb..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key14 +++ /dev/null @@ -1,3 +0,0 @@ -AAAABwYFK4EEABEAAABJBAf/ei/XCrFrMZLBp5BFkKZ3Odn+ZJu7QIAK32Ubuxmi -xgWTewf2vv+KY5kHwsBYuBXmmnKe9Ak9zGP4Lykvgk5n5J6iUz5ycQAAACQAQHXa -d29OqGxoDNCl9xETW3tAL/2hfZzstNuOPLm5kj4j1Dc= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key15 b/security/nss/cmd/bltest/tests/ecdsa/key15 deleted file mode 100644 index a062f1f67b..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key15 +++ /dev/null @@ -1,4 +0,0 @@ -AAAABwYFK4EEACIAAABhBLWMJG3t4khPYcsl3H492rAqukJ1RqJm27pqpN54rFGG -r2VDwOfqb9tMninq8IyOh42eaaVOEPXXu4Q/ATWBEfrbTRBjTpzAE2SSPuQma0lM -q0RSVECCgdBOKIhB0H6VxAAAADA3WPjUaMWCS9E5KbVDrEcf5CV5tCNNWJQkwjsA -yALMCiXJqRVXwbq42WMuaELMW+g= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key16 b/security/nss/cmd/bltest/tests/ecdsa/key16 deleted file mode 100644 index d2694ae412..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key16 +++ /dev/null @@ -1,4 +0,0 @@ -AAAABwYFK4EEACQAAABpBADkgknFgTPuirxQxFlqIK+vcARWzlpJR+qmyRyQsBiz -Nh6Ws036xUKY9M8LxMIWXFNM6aIA2wxKsBF+HHD6oy27EAJSJOGbke/9F9Kv5AiW -2RXA4mllUaxCNsuQ36PqUdqv4FeXxWTpAAAANAHTZloqhR0V4bfyaeo2hojcvY3T -NO04ewNryBpsHZ0bhID0EfewYuwQmX00GYNfuV3mJ2w= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key17 b/security/nss/cmd/bltest/tests/ecdsa/key17 deleted file mode 100644 index 30be05774d..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key17 +++ /dev/null @@ -1,4 +0,0 @@ -AAAABwYFK4EEACUAAABpBAAEE/bAmqCjO3FLvN93Q/UjDyDp2sj+F//buuf1hZ0K -1rSOGXMLcBrqVa8R6UJ57F9/Yc0BCTylpJMXjfCr4eDczG4WOQk+5x8kpKQs5Q9U -V3IolHDiQY/Nhn7o4UFn5/mF71T3qUqwAAAANAH/o7jEl9Bw+Arj9uQ7ZHkoPGgx -t92UJg1r/lxa7UUd66iJfRI8n8yQH/sw56D1+CweeII= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key18 b/security/nss/cmd/bltest/tests/ecdsa/key18 deleted file mode 100644 index bbdcb13711..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key18 +++ /dev/null @@ -1,5 +0,0 @@ -AAAABwYFK4EEACYAAACRBAffZTrfwIl0dciO2fui3UhZw6r+jnFh7gyER92gXL7+ -LzPgTHagd1vdQiIX4K8Dv76KN0BldiFuX5odP7qC26MUaiURDdWT0AWcPmumSSBH -NXZYLLx5hQjW3BTNwV7v5bmUjezfgtuOCC30dQGs2GMgExAmiWRjTkiPrHg1SFKF -3RklauOyMWauaVpEzh3c+wAAAEgAZvLs4/Rx7tS+QGH92fGGIxPWPbVYOpDKwabY -poV2i1BD5Fxvw+eHlvxVOLmRPqRCPTfOLwAeNbHyt17U/BVZ8+svTChlzuA= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key19 b/security/nss/cmd/bltest/tests/ecdsa/key19 deleted file mode 100644 index 31b4071f2e..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key19 +++ /dev/null @@ -1,5 +0,0 @@ -AAAABwYFK4EEACcAAACRBASpPvOfQVqiMD+cBL/nulFit5pk/5beJ6/KpeIltg4s -6/s7PPggJA59BP7RJwak6rgY3PsRqXVPjyM/1UkUfRUR2BJgOfNTkQe9WF7Y5zXy -TM76cWhOP+sLSoUcscy/HTLCpHqRLLvWZPDzgjrfJqSlydMEDZjWsJRVPk9IfeQ/ -amGiWOhJIQd/bSrAazZn6AAAAEgFz1qZzjHuhuP1boJ7gzndJhQslx1efbESxHSc -wbOpeBpw2MsCAwjtgo3Y8pviFIC8+5MStkFjE8uHQ0ngXc02wm3G0xj8XGQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key2 b/security/nss/cmd/bltest/tests/ecdsa/key2 deleted file mode 100644 index f4ba6f2f2b..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key2 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAB4AAAApBGouC+vgvmItzsLO4hXn+AXi3skEE+M19o/QHLfjibbA -p7av8F4tcGgAAAAUmpQDUgnIkiXPBs0moD4jEmJHato= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key20 b/security/nss/cmd/bltest/tests/ecdsa/key20 deleted file mode 100644 index c4da3486de..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key20 +++ /dev/null @@ -1,5 +0,0 @@ -AAAABwYFK4EEACMAAACFBAHLMSpMFVyG6mXE7SZ5O5Bwv4d8/QiAB3BzpXkyrU1W -jJ9O9uOYTXM+cFtF5v56+LsI4yGkaAl9+RF6lFPjrhpIswCmBmEqMBgZpjoz38my -nLHBI9MaFF8AHkRQwD3LJLo4eSZHOVkdIvDYLwicdlgr0zD3Nf76/HB1+0DkBGqE -MyG22gAAAEIAFah7z179UbqqdH68pzdZsP1ChXjtYZ11rBM0+HP7yLirxH3ahKTt -DjsY19GEjz4gKsaLfLiQ1/Dp+VKVLcBKpk0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key3 b/security/nss/cmd/bltest/tests/ecdsa/key3 deleted file mode 100644 index 689e06bda5..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key3 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAAEAAAArBAe4qW9DTVGRVIYYznwJZbn8mWXLugA2A+Mv112Bu+y7 -gxI8E4/fEdLTsQAAABUGEQDNcbxi0JhwALA8FCCxvmWYM3E= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key4 b/security/nss/cmd/bltest/tests/ecdsa/key4 deleted file mode 100644 index 90ecb72c6f..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key4 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAAIAAAArBAXw45Pc59l1QWmAB1W6M30lyFzQmAH/0FIFKYgEOYIa -dnEXMwKNwaRdsQAAABUCErj052f+Rth5OxAm376LOAQyvBY= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key5 b/security/nss/cmd/bltest/tests/ecdsa/key5 deleted file mode 100644 index b9d221f8e5..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key5 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAA8AAAArBAFhm71N2wsUOYCwDNr/6rFvNX1okAbki1SNlHq2TQDO -Bktd1M0jlApWVQAAABUCILsraWg3Qi5nBsXQ1pGmZk0YuSA= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key6 b/security/nss/cmd/bltest/tests/ecdsa/key6 deleted file mode 100644 index 92fb463dc5..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key6 +++ /dev/null @@ -1,2 +0,0 @@ -AAAABwYFK4EEAB8AAAAxBHOYACoc9XsLk5n8NZZKV2U9CDoMj/VRDvqbf+myloR7 -uBfVNm+uVN33Sa65phAfXQAAABitxs6KZtkqU4tglcdQ1Rmk2U74vjYP0JM= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key7 b/security/nss/cmd/bltest/tests/ecdsa/key7 deleted file mode 100644 index 83fced1844..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key7 +++ /dev/null @@ -1,2 +0,0 @@ -AAAACgYIKoZIzj0DAQEAAAAxBOyOI+rIs3x+jsChxQqSVblnoZGqhIM1WX0FMfw+ -D8Dz6Y25iPcAQFpIAWh29FxnrgAAABh+uEQYXwMB783sULxE6PEd1t/MNZ9HSHI= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key8 b/security/nss/cmd/bltest/tests/ecdsa/key8 deleted file mode 100644 index cc7c6103b5..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key8 +++ /dev/null @@ -1,3 +0,0 @@ -AAAABwYFK4EEACAAAAA5BKQnZoj4VtlPqrJ5dekM4haG+7PjfgO4wNNIqD7JnrKI -gTUd+oUQ41d517xCObyBaHNzdVPty9DvAAAAHIrG9+FE+OJV5UV2l/op7PCDPI4G -qkpgzPIwe7U= diff --git a/security/nss/cmd/bltest/tests/ecdsa/key9 b/security/nss/cmd/bltest/tests/ecdsa/key9 deleted file mode 100644 index ab8f43bae6..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/key9 +++ /dev/null @@ -1,3 +0,0 @@ -AAAABwYFK4EEACEAAAA5BGCNDWldzQCbI83PMR96tqR6JnIUpvfIO8l6hIf/QfMc -rx2BbrSLoy6EJmP++Jyw5yNyaoVaNYl6AAAAHDnjgcUSIshTSLuejnSsvtvU363b -1NJv4ULUbIs= diff --git a/security/nss/cmd/bltest/tests/ecdsa/numtests b/security/nss/cmd/bltest/tests/ecdsa/numtests deleted file mode 100644 index aabe6ec390..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/numtests +++ /dev/null @@ -1 +0,0 @@ -21 diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext0 b/security/nss/cmd/bltest/tests/ecdsa/plaintext0 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext1 b/security/nss/cmd/bltest/tests/ecdsa/plaintext1 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext1 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext10 b/security/nss/cmd/bltest/tests/ecdsa/plaintext10 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext10 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext11 b/security/nss/cmd/bltest/tests/ecdsa/plaintext11 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext11 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext12 b/security/nss/cmd/bltest/tests/ecdsa/plaintext12 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext12 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext13 b/security/nss/cmd/bltest/tests/ecdsa/plaintext13 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext13 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext14 b/security/nss/cmd/bltest/tests/ecdsa/plaintext14 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext14 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext15 b/security/nss/cmd/bltest/tests/ecdsa/plaintext15 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext15 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext16 b/security/nss/cmd/bltest/tests/ecdsa/plaintext16 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext16 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext17 b/security/nss/cmd/bltest/tests/ecdsa/plaintext17 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext17 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext18 b/security/nss/cmd/bltest/tests/ecdsa/plaintext18 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext18 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext19 b/security/nss/cmd/bltest/tests/ecdsa/plaintext19 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext19 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext2 b/security/nss/cmd/bltest/tests/ecdsa/plaintext2 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext2 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext20 b/security/nss/cmd/bltest/tests/ecdsa/plaintext20 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext20 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext3 b/security/nss/cmd/bltest/tests/ecdsa/plaintext3 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext3 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext4 b/security/nss/cmd/bltest/tests/ecdsa/plaintext4 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext4 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext5 b/security/nss/cmd/bltest/tests/ecdsa/plaintext5 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext5 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext6 b/security/nss/cmd/bltest/tests/ecdsa/plaintext6 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext6 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext7 b/security/nss/cmd/bltest/tests/ecdsa/plaintext7 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext7 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext8 b/security/nss/cmd/bltest/tests/ecdsa/plaintext8 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext8 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/plaintext9 b/security/nss/cmd/bltest/tests/ecdsa/plaintext9 deleted file mode 100644 index 48fbdb6fde..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/plaintext9 +++ /dev/null @@ -1 +0,0 @@ -qZk+NkcGgWq6PiVxeFDCbJzQ2J0= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed0 b/security/nss/cmd/bltest/tests/ecdsa/sigseed0 deleted file mode 100644 index 05d7fd2d65..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed0 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed1 b/security/nss/cmd/bltest/tests/ecdsa/sigseed1 deleted file mode 100644 index 05d7fd2d65..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed1 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed10 b/security/nss/cmd/bltest/tests/ecdsa/sigseed10 deleted file mode 100644 index 6983e5f7d6..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed10 +++ /dev/null @@ -1 +0,0 @@ -fjIzMWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed11 b/security/nss/cmd/bltest/tests/ecdsa/sigseed11 deleted file mode 100644 index 6983e5f7d6..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed11 +++ /dev/null @@ -1 +0,0 @@ -fjIzMWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed12 b/security/nss/cmd/bltest/tests/ecdsa/sigseed12 deleted file mode 100644 index 92aa40c82a..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed12 +++ /dev/null @@ -1 +0,0 @@ -/jI1NmJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDk= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed13 b/security/nss/cmd/bltest/tests/ecdsa/sigseed13 deleted file mode 100644 index 4ac0765848..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed13 +++ /dev/null @@ -1 +0,0 @@ -ATI4MWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBi diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed14 b/security/nss/cmd/bltest/tests/ecdsa/sigseed14 deleted file mode 100644 index 4ac0765848..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed14 +++ /dev/null @@ -1 +0,0 @@ -ATI4MWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBi diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed15 b/security/nss/cmd/bltest/tests/ecdsa/sigseed15 deleted file mode 100644 index 0975230325..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed15 +++ /dev/null @@ -1 +0,0 @@ -/jM4NGJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDEx diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed16 b/security/nss/cmd/bltest/tests/ecdsa/sigseed16 deleted file mode 100644 index 36fbf09513..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed16 +++ /dev/null @@ -1 +0,0 @@ -fjQwN2JpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDExMTIx diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed17 b/security/nss/cmd/bltest/tests/ecdsa/sigseed17 deleted file mode 100644 index 36fbf09513..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed17 +++ /dev/null @@ -1 +0,0 @@ -fjQwN2JpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDExMTIx diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed18 b/security/nss/cmd/bltest/tests/ecdsa/sigseed18 deleted file mode 100644 index 7be8ce6dd9..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed18 +++ /dev/null @@ -1,2 +0,0 @@ -PjU2NmJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz -MTQxNTE2MTcxODE5MWExYjE= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed19 b/security/nss/cmd/bltest/tests/ecdsa/sigseed19 deleted file mode 100644 index 7be8ce6dd9..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed19 +++ /dev/null @@ -1,2 +0,0 @@ -PjU2NmJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz -MTQxNTE2MTcxODE5MWExYjE= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed2 b/security/nss/cmd/bltest/tests/ecdsa/sigseed2 deleted file mode 100644 index 05d7fd2d65..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed2 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed20 b/security/nss/cmd/bltest/tests/ecdsa/sigseed20 deleted file mode 100644 index f0dddb66c7..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed20 +++ /dev/null @@ -1,2 +0,0 @@ -/jUyMGJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz -MTQxNTE2MTcxODE= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed3 b/security/nss/cmd/bltest/tests/ecdsa/sigseed3 deleted file mode 100644 index 05d7fd2d65..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed3 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed4 b/security/nss/cmd/bltest/tests/ecdsa/sigseed4 deleted file mode 100644 index 05d7fd2d65..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed4 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed5 b/security/nss/cmd/bltest/tests/ecdsa/sigseed5 deleted file mode 100644 index 05d7fd2d65..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed5 +++ /dev/null @@ -1 +0,0 @@ -aHpm2QZI+ZOGfhIfTd+d2wEgVYQ= diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed6 b/security/nss/cmd/bltest/tests/ecdsa/sigseed6 deleted file mode 100644 index a0687196c4..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed6 +++ /dev/null @@ -1 +0,0 @@ -/jE5MmJpdHNPZlRleHQwMDAwMDAwMDAw diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed7 b/security/nss/cmd/bltest/tests/ecdsa/sigseed7 deleted file mode 100644 index a0687196c4..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed7 +++ /dev/null @@ -1 +0,0 @@ -/jE5MmJpdHNPZlRleHQwMDAwMDAwMDAw diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed8 b/security/nss/cmd/bltest/tests/ecdsa/sigseed8 deleted file mode 100644 index 01ae265740..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed8 +++ /dev/null @@ -1 +0,0 @@ -/jIyNGJpdHNPZlRleHQwMDAwMDAwMDAwMDAwMA== diff --git a/security/nss/cmd/bltest/tests/ecdsa/sigseed9 b/security/nss/cmd/bltest/tests/ecdsa/sigseed9 deleted file mode 100644 index 01ae265740..0000000000 --- a/security/nss/cmd/bltest/tests/ecdsa/sigseed9 +++ /dev/null @@ -1 +0,0 @@ -/jIyNGJpdHNPZlRleHQwMDAwMDAwMDAwMDAwMA== diff --git a/security/nss/cmd/bltest/tests/md2/ciphertext0 b/security/nss/cmd/bltest/tests/md2/ciphertext0 deleted file mode 100644 index 22e1fc496c..0000000000 --- a/security/nss/cmd/bltest/tests/md2/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -CS/UNcrWhB5Knt7Gf8Tz3Q== diff --git a/security/nss/cmd/bltest/tests/md2/numtests b/security/nss/cmd/bltest/tests/md2/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/md2/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/md2/plaintext0 b/security/nss/cmd/bltest/tests/md2/plaintext0 deleted file mode 100644 index dce2994ba5..0000000000 --- a/security/nss/cmd/bltest/tests/md2/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -16-bytes to MD2. diff --git a/security/nss/cmd/bltest/tests/md5/ciphertext0 b/security/nss/cmd/bltest/tests/md5/ciphertext0 deleted file mode 100644 index ea11ee523b..0000000000 --- a/security/nss/cmd/bltest/tests/md5/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -XN8lnQuWAiMqmSGfvd8Hdw== diff --git a/security/nss/cmd/bltest/tests/md5/numtests b/security/nss/cmd/bltest/tests/md5/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/md5/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/md5/plaintext0 b/security/nss/cmd/bltest/tests/md5/plaintext0 deleted file mode 100644 index 5ae3875e2a..0000000000 --- a/security/nss/cmd/bltest/tests/md5/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -63-byte input to MD5 can be a bit tricky, but no problems here. diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/rc2_cbc/ciphertext0 deleted file mode 100644 index d964ef8644..0000000000 --- a/security/nss/cmd/bltest/tests/rc2_cbc/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -3ki6eVsWpY8= diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/iv0 b/security/nss/cmd/bltest/tests/rc2_cbc/iv0 deleted file mode 100644 index 97b5955f78..0000000000 --- a/security/nss/cmd/bltest/tests/rc2_cbc/iv0 +++ /dev/null @@ -1 +0,0 @@ -12345678 diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/key0 b/security/nss/cmd/bltest/tests/rc2_cbc/key0 deleted file mode 100644 index 65513c116c..0000000000 --- a/security/nss/cmd/bltest/tests/rc2_cbc/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/numtests b/security/nss/cmd/bltest/tests/rc2_cbc/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/rc2_cbc/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/rc2_cbc/plaintext0 b/security/nss/cmd/bltest/tests/rc2_cbc/plaintext0 deleted file mode 100644 index 5513e438c0..0000000000 --- a/security/nss/cmd/bltest/tests/rc2_cbc/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/rc2_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/rc2_ecb/ciphertext0 deleted file mode 100644 index 337d307655..0000000000 --- a/security/nss/cmd/bltest/tests/rc2_ecb/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -WT+tc4fANhQ= diff --git a/security/nss/cmd/bltest/tests/rc2_ecb/key0 b/security/nss/cmd/bltest/tests/rc2_ecb/key0 deleted file mode 100644 index 65513c116c..0000000000 --- a/security/nss/cmd/bltest/tests/rc2_ecb/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/rc2_ecb/numtests b/security/nss/cmd/bltest/tests/rc2_ecb/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/rc2_ecb/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/rc2_ecb/plaintext0 b/security/nss/cmd/bltest/tests/rc2_ecb/plaintext0 deleted file mode 100644 index 5513e438c0..0000000000 --- a/security/nss/cmd/bltest/tests/rc2_ecb/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/rc4/ciphertext0 b/security/nss/cmd/bltest/tests/rc4/ciphertext0 deleted file mode 100644 index 004f13472a..0000000000 --- a/security/nss/cmd/bltest/tests/rc4/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -34sTZJtr20k= diff --git a/security/nss/cmd/bltest/tests/rc4/ciphertext1 b/security/nss/cmd/bltest/tests/rc4/ciphertext1 deleted file mode 100644 index 6050da4c68..0000000000 --- a/security/nss/cmd/bltest/tests/rc4/ciphertext1 +++ /dev/null @@ -1 +0,0 @@ -34sTZJtr20nGP6VxS3BIBxxIYm6QGIa1rehFHn51z9M= diff --git a/security/nss/cmd/bltest/tests/rc4/key0 b/security/nss/cmd/bltest/tests/rc4/key0 deleted file mode 100644 index 65513c116c..0000000000 --- a/security/nss/cmd/bltest/tests/rc4/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/rc4/key1 b/security/nss/cmd/bltest/tests/rc4/key1 deleted file mode 100644 index 65513c116c..0000000000 --- a/security/nss/cmd/bltest/tests/rc4/key1 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/rc4/numtests b/security/nss/cmd/bltest/tests/rc4/numtests deleted file mode 100644 index 0cfbf08886..0000000000 --- a/security/nss/cmd/bltest/tests/rc4/numtests +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/security/nss/cmd/bltest/tests/rc4/plaintext0 b/security/nss/cmd/bltest/tests/rc4/plaintext0 deleted file mode 100644 index 5513e438c0..0000000000 --- a/security/nss/cmd/bltest/tests/rc4/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/rc4/plaintext1 b/security/nss/cmd/bltest/tests/rc4/plaintext1 deleted file mode 100644 index d41abc7b84..0000000000 --- a/security/nss/cmd/bltest/tests/rc4/plaintext1 +++ /dev/null @@ -1 +0,0 @@ -Mozilla!Mozilla!Mozilla!Mozilla! diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/rc5_cbc/ciphertext0 deleted file mode 100644 index 544713b339..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_cbc/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -qsv4Fn2J6d0= diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/iv0 b/security/nss/cmd/bltest/tests/rc5_cbc/iv0 deleted file mode 100644 index 97b5955f78..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_cbc/iv0 +++ /dev/null @@ -1 +0,0 @@ -12345678 diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/key0 b/security/nss/cmd/bltest/tests/rc5_cbc/key0 deleted file mode 100644 index 65513c116c..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_cbc/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/numtests b/security/nss/cmd/bltest/tests/rc5_cbc/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_cbc/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/params0 b/security/nss/cmd/bltest/tests/rc5_cbc/params0 deleted file mode 100644 index d68e0362d5..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_cbc/params0 +++ /dev/null @@ -1,2 +0,0 @@ -rounds=10 -wordsize=4 diff --git a/security/nss/cmd/bltest/tests/rc5_cbc/plaintext0 b/security/nss/cmd/bltest/tests/rc5_cbc/plaintext0 deleted file mode 100644 index 5513e438c0..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_cbc/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/rc5_ecb/ciphertext0 deleted file mode 100644 index 133777dd08..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_ecb/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -4ZKK/1v5Ohc= diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/key0 b/security/nss/cmd/bltest/tests/rc5_ecb/key0 deleted file mode 100644 index 65513c116c..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_ecb/key0 +++ /dev/null @@ -1 +0,0 @@ -zyxwvuts diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/numtests b/security/nss/cmd/bltest/tests/rc5_ecb/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_ecb/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/params0 b/security/nss/cmd/bltest/tests/rc5_ecb/params0 deleted file mode 100644 index d68e0362d5..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_ecb/params0 +++ /dev/null @@ -1,2 +0,0 @@ -rounds=10 -wordsize=4 diff --git a/security/nss/cmd/bltest/tests/rc5_ecb/plaintext0 b/security/nss/cmd/bltest/tests/rc5_ecb/plaintext0 deleted file mode 100644 index 5513e438c0..0000000000 --- a/security/nss/cmd/bltest/tests/rc5_ecb/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -Mozilla! diff --git a/security/nss/cmd/bltest/tests/rsa/ciphertext0 b/security/nss/cmd/bltest/tests/rsa/ciphertext0 deleted file mode 100644 index 943ea599ae..0000000000 --- a/security/nss/cmd/bltest/tests/rsa/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -qPVrXv0y3SC5rY44bIi6GE4Aec8uDpHH7/cCg0FU5as= diff --git a/security/nss/cmd/bltest/tests/rsa/key0 b/security/nss/cmd/bltest/tests/rsa/key0 deleted file mode 100644 index 1352fe9866..0000000000 --- a/security/nss/cmd/bltest/tests/rsa/key0 +++ /dev/null @@ -1,4 +0,0 @@ -AAAAAAAAACC5lyu2K2ro8YGnvOCKaL1sFX1HEIblIVbuMXsa8oeFSwAAAAERAAAA -IBXVjKwFG6LvPG4WOIjBBzmxGNpkQwDs3W5qZcXVzqahAAAAEOEOH/WnhZCJyM39 -oNfhf18AAAAQ0xvmxqXXs3L62xxogUl9lQAAABAaeiHgqkvy4wiQtG1Gkv/tAAAA -EMaw2TNu6SFdKFXAYluQdjEAAAAQi0u+IlgKCt/hatGAsTrfzQ== diff --git a/security/nss/cmd/bltest/tests/rsa/numtests b/security/nss/cmd/bltest/tests/rsa/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/rsa/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/rsa/plaintext0 b/security/nss/cmd/bltest/tests/rsa/plaintext0 deleted file mode 100644 index d915bc88c4..0000000000 --- a/security/nss/cmd/bltest/tests/rsa/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -512bitsforRSAPublicKeyEncryption diff --git a/security/nss/cmd/bltest/tests/sha1/ciphertext0 b/security/nss/cmd/bltest/tests/sha1/ciphertext0 deleted file mode 100644 index 1fe4bd2bd4..0000000000 --- a/security/nss/cmd/bltest/tests/sha1/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -cDSMAygXMPIJZC5bntZ4ZhecQ9g= diff --git a/security/nss/cmd/bltest/tests/sha1/numtests b/security/nss/cmd/bltest/tests/sha1/numtests deleted file mode 100644 index d00491fd7e..0000000000 --- a/security/nss/cmd/bltest/tests/sha1/numtests +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/security/nss/cmd/bltest/tests/sha1/plaintext0 b/security/nss/cmd/bltest/tests/sha1/plaintext0 deleted file mode 100644 index 863e79c65b..0000000000 --- a/security/nss/cmd/bltest/tests/sha1/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -A cage went in search of a bird. diff --git a/security/nss/cmd/bltest/tests/sha256/ciphertext0 b/security/nss/cmd/bltest/tests/sha256/ciphertext0 deleted file mode 100644 index 07e2ff14fa..0000000000 --- a/security/nss/cmd/bltest/tests/sha256/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -ungWv48Bz+pBQUDeXa4iI7ADYaOWF3qctBD/YfIAFa0= diff --git a/security/nss/cmd/bltest/tests/sha256/ciphertext1 b/security/nss/cmd/bltest/tests/sha256/ciphertext1 deleted file mode 100644 index 2ab6e1da58..0000000000 --- a/security/nss/cmd/bltest/tests/sha256/ciphertext1 +++ /dev/null @@ -1 +0,0 @@ -JI1qYdIGOLjlwCaTDD5gOaM85Flk/yFn9uzt1BnbBsE= diff --git a/security/nss/cmd/bltest/tests/sha256/numtests b/security/nss/cmd/bltest/tests/sha256/numtests deleted file mode 100644 index 0cfbf08886..0000000000 --- a/security/nss/cmd/bltest/tests/sha256/numtests +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/security/nss/cmd/bltest/tests/sha256/plaintext0 b/security/nss/cmd/bltest/tests/sha256/plaintext0 deleted file mode 100644 index 8baef1b4ab..0000000000 --- a/security/nss/cmd/bltest/tests/sha256/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -abc diff --git a/security/nss/cmd/bltest/tests/sha256/plaintext1 b/security/nss/cmd/bltest/tests/sha256/plaintext1 deleted file mode 100644 index afb5dce5d4..0000000000 --- a/security/nss/cmd/bltest/tests/sha256/plaintext1 +++ /dev/null @@ -1 +0,0 @@ -abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq diff --git a/security/nss/cmd/bltest/tests/sha384/ciphertext0 b/security/nss/cmd/bltest/tests/sha384/ciphertext0 deleted file mode 100644 index c94f91e22a..0000000000 --- a/security/nss/cmd/bltest/tests/sha384/ciphertext0 +++ /dev/null @@ -1 +0,0 @@ -ywB1P0WjXou1oD1pmsZQBycsMqsO3tFjGotgWkP/W+2AhgcroefMI1i67KE0yCWn diff --git a/security/nss/cmd/bltest/tests/sha384/ciphertext1 b/security/nss/cmd/bltest/tests/sha384/ciphertext1 deleted file mode 100644 index 833f06d844..0000000000 --- a/security/nss/cmd/bltest/tests/sha384/ciphertext1 +++ /dev/null @@ -1 +0,0 @@ -CTMMM/cRR+g9GS/Hgs0bR1MRGxc7OwXSL6CAhuOw9xL8x8caVX4tuWbD6fqRdGA5 diff --git a/security/nss/cmd/bltest/tests/sha384/numtests b/security/nss/cmd/bltest/tests/sha384/numtests deleted file mode 100644 index 0cfbf08886..0000000000 --- a/security/nss/cmd/bltest/tests/sha384/numtests +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/security/nss/cmd/bltest/tests/sha384/plaintext0 b/security/nss/cmd/bltest/tests/sha384/plaintext0 deleted file mode 100644 index 8baef1b4ab..0000000000 --- a/security/nss/cmd/bltest/tests/sha384/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -abc diff --git a/security/nss/cmd/bltest/tests/sha384/plaintext1 b/security/nss/cmd/bltest/tests/sha384/plaintext1 deleted file mode 100644 index 94fcc2b297..0000000000 --- a/security/nss/cmd/bltest/tests/sha384/plaintext1 +++ /dev/null @@ -1 +0,0 @@ -abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu diff --git a/security/nss/cmd/bltest/tests/sha512/ciphertext0 b/security/nss/cmd/bltest/tests/sha512/ciphertext0 deleted file mode 100644 index 8b626e2379..0000000000 --- a/security/nss/cmd/bltest/tests/sha512/ciphertext0 +++ /dev/null @@ -1,2 +0,0 @@ -3a81oZNherrMQXNJriBBMRLm+k6JqX6iCp7u5ktV05ohkpkqJ0/BqDa6PCOj/uu9 -RU1EI2Q86A4qmslPpUyknw== diff --git a/security/nss/cmd/bltest/tests/sha512/ciphertext1 b/security/nss/cmd/bltest/tests/sha512/ciphertext1 deleted file mode 100644 index c02d1752d0..0000000000 --- a/security/nss/cmd/bltest/tests/sha512/ciphertext1 +++ /dev/null @@ -1,2 +0,0 @@ -jpWbddrjE9qM9PcoFPwUP493ecbrn3+hcpmurbaIkBhQHSieSQD35DMbmd7EtUM6 -x9Mp7rbdJlReluVbh0vpCQ== diff --git a/security/nss/cmd/bltest/tests/sha512/numtests b/security/nss/cmd/bltest/tests/sha512/numtests deleted file mode 100644 index 0cfbf08886..0000000000 --- a/security/nss/cmd/bltest/tests/sha512/numtests +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/security/nss/cmd/bltest/tests/sha512/plaintext0 b/security/nss/cmd/bltest/tests/sha512/plaintext0 deleted file mode 100644 index 8baef1b4ab..0000000000 --- a/security/nss/cmd/bltest/tests/sha512/plaintext0 +++ /dev/null @@ -1 +0,0 @@ -abc diff --git a/security/nss/cmd/bltest/tests/sha512/plaintext1 b/security/nss/cmd/bltest/tests/sha512/plaintext1 deleted file mode 100644 index 94fcc2b297..0000000000 --- a/security/nss/cmd/bltest/tests/sha512/plaintext1 +++ /dev/null @@ -1 +0,0 @@ -abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu diff --git a/security/nss/cmd/btoa/Makefile b/security/nss/cmd/btoa/Makefile deleted file mode 100644 index 6eb6e71da2..0000000000 --- a/security/nss/cmd/btoa/Makefile +++ /dev/null @@ -1,79 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/btoa/btoa.c b/security/nss/cmd/btoa/btoa.c deleted file mode 100644 index f140bddf8d..0000000000 --- a/security/nss/cmd/btoa/btoa.c +++ /dev/null @@ -1,213 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include "plgetopt.h" -#include "secutil.h" -#include "nssb64.h" -#include - -#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4)) -#if !defined(WIN32) -extern int fread(char *, size_t, size_t, FILE*); -extern int fwrite(char *, size_t, size_t, FILE*); -extern int fprintf(FILE *, char *, ...); -#endif -#endif - -#if defined(WIN32) -#include "fcntl.h" -#include "io.h" -#endif - -static PRInt32 -output_ascii (void *arg, const char *obuf, PRInt32 size) -{ - FILE *outFile = arg; - int nb; - - nb = fwrite(obuf, 1, size, outFile); - if (nb != size) { - PORT_SetError(SEC_ERROR_IO); - return -1; - } - - return nb; -} - -static SECStatus -encode_file(FILE *outFile, FILE *inFile) -{ - NSSBase64Encoder *cx; - int nb; - SECStatus status = SECFailure; - unsigned char ibuf[4096]; - - cx = NSSBase64Encoder_Create(output_ascii, outFile); - if (!cx) { - return -1; - } - - for (;;) { - if (feof(inFile)) break; - nb = fread(ibuf, 1, sizeof(ibuf), inFile); - if (nb != sizeof(ibuf)) { - if (nb == 0) { - if (ferror(inFile)) { - PORT_SetError(SEC_ERROR_IO); - goto loser; - } - /* eof */ - break; - } - } - - status = NSSBase64Encoder_Update(cx, ibuf, nb); - if (status != SECSuccess) goto loser; - } - - status = NSSBase64Encoder_Destroy(cx, PR_FALSE); - if (status != SECSuccess) - return status; - - /* - * Add a trailing CRLF. Note this must be done *after* the call - * to Destroy above (because only then are we sure all data has - * been written out). - */ - fwrite("\r\n", 1, 2, outFile); - return SECSuccess; - - loser: - (void) NSSBase64Encoder_Destroy(cx, PR_TRUE); - return status; -} - -static void Usage(char *progName) -{ - fprintf(stderr, - "Usage: %s [-i input] [-o output]\n", - progName); - fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n", - "-i input"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", - "-o output"); - exit(-1); -} - -int main(int argc, char **argv) -{ - char *progName; - SECStatus rv; - FILE *inFile, *outFile; - PLOptState *optstate; - PLOptStatus status; - - inFile = 0; - outFile = 0; - progName = strrchr(argv[0], '/'); - if (!progName) - progName = strrchr(argv[0], '\\'); - progName = progName ? progName+1 : argv[0]; - - /* Parse command line arguments */ - optstate = PL_CreateOptState(argc, argv, "i:o:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - default: - Usage(progName); - break; - - case 'i': - inFile = fopen(optstate->value, "rb"); - if (!inFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - return -1; - } - break; - - case 'o': - outFile = fopen(optstate->value, "wb"); - if (!outFile) { - fprintf(stderr, "%s: unable to open \"%s\" for writing\n", - progName, optstate->value); - return -1; - } - break; - } - } - if (status == PL_OPT_BAD) - Usage(progName); - if (!inFile) { -#if defined(WIN32) - /* If we're going to read binary data from stdin, we must put stdin - ** into O_BINARY mode or else incoming \r\n's will become \n's. - */ - - int smrv = _setmode(_fileno(stdin), _O_BINARY); - if (smrv == -1) { - fprintf(stderr, - "%s: Cannot change stdin to binary mode. Use -i option instead.\n", - progName); - return smrv; - } -#endif - inFile = stdin; - } - if (!outFile) { -#if defined(WIN32) - /* We're going to write binary data to stdout. We must put stdout - ** into O_BINARY mode or else outgoing \r\n's will become \r\r\n's. - */ - - int smrv = _setmode(_fileno(stdout), _O_BINARY); - if (smrv == -1) { - fprintf(stderr, - "%s: Cannot change stdout to binary mode. Use -o option instead.\n", - progName); - return smrv; - } -#endif - outFile = stdout; - } - rv = encode_file(outFile, inFile); - if (rv != SECSuccess) { - fprintf(stderr, "%s: lossage: error=%d errno=%d\n", - progName, PORT_GetError(), errno); - return -1; - } - return 0; -} diff --git a/security/nss/cmd/btoa/manifest.mn b/security/nss/cmd/btoa/manifest.mn deleted file mode 100644 index 394c661beb..0000000000 --- a/security/nss/cmd/btoa/manifest.mn +++ /dev/null @@ -1,53 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -# MODULE is implicitly REQUIRED, doesn't need to be listed below. -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = btoa.c - -PROGRAM = btoa - diff --git a/security/nss/cmd/certcgi/HOWTO.txt b/security/nss/cmd/certcgi/HOWTO.txt deleted file mode 100644 index f02ad32fd4..0000000000 --- a/security/nss/cmd/certcgi/HOWTO.txt +++ /dev/null @@ -1,168 +0,0 @@ - How to setup your very own Cert-O-Matic Root CA server - -***** BEGIN LICENSE BLOCK ***** -Version: MPL 1.1/GPL 2.0/LGPL 2.1 - -The contents of this file are subject to the Mozilla Public License Version -1.1 (the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at -http://www.mozilla.org/MPL/ - -Software distributed under the License is distributed on an "AS IS" basis, -WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -for the specific language governing rights and limitations under the -License. - -The Original Code is Netscape security libraries. - -The Initial Developer of the Original Code is Netscape Communications -Corporation. Portions created by the Initial Developer are -Copyright (C) 2001 the Initial Developer. All Rights Reserved. - -Contributor(s): - -Alternatively, the contents of this file may be used under the terms of -either the GNU General Public License Version 2 or later (the "GPL"), or -the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -in which case the provisions of the GPL or the LGPL are applicable instead -of those above. If you wish to allow use of your version of this file only -under the terms of either the GPL or the LGPL, and not to allow others to -use your version of this file under the terms of the MPL, indicate your -decision by deleting the provisions above and replace them with the notice -and other provisions required by the GPL or the LGPL. If you do not delete -the provisions above, a recipient may use your version of this file under -the terms of any one of the MPL, the GPL or the LGPL. - -***** END LICENSE BLOCK ***** - - How to setup your very own Cert-O-Matic Root CA server - -The program certcgi is part of a small test CA that is used inside -Netscape by the NSS development team. That CA is affectionately known -as "Cert-O-Matic" or "Cert-O-Matic II". It presently runs on a server -named interzone.mcom.com inside Netscape's firewall. - -If you wish to setup your own Cert-O-Matic, here are directions. - -Disclaimer: This program does not follow good practices for root CAs. -It should be used only for playing/testing and never for production use. -Remember, you've been warned! - -Cert-O-Matic consists of some html files, shell scripts, one executable -program that uses NSS and NSPR, the usual set of NSS .db files, and a file -in which to remember the serial number of the last cert issued. The -html files and the source to the executable program are in this directory. -Sample shell scripts are shown below. - -The shell scripts and executable program run as CGI "scripts". The -entire thing runs on an ordinary http web server. It would also run on -an https web server. The shell scripts and html files must be -customized for the server on which they run. - -The package assumes you have a "document root" directory $DOCROOT, and a -"cgi-bin" directory $CGIBIN. In this example, the document root is -assumed to be located in /var/www/htdocs, and the cgi-bin directory in -/var/www/cgi-bin. - -The server is assumed to run all cgi scripts as the user "nobody". -The names of the cgi scripts run directly by the server all end in .cgi -because some servers like it that way. - -Instructions: - -- Create directory $DOCROOT/certomatic -- Copy the following files from nss/cmd/certcgi to $DOCROOT/certomatic - ca.html index.html main.html nscp_ext_form.html stnd_ext_form.html -- Edit the html files, substituting the name of your own server for the - server named in those files. -- In some web page (e.g. your server's home page), provide an html link to - $DOCROOT/certomatic/index.html. This is where users start to get their - own certs from certomatic. -- give these files and directories appropriate permissions. - -- Create directories $CGIBIN/certomatic and $CGIBIN/certomatic/bin - make sure that $CGIBIN/certomatic is writable by "nobody" - -- Create a new set of NSS db files there with the following command: - - certutil -N -d $CGIBIN/certomatic - -- when certutil prompts you for the password, enter the word foo - because that is compiled into the certcgi program. - -- Create the new Root CA cert with this command - - certutil -S -x -d $CGIBIN/certomatic -n "Cert-O-Matic II" \ - -s "CN=Cert-O-Matic II, O=Cert-O-Matic II" -t TCu,cu,cu -k rsa \ - -g 1024 -m 10001 -v 60 - - (adjust the -g, -m and -v parameters to taste. -s and -x must be as -shown.) - -- dump out the new root CA cert in base64 encoding: - - certutil -d $CGIBIN/certomatic -L -n "Cert-O-Matic II" -a > \ - $CGIBIN/certomatic/root.cacert - -- In $CGIBIN/certomatic/bin add two shell scripts - one to download the - root CA cert on demand, and one to run the certcgi program. - -download.cgi, the script to install the root CA cert into a browser on -demand, is this: - -#!/bin/sh -echo "Content-type: application/x-x509-ca-cert" -echo -cat $CGIBIN/certomatic/root.cacert - -You'll have to put the real path into that cat command because CGIBIN -won't be defined when this script is run by the server. - -certcgi.cgi, the script to run the certcgi program is similar to this: - -#!/bin/sh -cd $CGIBIN/certomatic/bin -LD_LIBRARY_PATH=$PLATFORM/lib -export LD_LIBRARY_PATH -$PLATFORM/bin/certcgi $* 2>&1 - -Where $PLATFORM/lib is where the NSPR nad NSS DSOs are located, and -$PLATFORM/bin is where certcgi is located. PLATFORM is not defined when -the server runs this script, so you'll have to substitute the right value -in your script. certcgi requires that the working directory be one level -below the NSS DBs, that is, the DBs are accessed in the directory "..". - -You'll want to provide an html link somewhere to the script that downloads -the root.cacert file. You'll probably want to put that next to the link -that loads the index.html page. On interzone, this is done with the -following html: - -Cert-O-Matic II Root CA server -

-Download and trust Root CA -certificate - -The index.html file in this directory invokes the certcgi.cgi script with -the form post method, so if you change the name of the certcgi.cgi script, -you'll also have to change the index.html file in $DOCROOT/certomatic - -The 4 files used by the certcgi program (the 3 NSS DBs, and the serial -number file) are not required to live in $CGIBIN/certomatic, but they are -required to live in $CWD/.. when certcgi starts. - -Known bugs: - -1. Because multiple of these CAs exist simultaneously, it would be best if -they didn't all have to be called "Cert-O-Matic II", but that string is -presently hard coded into certcgi.c. - -2. the html files in this directory contain numerous extraneous

tags -which appear to use the post method and have action URLS that are never -actually used. burp.cgi and echoform.cgi are never actually used. This -should be cleaned up. - -3. The html files use tags which are supported only in Netscape -Navigator and Netscape Communication 4.x browsers. The html files do -not work as intended with Netscape 6.x, Mozilla or Microsoft IE browsers. -The html files should be fixed to work with all those named browsers. - diff --git a/security/nss/cmd/certcgi/Makefile b/security/nss/cmd/certcgi/Makefile deleted file mode 100644 index 140b4191ff..0000000000 --- a/security/nss/cmd/certcgi/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - -include ../platrules.mk - diff --git a/security/nss/cmd/certcgi/ca.html b/security/nss/cmd/certcgi/ca.html deleted file mode 100644 index 5525b382a4..0000000000 --- a/security/nss/cmd/certcgi/ca.html +++ /dev/null @@ -1,51 +0,0 @@ - - - - - Use the Cert-O-matic certificate to issue the cert

- Use a - CA long - automatically generated chain ending with the Cert-O-Matic Cert - (18 maximum)

- Use a - CA long - user input chain ending in the Cert-O-Matic Cert.

- diff --git a/security/nss/cmd/certcgi/ca_form.html b/security/nss/cmd/certcgi/ca_form.html deleted file mode 100644 index cb3e195eae..0000000000 --- a/security/nss/cmd/certcgi/ca_form.html +++ /dev/null @@ -1,388 +0,0 @@ - - -
- - - - - - - - - - - - - -
- Common Name:

- 		- Mail:

- RFC 1274 - e-mail
- Organization:

- Organizational Unit:

- RFC 1274 UID:

- Locality:

- State or Province:

- Country:

- - - - - - - -
- Serial Number:

-
- Auto Generate

-
- - Use this value:

-
- X.509 version:

-
- Version 1

-
- Version 3

 - Key Type:

-
- RSA

-
- DSA

- DN:

- -

-
-

- - - - - - - - - - - - - - - - - -
- Netscape Certificate Type:

- Activate extension:

- Critical: - 		- SSL Client

- SSL Server

- S/MIME

- Object Signing

- Reserved for future use (bit 4)

- SSL CA

- S/MIME CA

- Object Signing CA

-
- Netscape Base URL:

- Activate extension:

- Critical: - 		- -
- Netscape Revocation URL:

- Activate extension:

- Critical: - 		- -
- Netscape CA Revocation URL:

- Activate extension:

- Critical: - 		- -
- Netscape Certificate Renewal URL:

- Activate extension:

- Critical: - 		- -
- Netscape CA Policy URL:

- Activate extension:

- Critical: - 		- -
- Netscape SSL Server Name:

- Activate extension:

- Critical: - 		- -
- Netscape Comment:

- Activate extension:

- Critical: - 		- -
-

-
-

- - - - - - - - - - - - - - - - - - - - - - - -
- Key Usage:

- Activate extension:

- Critical: - 		- Digital Signature

- Non Repudiation

- Key Encipherment

- Data Encipherment

- Key Agreement

- Key Certificate Signing

- CRL Signing

-
- Extended Key Usage:

- Activate extension:

- Critical: - 		- Server Auth

- Client Auth

- Code Signing

- Email Protection

- Timestamp

- OCSP Responder

- Step-up

-
- Basic Constraints:

- Activate extension:

- Critical: - 		- CA:

-
True

-
False

- - Include Path length:

-
- Authority Key Identifier:

- Activate extension: - 		- Key Identider

- Issuer Name and Serial number

-
- Subject Key Identifier:

- Activate extension: - 		- Key Identifier: -

- This is an:

-

ascii text value

-

hex value

-

- Private Key Usage Period:

- Activate extension:

- Critical: - 		- Use:

-
Not Before

-
Not After

-
Both

- Not to be used to sign before:

-
Set to time of certificate issue

-
Use This value

-
(YYYY/MM/DD HH:MM:SS): - / - / - - : - : -

- Not to be used to sign after:

-
(YYYY/MM/DD HH:MM:SS): - / - / - - : - : -

-
- Subject Alternative Name:

- Activate extension:

- Critical: - 		- - - -
- General Names:

-

- - - 		- -
- Name Type:
- Other Name, - OID: - RFC 822 Name
- DNS Name - X400 Address
- Directory Name - EDI Party Name
- Uniform Resource Locator - IP Address
- Registered ID - Netscape Certificate Nickname
- Name: - Binary Encoded:

-
-
- Issuer Alternative Name:

- Activate extension:

- Critical: - 		- Use the Subject Alternative Name from the Issuers Certificate

- Use this Name: - - - -
- General Names:

-

- - - 		- -
- Name Type:
- Other Name, - OID: - RFC 822 Name
- DNS Name - X400 Address
- Directory Name - EDI Party Name
- Uniform Resource Locator - IP Address
- Registered ID
- Name: - Binary Encoded:

-
-
- Name Constraints:

- Activate extension:

- 		- - - -
- Name Constraints:

- - -

- - - 		- -
- Name Type:
- Other Name, - OID: - RFC 822 Name
- DNS Name - X400 Address
- Directory Name - EDI Party Name
- Uniform Resource Locator - IP Address
- Registered ID
- Name: - Binary Encoded:

- Constraint type:

-

permited

-

excluded

- Minimum:

- Maximum:

- - - -
-
-
- - - - - - - - - - diff --git a/security/nss/cmd/certcgi/certcgi.c b/security/nss/cmd/certcgi/certcgi.c deleted file mode 100644 index 6bdba7cb95..0000000000 --- a/security/nss/cmd/certcgi/certcgi.c +++ /dev/null @@ -1,2415 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* Cert-O-Matic CGI */ - - -#include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" - -#include "pk11func.h" -#include "cert.h" -#include "cryptohi.h" -#include "secoid.h" -#include "secder.h" -#include "genname.h" -#include "xconst.h" -#include "secutil.h" -#include "pk11pqg.h" -#include "certxutl.h" -#include "nss.h" - - -/* #define TEST 1 */ -/* #define FILEOUT 1 */ -/* #define OFFLINE 1 */ -#define START_FIELDS 100 -#define PREFIX_LEN 6 -#define SERIAL_FILE "../serial" -#define DB_DIRECTORY ".." - -static char *progName; - -typedef struct PairStr Pair; - -struct PairStr { - char *name; - char *data; -}; - - -char prefix[PREFIX_LEN]; - - -const SEC_ASN1Template CERTIA5TypeTemplate[] = { - { SEC_ASN1_IA5_STRING } -}; - - - -SECKEYPrivateKey *privkeys[9] = {NULL, NULL, NULL, NULL, NULL, NULL, NULL, - NULL, NULL}; - - -#ifdef notdef -const SEC_ASN1Template CERT_GeneralNameTemplate[] = { - { SEC_ASN1_SEQUENCE_OF, 0, SEC_AnyTemplate } -}; -#endif - - -static void -error_out(char *error_string) -{ - printf("Content-type: text/plain\n\n"); - printf(error_string); - fflush(stderr); - fflush(stdout); - exit(1); -} - -static void -error_allocate(void) -{ - error_out("ERROR: Unable to allocate memory"); -} - - -static char * -make_copy_string(char *read_pos, - int length, - char sentinal_value) - /* copys string from to a new string it creates and - returns a pointer to the new string */ -{ - int remaining = length; - char *write_pos; - char *new; - - new = write_pos = (char *) PORT_Alloc (length); - if (new == NULL) { - error_allocate(); - } - while (*read_pos != sentinal_value) { - if (remaining == 1) { - remaining += length; - length = length * 2; - new = PORT_Realloc(new,length); - if (new == NULL) { - error_allocate(); - } - write_pos = new + length - remaining; - } - *write_pos = *read_pos; - ++write_pos; - ++read_pos; - remaining = remaining - 1; - } - *write_pos = '\0'; - return new; -} - - -static SECStatus -clean_input(Pair *data) - /* converts the non-alphanumeric characters in a form post - from hex codes back to characters */ -{ - int length; - int hi_digit; - int low_digit; - char character; - char *begin_pos; - char *read_pos; - char *write_pos; - PRBool name = PR_TRUE; - - begin_pos = data->name; - while (begin_pos != NULL) { - length = strlen(begin_pos); - read_pos = write_pos = begin_pos; - while ((read_pos - begin_pos) < length) { - if (*read_pos == '+') { - *read_pos = ' '; - } - if (*read_pos == '%') { - hi_digit = *(read_pos + 1); - low_digit = *(read_pos +2); - read_pos += 3; - if (isdigit(hi_digit)){ - hi_digit = hi_digit - '0'; - } else { - hi_digit = toupper(hi_digit); - if (isxdigit(hi_digit)) { - hi_digit = (hi_digit - 'A') + 10; - } else { - error_out("ERROR: Form data incorrectly formated"); - } - } - if (isdigit(low_digit)){ - low_digit = low_digit - '0'; - } else { - low_digit = toupper(low_digit); - if ((low_digit >='A') && (low_digit <= 'F')) { - low_digit = (low_digit - 'A') + 10; - } else { - error_out("ERROR: Form data incorrectly formated"); - } - } - character = (hi_digit << 4) | low_digit; - if (character != 10) { - *write_pos = character; - ++write_pos; - } - } else { - *write_pos = *read_pos; - ++write_pos; - ++read_pos; - } - } - *write_pos = '\0'; - if (name == PR_TRUE) { - begin_pos = data->data; - name = PR_FALSE; - } else { - data++; - begin_pos = data->name; - name = PR_TRUE; - } - } - return SECSuccess; -} - -static char * -make_name(char *new_data) - /* gets the next field name in the input string and returns - a pointer to a string containing a copy of it */ -{ - int length = 20; - char *name; - - name = make_copy_string(new_data, length, '='); - return name; -} - -static char * -make_data(char *new_data) - /* gets the data for the next field in the input string - and returns a pointer to a string containing it */ -{ - int length = 100; - char *data; - char *read_pos; - - read_pos = new_data; - while (*(read_pos - 1) != '=') { - ++read_pos; - } - data = make_copy_string(read_pos, length, '&'); - return data; -} - - -static Pair -make_pair(char *new_data) - /* makes a pair name/data pair from the input string */ -{ - Pair temp; - - temp.name = make_name(new_data); - temp.data = make_data(new_data); - return temp; -} - - - -static Pair * -make_datastruct(char *data, int len) - /* parses the input from the form post into a data - structure of field name/data pairs */ -{ - Pair *datastruct; - Pair *current; - char *curr_pos; - int fields = START_FIELDS; - int remaining = START_FIELDS; - - curr_pos = data; - datastruct = current = (Pair *) PORT_Alloc(fields * sizeof(Pair)); - if (datastruct == NULL) { - error_allocate(); - } - while (curr_pos - data < len) { - if (remaining == 1) { - remaining += fields; - fields = fields * 2; - datastruct = (Pair *) PORT_Realloc - (datastruct, fields * sizeof(Pair)); - if (datastruct == NULL) { - error_allocate(); - } - current = datastruct + (fields - remaining); - } - *current = make_pair(curr_pos); - while (*curr_pos != '&') { - ++curr_pos; - } - ++curr_pos; - ++current; - remaining = remaining - 1; - } - current->name = NULL; - return datastruct; -} - -static char * -return_name(Pair *data_struct, - int n) - /* returns a pointer to the name of the nth - (starting from 0) item in the data structure */ -{ - char *name; - - if ((data_struct + n)->name != NULL) { - name = (data_struct + n)->name; - return name; - } else { - return NULL; - } -} - -static char * -return_data(Pair *data_struct,int n) - /* returns a pointer to the data of the nth (starting from 0) - itme in the data structure */ -{ - char *data; - - data = (data_struct + n)->data; - return data; -} - - -static char * -add_prefix(char *field_name) -{ - extern char prefix[PREFIX_LEN]; - int i = 0; - char *rv; - char *write; - - rv = write = PORT_Alloc(PORT_Strlen(prefix) + PORT_Strlen(field_name) + 1); - for(i = 0; i < PORT_Strlen(prefix); i++) { - *write = prefix[i]; - write++; - } - *write = '\0'; - rv = PORT_Strcat(rv,field_name); - return rv; -} - - -static char * -find_field(Pair *data, - char *field_name, - PRBool add_pre) - /* returns a pointer to the data of the first pair - thats name matches the string it is passed */ -{ - int i = 0; - char *retrieved; - int found = 0; - - if (add_pre) { - field_name = add_prefix(field_name); - } - while(return_name(data, i) != NULL) { - if (PORT_Strcmp(return_name(data, i), field_name) == 0) { - retrieved = return_data(data, i); - found = 1; - break; - } - i++; - } - if (!found) { - retrieved = NULL; - } - return retrieved; -} - -static PRBool -find_field_bool(Pair *data, - char *fieldname, - PRBool add_pre) -{ - char *rv; - - rv = find_field(data, fieldname, add_pre); - - if ((rv != NULL) && (PORT_Strcmp(rv, "true")) == 0) { - return PR_TRUE; - } else { - return PR_FALSE; - } -} - -static char * -update_data_by_name(Pair *data, - char *field_name, - char *new_data) - /* replaces the data in the data structure associated with - a name with new data, returns null if not found */ -{ - int i = 0; - int found = 0; - int length = 100; - char *new; - - while (return_name(data, i) != NULL) { - if (PORT_Strcmp(return_name(data, i), field_name) == 0) { - new = make_copy_string( new_data, length, '\0'); - PORT_Free(return_data(data, i)); - found = 1; - (*(data + i)).data = new; - break; - } - i++; - } - if (!found) { - new = NULL; - } - return new; -} - -static char * -update_data_by_index(Pair *data, - int n, - char *new_data) - /* replaces the data of a particular index in the data structure */ -{ - int length = 100; - char *new; - - new = make_copy_string(new_data, length, '\0'); - PORT_Free(return_data(data, n)); - (*(data + n)).data = new; - return new; -} - - -static Pair * -add_field(Pair *data, - char* field_name, - char* field_data) - /* adds a new name/data pair to the data structure */ -{ - int i = 0; - int j; - int name_length = 100; - int data_length = 100; - - while(return_name(data, i) != NULL) { - i++; - } - j = START_FIELDS; - while ( j < (i + 1) ) { - j = j * 2; - } - if (j == (i + 1)) { - data = (Pair *) PORT_Realloc(data, (j * 2) * sizeof(Pair)); - if (data == NULL) { - error_allocate(); - } - } - (*(data + i)).name = make_copy_string(field_name, name_length, '\0'); - (*(data + i)).data = make_copy_string(field_data, data_length, '\0'); - (data + i + 1)->name = NULL; - return data; -} - - -static CERTCertificateRequest * -makeCertReq(Pair *form_data, - int which_priv_key) - /* makes and encodes a certrequest */ -{ - - PK11SlotInfo *slot; - CERTCertificateRequest *certReq = NULL; - CERTSubjectPublicKeyInfo *spki; - SECKEYPrivateKey *privkey = NULL; - SECKEYPublicKey *pubkey = NULL; - CERTName *name; - char *key; - extern SECKEYPrivateKey *privkeys[9]; - int keySizeInBits; - char *challenge = "foo"; - SECStatus rv = SECSuccess; - PQGParams *pqgParams = NULL; - PQGVerify *pqgVfy = NULL; - - name = CERT_AsciiToName(find_field(form_data, "subject", PR_TRUE)); - if (name == NULL) { - error_out("ERROR: Unable to create Subject Name"); - } - key = find_field(form_data, "key", PR_TRUE); - if (key == NULL) { - switch (*find_field(form_data, "keysize", PR_TRUE)) { - case '0': - keySizeInBits = 2048; - break; - case '1': - keySizeInBits = 1024; - break; - case '2': - keySizeInBits = 512; - break; - default: - error_out("ERROR: Unsupported Key length selected"); - } - if (find_field_bool(form_data, "keyType-dsa", PR_TRUE)) { - rv = PK11_PQG_ParamGen(keySizeInBits, &pqgParams, &pqgVfy); - if (rv != SECSuccess) { - error_out("ERROR: Unable to generate PQG parameters"); - } - slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); - privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, - pqgParams,&pubkey, PR_FALSE, - PR_TRUE, NULL); - } else { - privkey = SECKEY_CreateRSAPrivateKey(keySizeInBits, &pubkey, NULL); - } - privkeys[which_priv_key] = privkey; - spki = SECKEY_CreateSubjectPublicKeyInfo(pubkey); - } else { - spki = SECKEY_ConvertAndDecodePublicKeyAndChallenge(key, challenge, - NULL); - if (spki == NULL) { - error_out("ERROR: Unable to decode Public Key and Challenge String"); - } - } - certReq = CERT_CreateCertificateRequest(name, spki, NULL); - if (certReq == NULL) { - error_out("ERROR: Unable to create Certificate Request"); - } - if (pubkey != NULL) { - SECKEY_DestroyPublicKey(pubkey); - } - if (spki != NULL) { - SECKEY_DestroySubjectPublicKeyInfo(spki); - } - if (pqgParams != NULL) { - PK11_PQG_DestroyParams(pqgParams); - } - if (pqgVfy != NULL) { - PK11_PQG_DestroyVerify(pqgVfy); - } - return certReq; -} - - - -static CERTCertificate * -MakeV1Cert(CERTCertDBHandle *handle, - CERTCertificateRequest *req, - char *issuerNameStr, - PRBool selfsign, - int serialNumber, - int warpmonths, - Pair *data) -{ - CERTCertificate *issuerCert = NULL; - CERTValidity *validity; - CERTCertificate *cert = NULL; - PRExplodedTime printableTime; - PRTime now, - after; - SECStatus rv; - - - - if ( !selfsign ) { - issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); - if (!issuerCert) { - error_out("ERROR: Could not find issuer's certificate"); - return NULL; - } - } - if (find_field_bool(data, "manValidity", PR_TRUE)) { - rv = DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE)); - } else { - now = PR_Now(); - } - PR_ExplodeTime (now, PR_GMTParameters, &printableTime); - if ( warpmonths ) { - printableTime.tm_month += warpmonths; - now = PR_ImplodeTime (&printableTime); - PR_ExplodeTime (now, PR_GMTParameters, &printableTime); - } - if (find_field_bool(data, "manValidity", PR_TRUE)) { - rv = DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE)); - PR_ExplodeTime (after, PR_GMTParameters, &printableTime); - } else { - printableTime.tm_month += 3; - after = PR_ImplodeTime (&printableTime); - } - /* note that the time is now in micro-second unit */ - validity = CERT_CreateValidity (now, after); - - if ( selfsign ) { - cert = CERT_CreateCertificate - (serialNumber,&(req->subject), validity, req); - } else { - cert = CERT_CreateCertificate - (serialNumber,&(issuerCert->subject), validity, req); - } - - CERT_DestroyValidity(validity); - if ( issuerCert ) { - CERT_DestroyCertificate (issuerCert); - } - return(cert); -} - -static int -get_serial_number(Pair *data) -{ - int serial = 0; - int error; - char *filename = SERIAL_FILE; - char *SN; - FILE *serialFile; - - - if (find_field_bool(data, "serial-auto", PR_TRUE)) { - serialFile = fopen(filename, "r"); - if (serialFile != NULL) { - fread(&serial, sizeof(int), 1, serialFile); - if (ferror(serialFile) != 0) { - error_out("Error: Unable to read serial number file"); - } - if (serial == 4294967295) { - serial = 21; - } - fclose(serialFile); - ++serial; - serialFile = fopen(filename,"w"); - if (serialFile == NULL) { - error_out("ERROR: Unable to open serial number file for writing"); - } - fwrite(&serial, sizeof(int), 1, serialFile); - if (ferror(serialFile) != 0) { - error_out("Error: Unable to write to serial number file"); - } - } else { - fclose(serialFile); - serialFile = fopen(filename,"w"); - if (serialFile == NULL) { - error_out("ERROR: Unable to open serial number file"); - } - serial = 21; - fwrite(&serial, sizeof(int), 1, serialFile); - if (ferror(serialFile) != 0) { - error_out("Error: Unable to write to serial number file"); - } - error = ferror(serialFile); - if (error != 0) { - error_out("ERROR: Unable to write to serial file"); - } - } - fclose(serialFile); - } else { - SN = find_field(data, "serial_value", PR_TRUE); - while (*SN != '\0') { - serial = serial * 16; - if ((*SN >= 'A') && (*SN <='F')) { - serial += *SN - 'A' + 10; - } else { - if ((*SN >= 'a') && (*SN <='f')) { - serial += *SN - 'a' + 10; - } else { - serial += *SN - '0'; - } - } - ++SN; - } - } - return serial; -} - - - -typedef SECStatus (* EXTEN_VALUE_ENCODER) - (PRArenaPool *extHandle, void *value, SECItem *encodedValue); - -static SECStatus -EncodeAndAddExtensionValue( - PRArenaPool *arena, - void *extHandle, - void *value, - PRBool criticality, - int extenType, - EXTEN_VALUE_ENCODER EncodeValueFn) -{ - SECItem encodedValue; - SECStatus rv; - - - encodedValue.data = NULL; - encodedValue.len = 0; - rv = (*EncodeValueFn)(arena, value, &encodedValue); - if (rv != SECSuccess) { - error_out("ERROR: Unable to encode extension value"); - } - rv = CERT_AddExtension - (extHandle, extenType, &encodedValue, criticality, PR_TRUE); - return (rv); -} - - - -static SECStatus -AddKeyUsage (void *extHandle, - Pair *data) -{ - SECItem bitStringValue; - unsigned char keyUsage = 0x0; - - if (find_field_bool(data,"keyUsage-digitalSignature", PR_TRUE)){ - keyUsage |= (0x80 >> 0); - } - if (find_field_bool(data,"keyUsage-nonRepudiation", PR_TRUE)){ - keyUsage |= (0x80 >> 1); - } - if (find_field_bool(data,"keyUsage-keyEncipherment", PR_TRUE)){ - keyUsage |= (0x80 >> 2); - } - if (find_field_bool(data,"keyUsage-dataEncipherment", PR_TRUE)){ - keyUsage |= (0x80 >> 3); - } - if (find_field_bool(data,"keyUsage-keyAgreement", PR_TRUE)){ - keyUsage |= (0x80 >> 4); - } - if (find_field_bool(data,"keyUsage-keyCertSign", PR_TRUE)) { - keyUsage |= (0x80 >> 5); - } - if (find_field_bool(data,"keyUsage-cRLSign", PR_TRUE)) { - keyUsage |= (0x80 >> 6); - } - - bitStringValue.data = &keyUsage; - bitStringValue.len = 1; - - return (CERT_EncodeAndAddBitStrExtension - (extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue, - (find_field_bool(data, "keyUsage-crit", PR_TRUE)))); - -} - -static CERTOidSequence * -CreateOidSequence(void) -{ - CERTOidSequence *rv = (CERTOidSequence *)NULL; - PRArenaPool *arena = (PRArenaPool *)NULL; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if( (PRArenaPool *)NULL == arena ) { - goto loser; - } - - rv = (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence)); - if( (CERTOidSequence *)NULL == rv ) { - goto loser; - } - - rv->oids = (SECItem **)PORT_ArenaZAlloc(arena, sizeof(SECItem *)); - if( (SECItem **)NULL == rv->oids ) { - goto loser; - } - - rv->arena = arena; - return rv; - - loser: - if( (PRArenaPool *)NULL != arena ) { - PORT_FreeArena(arena, PR_FALSE); - } - - return (CERTOidSequence *)NULL; -} - -static SECStatus -AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag) -{ - SECItem **oids; - PRUint32 count = 0; - SECOidData *od; - - od = SECOID_FindOIDByTag(oidTag); - if( (SECOidData *)NULL == od ) { - return SECFailure; - } - - for( oids = os->oids; (SECItem *)NULL != *oids; oids++ ) { - count++; - } - - /* ArenaZRealloc */ - - { - PRUint32 i; - - oids = (SECItem **)PORT_ArenaZAlloc(os->arena, sizeof(SECItem *) * (count+2)); - if( (SECItem **)NULL == oids ) { - return SECFailure; - } - - for( i = 0; i < count; i++ ) { - oids[i] = os->oids[i]; - } - - /* ArenaZFree(os->oids); */ - } - - os->oids = oids; - os->oids[count] = &od->oid; - - return SECSuccess; -} - -static SECItem * -EncodeOidSequence(CERTOidSequence *os) -{ - SECItem *rv; - extern const SEC_ASN1Template CERT_OidSeqTemplate[]; - - rv = (SECItem *)PORT_ArenaZAlloc(os->arena, sizeof(SECItem)); - if( (SECItem *)NULL == rv ) { - goto loser; - } - - if( !SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate) ) { - goto loser; - } - - return rv; - - loser: - return (SECItem *)NULL; -} - -static SECStatus -AddExtKeyUsage(void *extHandle, Pair *data) -{ - SECStatus rv; - CERTOidSequence *os; - SECItem *value; - PRBool crit; - - os = CreateOidSequence(); - if( (CERTOidSequence *)NULL == os ) { - return SECFailure; - } - - if( find_field_bool(data, "extKeyUsage-serverAuth", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-clientAuth", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-codeSign", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-emailProtect", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-timeStamp", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-ocspResponder", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER); - if( SECSuccess != rv ) goto loser; - } - - if( find_field_bool(data, "extKeyUsage-NS-govtApproved", PR_TRUE) ) { - rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED); - if( SECSuccess != rv ) goto loser; - } - - value = EncodeOidSequence(os); - - crit = find_field_bool(data, "extKeyUsage-crit", PR_TRUE); - - rv = CERT_AddExtension(extHandle, SEC_OID_X509_EXT_KEY_USAGE, value, - crit, PR_TRUE); - /*FALLTHROUGH*/ - loser: - CERT_DestroyOidSequence(os); - return rv; -} - -static SECStatus -AddSubKeyID(void *extHandle, - Pair *data, - CERTCertificate *subjectCert) -{ - SECItem encodedValue; - SECStatus rv; - char *read; - char *write; - char *first; - char character; - int high_digit = 0, - low_digit = 0; - int len; - PRBool odd = PR_FALSE; - - - encodedValue.data = NULL; - encodedValue.len = 0; - first = read = write = find_field(data,"subjectKeyIdentifier-text", - PR_TRUE); - len = PORT_Strlen(first); - odd = ((len % 2) != 0 ) ? PR_TRUE : PR_FALSE; - if (find_field_bool(data, "subjectKeyIdentifier-radio-hex", PR_TRUE)) { - if (odd) { - error_out("ERROR: Improperly formated subject key identifier, hex values must be expressed as an octet string"); - } - while (*read != '\0') { - if (!isxdigit(*read)) { - error_out("ERROR: Improperly formated subject key identifier"); - } - *read = toupper(*read); - if ((*read >= 'A') && (*read <= 'F')) { - high_digit = *read - 'A' + 10; - } else { - high_digit = *read - '0'; - } - ++read; - if (!isxdigit(*read)) { - error_out("ERROR: Improperly formated subject key identifier"); - } - *read = toupper(*read); - if ((*read >= 'A') && (*read <= 'F')) { - low_digit = *(read) - 'A' + 10; - } else { - low_digit = *(read) - '0'; - } - character = (high_digit << 4) | low_digit; - *write = character; - ++write; - ++read; - } - *write = '\0'; - len = write - first; - } - subjectCert->subjectKeyID.data = (unsigned char *) find_field - (data,"subjectKeyIdentifier-text", PR_TRUE); - subjectCert->subjectKeyID.len = len; - rv = CERT_EncodeSubjectKeyID - (NULL, find_field(data,"subjectKeyIdentifier-text", PR_TRUE), - len, &encodedValue); - if (rv) { - return (rv); - } - return (CERT_AddExtension(extHandle, SEC_OID_X509_SUBJECT_KEY_ID, - &encodedValue, PR_FALSE, PR_TRUE)); -} - - -static SECStatus -AddAuthKeyID (void *extHandle, - Pair *data, - char *issuerNameStr, - CERTCertDBHandle *handle) -{ - CERTAuthKeyID *authKeyID = NULL; - PRArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - CERTCertificate *issuerCert = NULL; - CERTGeneralName *genNames; - CERTName *directoryName = NULL; - - - issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - error_allocate(); - } - - authKeyID = PORT_ArenaZAlloc (arena, sizeof (CERTAuthKeyID)); - if (authKeyID == NULL) { - error_allocate(); - } - if (find_field_bool(data, "authorityKeyIdentifier-radio-keyIdentifier", - PR_TRUE)) { - authKeyID->keyID.data = PORT_ArenaAlloc (arena, PORT_Strlen - ((char *)issuerCert->subjectKeyID.data)); - if (authKeyID->keyID.data == NULL) { - error_allocate(); - } - PORT_Memcpy (authKeyID->keyID.data, issuerCert->subjectKeyID.data, - authKeyID->keyID.len = - PORT_Strlen((char *)issuerCert->subjectKeyID.data)); - } else { - - PORT_Assert (arena); - genNames = (CERTGeneralName *) PORT_ArenaZAlloc (arena, (sizeof(CERTGeneralName))); - if (genNames == NULL){ - error_allocate(); - } - genNames->l.next = genNames->l.prev = &(genNames->l); - genNames->type = certDirectoryName; - - directoryName = CERT_AsciiToName(issuerCert->subjectName); - if (!directoryName) { - error_out("ERROR: Unable to create Directory Name"); - } - rv = CERT_CopyName (arena, &genNames->name.directoryName, - directoryName); - CERT_DestroyName (directoryName); - if (rv != SECSuccess) { - error_out("ERROR: Unable to copy Directory Name"); - } - authKeyID->authCertIssuer = genNames; - if (authKeyID->authCertIssuer == NULL && SECFailure == - PORT_GetError ()) { - error_out("ERROR: Unable to get Issuer General Name for Authority Key ID Extension"); - } - authKeyID->authCertSerialNumber = issuerCert->serialNumber; - } - rv = EncodeAndAddExtensionValue(arena, extHandle, authKeyID, PR_FALSE, - SEC_OID_X509_AUTH_KEY_ID, - (EXTEN_VALUE_ENCODER) - CERT_EncodeAuthKeyID); - if (arena) { - PORT_FreeArena (arena, PR_FALSE); - } - return (rv); -} - - -static SECStatus -AddPrivKeyUsagePeriod(void *extHandle, - Pair *data, - CERTCertificate *cert) -{ - char *notBeforeStr; - char *notAfterStr; - PRArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - CERTPrivKeyUsagePeriod *pkup; - - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - error_allocate(); - } - pkup = PORT_ArenaZNew (arena, CERTPrivKeyUsagePeriod); - if (pkup == NULL) { - error_allocate(); - } - notBeforeStr = (char *) PORT_Alloc(16 ); - notAfterStr = (char *) PORT_Alloc(16 ); - *notBeforeStr = '\0'; - *notAfterStr = '\0'; - pkup->arena = arena; - pkup->notBefore.len = 0; - pkup->notBefore.data = NULL; - pkup->notAfter.len = 0; - pkup->notAfter.data = NULL; - if (find_field_bool(data, "privKeyUsagePeriod-radio-notBefore", PR_TRUE) || - find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) { - pkup->notBefore.len = 15; - pkup->notBefore.data = (unsigned char *)notBeforeStr; - if (find_field_bool(data, "privKeyUsagePeriod-notBefore-radio-manual", - PR_TRUE)) { - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-year", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-month", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-day", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-hour", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-minute", - PR_TRUE)); - PORT_Strcat(notBeforeStr,find_field(data, - "privKeyUsagePeriod-notBefore-second", - PR_TRUE)); - if ((*(notBeforeStr + 14) != '\0') || - (!isdigit(*(notBeforeStr + 13))) || - (*(notBeforeStr + 12) >= '5' && *(notBeforeStr + 12) <= '0') || - (!isdigit(*(notBeforeStr + 11))) || - (*(notBeforeStr + 10) >= '5' && *(notBeforeStr + 10) <= '0') || - (!isdigit(*(notBeforeStr + 9))) || - (*(notBeforeStr + 8) >= '2' && *(notBeforeStr + 8) <= '0') || - (!isdigit(*(notBeforeStr + 7))) || - (*(notBeforeStr + 6) >= '3' && *(notBeforeStr + 6) <= '0') || - (!isdigit(*(notBeforeStr + 5))) || - (*(notBeforeStr + 4) >= '1' && *(notBeforeStr + 4) <= '0') || - (!isdigit(*(notBeforeStr + 3))) || - (!isdigit(*(notBeforeStr + 2))) || - (!isdigit(*(notBeforeStr + 1))) || - (!isdigit(*(notBeforeStr + 0))) || - (*(notBeforeStr + 8) == '2' && *(notBeforeStr + 9) >= '4') || - (*(notBeforeStr + 6) == '3' && *(notBeforeStr + 7) >= '1') || - (*(notBeforeStr + 4) == '1' && *(notBeforeStr + 5) >= '2')) { - error_out("ERROR: Improperly formated private key usage period"); - } - *(notBeforeStr + 14) = 'Z'; - *(notBeforeStr + 15) = '\0'; - } else { - if ((*(cert->validity.notBefore.data) > '5') || - ((*(cert->validity.notBefore.data) == '5') && - (*(cert->validity.notBefore.data + 1) != '0'))) { - PORT_Strcat(notBeforeStr, "19"); - } else { - PORT_Strcat(notBeforeStr, "20"); - } - PORT_Strcat(notBeforeStr, (char *)cert->validity.notBefore.data); - } - } - if (find_field_bool(data, "privKeyUsagePeriod-radio-notAfter", PR_TRUE) || - find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) { - pkup->notAfter.len = 15; - pkup->notAfter.data = (unsigned char *)notAfterStr; - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-year", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-month", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-day", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-hour", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-minute", - PR_TRUE)); - PORT_Strcat(notAfterStr,find_field(data,"privKeyUsagePeriod-notAfter-second", - PR_TRUE)); - if ((*(notAfterStr + 14) != '\0') || - (!isdigit(*(notAfterStr + 13))) || - (*(notAfterStr + 12) >= '5' && *(notAfterStr + 12) <= '0') || - (!isdigit(*(notAfterStr + 11))) || - (*(notAfterStr + 10) >= '5' && *(notAfterStr + 10) <= '0') || - (!isdigit(*(notAfterStr + 9))) || - (*(notAfterStr + 8) >= '2' && *(notAfterStr + 8) <= '0') || - (!isdigit(*(notAfterStr + 7))) || - (*(notAfterStr + 6) >= '3' && *(notAfterStr + 6) <= '0') || - (!isdigit(*(notAfterStr + 5))) || - (*(notAfterStr + 4) >= '1' && *(notAfterStr + 4) <= '0') || - (!isdigit(*(notAfterStr + 3))) || - (!isdigit(*(notAfterStr + 2))) || - (!isdigit(*(notAfterStr + 1))) || - (!isdigit(*(notAfterStr + 0))) || - (*(notAfterStr + 8) == '2' && *(notAfterStr + 9) >= '4') || - (*(notAfterStr + 6) == '3' && *(notAfterStr + 7) >= '1') || - (*(notAfterStr + 4) == '1' && *(notAfterStr + 5) >= '2')) { - error_out("ERROR: Improperly formated private key usage period"); - } - *(notAfterStr + 14) = 'Z'; - *(notAfterStr + 15) = '\0'; - } - - PORT_Assert (arena); - - rv = EncodeAndAddExtensionValue(arena, extHandle, pkup, - find_field_bool(data, - "privKeyUsagePeriod-crit", - PR_TRUE), - SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD, - (EXTEN_VALUE_ENCODER) - CERT_EncodePrivateKeyUsagePeriod); - if (arena) { - PORT_FreeArena (arena, PR_FALSE); - } - if (notBeforeStr != NULL) { - PORT_Free(notBeforeStr); - } - if (notAfterStr != NULL) { - PORT_Free(notAfterStr); - } - return (rv); -} - -static SECStatus -AddBasicConstraint(void *extHandle, - Pair *data) -{ - CERTBasicConstraints basicConstraint; - SECItem encodedValue; - SECStatus rv; - - encodedValue.data = NULL; - encodedValue.len = 0; - basicConstraint.pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT; - basicConstraint.isCA = (find_field_bool(data,"basicConstraints-cA-radio-CA", - PR_TRUE)); - if (find_field_bool(data,"basicConstraints-pathLengthConstraint", PR_TRUE)){ - basicConstraint.pathLenConstraint = atoi - (find_field(data,"basicConstraints-pathLengthConstraint-text", - PR_TRUE)); - } - - rv = CERT_EncodeBasicConstraintValue (NULL, &basicConstraint, - &encodedValue); - if (rv) - return (rv); - rv = CERT_AddExtension(extHandle, SEC_OID_X509_BASIC_CONSTRAINTS, - &encodedValue, - (find_field_bool(data,"basicConstraints-crit", - PR_TRUE)), PR_TRUE); - - PORT_Free (encodedValue.data); - return (rv); -} - - - -static SECStatus -AddNscpCertType (void *extHandle, - Pair *data) -{ - SECItem bitStringValue; - unsigned char CertType = 0x0; - - if (find_field_bool(data,"netscape-cert-type-ssl-client", PR_TRUE)){ - CertType |= (0x80 >> 0); - } - if (find_field_bool(data,"netscape-cert-type-ssl-server", PR_TRUE)){ - CertType |= (0x80 >> 1); - } - if (find_field_bool(data,"netscape-cert-type-smime", PR_TRUE)){ - CertType |= (0x80 >> 2); - } - if (find_field_bool(data,"netscape-cert-type-object-signing", PR_TRUE)){ - CertType |= (0x80 >> 3); - } - if (find_field_bool(data,"netscape-cert-type-reserved", PR_TRUE)){ - CertType |= (0x80 >> 4); - } - if (find_field_bool(data,"netscape-cert-type-ssl-ca", PR_TRUE)) { - CertType |= (0x80 >> 5); - } - if (find_field_bool(data,"netscape-cert-type-smime-ca", PR_TRUE)) { - CertType |= (0x80 >> 6); - } - if (find_field_bool(data,"netscape-cert-type-object-signing-ca", PR_TRUE)) { - CertType |= (0x80 >> 7); - } - - bitStringValue.data = &CertType; - bitStringValue.len = 1; - - return (CERT_EncodeAndAddBitStrExtension - (extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue, - (find_field_bool(data, "netscape-cert-type-crit", PR_TRUE)))); -} - - -static SECStatus -add_IA5StringExtension(void *extHandle, - char *string, - PRBool crit, - int idtag) -{ - SECItem encodedValue; - SECStatus rv; - - encodedValue.data = NULL; - encodedValue.len = 0; - - rv = CERT_EncodeIA5TypeExtension(NULL, string, &encodedValue); - if (rv) { - return (rv); - } - return (CERT_AddExtension(extHandle, idtag, &encodedValue, crit, PR_TRUE)); -} - -static SECItem * -string_to_oid(char *string) -{ - int i; - int length = 20; - int remaining; - int first_value; - int second_value; - int value; - int oidLength; - unsigned char *oidString; - unsigned char *write; - unsigned char *read; - unsigned char *temp; - SECItem *oid; - - - remaining = length; - i = 0; - while (*string == ' ') { - string++; - } - while (isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '.') { - *(string + i) = '\0'; - } else { - error_out("ERROR: Improperly formated OID"); - } - first_value = atoi(string); - if (first_value < 0 || first_value > 2) { - error_out("ERROR: Improperly formated OID"); - } - string += i + 1; - i = 0; - while (isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '.') { - *(string + i) = '\0'; - } else { - error_out("ERROR: Improperly formated OID"); - } - second_value = atoi(string); - if (second_value < 0 || second_value > 39) { - error_out("ERROR: Improperly formated OID"); - } - oidString = PORT_ZAlloc(2); - *oidString = (first_value * 40) + second_value; - *(oidString + 1) = '\0'; - oidLength = 1; - string += i + 1; - i = 0; - temp = write = PORT_ZAlloc(length); - while (*string != '\0') { - value = 0; - while(isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '\0') { - value = atoi(string); - string += i; - } else { - if (*(string + i) == '.') { - *(string + i) = '\0'; - value = atoi(string); - string += i + 1; - } else { - *(string + i) = '\0'; - i++; - value = atoi(string); - while (*(string + i) == ' ') - i++; - if (*(string + i) != '\0') { - error_out("ERROR: Improperly formated OID"); - } - } - } - i = 0; - while (value != 0) { - if (remaining < 1) { - remaining += length; - length = length * 2; - temp = PORT_Realloc(temp, length); - write = temp + length - remaining; - } - *write = (value & 0x7f) | (0x80); - write++; - remaining--; - value = value >> 7; - } - *temp = *temp & (0x7f); - oidLength += write - temp; - oidString = PORT_Realloc(oidString, (oidLength + 1)); - read = write - 1; - write = oidLength + oidString - 1; - for (i = 0; i < (length - remaining); i++) { - *write = *read; - write--; - read++; - } - write = temp; - remaining = length; - } - *(oidString + oidLength) = '\0'; - oid = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); - oid->data = oidString; - oid->len = oidLength; - PORT_Free(temp); - return oid; -} - -static SECItem * -string_to_ipaddress(char *string) -{ - int i = 0; - int value; - int j = 0; - SECItem *ipaddress; - - - while (*string == ' ') { - string++; - } - ipaddress = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); - ipaddress->data = PORT_ZAlloc(9); - while (*string != '\0' && j < 8) { - while (isdigit(*(string + i))) { - i++; - } - if (*(string + i) == '.') { - *(string + i) = '\0'; - value = atoi(string); - string = string + i + 1; - i = 0; - } else { - if (*(string + i) == '\0') { - value = atoi(string); - string = string + i; - i = 0; - } else { - *(string + i) = '\0'; - while (*(string + i) == ' ') { - i++; - } - if (*(string + i) == '\0') { - value = atoi(string); - string = string + i; - i = 0; - } else { - error_out("ERROR: Improperly formated IP Address"); - } - } - } - if (value >= 0 || value < 256) { - *(ipaddress->data + j) = value; - } else { - error_out("ERROR: Improperly formated IP Address"); - } - j++; - } - *(ipaddress->data + j) = '\0'; - if (j != 4 && j != 8) { - error_out("ERROR: Improperly formated IP Address"); - } - ipaddress->len = j; - return ipaddress; -} - -static SECItem * -string_to_binary(char *string) -{ - SECItem *rv; - int high_digit; - int low_digit; - - rv = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); - if (rv == NULL) { - error_allocate(); - } - rv->data = (unsigned char *) PORT_ZAlloc((PORT_Strlen(string))/3 + 2); - while (!isxdigit(*string)) { - string++; - } - rv->len = 0; - while (*string != '\0') { - if (isxdigit(*string)) { - if (*string >= '0' && *string <= '9') { - high_digit = *string - '0'; - } else { - *string = toupper(*string); - high_digit = *string - 'A'; - } - string++; - if (*string >= '0' && *string <= '9') { - low_digit = *string - '0'; - } else { - *string = toupper(*string); - low_digit = *string = 'A'; - } - (rv->len)++; - } else { - if (*string == ':') { - string++; - } else { - if (*string == ' ') { - while (*string == ' ') { - string++; - } - } - if (*string != '\0') { - error_out("ERROR: Improperly formated binary encoding"); - } - } - } - } - - return rv; -} - -static SECStatus -MakeGeneralName(char *name, - CERTGeneralName *genName, - PRArenaPool *arena) -{ - SECItem *oid; - SECOidData *oidData; - SECItem *ipaddress; - SECItem *temp = NULL; - int i; - int nameType; - PRBool binary = PR_FALSE; - SECStatus rv = SECSuccess; - PRBool nickname = PR_FALSE; - - PORT_Assert(genName); - PORT_Assert(arena); - nameType = *(name + PORT_Strlen(name) - 1) - '0'; - if (nameType == 0 && *(name +PORT_Strlen(name) - 2) == '1') { - nickname = PR_TRUE; - nameType = certOtherName; - } - if (nameType < 1 || nameType > 9) { - error_out("ERROR: Unknown General Name Type"); - } - *(name + PORT_Strlen(name) - 4) = '\0'; - genName->type = nameType; - - switch (genName->type) { - case certURI: - case certRFC822Name: - case certDNSName: { - genName->name.other.data = (unsigned char *)name; - genName->name.other.len = PORT_Strlen(name); - break; - } - - case certIPAddress: { - ipaddress = string_to_ipaddress(name); - genName->name.other.data = ipaddress->data; - genName->name.other.len = ipaddress->len; - break; - } - - case certRegisterID: { - oid = string_to_oid(name); - genName->name.other.data = oid->data; - genName->name.other.len = oid->len; - break; - } - - case certEDIPartyName: - case certX400Address: { - - genName->name.other.data = PORT_ArenaAlloc (arena, - PORT_Strlen (name) + 2); - if (genName->name.other.data == NULL) { - error_allocate(); - } - - PORT_Memcpy (genName->name.other.data + 2, name, PORT_Strlen (name)); - /* This may not be accurate for all cases. - For now, use this tag type */ - genName->name.other.data[0] = (char)(((genName->type - 1) & - 0x1f)| 0x80); - genName->name.other.data[1] = (char)PORT_Strlen (name); - genName->name.other.len = PORT_Strlen (name) + 2; - break; - } - - case certOtherName: { - i = 0; - if (!nickname) { - while (!isdigit(*(name + PORT_Strlen(name) - i))) { - i++; - } - if (*(name + PORT_Strlen(name) - i) == '1') { - binary = PR_TRUE; - } else { - binary = PR_FALSE; - } - while (*(name + PORT_Strlen(name) - i) != '-') { - i++; - } - *(name + PORT_Strlen(name) - i - 1) = '\0'; - i = 0; - while (*(name + i) != '-') { - i++; - } - *(name + i - 1) = '\0'; - oid = string_to_oid(name + i + 2); - } else { - oidData = SECOID_FindOIDByTag(SEC_OID_NETSCAPE_NICKNAME); - oid = &oidData->oid; - while (*(name + PORT_Strlen(name) - i) != '-') { - i++; - } - *(name + PORT_Strlen(name) - i) = '\0'; - } - genName->name.OthName.oid.data = oid->data; - genName->name.OthName.oid.len = oid->len; - if (binary) { - temp = string_to_binary(name); - genName->name.OthName.name.data = temp->data; - genName->name.OthName.name.len = temp->len; - } else { - temp = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); - if (temp == NULL) { - error_allocate(); - } - temp->data = (unsigned char *)name; - temp->len = PORT_Strlen(name); - SEC_ASN1EncodeItem (arena, &(genName->name.OthName.name), temp, - CERTIA5TypeTemplate); - } - PORT_Free(temp); - break; - } - - case certDirectoryName: { - CERTName *directoryName = NULL; - - directoryName = CERT_AsciiToName (name); - if (!directoryName) { - error_out("ERROR: Improperly formated alternative name"); - break; - } - rv = CERT_CopyName (arena, &genName->name.directoryName, - directoryName); - CERT_DestroyName (directoryName); - - break; - } - } - genName->l.next = &(genName->l); - genName->l.prev = &(genName->l); - return rv; -} - - -static CERTGeneralName * -MakeAltName(Pair *data, - char *which, - PRArenaPool *arena) -{ - CERTGeneralName *SubAltName; - CERTGeneralName *current; - CERTGeneralName *newname; - char *name = NULL; - SECStatus rv = SECSuccess; - int len; - - - len = PORT_Strlen(which); - name = find_field(data, which, PR_TRUE); - SubAltName = current = (CERTGeneralName *) PORT_ZAlloc - (sizeof(CERTGeneralName)); - if (current == NULL) { - error_allocate(); - } - while (name != NULL) { - - rv = MakeGeneralName(name, current, arena); - - if (rv != SECSuccess) { - break; - } - if (*(which + len -1) < '9') { - *(which + len - 1) = *(which + len - 1) + 1; - } else { - if (isdigit(*(which + len - 2) )) { - *(which + len - 2) = *(which + len - 2) + 1; - *(which + len - 1) = '0'; - } else { - *(which + len - 1) = '1'; - *(which + len) = '0'; - *(which + len + 1) = '\0'; - len++; - } - } - len = PORT_Strlen(which); - name = find_field(data, which, PR_TRUE); - if (name != NULL) { - newname = (CERTGeneralName *) PORT_ZAlloc(sizeof(CERTGeneralName)); - if (newname == NULL) { - error_allocate(); - } - current->l.next = &(newname->l); - newname->l.prev = &(current->l); - current = newname; - newname = NULL; - } else { - current->l.next = &(SubAltName->l); - SubAltName->l.prev = &(current->l); - } - } - if (rv == SECFailure) { - return NULL; - } - return SubAltName; -} - -static CERTNameConstraints * -MakeNameConstraints(Pair *data, - PRArenaPool *arena) -{ - CERTNameConstraints *NameConstraints; - CERTNameConstraint *current = NULL; - CERTNameConstraint *last_permited = NULL; - CERTNameConstraint *last_excluded = NULL; - char *constraint = NULL; - char *which; - SECStatus rv = SECSuccess; - int len; - int i; - long max; - long min; - PRBool permited; - - - NameConstraints = (CERTNameConstraints *) PORT_ZAlloc - (sizeof(CERTNameConstraints)); - which = make_copy_string("NameConstraintSelect0", 25,'\0'); - len = PORT_Strlen(which); - constraint = find_field(data, which, PR_TRUE); - NameConstraints->permited = NameConstraints->excluded = NULL; - while (constraint != NULL) { - current = (CERTNameConstraint *) PORT_ZAlloc - (sizeof(CERTNameConstraint)); - if (current == NULL) { - error_allocate(); - } - i = 0; - while (*(constraint + PORT_Strlen(constraint) - i) != '-') { - i++; - } - *(constraint + PORT_Strlen(constraint) - i - 1) = '\0'; - max = (long) atoi(constraint + PORT_Strlen(constraint) + 3); - if (max > 0) { - (void) SEC_ASN1EncodeInteger(arena, ¤t->max, max); - } - i = 0; - while (*(constraint + PORT_Strlen(constraint) - i) != '-') { - i++; - } - *(constraint + PORT_Strlen(constraint) - i - 1) = '\0'; - min = (long) atoi(constraint + PORT_Strlen(constraint) + 3); - (void) SEC_ASN1EncodeInteger(arena, ¤t->min, min); - while (*(constraint + PORT_Strlen(constraint) - i) != '-') { - i++; - } - *(constraint + PORT_Strlen(constraint) - i - 1) = '\0'; - if (*(constraint + PORT_Strlen(constraint) + 3) == 'p') { - permited = PR_TRUE; - } else { - permited = PR_FALSE; - } - rv = MakeGeneralName(constraint, &(current->name), arena); - - if (rv != SECSuccess) { - break; - } - if (*(which + len - 1) < '9') { - *(which + len - 1) = *(which + len - 1) + 1; - } else { - if (isdigit(*(which + len - 2) )) { - *(which + len - 2) = *(which + len - 2) + 1; - *(which + len - 1) = '0'; - } else { - *(which + len - 1) = '1'; - *(which + len) = '0'; - *(which + len + 1) = '\0'; - len++; - } - } - len = PORT_Strlen(which); - if (permited) { - if (NameConstraints->permited == NULL) { - NameConstraints->permited = last_permited = current; - } - last_permited->l.next = &(current->l); - current->l.prev = &(last_permited->l); - last_permited = current; - } else { - if (NameConstraints->excluded == NULL) { - NameConstraints->excluded = last_excluded = current; - } - last_excluded->l.next = &(current->l); - current->l.prev = &(last_excluded->l); - last_excluded = current; - } - constraint = find_field(data, which, PR_TRUE); - if (constraint != NULL) { - current = (CERTNameConstraint *) PORT_ZAlloc(sizeof(CERTNameConstraint)); - if (current == NULL) { - error_allocate(); - } - } - } - if (NameConstraints->permited != NULL) { - last_permited->l.next = &(NameConstraints->permited->l); - NameConstraints->permited->l.prev = &(last_permited->l); - } - if (NameConstraints->excluded != NULL) { - last_excluded->l.next = &(NameConstraints->excluded->l); - NameConstraints->excluded->l.prev = &(last_excluded->l); - } - if (which != NULL) { - PORT_Free(which); - } - if (rv == SECFailure) { - return NULL; - } - return NameConstraints; -} - - - -static SECStatus -AddAltName(void *extHandle, - Pair *data, - char *issuerNameStr, - CERTCertDBHandle *handle, - int type) -{ - PRBool autoIssuer = PR_FALSE; - PRArenaPool *arena = NULL; - CERTGeneralName *genName = NULL; - char *which = NULL; - char *name = NULL; - SECStatus rv = SECSuccess; - SECItem *issuersAltName = NULL; - CERTCertificate *issuerCert = NULL; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - error_allocate(); - } - if (type == 0) { - which = make_copy_string("SubAltNameSelect0", 20,'\0'); - genName = MakeAltName(data, which, arena); - } else { - if (autoIssuer) { - autoIssuer = find_field_bool(data,"IssuerAltNameSourceRadio-auto", - PR_TRUE); - issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); - rv = cert_FindExtension((*issuerCert).extensions, - SEC_OID_X509_SUBJECT_ALT_NAME, - issuersAltName); - if (issuersAltName == NULL) { - name = PORT_Alloc(PORT_Strlen((*issuerCert).subjectName) + 4); - PORT_Strcpy(name, (*issuerCert).subjectName); - PORT_Strcat(name, " - 5"); - } - } else { - which = make_copy_string("IssuerAltNameSelect0", 20,'\0'); - genName = MakeAltName(data, which, arena); - } - } - if (type == 0) { - EncodeAndAddExtensionValue(arena, extHandle, genName, - find_field_bool(data, "SubAltName-crit", - PR_TRUE), - SEC_OID_X509_SUBJECT_ALT_NAME, - (EXTEN_VALUE_ENCODER) - CERT_EncodeAltNameExtension); - - } else { - if (autoIssuer && (name == NULL)) { - rv = CERT_AddExtension - (extHandle, SEC_OID_X509_ISSUER_ALT_NAME, issuersAltName, - find_field_bool(data, "IssuerAltName-crit", PR_TRUE), PR_TRUE); - } else { - EncodeAndAddExtensionValue(arena, extHandle, genName, - find_field_bool(data, - "IssuerAltName-crit", - PR_TRUE), - SEC_OID_X509_ISSUER_ALT_NAME, - (EXTEN_VALUE_ENCODER) - CERT_EncodeAltNameExtension); - } - } - if (which != NULL) { - PORT_Free(which); - } - if (issuerCert != NULL) { - CERT_DestroyCertificate(issuerCert); - } - return rv; -} - - -static SECStatus -AddNameConstraints(void *extHandle, - Pair *data) -{ - PRArenaPool *arena = NULL; - CERTNameConstraints *constraints = NULL; - SECStatus rv = SECSuccess; - - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - error_allocate(); - } - constraints = MakeNameConstraints(data, arena); - if (constraints != NULL) { - EncodeAndAddExtensionValue(arena, extHandle, constraints, PR_TRUE, - SEC_OID_X509_NAME_CONSTRAINTS, - (EXTEN_VALUE_ENCODER) - CERT_EncodeNameConstraintsExtension); - } - if (arena != NULL) { - PORT_ArenaRelease (arena, NULL); - } - return rv; -} - - -static SECStatus -add_extensions(CERTCertificate *subjectCert, - Pair *data, - char *issuerNameStr, - CERTCertDBHandle *handle) -{ - void *extHandle; - SECStatus rv = SECSuccess; - - - extHandle = CERT_StartCertExtensions (subjectCert); - if (extHandle == NULL) { - error_out("ERROR: Unable to get certificates extension handle"); - } - if (find_field_bool(data, "keyUsage", PR_TRUE)) { - rv = AddKeyUsage(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Key Usage extension"); - } - } - - if( find_field_bool(data, "extKeyUsage", PR_TRUE) ) { - rv = AddExtKeyUsage(extHandle, data); - if( SECSuccess != rv ) { - error_out("ERROR: Unable to add Extended Key Usage extension"); - } - } - - if (find_field_bool(data, "basicConstraints", PR_TRUE)) { - rv = AddBasicConstraint(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Basic Constraint extension"); - } - } - if (find_field_bool(data, "subjectKeyIdentifier", PR_TRUE)) { - rv = AddSubKeyID(extHandle, data, subjectCert); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Subject Key Identifier Extension"); - } - } - if (find_field_bool(data, "authorityKeyIdentifier", PR_TRUE)) { - rv = AddAuthKeyID (extHandle, data, issuerNameStr, handle); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Authority Key Identifier extension"); - } - } - if (find_field_bool(data, "privKeyUsagePeriod", PR_TRUE)) { - rv = AddPrivKeyUsagePeriod (extHandle, data, subjectCert); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Private Key Usage Period extension"); - } - } - if (find_field_bool(data, "SubAltName", PR_TRUE)) { - rv = AddAltName (extHandle, data, NULL, NULL, 0); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Subject Alternative Name extension"); - } - } - if (find_field_bool(data, "IssuerAltName", PR_TRUE)) { - rv = AddAltName (extHandle, data, issuerNameStr, handle, 1); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Issuer Alternative Name Extension"); - } - } - if (find_field_bool(data, "NameConstraints", PR_TRUE)) { - rv = AddNameConstraints(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Name Constraints Extension"); - } - } - if (find_field_bool(data, "netscape-cert-type", PR_TRUE)) { - rv = AddNscpCertType(extHandle, data); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Certificate Type Extension"); - } - } - if (find_field_bool(data, "netscape-base-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, "netscape-base-url-text", - PR_TRUE), - find_field_bool(data, - "netscape-base-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_BASE_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Base URL Extension"); - } - } - if (find_field_bool(data, "netscape-revocation-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-revocation-url-text", - PR_TRUE), - find_field_bool - (data, "netscape-revocation-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_REVOCATION_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Revocation URL Extension"); - } - } - if (find_field_bool(data, "netscape-ca-revocation-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-ca-revocation-url-text", - PR_TRUE), - find_field_bool - (data, "netscape-ca-revocation-url-crit" - , PR_TRUE), - SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape CA Revocation URL Extension"); - } - } - if (find_field_bool(data, "netscape-cert-renewal-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-cert-renewal-url-text", - PR_TRUE), - find_field_bool - (data, "netscape-cert-renewal-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Certificate Renewal URL Extension"); - } - } - if (find_field_bool(data, "netscape-ca-policy-url", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-ca-policy-url-text", - PR_TRUE), - find_field_bool - (data, "netscape-ca-policy-url-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_CA_POLICY_URL); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape CA Policy URL Extension"); - } - } - if (find_field_bool(data, "netscape-ssl-server-name", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, - "netscape-ssl-server-name-text", - PR_TRUE), - find_field_bool - (data, "netscape-ssl-server-name-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape SSL Server Name Extension"); - } - } - if (find_field_bool(data, "netscape-comment", PR_TRUE)) { - rv = add_IA5StringExtension(extHandle, - find_field(data, "netscape-comment-text", - PR_TRUE), - find_field_bool(data, - "netscape-comment-crit", - PR_TRUE), - SEC_OID_NS_CERT_EXT_COMMENT); - if (rv != SECSuccess) { - error_out("ERROR: Unable to add Netscape Comment Extension"); - } - } - CERT_FinishExtensions(extHandle); - return (rv); -} - - - -char * -return_dbpasswd(PK11SlotInfo *slot, PRBool retry, void *data) -{ - char *rv; - - /* don't clobber our poor smart card */ - if (retry == PR_TRUE) { - return NULL; - } - rv = PORT_Alloc(4); - PORT_Strcpy(rv, "foo"); - return rv; -} - - -SECKEYPrivateKey * -FindPrivateKeyFromNameStr(char *name, - CERTCertDBHandle *certHandle) -{ - SECKEYPrivateKey *key; - CERTCertificate *cert; - CERTCertificate *p11Cert; - - - /* We don't presently have a PK11 function to find a cert by - ** subject name. - ** We do have a function to find a cert in the internal slot's - ** cert db by subject name, but it doesn't setup the slot info. - ** So, this HACK works, but should be replaced as soon as we - ** have a function to search for certs accross slots by subject name. - */ - cert = CERT_FindCertByNameString(certHandle, name); - if (cert == NULL || cert->nickname == NULL) { - error_out("ERROR: Unable to retrieve issuers certificate"); - } - p11Cert = PK11_FindCertFromNickname(cert->nickname, NULL); - if (p11Cert == NULL) { - error_out("ERROR: Unable to retrieve issuers certificate"); - } - key = PK11_FindKeyByAnyCert(p11Cert, NULL); - return key; -} - -static SECItem * -SignCert(CERTCertificate *cert, - char *issuerNameStr, - Pair *data, - CERTCertDBHandle *handle, - int which_key) -{ - SECItem der; - SECKEYPrivateKey *caPrivateKey = NULL; - SECStatus rv; - PRArenaPool *arena; - SECOidTag algID; - - if (which_key == 0) { - caPrivateKey = FindPrivateKeyFromNameStr(issuerNameStr, handle); - } else { - caPrivateKey = privkeys[which_key - 1]; - } - if (caPrivateKey == NULL) { - error_out("ERROR: unable to retrieve issuers key"); - } - - arena = cert->arena; - - switch(caPrivateKey->keyType) { - case rsaKey: - algID = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; - break; - case dsaKey: - algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; - break; - default: - error_out("ERROR: Unknown key type for issuer."); - goto done; - break; - } - - rv = SECOID_SetAlgorithmID(arena, &cert->signature, algID, 0); - if (rv != SECSuccess) { - error_out("ERROR: Could not set signature algorithm id."); - } - - if (find_field_bool(data,"ver-1", PR_TRUE)) { - *(cert->version.data) = 0; - cert->version.len = 1; - } else { - *(cert->version.data) = 2; - cert->version.len = 1; - } - der.data = NULL; - der.len = 0; - (void) SEC_ASN1EncodeItem (arena, &der, cert, CERT_CertificateTemplate); - if (der.data == NULL) { - error_out("ERROR: Could not encode certificate.\n"); - } - rv = SEC_DerSignData (arena, &(cert->derCert), der.data, der.len, caPrivateKey, - algID); - if (rv != SECSuccess) { - error_out("ERROR: Could not sign encoded certificate data.\n"); - } -done: - SECKEY_DestroyPrivateKey(caPrivateKey); - return &(cert->derCert); -} - - -int -main(int argc, char **argv) -{ - int length = 500; - int remaining = 500; - int n; - int i; - int serial; - int chainLen; - int which_key; - char *pos; -#ifdef OFFLINE - char *form_output = "key=MIIBPTCBpzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7SLqjWBL9Wl11Vlg%0AaMqZCvcQOL%2FnvSqYPPRP0XZy9SoAeyWzQnBOiCm2t8H5mK7r2jnKdAQOmfhjaJil%0A3hNVu3SekHOXF6Ze7bkWa6%2FSGVcY%2FojkydxFSgY43nd1iydzPQDp8WWLL%2BpVpt%2B%2B%0ATRhFtVXbF0fQI03j9h3BoTgP2lkCAwEAARYDZm9vMA0GCSqGSIb3DQEBBAUAA4GB%0AAJ8UfRKJ0GtG%2B%2BufCC6tAfTzKrq3CTBHnom55EyXcsAsv6WbDqI%2F0rLAPkn2Xo1r%0AnNhtMxIuj441blMt%2Fa3AGLOy5zmC7Qawt8IytvQikQ1XTpTBCXevytrmLjCmlURr%0ANJryTM48WaMQHiMiJpbXCqVJC1d%2FpEWBtqvALzZaOOIy&subject=CN%3D%22test%22%26serial-auto%3Dtrue%26serial_value%3D%26ver-1%3Dtrue%26ver-3%3Dfalse%26caChoiceradio-SignWithDefaultkey%3Dtrue%26caChoiceradio-SignWithRandomChain%3Dfalse%26autoCAs%3D%26caChoiceradio-SignWithSpecifiedChain%3Dfalse%26manCAs%3D%26%24"; -#else - char *form_output; -#endif - char *issuerNameStr; - char *certName; - char *DBdir = DB_DIRECTORY; - char *prefixs[10] = {"CA#1-", "CA#2-", "CA#3-", - "CA#4-", "CA#5-", "CA#6-", - "CA#7-", "CA#8-", "CA#9-", ""}; - Pair *form_data; - CERTCertificate *cert; - CERTCertDBHandle *handle; - CERTCertificateRequest *certReq = NULL; - int warpmonths = 0; - SECItem *certDER; -#ifdef FILEOUT - FILE *outfile; -#endif - SECStatus status = SECSuccess; - extern char prefix[PREFIX_LEN]; - SEC_PKCS7ContentInfo *certChain; - SECItem *encodedCertChain; - PRBool UChain = PR_FALSE; - - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - -#ifdef TEST - sleep(20); -#endif - SECU_ConfigDirectory(DBdir); - - PK11_SetPasswordFunc(return_dbpasswd); - status = NSS_InitReadWrite(DBdir); - if (status != SECSuccess) { - SECU_PrintPRandOSError(progName); - return -1; - } - handle = CERT_GetDefaultCertDB(); - - prefix[0]= '\0'; -#if !defined(OFFLINE) - form_output = (char*) PORT_Alloc(length); - if (form_output == NULL) { - error_allocate(); - } - pos = form_output; - while (feof(stdin) == 0 ) { - if (remaining <= 1) { - remaining += length; - length = length * 2; - form_output = PORT_Realloc(form_output, (length)); - if (form_output == NULL) { - error_allocate(); - } - pos = form_output + length - remaining; - } - n = fread(pos, 1, (size_t) (remaining - 1), stdin); - pos += n; - remaining -= n; - } - *pos = '&'; - pos++; - length = pos - form_output; -#else - length = PORT_Strlen(form_output); -#endif -#ifdef FILEOUT - printf("Content-type: text/plain\n\n"); - fwrite(form_output, 1, (size_t)length, stdout); - printf("\n"); -#endif -#ifdef FILEOUT - fwrite(form_output, 1, (size_t)length, stdout); - printf("\n"); - fflush(stdout); -#endif - form_data = make_datastruct(form_output, length); - status = clean_input(form_data); -#if !defined(OFFLINE) - PORT_Free(form_output); -#endif -#ifdef FILEOUT - i = 0; - while(return_name(form_data, i) != NULL) { - printf("%s",return_name(form_data,i)); - printf("=\n"); - printf("%s",return_data(form_data,i)); - printf("\n"); - i++; - } - printf("I got that done, woo hoo\n"); - fflush(stdout); -#endif - issuerNameStr = PORT_Alloc(200); - if (find_field_bool(form_data, "caChoiceradio-SignWithSpecifiedChain", - PR_FALSE)) { - UChain = PR_TRUE; - chainLen = atoi(find_field(form_data, "manCAs", PR_FALSE)); - PORT_Strcpy(prefix, prefixs[0]); - issuerNameStr = PORT_Strcpy(issuerNameStr, - "CN=Cert-O-Matic II, O=Cert-O-Matic II"); - if (chainLen == 0) { - UChain = PR_FALSE; - } - } else { - if (find_field_bool(form_data, "caChoiceradio-SignWithRandomChain", - PR_FALSE)) { - PORT_Strcpy(prefix,prefixs[9]); - chainLen = atoi(find_field(form_data, "autoCAs", PR_FALSE)); - if (chainLen < 1 || chainLen > 18) { - issuerNameStr = PORT_Strcpy(issuerNameStr, - "CN=CA18, O=Cert-O-Matic II"); - } - issuerNameStr = PORT_Strcpy(issuerNameStr, "CN=CA"); - issuerNameStr = PORT_Strcat(issuerNameStr, - find_field(form_data,"autoCAs", PR_FALSE)); - issuerNameStr = PORT_Strcat(issuerNameStr,", O=Cert-O-Matic II"); - } else { - issuerNameStr = PORT_Strcpy(issuerNameStr, - "CN=Cert-O-Matic II, O=Cert-O-Matic II"); - } - chainLen = 0; - } - - i = -1; - which_key = 0; - do { - extern SECStatus cert_GetKeyID(CERTCertificate *cert); - i++; - if (i != 0 && UChain) { - PORT_Strcpy(prefix, prefixs[i]); - } - /* find_field(form_data,"subject", PR_TRUE); */ - certReq = makeCertReq(form_data, which_key); -#ifdef OFFLINE - serial = 900; -#else - serial = get_serial_number(form_data); -#endif - cert = MakeV1Cert(handle, certReq, issuerNameStr, PR_FALSE, - serial, warpmonths, form_data); - if (certReq != NULL) { - CERT_DestroyCertificateRequest(certReq); - } - if (find_field_bool(form_data,"ver-3", PR_TRUE)) { - status = add_extensions(cert, form_data, issuerNameStr, handle); - if (status != SECSuccess) { - error_out("ERROR: Unable to add extensions"); - } - } - status = cert_GetKeyID(cert); - if (status == SECFailure) { - error_out("ERROR: Unable to get Key ID."); - } - certDER = SignCert(cert, issuerNameStr, form_data, handle, which_key); - CERT_NewTempCertificate(handle, certDER, NULL, PR_FALSE, PR_TRUE); - issuerNameStr = find_field(form_data, "subject", PR_TRUE); - /* SECITEM_FreeItem(certDER, PR_TRUE); */ - CERT_DestroyCertificate(cert); - if (i == (chainLen - 1)) { - i = 8; - } - ++which_key; - } while (i < 9 && UChain); - - - -#ifdef FILEOUT - outfile = fopen("../certout", "wb"); -#endif - certName = find_field(form_data, "subject", PR_FALSE); - cert = CERT_FindCertByNameString(handle, certName); - certChain = SEC_PKCS7CreateCertsOnly (cert, PR_TRUE, handle); - if (certChain == NULL) { - error_out("ERROR: No certificates in cert chain"); - } - encodedCertChain = SEC_PKCS7EncodeItem (NULL, NULL, certChain, NULL, NULL, - NULL); - if (encodedCertChain) { -#if !defined(FILEOUT) - printf("Content-type: application/x-x509-user-cert\r\n"); - printf("Content-length: %d\r\n\r\n", encodedCertChain->len); - fwrite (encodedCertChain->data, 1, encodedCertChain->len, stdout); -#else - fwrite (encodedCertChain->data, 1, encodedCertChain->len, outfile); -#endif - - } else { - error_out("Error: Unable to DER encode certificate"); - } -#ifdef FILEOUT - printf("\nI got here!\n"); - fflush(outfile); - fclose(outfile); -#endif - fflush(stdout); - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - return 0; -} - diff --git a/security/nss/cmd/certcgi/index.html b/security/nss/cmd/certcgi/index.html deleted file mode 100644 index 01291d8c8c..0000000000 --- a/security/nss/cmd/certcgi/index.html +++ /dev/null @@ -1,959 +0,0 @@ - - - - - - - -Cert-O-Matic - - - - - diff --git a/security/nss/cmd/certcgi/main.html b/security/nss/cmd/certcgi/main.html deleted file mode 100644 index 8a04ef9d61..0000000000 --- a/security/nss/cmd/certcgi/main.html +++ /dev/null @@ -1,108 +0,0 @@ - - - - Main Layer for CertOMatic - - -
- - - - - - - - - - - - - - - - - - - - - - -
- Common Name:

- 		- Organization:

- MAIL= - - E= - - - - Organizational Unit:

- UID=

- Locality:

- State or Province:

- Country:

- Serial Number: -
Auto Generate -
- Use this hex value: 

-
- X.509 version: -
Version 1 -
Version 3

- Key Type: -
RSA -
DSA

- Intermediate CA Key Sizes: -
-
- Validity: -
- Generate Automatically -
Use these values: -
Not Before:  -
Not After:    -
         - YYMMDDhhmm[ss]{Z|+hhmm|-hhmm} -
- DN:

-
- diff --git a/security/nss/cmd/certcgi/manifest.mn b/security/nss/cmd/certcgi/manifest.mn deleted file mode 100644 index 057f2596d1..0000000000 --- a/security/nss/cmd/certcgi/manifest.mn +++ /dev/null @@ -1,54 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIREd. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = certcgi.c - -PROGRAM = certcgi - -USE_STATIC_LIBS = 1 - diff --git a/security/nss/cmd/certcgi/nscp_ext_form.html b/security/nss/cmd/certcgi/nscp_ext_form.html deleted file mode 100644 index bc94ab3a2d..0000000000 --- a/security/nss/cmd/certcgi/nscp_ext_form.html +++ /dev/null @@ -1,116 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - -
- Netscape Certificate Type:

- Activate extension:

- Critical: - 		- SSL Client

- SSL Server

- S/MIME

- Object Signing

- Reserved for future use (bit 4)

- SSL CA

- S/MIME CA

- Object Signing CA

-
- Netscape Base URL:

- Activate extension:

- Critical: - 		- -
- Netscape Revocation URL:

- Activate extension:

- Critical: - 		- -
- Netscape CA Revocation URL:

- Activate extension:

- Critical: - 		- -
- Netscape Certificate Renewal URL:

- Activate extension:

- Critical: - 		- -
- Netscape CA Policy URL:

- Activate extension:

- Critical: - 		- -
- Netscape SSL Server Name:

- Activate extension:

- Critical: - 		- -
- Netscape Comment:

- Activate extension:

- Critical: - 		- -
- - diff --git a/security/nss/cmd/certcgi/stnd_ext_form.html b/security/nss/cmd/certcgi/stnd_ext_form.html deleted file mode 100644 index de5d795ba2..0000000000 --- a/security/nss/cmd/certcgi/stnd_ext_form.html +++ /dev/null @@ -1,250 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Key Usage:

- Activate extension:

- Critical: - 		- Digital Signature

- Non Repudiation

- Key Encipherment

- Data Encipherment

- Key Agreement

- Key Certificate Signing

- CRL Signing

-
- Extended Key Usage:

- Activate extension:

- Critical: - 		- Server Auth

- Client Auth

- Code Signing

- Email Protection

- Timestamp

- OCSP Responder

- Step-up

-
- Basic Constraints:

- Activate extension:

- Critical: - 		- CA:

-
True

-
False

- - Include Path length:

-
- Authority Key Identifier:

- Activate extension: - 		- Key Identider

- Issuer Name and Serial number

-
- Subject Key Identifier:

- Activate extension: - 		- Key Identifier: -

- This is an:

-

ascii text value

-

hex value

-

- Private Key Usage Period:

- Activate extension:

- Critical: - 		- Use:

-
Not Before

-
Not After

-
Both

- Not to be used to sign before:

-
Set to time of certificate issue

-
Use This value

-
(YYYY/MM/DD HH:MM:SS): - / - / - - : - : -

- Not to be used to sign after:

-
(YYYY/MM/DD HH:MM:SS): - / - / - - : - : -

-
- Subject Alternative Name:

- Activate extension:

- Critical: - 		- - - -
- General Names:

-

- - - 		- -
- Name Type:
- Other Name, - OID: - RFC 822 Name
- DNS Name - X400 Address
- Directory Name - EDI Party Name
- Uniform Resource Locator - IP Address
- Registered ID - Netscape Certificate Nickname
- Name: - Binary Encoded:

-
-
- Issuer Alternative Name:

- Activate extension:

- Critical: - 		- Use the Subject Alternative Name from the Issuers Certificate

- Use this Name: - - - -
- General Names:

-

- - - 		- -
- Name Type:
- Other Name, - OID: - RFC 822 Name
- DNS Name - X400 Address
- Directory Name - EDI Party Name
- Uniform Resource Locator - IP Address
- Registered ID
- Name: - Binary Encoded:

-
-
- Name Constraints:

- Activate extension:

- 		- - - -
- Name Constraints:

-

- - - 		- -
- Name Type:
- Other Name, - OID: - RFC 822 Name
- DNS Name - X400 Address
- Directory Name - EDI Party Name
- Uniform Resource Locator - IP Address
- Registered ID
- Name: - Binary Encoded:

- Constraint type:

-

permited

-

excluded

- Minimum:

- Maximum:

-
-
- - - - - - - - - - diff --git a/security/nss/cmd/certutil/Makefile b/security/nss/cmd/certutil/Makefile deleted file mode 100644 index fe7991878f..0000000000 --- a/security/nss/cmd/certutil/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c deleted file mode 100644 index d9a82bfd96..0000000000 --- a/security/nss/cmd/certutil/certutil.c +++ /dev/null @@ -1,3162 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * Dr Vipul Gupta , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* -** certutil.c -** -** utility for managing certificates and the cert database -** -*/ -#include -#include -#include - -#if defined(WIN32) -#include "fcntl.h" -#include "io.h" -#endif - -#include "secutil.h" - -#if defined(XP_UNIX) -#include -#endif - -#include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" - -#include "pk11func.h" -#include "secasn1.h" -#include "cert.h" -#include "cryptohi.h" -#include "secoid.h" -#include "certdb.h" -#include "nss.h" - -#define MIN_KEY_BITS 512 -#define MAX_KEY_BITS 2048 -#define DEFAULT_KEY_BITS 1024 - -#define GEN_BREAK(e) rv=e; break; - - -extern SECKEYPrivateKey *CERTUTIL_GeneratePrivateKey(KeyType keytype, - PK11SlotInfo *slot, - int rsasize, - int publicExponent, - char *noise, - SECKEYPublicKey **pubkeyp, - char *pqgFile, - secuPWData *pwdata); - -static char *progName; - -static char * -Gets_s(char *buff, size_t size) { - char *str; - - if (buff == NULL || size < 1) { - PORT_Assert(0); - return NULL; - } - if ((str = fgets(buff, size, stdin)) != NULL) { - int len = PORT_Strlen(str); - /* - * fgets() automatically converts native text file - * line endings to '\n'. As defensive programming - * (just in case fgets has a bug or we put stdin in - * binary mode by mistake), we handle three native - * text file line endings here: - * '\n' Unix (including Linux and Mac OS X) - * '\r''\n' DOS/Windows & OS/2 - * '\r' Mac OS Classic - * len can not be less then 1, since in case with - * empty string it has at least '\n' in the buffer - */ - if (buff[len - 1] == '\n' || buff[len - 1] == '\r') { - buff[len - 1] = '\0'; - if (len > 1 && buff[len - 2] == '\r') - buff[len - 2] = '\0'; - } - } else { - buff[0] = '\0'; - } - return str; -} - -static CERTGeneralName * -GetGeneralName (PRArenaPool *arena) -{ - CERTGeneralName *namesList = NULL; - CERTGeneralName *current; - CERTGeneralName *tail = NULL; - SECStatus rv = SECSuccess; - int intValue; - char buffer[512]; - void *mark; - - PORT_Assert (arena); - mark = PORT_ArenaMark (arena); - do { - puts ("\nSelect one of the following general name type: \n"); - puts ("\t1 - instance of other name\n\t2 - rfc822Name\n\t3 - dnsName\n"); - puts ("\t4 - x400Address\n\t5 - directoryName\n\t6 - ediPartyName\n"); - puts ("\t7 - uniformResourceidentifier\n\t8 - ipAddress\n\t9 - registerID\n"); - puts ("\tAny other number to finish\n\t\tChoice:"); - if (Gets_s (buffer, sizeof(buffer)) == NULL) { - PORT_SetError(SEC_ERROR_INPUT_LEN); - GEN_BREAK (SECFailure); - } - intValue = PORT_Atoi (buffer); - /* - * Should use ZAlloc instead of Alloc to avoid problem with garbage - * initialized pointers in CERT_CopyName - */ - if (intValue >= certOtherName && intValue <= certRegisterID) { - if (namesList == NULL) { - namesList = current = tail = PORT_ArenaZNew(arena, CERTGeneralName); - } else { - current = PORT_ArenaZNew(arena, CERTGeneralName); - } - if (current == NULL) { - GEN_BREAK (SECFailure); - } - } else { - break; - } - current->type = intValue; - puts ("\nEnter data:"); - fflush (stdout); - if (Gets_s (buffer, sizeof(buffer)) == NULL) { - PORT_SetError(SEC_ERROR_INPUT_LEN); - GEN_BREAK (SECFailure); - } - switch (current->type) { - case certURI: - case certDNSName: - case certRFC822Name: - current->name.other.data = PORT_ArenaAlloc (arena, strlen (buffer)); - if (current->name.other.data == NULL) { - GEN_BREAK (SECFailure); - } - PORT_Memcpy - (current->name.other.data, buffer, current->name.other.len = strlen(buffer)); - break; - - case certEDIPartyName: - case certIPAddress: - case certOtherName: - case certRegisterID: - case certX400Address: { - - current->name.other.data = PORT_ArenaAlloc (arena, strlen (buffer) + 2); - if (current->name.other.data == NULL) { - GEN_BREAK (SECFailure); - } - - PORT_Memcpy (current->name.other.data + 2, buffer, strlen (buffer)); - /* This may not be accurate for all cases. For now, use this tag type */ - current->name.other.data[0] = (char)(((current->type - 1) & 0x1f)| 0x80); - current->name.other.data[1] = (char)strlen (buffer); - current->name.other.len = strlen (buffer) + 2; - break; - } - - case certDirectoryName: { - CERTName *directoryName = NULL; - - directoryName = CERT_AsciiToName (buffer); - if (!directoryName) { - fprintf(stderr, "certutil: improperly formatted name: \"%s\"\n", buffer); - break; - } - - rv = CERT_CopyName (arena, ¤t->name.directoryName, directoryName); - CERT_DestroyName (directoryName); - - break; - } - } - if (rv != SECSuccess) - break; - current->l.next = &(namesList->l); - current->l.prev = &(tail->l); - tail->l.next = &(current->l); - tail = current; - - }while (1); - - if (rv != SECSuccess) { - PORT_ArenaRelease (arena, mark); - namesList = NULL; - } - return (namesList); -} - -static SECStatus -GetString(PRArenaPool *arena, char *prompt, SECItem *value) -{ - char buffer[251]; - char *buffPrt; - - buffer[0] = '\0'; - value->data = NULL; - value->len = 0; - - puts (prompt); - buffPrt = Gets_s (buffer, sizeof(buffer)); - /* returned NULL here treated the same way as empty string */ - if (buffPrt && strlen (buffer) > 0) { - value->data = PORT_ArenaAlloc (arena, strlen (buffer)); - if (value->data == NULL) { - PORT_SetError (SEC_ERROR_NO_MEMORY); - return (SECFailure); - } - PORT_Memcpy (value->data, buffer, value->len = strlen(buffer)); - } - return (SECSuccess); -} - -static CERTCertificateRequest * -GetCertRequest(PRFileDesc *inFile, PRBool ascii) -{ - CERTCertificateRequest *certReq = NULL; - CERTSignedData signedData; - PRArenaPool *arena = NULL; - SECItem reqDER; - SECStatus rv; - - reqDER.data = NULL; - do { - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - GEN_BREAK (SECFailure); - } - - rv = SECU_ReadDERFromFile(&reqDER, inFile, ascii); - if (rv) - break; - certReq = (CERTCertificateRequest*) PORT_ArenaZAlloc - (arena, sizeof(CERTCertificateRequest)); - if (!certReq) - break; - certReq->arena = arena; - - /* Since cert request is a signed data, must decode to get the inner - data - */ - PORT_Memset(&signedData, 0, sizeof(signedData)); - rv = SEC_ASN1DecodeItem(arena, &signedData, - SEC_ASN1_GET(CERT_SignedDataTemplate), &reqDER); - if (rv) - break; - - rv = SEC_ASN1DecodeItem(arena, certReq, - SEC_ASN1_GET(CERT_CertificateRequestTemplate), &signedData.data); - } while (0); - - if (!rv) { - rv = CERT_VerifySignedDataWithPublicKeyInfo(&signedData, - &certReq->subjectPublicKeyInfo, NULL /* wincx */); - } - - if (rv) { - PRErrorCode perr = PR_GetError(); - fprintf(stderr, "%s: unable to decode DER cert request (%s)\n", progName, - SECU_Strerror(perr)); - } - return (certReq); -} - -static PRBool -GetYesNo(char *prompt) -{ - char buf[3]; - char *buffPrt; - - buf[0] = 'n'; - puts(prompt); - buffPrt = Gets_s(buf, sizeof(buf)); - return (buffPrt && (buf[0] == 'y' || buf[0] == 'Y')) ? PR_TRUE : PR_FALSE; -} - -static SECStatus -AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts, - PRFileDesc *inFile, PRBool ascii, PRBool emailcert, void *pwdata) -{ - CERTCertTrust *trust = NULL; - CERTCertificate *cert = NULL; - SECItem certDER; - SECStatus rv; - - certDER.data = NULL; - do { - /* Read in the entire file specified with the -i argument */ - rv = SECU_ReadDERFromFile(&certDER, inFile, ascii); - if (rv != SECSuccess) { - SECU_PrintError(progName, "unable to read input file"); - break; - } - - /* Read in an ASCII cert and return a CERTCertificate */ - cert = CERT_DecodeCertFromPackage((char *)certDER.data, certDER.len); - if (!cert) { - SECU_PrintError(progName, "could not obtain certificate from file"); - GEN_BREAK(SECFailure); - } - - /* Create a cert trust to pass to SEC_AddPermCertificate */ - trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust)); - if (!trust) { - SECU_PrintError(progName, "unable to allocate cert trust"); - GEN_BREAK(SECFailure); - } - - rv = CERT_DecodeTrustString(trust, trusts); - if (rv) { - SECU_PrintError(progName, "unable to decode trust string"); - GEN_BREAK(SECFailure); - } - - if (!PK11_IsFriendly(slot)) { - rv = PK11_Authenticate(slot, PR_TRUE, pwdata); - if (rv != SECSuccess) { - SECU_PrintError(progName, "could not authenticate to token or database"); - GEN_BREAK(SECFailure); - } - } - - rv = PK11_ImportCert(slot, cert, CK_INVALID_HANDLE, name, PR_FALSE); - if (rv != SECSuccess) { - SECU_PrintError(progName, "could not add certificate to token or database"); - GEN_BREAK(SECFailure); - } - - rv = CERT_ChangeCertTrust(handle, cert, trust); - if (rv != SECSuccess) { - SECU_PrintError(progName, "could not change trust on certificate"); - GEN_BREAK(SECFailure); - } - - if ( emailcert ) { - CERT_SaveSMimeProfile(cert, NULL, pwdata); - } - - } while (0); - - CERT_DestroyCertificate (cert); - PORT_Free(trust); - PORT_Free(certDER.data); - - return rv; -} - -static SECStatus -AddExtensions(void *, const char *, const char *, PRBool, PRBool, PRBool, PRBool, - PRBool, PRBool); - -static SECStatus -CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, - SECOidTag hashAlgTag, CERTName *subject, char *phone, int ascii, - const char *emailAddrs, const char *dnsNames, - PRBool keyUsage, - PRBool extKeyUsage, - PRBool basicConstraint, - PRBool authKeyID, - PRBool crlDistPoints, - PRBool nscpCertType, - PRFileDesc *outFile) -{ - CERTSubjectPublicKeyInfo *spki; - CERTCertificateRequest *cr; - SECItem *encoding; - SECOidTag signAlgTag; - SECItem result; - SECStatus rv; - PRArenaPool *arena; - PRInt32 numBytes; - void *extHandle; - - /* Create info about public key */ - spki = SECKEY_CreateSubjectPublicKeyInfo(pubk); - if (!spki) { - SECU_PrintError(progName, "unable to create subject public key"); - return SECFailure; - } - - /* Generate certificate request */ - cr = CERT_CreateCertificateRequest(subject, spki, NULL); - if (!cr) { - SECU_PrintError(progName, "unable to make certificate request"); - return SECFailure; - } - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - SECU_PrintError(progName, "out of memory"); - return SECFailure; - } - - extHandle = CERT_StartCertificateRequestAttributes(cr); - if (extHandle == NULL) { - PORT_FreeArena (arena, PR_FALSE); - return SECFailure; - } - if (AddExtensions(extHandle, emailAddrs, dnsNames, keyUsage, extKeyUsage, - basicConstraint, authKeyID, crlDistPoints, nscpCertType) - != SECSuccess) { - PORT_FreeArena (arena, PR_FALSE); - return SECFailure; - } - CERT_FinishExtensions(extHandle); - CERT_FinishCertificateRequestAttributes(cr); - - /* Der encode the request */ - encoding = SEC_ASN1EncodeItem(arena, NULL, cr, - SEC_ASN1_GET(CERT_CertificateRequestTemplate)); - if (encoding == NULL) { - SECU_PrintError(progName, "der encoding of request failed"); - return SECFailure; - } - - /* Sign the request */ - signAlgTag = SEC_GetSignatureAlgorithmOidTag(keyType, hashAlgTag); - if (signAlgTag == SEC_OID_UNKNOWN) { - SECU_PrintError(progName, "unknown Key or Hash type"); - return SECFailure; - } - rv = SEC_DerSignData(arena, &result, encoding->data, encoding->len, - privk, signAlgTag); - if (rv) { - SECU_PrintError(progName, "signing of data failed"); - return SECFailure; - } - - /* Encode request in specified format */ - if (ascii) { - char *obuf; - char *name, *email, *org, *state, *country; - SECItem *it; - int total; - - it = &result; - - obuf = BTOA_ConvertItemToAscii(it); - total = PL_strlen(obuf); - - name = CERT_GetCommonName(subject); - if (!name) { - fprintf(stderr, "You must specify a common name\n"); - return SECFailure; - } - - if (!phone) - phone = strdup("(not specified)"); - - email = CERT_GetCertEmailAddress(subject); - if (!email) - email = strdup("(not specified)"); - - org = CERT_GetOrgName(subject); - if (!org) - org = strdup("(not specified)"); - - state = CERT_GetStateName(subject); - if (!state) - state = strdup("(not specified)"); - - country = CERT_GetCountryName(subject); - if (!country) - country = strdup("(not specified)"); - - PR_fprintf(outFile, - "\nCertificate request generated by Netscape certutil\n"); - PR_fprintf(outFile, "Phone: %s\n\n", phone); - PR_fprintf(outFile, "Common Name: %s\n", name); - PR_fprintf(outFile, "Email: %s\n", email); - PR_fprintf(outFile, "Organization: %s\n", org); - PR_fprintf(outFile, "State: %s\n", state); - PR_fprintf(outFile, "Country: %s\n\n", country); - - PR_fprintf(outFile, "%s\n", NS_CERTREQ_HEADER); - numBytes = PR_Write(outFile, obuf, total); - if (numBytes != total) { - SECU_PrintSystemError(progName, "write error"); - return SECFailure; - } - PR_fprintf(outFile, "\n%s\n", NS_CERTREQ_TRAILER); - } else { - numBytes = PR_Write(outFile, result.data, result.len); - if (numBytes != (int)result.len) { - SECU_PrintSystemError(progName, "write error"); - return SECFailure; - } - } - return SECSuccess; -} - -static SECStatus -ChangeTrustAttributes(CERTCertDBHandle *handle, char *name, char *trusts) -{ - SECStatus rv; - CERTCertificate *cert; - CERTCertTrust *trust; - - cert = CERT_FindCertByNicknameOrEmailAddr(handle, name); - if (!cert) { - SECU_PrintError(progName, "could not find certificate named \"%s\"", - name); - return SECFailure; - } - - trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust)); - if (!trust) { - SECU_PrintError(progName, "unable to allocate cert trust"); - return SECFailure; - } - - /* This function only decodes these characters: pPwcTCu, */ - rv = CERT_DecodeTrustString(trust, trusts); - if (rv) { - SECU_PrintError(progName, "unable to decode trust string"); - return SECFailure; - } - - rv = CERT_ChangeCertTrust(handle, cert, trust); - if (rv) { - SECU_PrintError(progName, "unable to modify trust attributes"); - return SECFailure; - } - CERT_DestroyCertificate(cert); - - return SECSuccess; -} - -static SECStatus -printCertCB(CERTCertificate *cert, void *arg) -{ - SECStatus rv; - SECItem data; - CERTCertTrust *trust = (CERTCertTrust *)arg; - - data.data = cert->derCert.data; - data.len = cert->derCert.len; - - rv = SECU_PrintSignedData(stdout, &data, "Certificate", 0, - SECU_PrintCertificate); - if (rv) { - SECU_PrintError(progName, "problem printing certificate"); - return(SECFailure); - } - if (trust) { - SECU_PrintTrustFlags(stdout, trust, - "Certificate Trust Flags", 1); - } else if (cert->trust) { - SECU_PrintTrustFlags(stdout, cert->trust, - "Certificate Trust Flags", 1); - } - - printf("\n"); - - return(SECSuccess); -} - -static SECStatus -DumpChain(CERTCertDBHandle *handle, char *name) -{ - CERTCertificate *the_cert; - CERTCertificateList *chain; - int i, j; - the_cert = PK11_FindCertFromNickname(name, NULL); - if (!the_cert) { - SECU_PrintError(progName, "Could not find: %s\n", name); - return SECFailure; - } - chain = CERT_CertChainFromCert(the_cert, 0, PR_TRUE); - CERT_DestroyCertificate(the_cert); - if (!chain) { - SECU_PrintError(progName, "Could not obtain chain for: %s\n", name); - return SECFailure; - } - for (i=chain->len-1; i>=0; i--) { - CERTCertificate *c; - c = CERT_FindCertByDERCert(handle, &chain->certs[i]); - for (j=i; jlen-1; j++) printf(" "); - printf("\"%s\" [%s]\n\n", c->nickname, c->subjectName); - CERT_DestroyCertificate(c); - } - CERT_DestroyCertificateList(chain); - return SECSuccess; -} - -static SECStatus -listCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot, - PRBool raw, PRBool ascii, PRFileDesc *outfile, void *pwarg) -{ - SECItem data; - PRInt32 numBytes; - SECStatus rv = SECFailure; - CERTCertList *certs; - CERTCertListNode *node; - - /* List certs on a non-internal slot. */ - if (!PK11_IsFriendly(slot) && PK11_NeedLogin(slot)) - PK11_Authenticate(slot, PR_TRUE, pwarg); - if (name) { - CERTCertificate *the_cert; - the_cert = CERT_FindCertByNicknameOrEmailAddr(handle, name); - if (!the_cert) { - the_cert = PK11_FindCertFromNickname(name, NULL); - if (!the_cert) { - SECU_PrintError(progName, "Could not find: %s\n", name); - return SECFailure; - } - } - certs = CERT_CreateSubjectCertList(NULL, handle, &the_cert->derSubject, - PR_Now(), PR_FALSE); - CERT_DestroyCertificate(the_cert); - - for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs); - node = CERT_LIST_NEXT(node)) { - the_cert = node->cert; - /* now get the subjectList that matches this cert */ - data.data = the_cert->derCert.data; - data.len = the_cert->derCert.len; - if (ascii) { - PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER, - BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER); - rv = SECSuccess; - } else if (raw) { - numBytes = PR_Write(outfile, data.data, data.len); - if (numBytes != (PRInt32) data.len) { - SECU_PrintSystemError(progName, "error writing raw cert"); - rv = SECFailure; - } - rv = SECSuccess; - } else { - rv = printCertCB(the_cert, the_cert->trust); - } - if (rv != SECSuccess) { - break; - } - } - } else { - - certs = PK11_ListCertsInSlot(slot); - if (certs) { - for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs); - node = CERT_LIST_NEXT(node)) { - SECU_PrintCertNickname(node,stdout); - } - rv = SECSuccess; - } - } - if (certs) { - CERT_DestroyCertList(certs); - } - if (rv) { - SECU_PrintError(progName, "problem printing certificate nicknames"); - return SECFailure; - } - - return SECSuccess; /* not rv ?? */ -} - -static SECStatus -ListCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot, - PRBool raw, PRBool ascii, PRFileDesc *outfile, secuPWData *pwdata) -{ - SECStatus rv; - - if (slot == NULL) { - CERTCertList *list; - CERTCertListNode *node; - - list = PK11_ListCerts(PK11CertListAll, pwdata); - for (node = CERT_LIST_HEAD(list); !CERT_LIST_END(node, list); - node = CERT_LIST_NEXT(node)) - { - SECU_PrintCertNickname(node, stdout); - } - CERT_DestroyCertList(list); - return SECSuccess; - } else { - rv = listCerts(handle,name,slot,raw,ascii,outfile,pwdata); - } - return rv; -} - -static SECStatus -DeleteCert(CERTCertDBHandle *handle, char *name) -{ - SECStatus rv; - CERTCertificate *cert; - - cert = CERT_FindCertByNicknameOrEmailAddr(handle, name); - if (!cert) { - SECU_PrintError(progName, "could not find certificate named \"%s\"", - name); - return SECFailure; - } - - rv = SEC_DeletePermCertificate(cert); - CERT_DestroyCertificate(cert); - if (rv) { - SECU_PrintError(progName, "unable to delete certificate"); - return SECFailure; - } - - return SECSuccess; -} - -static SECStatus -ValidateCert(CERTCertDBHandle *handle, char *name, char *date, - char *certUsage, PRBool checkSig, PRBool logit, secuPWData *pwdata) -{ - SECStatus rv; - CERTCertificate *cert = NULL; - int64 timeBoundary; - SECCertificateUsage usage; - CERTVerifyLog reallog; - CERTVerifyLog *log = NULL; - - if (!certUsage) { - PORT_SetError (SEC_ERROR_INVALID_ARGS); - return (SECFailure); - } - - switch (*certUsage) { - case 'C': - usage = certificateUsageSSLClient; - break; - case 'V': - usage = certificateUsageSSLServer; - break; - case 'S': - usage = certificateUsageEmailSigner; - break; - case 'R': - usage = certificateUsageEmailRecipient; - break; - default: - PORT_SetError (SEC_ERROR_INVALID_ARGS); - return (SECFailure); - } - do { - cert = CERT_FindCertByNicknameOrEmailAddr(handle, name); - if (!cert) { - SECU_PrintError(progName, "could not find certificate named \"%s\"", - name); - GEN_BREAK (SECFailure) - } - - if (date != NULL) { - rv = DER_AsciiToTime(&timeBoundary, date); - if (rv) { - SECU_PrintError(progName, "invalid input date"); - GEN_BREAK (SECFailure) - } - } else { - timeBoundary = PR_Now(); - } - - if ( logit ) { - log = &reallog; - - log->count = 0; - log->head = NULL; - log->tail = NULL; - log->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( log->arena == NULL ) { - SECU_PrintError(progName, "out of memory"); - GEN_BREAK (SECFailure) - } - } - - rv = CERT_VerifyCertificate(handle, cert, checkSig, usage, - timeBoundary, pwdata, log, &usage); - if ( log ) { - if ( log->head == NULL ) { - fprintf(stdout, "%s: certificate is valid\n", progName); - GEN_BREAK (SECSuccess) - } else { - char *name; - CERTVerifyLogNode *node; - - node = log->head; - while ( node ) { - if ( node->cert->nickname != NULL ) { - name = node->cert->nickname; - } else { - name = node->cert->subjectName; - } - fprintf(stderr, "%s : %s\n", name, - SECU_Strerror(node->error)); - CERT_DestroyCertificate(node->cert); - node = node->next; - } - } - } else { - if (rv != SECSuccess) { - PRErrorCode perr = PORT_GetError(); - fprintf(stdout, "%s: certificate is invalid: %s\n", - progName, SECU_Strerror(perr)); - GEN_BREAK (SECFailure) - } - fprintf(stdout, "%s: certificate is valid\n", progName); - GEN_BREAK (SECSuccess) - } - } while (0); - - if (cert) { - CERT_DestroyCertificate(cert); - } - - return (rv); -} - - -static SECStatus -printKeyCB(SECKEYPublicKey *key, SECItem *data, void *arg) -{ - if (key->keyType == rsaKey) { - fprintf(stdout, "RSA Public-Key:\n"); - SECU_PrintInteger(stdout, &key->u.rsa.modulus, "modulus", 1); - } else { - fprintf(stdout, "DSA Public-Key:\n"); - SECU_PrintInteger(stdout, &key->u.dsa.publicValue, "publicValue", 1); - } - return SECSuccess; -} - -/* callback for listing certs through pkcs11 */ -static SECStatus -secu_PrintKey(FILE *out, int count, SECKEYPrivateKey *key) -{ - char *name; - - name = PK11_GetPrivateKeyNickname(key); - if (name == NULL) { - /* should look up associated cert */ - name = PORT_Strdup("< orphaned >"); - } - fprintf(out, "<%d> %s\n", count, name); - PORT_Free(name); - - return SECSuccess; -} - -static SECStatus -listKeys(PK11SlotInfo *slot, KeyType keyType, void *pwarg) -{ - SECKEYPrivateKeyList *list; - SECKEYPrivateKeyListNode *node; - int count; - - if (PK11_NeedLogin(slot)) - PK11_Authenticate(slot, PR_TRUE, pwarg); - - list = PK11_ListPrivateKeysInSlot(slot); - if (list == NULL) { - SECU_PrintError(progName, "problem listing keys"); - return SECFailure; - } - for (count=0, node=PRIVKEY_LIST_HEAD(list) ; !PRIVKEY_LIST_END(node,list); - node= PRIVKEY_LIST_NEXT(node),count++) { - secu_PrintKey(stdout, count, node->key); - } - SECKEY_DestroyPrivateKeyList(list); - - if (count == 0) { - fprintf(stderr, "%s: no keys found\n", progName); - return SECFailure; - } - return SECSuccess; -} - -static SECStatus -ListKeys(PK11SlotInfo *slot, char *keyname, int index, - KeyType keyType, PRBool dopriv, secuPWData *pwdata) -{ - SECStatus rv = SECSuccess; - - if (slot == NULL) { - PK11SlotList *list; - PK11SlotListElement *le; - - list= PK11_GetAllTokens(CKM_INVALID_MECHANISM,PR_FALSE,PR_FALSE,pwdata); - if (list) for (le = list->head; le; le = le->next) { - rv = listKeys(le->slot,keyType,pwdata); - } - } else { - rv = listKeys(slot,keyType,pwdata); - } - return rv; -} - -static SECStatus -DeleteKey(char *nickname, secuPWData *pwdata) -{ - SECStatus rv; - CERTCertificate *cert; - PK11SlotInfo *slot; - - slot = PK11_GetInternalKeySlot(); - if (PK11_NeedLogin(slot)) - PK11_Authenticate(slot, PR_TRUE, pwdata); - cert = PK11_FindCertFromNickname(nickname, pwdata); - if (!cert) { - PK11_FreeSlot(slot); - return SECFailure; - } - rv = PK11_DeleteTokenCertAndKey(cert, pwdata); - if (rv != SECSuccess) { - SECU_PrintError("problem deleting private key \"%s\"\n", nickname); - } - CERT_DestroyCertificate(cert); - PK11_FreeSlot(slot); - return rv; -} - - -/* - * L i s t M o d u l e s - * - * Print a list of the PKCS11 modules that are - * available. This is useful for smartcard people to - * make sure they have the drivers loaded. - * - */ -static SECStatus -ListModules(void) -{ - PK11SlotList *list; - PK11SlotListElement *le; - - /* get them all! */ - list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,PR_FALSE,PR_FALSE,NULL); - if (list == NULL) return SECFailure; - - /* look at each slot*/ - for (le = list->head ; le; le = le->next) { - printf ("\n"); - printf (" slot: %s\n", PK11_GetSlotName(le->slot)); - printf (" token: %s\n", PK11_GetTokenName(le->slot)); - } - PK11_FreeSlotList(list); - - return SECSuccess; -} - -static void -Usage(char *progName) -{ -#define FPS fprintf(stderr, - FPS "Type %s -H for more detailed descriptions\n", progName); - FPS "Usage: %s -N [-d certdir] [-P dbprefix] [-f pwfile]\n", progName); - FPS "Usage: %s -T [-d certdir] [-P dbprefix] [-h token-name] [-f pwfile]\n", progName); - FPS "\t%s -A -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", - progName); - FPS "\t%s -C [-c issuer-name | -x] -i cert-request-file -o cert-file\n" - "\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n" - "\t\t [-f pwfile] [-d certdir] [-P dbprefix] [-1] [-2] [-3] [-4] [-5]\n" - "\t\t [-6] [-7 emailAddrs] [-8 dns-names]\n", - progName); - FPS "\t%s -D -n cert-name [-d certdir] [-P dbprefix]\n", progName); - FPS "\t%s -E -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", - progName); - FPS "\t%s -G -n key-name [-h token-name] [-k rsa] [-g key-size] [-y exp]\n" - "\t\t [-f pwfile] [-z noisefile] [-d certdir] [-P dbprefix]\n", progName); - FPS "\t%s -G [-h token-name] -k dsa [-q pqgfile -g key-size] [-f pwfile]\n" - "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName); -#ifdef NSS_ENABLE_ECC - FPS "\t%s -G [-h token-name] -k ec -q curve [-f pwfile]\n" - "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName); - FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|ec|rsa|all]\n", - progName); -#else - FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|rsa|all]\n", - progName); -#endif /* NSS_ENABLE_ECC */ - FPS "\t\t [-f pwfile] [-X] [-d certdir] [-P dbprefix]\n"); - FPS "\t%s -L [-n cert-name] [-X] [-d certdir] [-P dbprefix] [-r] [-a]\n", progName); - FPS "\t%s -M -n cert-name -t trustargs [-d certdir] [-P dbprefix]\n", - progName); - FPS "\t%s -O -n cert-name [-X] [-d certdir] [-P dbprefix]\n", progName); - FPS "\t%s -R -s subj -o cert-request-file [-d certdir] [-P dbprefix] [-p phone] [-a]\n" - "\t\t [-y emailAddrs] [-k key-type] [-h token-name] [-f pwfile] [-g key-size]\n", - progName); - FPS "\t%s -V -n cert-name -u usage [-b time] [-e] \n" - "\t\t[-X] [-d certdir] [-P dbprefix]\n", - progName); - FPS "\t%s -S -n cert-name -s subj [-c issuer-name | -x] -t trustargs\n" - "\t\t [-k key-type] [-q key-params] [-h token-name] [-g key-size]\n" - "\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n" - "\t\t [-f pwfile] [-d certdir] [-P dbprefix]\n" - "\t\t [-p phone] [-1] [-2] [-3] [-4] [-5] [-6] [-7 emailAddrs]\n" - "\t\t [-8 dns-names]\n", - progName); - FPS "\t%s -U [-X] [-d certdir] [-P dbprefix]\n", progName); - exit(1); -} - -static void LongUsage(char *progName) -{ - - FPS "%-15s Add a certificate to the database (create if needed)\n", - "-A"); - FPS "%-15s Add an Email certificate to the database (create if needed)\n", - "-E"); - FPS "%-20s Specify the nickname of the certificate to add\n", - " -n cert-name"); - FPS "%-20s Set the certificate trust attributes:\n", - " -t trustargs"); - FPS "%-25s p \t valid peer\n", ""); - FPS "%-25s P \t trusted peer (implies p)\n", ""); - FPS "%-25s c \t valid CA\n", ""); - FPS "%-25s T \t trusted CA to issue client certs (implies c)\n", ""); - FPS "%-25s C \t trusted CA to issue server certs (implies c)\n", ""); - FPS "%-25s u \t user cert\n", ""); - FPS "%-25s w \t send warning\n", ""); - FPS "%-25s g \t make step-up cert\n", ""); - FPS "%-20s Specify the password file\n", - " -f pwfile"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s The input certificate is encoded in ASCII (RFC1113)\n", - " -a"); - FPS "%-20s Specify the certificate file (default is stdin)\n", - " -i input"); - FPS "\n"); - - FPS "%-15s Create a new binary certificate from a BINARY cert request\n", - "-C"); - FPS "%-20s The nickname of the issuer cert\n", - " -c issuer-name"); - FPS "%-20s The BINARY certificate request file\n", - " -i cert-request "); - FPS "%-20s Output binary cert to this file (default is stdout)\n", - " -o output-cert"); - FPS "%-20s Self sign\n", - " -x"); - FPS "%-20s Cert serial number\n", - " -m serial-number"); - FPS "%-20s Time Warp\n", - " -w warp-months"); - FPS "%-20s Months valid (default is 3)\n", - " -v months-valid"); - FPS "%-20s Specify the password file\n", - " -f pwfile"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s Create key usage extension\n", - " -1 "); - FPS "%-20s Create basic constraint extension\n", - " -2 "); - FPS "%-20s Create authority key ID extension\n", - " -3 "); - FPS "%-20s Create crl distribution point extension\n", - " -4 "); - FPS "%-20s Create netscape cert type extension\n", - " -5 "); - FPS "%-20s Create extended key usage extension\n", - " -6 "); - FPS "%-20s Create an email subject alt name extension\n", - " -7 "); - FPS "%-20s Create an dns subject alt name extension\n", - " -8 "); - FPS "\n"); - - FPS "%-15s Generate a new key pair\n", - "-G"); - FPS "%-20s Name of token in which to generate key (default is internal)\n", - " -h token-name"); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n", - " -k key-type"); - FPS "%-20s Key size in bits, (min %d, max %d, default %d) (not for ec)\n", - " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); -#else - FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n", - " -k key-type"); - FPS "%-20s Key size in bits, (min %d, max %d, default %d)\n", - " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); -#endif /* NSS_ENABLE_ECC */ - FPS "%-20s Set the public exponent value (3, 17, 65537) (rsa only)\n", - " -y exp"); - FPS "%-20s Specify the password file\n", - " -f password-file"); - FPS "%-20s Specify the noise file to be used\n", - " -z noisefile"); - FPS "%-20s read PQG value from pqgfile (dsa only)\n", - " -q pqgfile"); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Elliptic curve name (ec only)\n", - " -q curve-name"); - FPS "%-20s One of sect163k1, nistk163, sect163r1, sect163r2,\n", ""); - FPS "%-20s nistb163, sect193r1, sect193r2, sect233k1, nistk233,\n", ""); - FPS "%-20s sect233r1, nistb233, sect239k1, sect283k1, nistk283,\n", ""); - FPS "%-20s sect283r1, nistb283, sect409k1, nistk409, sect409r1,\n", ""); - FPS "%-20s nistb409, sect571k1, nistk571, sect571r1, nistb571,\n", ""); - FPS "%-20s secp169k1, secp160r1, secp160r2, secp192k1, secp192r1,\n", ""); - FPS "%-20s nistp192, secp224k1, secp224r1, nistp224, secp256k1,\n", ""); - FPS "%-20s secp256r1, nistp256, secp384r1, nistp384, secp521r1,\n", ""); - FPS "%-20s nistp521, prime192v1, prime192v2, prime192v3, \n", ""); - FPS "%-20s prime239v1, prime239v2, prime239v3, c2pnb163v1, \n", ""); - FPS "%-20s c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1, \n", ""); - FPS "%-20s c2tnb191v2, c2tnb191v3, c2onb191v4, c2onb191v5, \n", ""); - FPS "%-20s c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, \n", ""); - FPS "%-20s c2onb239v4, c2onb239v5, c2pnb272w1, c2pnb304w1, \n", ""); - FPS "%-20s c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, \n", ""); - FPS "%-20s secp112r2, secp128r1, secp128r2, sect113r1, sect113r2\n", ""); - FPS "%-20s sect131r1, sect131r2\n", ""); -#endif - FPS "%-20s Key database directory (default is ~/.netscape)\n", - " -d keydir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "\n"); - - FPS "%-15s Delete a certificate from the database\n", - "-D"); - FPS "%-20s The nickname of the cert to delete\n", - " -n cert-name"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "\n"); - - FPS "%-15s List all modules\n", /*, or print out a single named module\n",*/ - "-U"); - FPS "%-20s Module database directory (default is '~/.netscape')\n", - " -d moddir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s force the database to open R/W\n", - " -X"); - FPS "\n"); - - FPS "%-15s List all keys\n", /*, or print out a single named key\n",*/ - "-K"); - FPS "%-20s Name of token in which to look for keys (default is internal," - " use \"all\" to list keys on all tokens)\n", - " -h token-name "); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Type of key pair to list (\"all\", \"dsa\", \"ec\", \"rsa\" (default))\n", - " -k key-type"); -#else - FPS "%-20s Type of key pair to list (\"all\", \"dsa\", \"rsa\" (default))\n", - " -k key-type"); -#endif - FPS "%-20s Specify the password file\n", - " -f password-file"); - FPS "%-20s Key database directory (default is ~/.netscape)\n", - " -d keydir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s force the database to open R/W\n", - " -X"); - FPS "\n"); - - FPS "%-15s List all certs, or print out a single named cert\n", - "-L"); - FPS "%-20s Pretty print named cert (list all if unspecified)\n", - " -n cert-name"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s force the database to open R/W\n", - " -X"); - FPS "%-20s For single cert, print binary DER encoding\n", - " -r"); - FPS "%-20s For single cert, print ASCII encoding (RFC1113)\n", - " -a"); - FPS "\n"); - - FPS "%-15s Modify trust attributes of certificate\n", - "-M"); - FPS "%-20s The nickname of the cert to modify\n", - " -n cert-name"); - FPS "%-20s Set the certificate trust attributes (see -A above)\n", - " -t trustargs"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "\n"); - - FPS "%-15s Create a new certificate database\n", - "-N"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "\n"); - FPS "%-15s Reset the Key database or token\n", - "-T"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s Token to reset (default is internal)\n", - " -h token-name"); - FPS "\n"); - - FPS "\n"); - FPS "%-15s Print the chain of a certificate\n", - "-O"); - FPS "%-20s The nickname of the cert to modify\n", - " -n cert-name"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s force the database to open R/W\n", - " -X"); - FPS "\n"); - - FPS "%-15s Generate a certificate request (stdout)\n", - "-R"); - FPS "%-20s Specify the subject name (using RFC1485)\n", - " -s subject"); - FPS "%-20s Output the cert request to this file\n", - " -o output-req"); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n", - " -k key-type"); -#else - FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n", - " -k key-type"); -#endif /* NSS_ENABLE_ECC */ - FPS "%-20s Name of token in which to generate key (default is internal)\n", - " -h token-name"); - FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n", - " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); - FPS "%-20s Name of file containing PQG parameters (dsa only)\n", - " -q pqgfile"); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Elliptic curve name (ec only)\n", - " -q curve-name"); - FPS "%-20s See the \"-G\" option for a full list of supported names.\n", - ""); -#endif /* NSS_ENABLE_ECC */ - FPS "%-20s Specify the password file\n", - " -f pwfile"); - FPS "%-20s Key database directory (default is ~/.netscape)\n", - " -d keydir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s Specify the contact phone number (\"123-456-7890\")\n", - " -p phone"); - FPS "%-20s Output the cert request in ASCII (RFC1113); default is binary\n", - " -a"); - FPS "\n"); - - FPS "%-15s Validate a certificate\n", - "-V"); - FPS "%-20s The nickname of the cert to Validate\n", - " -n cert-name"); - FPS "%-20s validity time (\"YYMMDDHHMMSS[+HHMM|-HHMM|Z]\")\n", - " -b time"); - FPS "%-20s Check certificate signature \n", - " -e "); - FPS "%-20s Specify certificate usage:\n", " -u certusage"); - FPS "%-25s C \t SSL Client\n", ""); - FPS "%-25s V \t SSL Server\n", ""); - FPS "%-25s S \t Email signer\n", ""); - FPS "%-25s R \t Email Recipient\n", ""); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s force the database to open R/W\n", - " -X"); - FPS "\n"); - - FPS "%-15s Make a certificate and add to database\n", - "-S"); - FPS "%-20s Specify the nickname of the cert\n", - " -n key-name"); - FPS "%-20s Specify the subject name (using RFC1485)\n", - " -s subject"); - FPS "%-20s The nickname of the issuer cert\n", - " -c issuer-name"); - FPS "%-20s Set the certificate trust attributes (see -A above)\n", - " -t trustargs"); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n", - " -k key-type"); -#else - FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n", - " -k key-type"); -#endif /* NSS_ENABLE_ECC */ - FPS "%-20s Name of token in which to generate key (default is internal)\n", - " -h token-name"); - FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n", - " -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS); - FPS "%-20s Name of file containing PQG parameters (dsa only)\n", - " -q pqgfile"); -#ifdef NSS_ENABLE_ECC - FPS "%-20s Elliptic curve name (ec only)\n", - " -q curve-name"); - FPS "%-20s See the \"-G\" option for a full list of supported names.\n", - ""); -#endif /* NSS_ENABLE_ECC */ - FPS "%-20s Self sign\n", - " -x"); - FPS "%-20s Cert serial number\n", - " -m serial-number"); - FPS "%-20s Time Warp\n", - " -w warp-months"); - FPS "%-20s Months valid (default is 3)\n", - " -v months-valid"); - FPS "%-20s Specify the password file\n", - " -f pwfile"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "%-20s Specify the contact phone number (\"123-456-7890\")\n", - " -p phone"); - FPS "%-20s Create key usage extension\n", - " -1 "); - FPS "%-20s Create basic constraint extension\n", - " -2 "); - FPS "%-20s Create authority key ID extension\n", - " -3 "); - FPS "%-20s Create crl distribution point extension\n", - " -4 "); - FPS "%-20s Create netscape cert type extension\n", - " -5 "); - FPS "%-20s Create extended key usage extension\n", - " -6 "); - FPS "%-20s Create an email subject alt name extension\n", - " -7 "); - FPS "%-20s Create an dns subject alt name extension\n", - " -8 "); - FPS "\n"); - - exit(1); -#undef FPS -} - - -static CERTCertificate * -MakeV1Cert( CERTCertDBHandle * handle, - CERTCertificateRequest *req, - char * issuerNickName, - PRBool selfsign, - unsigned int serialNumber, - int warpmonths, - int validitylength) -{ - CERTCertificate *issuerCert = NULL; - CERTValidity *validity; - CERTCertificate *cert = NULL; - PRExplodedTime printableTime; - PRTime now, after; - - if ( !selfsign ) { - issuerCert = CERT_FindCertByNicknameOrEmailAddr(handle, issuerNickName); - if (!issuerCert) { - SECU_PrintError(progName, "could not find certificate named \"%s\"", - issuerNickName); - return NULL; - } - } - - now = PR_Now(); - PR_ExplodeTime (now, PR_GMTParameters, &printableTime); - if ( warpmonths ) { - printableTime.tm_month += warpmonths; - now = PR_ImplodeTime (&printableTime); - PR_ExplodeTime (now, PR_GMTParameters, &printableTime); - } - printableTime.tm_month += validitylength; - printableTime.tm_month += 3; - after = PR_ImplodeTime (&printableTime); - - /* note that the time is now in micro-second unit */ - validity = CERT_CreateValidity (now, after); - - cert = CERT_CreateCertificate(serialNumber, - (selfsign ? &req->subject - : &issuerCert->subject), - validity, req); - - CERT_DestroyValidity(validity); - if ( issuerCert ) { - CERT_DestroyCertificate (issuerCert); - } - - return(cert); -} - -static SECStatus -AddKeyUsage (void *extHandle) -{ - SECItem bitStringValue; - unsigned char keyUsage = 0x0; - char buffer[5]; - int value; - PRBool yesNoAns; - - while (1) { - fprintf(stdout, "%-25s 0 - Digital Signature\n", ""); - fprintf(stdout, "%-25s 1 - Non-repudiation\n", ""); - fprintf(stdout, "%-25s 2 - Key encipherment\n", ""); - fprintf(stdout, "%-25s 3 - Data encipherment\n", ""); - fprintf(stdout, "%-25s 4 - Key agreement\n", ""); - fprintf(stdout, "%-25s 5 - Cert signing key\n", ""); - fprintf(stdout, "%-25s 6 - CRL signing key\n", ""); - fprintf(stdout, "%-25s Other to finish\n", ""); - if (Gets_s (buffer, sizeof(buffer))) { - value = PORT_Atoi (buffer); - if (value < 0 || value > 6) - break; - if (value == 0) { - /* Checking that zero value of variable 'value' - * corresponds to '0' input made by user */ - char *chPtr = strchr(buffer, '0'); - if (chPtr == NULL) { - continue; - } - } - keyUsage |= (0x80 >> value); - } - else { /* gets() returns NULL on EOF or error */ - break; - } - } - - bitStringValue.data = &keyUsage; - bitStringValue.len = 1; - yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); - - return (CERT_EncodeAndAddBitStrExtension - (extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue, - yesNoAns)); - -} - - -static CERTOidSequence * -CreateOidSequence(void) -{ - CERTOidSequence *rv = (CERTOidSequence *)NULL; - PRArenaPool *arena = (PRArenaPool *)NULL; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if( (PRArenaPool *)NULL == arena ) { - goto loser; - } - - rv = (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence)); - if( (CERTOidSequence *)NULL == rv ) { - goto loser; - } - - rv->oids = (SECItem **)PORT_ArenaZAlloc(arena, sizeof(SECItem *)); - if( (SECItem **)NULL == rv->oids ) { - goto loser; - } - - rv->arena = arena; - return rv; - - loser: - if( (PRArenaPool *)NULL != arena ) { - PORT_FreeArena(arena, PR_FALSE); - } - - return (CERTOidSequence *)NULL; -} - -static void -DestroyOidSequence(CERTOidSequence *os) -{ - if (os->arena) { - PORT_FreeArena(os->arena, PR_FALSE); - } -} - -static SECStatus -AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag) -{ - SECItem **oids; - PRUint32 count = 0; - SECOidData *od; - - od = SECOID_FindOIDByTag(oidTag); - if( (SECOidData *)NULL == od ) { - return SECFailure; - } - - for( oids = os->oids; (SECItem *)NULL != *oids; oids++ ) { - count++; - } - - /* ArenaZRealloc */ - - { - PRUint32 i; - - oids = (SECItem **)PORT_ArenaZAlloc(os->arena, sizeof(SECItem *) * (count+2)); - if( (SECItem **)NULL == oids ) { - return SECFailure; - } - - for( i = 0; i < count; i++ ) { - oids[i] = os->oids[i]; - } - - /* ArenaZFree(os->oids); */ - } - - os->oids = oids; - os->oids[count] = &od->oid; - - return SECSuccess; -} - -SEC_ASN1_MKSUB(SEC_ObjectIDTemplate); - -const SEC_ASN1Template CERT_OidSeqTemplate[] = { - { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, - offsetof(CERTOidSequence, oids), - SEC_ASN1_SUB(SEC_ObjectIDTemplate) } -}; - - -static SECItem * -EncodeOidSequence(CERTOidSequence *os) -{ - SECItem *rv; - - rv = (SECItem *)PORT_ArenaZAlloc(os->arena, sizeof(SECItem)); - if( (SECItem *)NULL == rv ) { - goto loser; - } - - if( !SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate) ) { - goto loser; - } - - return rv; - - loser: - return (SECItem *)NULL; -} - -static SECStatus -AddExtKeyUsage (void *extHandle) -{ - char buffer[5]; - int value; - CERTOidSequence *os; - SECStatus rv; - SECItem *item; - PRBool yesNoAns; - - os = CreateOidSequence(); - if( (CERTOidSequence *)NULL == os ) { - return SECFailure; - } - - while (1) { - fprintf(stdout, "%-25s 0 - Server Auth\n", ""); - fprintf(stdout, "%-25s 1 - Client Auth\n", ""); - fprintf(stdout, "%-25s 2 - Code Signing\n", ""); - fprintf(stdout, "%-25s 3 - Email Protection\n", ""); - fprintf(stdout, "%-25s 4 - Timestamp\n", ""); - fprintf(stdout, "%-25s 5 - OCSP Responder\n", ""); - fprintf(stdout, "%-25s 6 - Step-up\n", ""); - fprintf(stdout, "%-25s Other to finish\n", ""); - - if (Gets_s(buffer, sizeof(buffer)) == NULL) { - PORT_SetError(SEC_ERROR_INPUT_LEN); - rv = SECFailure; - goto loser; - } - value = PORT_Atoi(buffer); - - if (value == 0) { - /* Checking that zero value of variable 'value' - * corresponds to '0' input made by user */ - char *chPtr = strchr(buffer, '0'); - if (chPtr == NULL) { - continue; - } - } - - switch( value ) { - case 0: - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH); - break; - case 1: - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH); - break; - case 2: - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN); - break; - case 3: - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT); - break; - case 4: - rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP); - break; - case 5: - rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER); - break; - case 6: - rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED); - break; - default: - goto endloop; - } - - if( SECSuccess != rv ) goto loser; - } - - endloop:; - item = EncodeOidSequence(os); - - yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); - - rv = CERT_AddExtension(extHandle, SEC_OID_X509_EXT_KEY_USAGE, item, - yesNoAns, PR_TRUE); - /*FALLTHROUGH*/ - loser: - DestroyOidSequence(os); - return rv; -} - -static SECStatus -AddNscpCertType (void *extHandle) -{ - SECItem bitStringValue; - unsigned char keyUsage = 0x0; - char buffer[5]; - int value; - PRBool yesNoAns; - - while (1) { - fprintf(stdout, "%-25s 0 - SSL Client\n", ""); - fprintf(stdout, "%-25s 1 - SSL Server\n", ""); - fprintf(stdout, "%-25s 2 - S/MIME\n", ""); - fprintf(stdout, "%-25s 3 - Object Signing\n", ""); - fprintf(stdout, "%-25s 4 - Reserved for future use\n", ""); - fprintf(stdout, "%-25s 5 - SSL CA\n", ""); - fprintf(stdout, "%-25s 6 - S/MIME CA\n", ""); - fprintf(stdout, "%-25s 7 - Object Signing CA\n", ""); - fprintf(stdout, "%-25s Other to finish\n", ""); - if (Gets_s (buffer, sizeof(buffer)) == NULL) { - PORT_SetError(SEC_ERROR_INPUT_LEN); - return SECFailure; - } - value = PORT_Atoi (buffer); - if (value < 0 || value > 7) - break; - if (value == 0) { - /* Checking that zero value of variable 'value' - * corresponds to '0' input made by user */ - char *chPtr = strchr(buffer, '0'); - if (chPtr == NULL) { - continue; - } - } - keyUsage |= (0x80 >> value); - } - - bitStringValue.data = &keyUsage; - bitStringValue.len = 1; - yesNoAns = GetYesNo("Is this a critical extension [y/N]?"); - - return (CERT_EncodeAndAddBitStrExtension - (extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue, - yesNoAns)); - -} - -static SECStatus -AddSubjectAltNames(PRArenaPool *arena, CERTGeneralName **existingListp, - const char *names, CERTGeneralNameType type) -{ - CERTGeneralName *nameList = NULL; - CERTGeneralName *current = NULL; - PRCList *prev = NULL; - const char *cp; - char *tbuf; - SECStatus rv = SECSuccess; - - - /* - * walk down the comma separated list of names. NOTE: there is - * no sanity checks to see if the email address look like email addresses. - */ - for (cp=names; cp; cp = PORT_Strchr(cp,',')) { - int len; - char *end; - - if (*cp == ',') { - cp++; - } - end = PORT_Strchr(cp,','); - len = end ? end-cp : PORT_Strlen(cp); - if (len <= 0) { - continue; - } - tbuf = PORT_ArenaAlloc(arena,len+1); - PORT_Memcpy(tbuf,cp,len); - tbuf[len] = 0; - current = (CERTGeneralName *) PORT_ZAlloc(sizeof(CERTGeneralName)); - if (!current) { - rv = SECFailure; - break; - } - if (prev) { - current->l.prev = prev; - prev->next = &(current->l); - } else { - nameList = current; - } - current->type = type; - current->name.other.data = (unsigned char *)tbuf; - current->name.other.len = PORT_Strlen(tbuf); - prev = &(current->l); - } - /* at this point nameList points to the head of a doubly linked, but not yet - circular, list and current points to its tail. */ - if (rv == SECSuccess && nameList) { - if (*existingListp != NULL) { - PRCList *existingprev; - /* add nameList to the end of the existing list */ - existingprev = (*existingListp)->l.prev; - (*existingListp)->l.prev = &(current->l); - nameList->l.prev = existingprev; - existingprev->next = &(nameList->l); - current->l.next = &((*existingListp)->l); - } - else { - /* make nameList circular and set it as the new existingList */ - nameList->l.prev = prev; - current->l.next = &(nameList->l); - *existingListp = nameList; - } - } - return rv; -} - -static SECStatus -AddEmailSubjectAlt(PRArenaPool *arena, CERTGeneralName **existingListp, - const char *emailAddrs) -{ - return AddSubjectAltNames(arena, existingListp, emailAddrs, certRFC822Name); -} - -static SECStatus -AddDNSSubjectAlt(PRArenaPool *arena, CERTGeneralName **existingListp, - const char *dnsNames) -{ - return AddSubjectAltNames(arena, existingListp, dnsNames, certDNSName); -} - - -static SECStatus -AddBasicConstraint(void *extHandle) -{ - CERTBasicConstraints basicConstraint; - SECItem encodedValue; - SECStatus rv; - char buffer[10]; - PRBool yesNoAns; - - encodedValue.data = NULL; - encodedValue.len = 0; - do { - basicConstraint.pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT; - basicConstraint.isCA = GetYesNo ("Is this a CA certificate [y/N]?"); - - buffer[0] = '\0'; - puts ("Enter the path length constraint, enter to skip [<0 for unlimited path]:"); - Gets_s (buffer, sizeof(buffer)); - if (PORT_Strlen (buffer) > 0) - basicConstraint.pathLenConstraint = PORT_Atoi (buffer); - - rv = CERT_EncodeBasicConstraintValue (NULL, &basicConstraint, &encodedValue); - if (rv) - return (rv); - - yesNoAns = GetYesNo ("Is this a critical extension [y/N]?"); - - rv = CERT_AddExtension - (extHandle, SEC_OID_X509_BASIC_CONSTRAINTS, - &encodedValue, yesNoAns, PR_TRUE); - } while (0); - PORT_Free (encodedValue.data); - return (rv); -} - -static SECItem * -SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign, - SECOidTag hashAlgTag, - SECKEYPrivateKey *privKey, char *issuerNickName, void *pwarg) -{ - SECItem der; - SECItem *result = NULL; - SECKEYPrivateKey *caPrivateKey = NULL; - SECStatus rv; - PRArenaPool *arena; - SECOidTag algID; - void *dummy; - - if( !selfsign ) { - CERTCertificate *issuer = PK11_FindCertFromNickname(issuerNickName, pwarg); - if( (CERTCertificate *)NULL == issuer ) { - SECU_PrintError(progName, "unable to find issuer with nickname %s", - issuerNickName); - return (SECItem *)NULL; - } - - privKey = caPrivateKey = PK11_FindKeyByAnyCert(issuer, pwarg); - CERT_DestroyCertificate(issuer); - if (caPrivateKey == NULL) { - SECU_PrintError(progName, "unable to retrieve key %s", issuerNickName); - return NULL; - } - } - - arena = cert->arena; - - algID = SEC_GetSignatureAlgorithmOidTag(privKey->keyType, hashAlgTag); - if (algID == SEC_OID_UNKNOWN) { - fprintf(stderr, "Unknown key or hash type for issuer."); - goto done; - } - - rv = SECOID_SetAlgorithmID(arena, &cert->signature, algID, 0); - if (rv != SECSuccess) { - fprintf(stderr, "Could not set signature algorithm id."); - goto done; - } - - /* we only deal with cert v3 here */ - *(cert->version.data) = 2; - cert->version.len = 1; - - der.len = 0; - der.data = NULL; - dummy = SEC_ASN1EncodeItem (arena, &der, cert, - SEC_ASN1_GET(CERT_CertificateTemplate)); - if (!dummy) { - fprintf (stderr, "Could not encode certificate.\n"); - goto done; - } - - result = (SECItem *) PORT_ArenaZAlloc (arena, sizeof (SECItem)); - if (result == NULL) { - fprintf (stderr, "Could not allocate item for certificate data.\n"); - goto done; - } - - rv = SEC_DerSignData(arena, result, der.data, der.len, privKey, algID); - if (rv != SECSuccess) { - fprintf (stderr, "Could not sign encoded certificate data.\n"); - PORT_Free(result); - result = NULL; - goto done; - } - cert->derCert = *result; -done: - if (caPrivateKey) { - SECKEY_DestroyPrivateKey(caPrivateKey); - } - return result; -} - -static SECStatus -AddAuthKeyID (void *extHandle) -{ - CERTAuthKeyID *authKeyID = NULL; - PRArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - PRBool yesNoAns; - - do { - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - SECU_PrintError(progName, "out of memory"); - GEN_BREAK (SECFailure); - } - - if (GetYesNo ("Enter value for the authKeyID extension [y/N]?") == 0) - break; - - authKeyID = PORT_ArenaZAlloc (arena, sizeof (CERTAuthKeyID)); - if (authKeyID == NULL) { - GEN_BREAK (SECFailure); - } - - rv = GetString (arena, "Enter value for the key identifier fields, enter to omit:", - &authKeyID->keyID); - if (rv != SECSuccess) - break; - authKeyID->authCertIssuer = GetGeneralName (arena); - if (authKeyID->authCertIssuer == NULL && SECFailure == PORT_GetError ()) - break; - - - rv = GetString (arena, "Enter value for the authCertSerial field, enter to omit:", - &authKeyID->authCertSerialNumber); - - yesNoAns = GetYesNo ("Is this a critical extension [y/N]?"); - - rv = SECU_EncodeAndAddExtensionValue - (arena, extHandle, authKeyID, yesNoAns, - SEC_OID_X509_AUTH_KEY_ID, - (EXTEN_EXT_VALUE_ENCODER) CERT_EncodeAuthKeyID); - if (rv) - break; - - } while (0); - if (arena) - PORT_FreeArena (arena, PR_FALSE); - return (rv); -} - -static SECStatus -AddCrlDistPoint(void *extHandle) -{ - PRArenaPool *arena = NULL; - CERTCrlDistributionPoints *crlDistPoints = NULL; - CRLDistributionPoint *current; - SECStatus rv = SECSuccess; - int count = 0, intValue; - char buffer[512]; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) - return (SECFailure); - - do { - current = NULL; - current = PORT_ArenaZAlloc (arena, sizeof (*current)); - if (current == NULL) { - GEN_BREAK (SECFailure); - } - - /* Get the distributionPointName fields - this field is optional */ - puts ("Enter the type of the distribution point name:\n"); - puts ("\t1 - Full Name\n\t2 - Relative Name\n\tAny other number to finish\n\t\tChoice: "); - if (Gets_s (buffer, sizeof(buffer)) == NULL) { - PORT_SetError(SEC_ERROR_INPUT_LEN); - GEN_BREAK (SECFailure); - } - intValue = PORT_Atoi (buffer); - switch (intValue) { - case generalName: - current->distPointType = intValue; - current->distPoint.fullName = GetGeneralName (arena); - rv = PORT_GetError(); - break; - - case relativeDistinguishedName: { - CERTName *name; - - current->distPointType = intValue; - puts ("Enter the relative name: "); - fflush (stdout); - if (Gets_s (buffer, sizeof(buffer)) == NULL) { - GEN_BREAK (SECFailure); - } - /* For simplicity, use CERT_AsciiToName to converse from a string - to NAME, but we only interest in the first RDN */ - name = CERT_AsciiToName (buffer); - if (!name) { - GEN_BREAK (SECFailure); - } - rv = CERT_CopyRDN (arena, ¤t->distPoint.relativeName, name->rdns[0]); - CERT_DestroyName (name); - break; - } - } - if (rv != SECSuccess) - break; - - /* Get the reason flags */ - puts ("\nSelect one of the following for the reason flags\n"); - puts ("\t0 - unused\n\t1 - keyCompromise\n\t2 - caCompromise\n\t3 - affiliationChanged\n"); - puts ("\t4 - superseded\n\t5 - cessationOfOperation\n\t6 - certificateHold\n"); - puts ("\tAny other number to finish\t\tChoice: "); - - if (Gets_s (buffer, sizeof(buffer)) == NULL) { - PORT_SetError(SEC_ERROR_INPUT_LEN); - GEN_BREAK (SECFailure); - } - intValue = PORT_Atoi (buffer); - if (intValue == 0) { - /* Checking that zero value of variable 'value' - * corresponds to '0' input made by user */ - char *chPtr = strchr(buffer, '0'); - if (chPtr == NULL) { - intValue = -1; - } - } - if (intValue >= 0 && intValue <8) { - current->reasons.data = PORT_ArenaAlloc (arena, sizeof(char)); - if (current->reasons.data == NULL) { - GEN_BREAK (SECFailure); - } - *current->reasons.data = (char)(0x80 >> intValue); - current->reasons.len = 1; - } - puts ("Enter value for the CRL Issuer name:\n"); - current->crlIssuer = GetGeneralName (arena); - if (current->crlIssuer == NULL && (rv = PORT_GetError()) == SECFailure) - break; - - if (crlDistPoints == NULL) { - crlDistPoints = PORT_ArenaZAlloc (arena, sizeof (*crlDistPoints)); - if (crlDistPoints == NULL) { - GEN_BREAK (SECFailure); - } - } - - crlDistPoints->distPoints = PORT_ArenaGrow (arena, - crlDistPoints->distPoints, - sizeof (*crlDistPoints->distPoints) * count, - sizeof (*crlDistPoints->distPoints) *(count + 1)); - if (crlDistPoints->distPoints == NULL) { - GEN_BREAK (SECFailure); - } - - crlDistPoints->distPoints[count] = current; - ++count; - if (GetYesNo ("Enter more value for the CRL distribution point extension [y/N]") == 0) { - /* Add null to the end of the crlDistPoints to mark end of data */ - crlDistPoints->distPoints = PORT_ArenaGrow(arena, - crlDistPoints->distPoints, - sizeof (*crlDistPoints->distPoints) * count, - sizeof (*crlDistPoints->distPoints) *(count + 1)); - crlDistPoints->distPoints[count] = NULL; - break; - } - - - } while (1); - - if (rv == SECSuccess) { - PRBool yesNoAns = GetYesNo ("Is this a critical extension [y/N]?"); - - rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, crlDistPoints, - yesNoAns, SEC_OID_X509_CRL_DIST_POINTS, - (EXTEN_EXT_VALUE_ENCODER) CERT_EncodeCRLDistributionPoints); - } - if (arena) - PORT_FreeArena (arena, PR_FALSE); - return (rv); -} - -static SECStatus -AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames, - PRBool keyUsage, - PRBool extKeyUsage, - PRBool basicConstraint, - PRBool authKeyID, - PRBool crlDistPoints, - PRBool nscpCertType) -{ - SECStatus rv = SECSuccess; - do { - /* Add key usage extension */ - if (keyUsage) { - rv = AddKeyUsage(extHandle); - if (rv) - break; - } - - /* Add extended key usage extension */ - if (extKeyUsage) { - rv = AddExtKeyUsage(extHandle); - if (rv) - break; - } - - /* Add basic constraint extension */ - if (basicConstraint) { - rv = AddBasicConstraint(extHandle); - if (rv) - break; - } - - if (authKeyID) { - rv = AddAuthKeyID (extHandle); - if (rv) - break; - } - - if (crlDistPoints) { - rv = AddCrlDistPoint (extHandle); - if (rv) - break; - } - - if (nscpCertType) { - rv = AddNscpCertType(extHandle); - if (rv) - break; - } - - if (emailAddrs || dnsNames) { - PRArenaPool *arena; - CERTGeneralName *namelist = NULL; - SECItem item = { 0, NULL, 0 }; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - rv = SECFailure; - break; - } - - rv = AddEmailSubjectAlt(arena, &namelist, emailAddrs); - - rv |= AddDNSSubjectAlt(arena, &namelist, dnsNames); - - if (rv == SECSuccess) { - rv = CERT_EncodeAltNameExtension(arena, namelist, &item); - if (rv == SECSuccess) { - rv = CERT_AddExtension(extHandle, - SEC_OID_X509_SUBJECT_ALT_NAME, - &item, PR_FALSE, PR_TRUE); - } - } - PORT_FreeArena(arena, PR_FALSE); - } - } while (0); - return rv; -} - -static SECStatus -CreateCert( - CERTCertDBHandle *handle, - char * issuerNickName, - PRFileDesc *inFile, - PRFileDesc *outFile, - SECKEYPrivateKey *selfsignprivkey, - void *pwarg, - SECOidTag hashAlgTag, - unsigned int serialNumber, - int warpmonths, - int validitylength, - const char *emailAddrs, - const char *dnsNames, - PRBool ascii, - PRBool selfsign, - PRBool keyUsage, - PRBool extKeyUsage, - PRBool basicConstraint, - PRBool authKeyID, - PRBool crlDistPoints, - PRBool nscpCertType) -{ - void * extHandle; - SECItem * certDER; - PRArenaPool *arena = NULL; - CERTCertificate *subjectCert = NULL; - CERTCertificateRequest *certReq = NULL; - SECStatus rv = SECSuccess; - SECItem reqDER; - CERTCertExtension **CRexts; - - reqDER.data = NULL; - do { - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (!arena) { - GEN_BREAK (SECFailure); - } - - /* Create a certrequest object from the input cert request der */ - certReq = GetCertRequest(inFile, ascii); - if (certReq == NULL) { - GEN_BREAK (SECFailure) - } - - subjectCert = MakeV1Cert (handle, certReq, issuerNickName, selfsign, - serialNumber, warpmonths, validitylength); - if (subjectCert == NULL) { - GEN_BREAK (SECFailure) - } - - - extHandle = CERT_StartCertExtensions (subjectCert); - if (extHandle == NULL) { - GEN_BREAK (SECFailure) - } - - rv = AddExtensions(extHandle, emailAddrs, dnsNames, keyUsage, extKeyUsage, - basicConstraint, authKeyID, crlDistPoints, nscpCertType); - if (rv != SECSuccess) { - GEN_BREAK (SECFailure) - } - - if (certReq->attributes != NULL && - certReq->attributes[0] != NULL && - certReq->attributes[0]->attrType.data != NULL && - certReq->attributes[0]->attrType.len > 0 && - SECOID_FindOIDTag(&certReq->attributes[0]->attrType) - == SEC_OID_PKCS9_EXTENSION_REQUEST) { - rv = CERT_GetCertificateRequestExtensions(certReq, &CRexts); - if (rv != SECSuccess) - break; - rv = CERT_MergeExtensions(extHandle, CRexts); - if (rv != SECSuccess) - break; - } - - CERT_FinishExtensions(extHandle); - - certDER = SignCert(handle, subjectCert, selfsign, hashAlgTag, - selfsignprivkey, issuerNickName,pwarg); - - if (certDER) { - if (ascii) { - PR_fprintf(outFile, "%s\n%s\n%s\n", NS_CERT_HEADER, - BTOA_DataToAscii(certDER->data, certDER->len), - NS_CERT_TRAILER); - } else { - PR_Write(outFile, certDER->data, certDER->len); - } - } - - } while (0); - CERT_DestroyCertificateRequest (certReq); - CERT_DestroyCertificate (subjectCert); - PORT_FreeArena (arena, PR_FALSE); - if (rv != SECSuccess) { - PRErrorCode perr = PR_GetError(); - fprintf(stderr, "%s: unable to create cert (%s)\n", progName, - SECU_Strerror(perr)); - } - return (rv); -} - -/* Certutil commands */ -enum { - cmd_AddCert = 0, - cmd_CreateNewCert, - cmd_DeleteCert, - cmd_AddEmailCert, - cmd_DeleteKey, - cmd_GenKeyPair, - cmd_PrintHelp, - cmd_ListKeys, - cmd_ListCerts, - cmd_ModifyCertTrust, - cmd_NewDBs, - cmd_DumpChain, - cmd_CertReq, - cmd_CreateAndAddCert, - cmd_TokenReset, - cmd_ListModules, - cmd_CheckCertValidity, - cmd_ChangePassword, - cmd_Version -}; - -/* Certutil options */ -enum { - opt_SSOPass = 0, - opt_AddKeyUsageExt, - opt_AddBasicConstraintExt, - opt_AddAuthorityKeyIDExt, - opt_AddCRLDistPtsExt, - opt_AddNSCertTypeExt, - opt_AddExtKeyUsageExt, - opt_ExtendedEmailAddrs, - opt_ExtendedDNSNames, - opt_ASCIIForIO, - opt_ValidityTime, - opt_IssuerName, - opt_CertDir, - opt_VerifySig, - opt_PasswordFile, - opt_KeySize, - opt_TokenName, - opt_InputFile, - opt_KeyIndex, - opt_KeyType, - opt_DetailedInfo, - opt_SerialNumber, - opt_Nickname, - opt_OutputFile, - opt_PhoneNumber, - opt_DBPrefix, - opt_PQGFile, - opt_BinaryDER, - opt_Subject, - opt_Trust, - opt_Usage, - opt_Validity, - opt_OffsetMonths, - opt_SelfSign, - opt_RW, - opt_Exponent, - opt_NoiseFile, - opt_Hash, - opt_Batch -}; - -static int -certutil_main(int argc, char **argv, PRBool initialize) -{ - CERTCertDBHandle *certHandle; - PK11SlotInfo *slot = NULL; - CERTName * subject = 0; - PRFileDesc *inFile = PR_STDIN; - PRFileDesc *outFile = NULL; - char * certfile = "tempcert"; - char * certreqfile = "tempcertreq"; - char * slotname = "internal"; - char * certPrefix = ""; - KeyType keytype = rsaKey; - char * name = NULL; - SECOidTag hashAlgTag = SEC_OID_UNKNOWN; - int keysize = DEFAULT_KEY_BITS; - int publicExponent = 0x010001; - unsigned int serialNumber = 0; - int warpmonths = 0; - int validitylength = 0; - int commandsEntered = 0; - char commandToRun = '\0'; - secuPWData pwdata = { PW_NONE, 0 }; - PRBool readOnly = PR_FALSE; - - SECKEYPrivateKey *privkey = NULL; - SECKEYPublicKey *pubkey = NULL; - - int i; - SECStatus rv; - - secuCommand certutil; - -secuCommandFlag certutil_commands[] = -{ - { /* cmd_AddCert */ 'A', PR_FALSE, 0, PR_FALSE }, - { /* cmd_CreateNewCert */ 'C', PR_FALSE, 0, PR_FALSE }, - { /* cmd_DeleteCert */ 'D', PR_FALSE, 0, PR_FALSE }, - { /* cmd_AddEmailCert */ 'E', PR_FALSE, 0, PR_FALSE }, - { /* cmd_DeleteKey */ 'F', PR_FALSE, 0, PR_FALSE }, - { /* cmd_GenKeyPair */ 'G', PR_FALSE, 0, PR_FALSE }, - { /* cmd_PrintHelp */ 'H', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ListKeys */ 'K', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ListCerts */ 'L', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ModifyCertTrust */ 'M', PR_FALSE, 0, PR_FALSE }, - { /* cmd_NewDBs */ 'N', PR_FALSE, 0, PR_FALSE }, - { /* cmd_DumpChain */ 'O', PR_FALSE, 0, PR_FALSE }, - { /* cmd_CertReq */ 'R', PR_FALSE, 0, PR_FALSE }, - { /* cmd_CreateAndAddCert */ 'S', PR_FALSE, 0, PR_FALSE }, - { /* cmd_TokenReset */ 'T', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ListModules */ 'U', PR_FALSE, 0, PR_FALSE }, - { /* cmd_CheckCertValidity */ 'V', PR_FALSE, 0, PR_FALSE }, - { /* cmd_ChangePassword */ 'W', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Version */ 'Y', PR_FALSE, 0, PR_FALSE } -}; - -secuCommandFlag certutil_options[] = -{ - { /* opt_SSOPass */ '0', PR_TRUE, 0, PR_FALSE }, - { /* opt_AddKeyUsageExt */ '1', PR_FALSE, 0, PR_FALSE }, - { /* opt_AddBasicConstraintExt*/ '2', PR_FALSE, 0, PR_FALSE }, - { /* opt_AddAuthorityKeyIDExt*/ '3', PR_FALSE, 0, PR_FALSE }, - { /* opt_AddCRLDistPtsExt */ '4', PR_FALSE, 0, PR_FALSE }, - { /* opt_AddNSCertTypeExt */ '5', PR_FALSE, 0, PR_FALSE }, - { /* opt_AddExtKeyUsageExt */ '6', PR_FALSE, 0, PR_FALSE }, - { /* opt_ExtendedEmailAddrs */ '7', PR_TRUE, 0, PR_FALSE }, - { /* opt_ExtendedDNSNames */ '8', PR_TRUE, 0, PR_FALSE }, - { /* opt_ASCIIForIO */ 'a', PR_FALSE, 0, PR_FALSE }, - { /* opt_ValidityTime */ 'b', PR_TRUE, 0, PR_FALSE }, - { /* opt_IssuerName */ 'c', PR_TRUE, 0, PR_FALSE }, - { /* opt_CertDir */ 'd', PR_TRUE, 0, PR_FALSE }, - { /* opt_VerifySig */ 'e', PR_FALSE, 0, PR_FALSE }, - { /* opt_PasswordFile */ 'f', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeySize */ 'g', PR_TRUE, 0, PR_FALSE }, - { /* opt_TokenName */ 'h', PR_TRUE, 0, PR_FALSE }, - { /* opt_InputFile */ 'i', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeyIndex */ 'j', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeyType */ 'k', PR_TRUE, 0, PR_FALSE }, - { /* opt_DetailedInfo */ 'l', PR_FALSE, 0, PR_FALSE }, - { /* opt_SerialNumber */ 'm', PR_TRUE, 0, PR_FALSE }, - { /* opt_Nickname */ 'n', PR_TRUE, 0, PR_FALSE }, - { /* opt_OutputFile */ 'o', PR_TRUE, 0, PR_FALSE }, - { /* opt_PhoneNumber */ 'p', PR_TRUE, 0, PR_FALSE }, - { /* opt_DBPrefix */ 'P', PR_TRUE, 0, PR_FALSE }, - { /* opt_PQGFile */ 'q', PR_TRUE, 0, PR_FALSE }, - { /* opt_BinaryDER */ 'r', PR_FALSE, 0, PR_FALSE }, - { /* opt_Subject */ 's', PR_TRUE, 0, PR_FALSE }, - { /* opt_Trust */ 't', PR_TRUE, 0, PR_FALSE }, - { /* opt_Usage */ 'u', PR_TRUE, 0, PR_FALSE }, - { /* opt_Validity */ 'v', PR_TRUE, 0, PR_FALSE }, - { /* opt_OffsetMonths */ 'w', PR_TRUE, 0, PR_FALSE }, - { /* opt_SelfSign */ 'x', PR_FALSE, 0, PR_FALSE }, - { /* opt_RW */ 'X', PR_FALSE, 0, PR_FALSE }, - { /* opt_Exponent */ 'y', PR_TRUE, 0, PR_FALSE }, - { /* opt_NoiseFile */ 'z', PR_TRUE, 0, PR_FALSE }, - { /* opt_Hash */ 'Z', PR_TRUE, 0, PR_FALSE }, - { /* opt_Batch */ 'B', PR_TRUE, 0, PR_FALSE } -}; - - - certutil.numCommands = sizeof(certutil_commands) / sizeof(secuCommandFlag); - certutil.numOptions = sizeof(certutil_options) / sizeof(secuCommandFlag); - certutil.commands = certutil_commands; - certutil.options = certutil_options; - - progName = PORT_Strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - rv = SECU_ParseCommandLine(argc, argv, progName, &certutil); - - if (rv != SECSuccess) - Usage(progName); - - if (certutil.commands[cmd_PrintHelp].activated) - LongUsage(progName); - - if (certutil.options[opt_PasswordFile].arg) { - pwdata.source = PW_FROMFILE; - pwdata.data = certutil.options[opt_PasswordFile].arg; - } - - if (certutil.options[opt_CertDir].activated) - SECU_ConfigDirectory(certutil.options[opt_CertDir].arg); - - if (certutil.options[opt_KeySize].activated) { - keysize = PORT_Atoi(certutil.options[opt_KeySize].arg); - if ((keysize < MIN_KEY_BITS) || (keysize > MAX_KEY_BITS)) { - PR_fprintf(PR_STDERR, - "%s -g: Keysize must be between %d and %d.\n", - progName, MIN_KEY_BITS, MAX_KEY_BITS); - return 255; - } -#ifdef NSS_ENABLE_ECC - if (keytype == ecKey) { - PR_fprintf(PR_STDERR, "%s -g: Not for ec keys.\n", progName); - return 255; - } -#endif /* NSS_ENABLE_ECC */ - - } - - /* -h specify token name */ - if (certutil.options[opt_TokenName].activated) { - if (PL_strcmp(certutil.options[opt_TokenName].arg, "all") == 0) - slotname = NULL; - else - slotname = PL_strdup(certutil.options[opt_TokenName].arg); - } - - /* -Z hash type */ - if (certutil.options[opt_Hash].activated) { - char * arg = certutil.options[opt_Hash].arg; - hashAlgTag = SECU_StringToSignatureAlgTag(arg); - if (hashAlgTag == SEC_OID_UNKNOWN) { - PR_fprintf(PR_STDERR, "%s -Z: %s is not a recognized type.\n", - progName, arg); - return 255; - } - } - - /* -k key type */ - if (certutil.options[opt_KeyType].activated) { - char * arg = certutil.options[opt_KeyType].arg; - if (PL_strcmp(arg, "rsa") == 0) { - keytype = rsaKey; - } else if (PL_strcmp(arg, "dsa") == 0) { - keytype = dsaKey; -#ifdef NSS_ENABLE_ECC - } else if (PL_strcmp(arg, "ec") == 0) { - keytype = ecKey; -#endif /* NSS_ENABLE_ECC */ - } else if (PL_strcmp(arg, "all") == 0) { - keytype = nullKey; - } else { - PR_fprintf(PR_STDERR, "%s -k: %s is not a recognized type.\n", - progName, arg); - return 255; - } - } - - /* -m serial number */ - if (certutil.options[opt_SerialNumber].activated) { - int sn = PORT_Atoi(certutil.options[opt_SerialNumber].arg); - if (sn < 0) { - PR_fprintf(PR_STDERR, "%s -m: %s is not a valid serial number.\n", - progName, certutil.options[opt_SerialNumber].arg); - return 255; - } - serialNumber = sn; - } - - /* -P certdb name prefix */ - if (certutil.options[opt_DBPrefix].activated) { - if (certutil.options[opt_DBPrefix].arg) { - certPrefix = strdup(certutil.options[opt_DBPrefix].arg); - } else { - Usage(progName); - } - } - - /* -q PQG file or curve name */ - if (certutil.options[opt_PQGFile].activated) { -#ifdef NSS_ENABLE_ECC - if ((keytype != dsaKey) && (keytype != ecKey)) { - PR_fprintf(PR_STDERR, "%s -q: specifies a PQG file for DSA keys" \ - " (-k dsa) or a named curve for EC keys (-k ec)\n)", - progName); -#else - if (keytype != dsaKey) { - PR_fprintf(PR_STDERR, "%s -q: PQG file is for DSA key (-k dsa).\n)", - progName); -#endif /* NSS_ENABLE_ECC */ - return 255; - } - } - - /* -s subject name */ - if (certutil.options[opt_Subject].activated) { - subject = CERT_AsciiToName(certutil.options[opt_Subject].arg); - if (!subject) { - PR_fprintf(PR_STDERR, "%s -s: improperly formatted name: \"%s\"\n", - progName, certutil.options[opt_Subject].arg); - return 255; - } - } - - /* -v validity period */ - if (certutil.options[opt_Validity].activated) { - validitylength = PORT_Atoi(certutil.options[opt_Validity].arg); - if (validitylength < 0) { - PR_fprintf(PR_STDERR, "%s -v: incorrect validity period: \"%s\"\n", - progName, certutil.options[opt_Validity].arg); - return 255; - } - } - - /* -w warp months */ - if (certutil.options[opt_OffsetMonths].activated) - warpmonths = PORT_Atoi(certutil.options[opt_OffsetMonths].arg); - - /* -y public exponent (for RSA) */ - if (certutil.options[opt_Exponent].activated) { - publicExponent = PORT_Atoi(certutil.options[opt_Exponent].arg); - if ((publicExponent != 3) && - (publicExponent != 17) && - (publicExponent != 65537)) { - PR_fprintf(PR_STDERR, "%s -y: incorrect public exponent %d.", - progName, publicExponent); - PR_fprintf(PR_STDERR, "Must be 3, 17, or 65537.\n"); - return 255; - } - } - - /* Check number of commands entered. */ - commandsEntered = 0; - for (i=0; i< certutil.numCommands; i++) { - if (certutil.commands[i].activated) { - commandToRun = certutil.commands[i].flag; - commandsEntered++; - } - if (commandsEntered > 1) - break; - } - if (commandsEntered > 1) { - PR_fprintf(PR_STDERR, "%s: only one command at a time!\n", progName); - PR_fprintf(PR_STDERR, "You entered: "); - for (i=0; i< certutil.numCommands; i++) { - if (certutil.commands[i].activated) - PR_fprintf(PR_STDERR, " -%c", certutil.commands[i].flag); - } - PR_fprintf(PR_STDERR, "\n"); - return 255; - } - if (commandsEntered == 0) { - PR_fprintf(PR_STDERR, "%s: you must enter a command!\n", progName); - Usage(progName); - } - - if (certutil.commands[cmd_ListCerts].activated || - certutil.commands[cmd_PrintHelp].activated || - certutil.commands[cmd_ListKeys].activated || - certutil.commands[cmd_ListModules].activated || - certutil.commands[cmd_CheckCertValidity].activated || - certutil.commands[cmd_Version].activated ) { - readOnly = !certutil.options[opt_RW].activated; - } - - /* -A, -D, -F, -M, -S, -V, and all require -n */ - if ((certutil.commands[cmd_AddCert].activated || - certutil.commands[cmd_DeleteCert].activated || - certutil.commands[cmd_DeleteKey].activated || - certutil.commands[cmd_DumpChain].activated || - certutil.commands[cmd_ModifyCertTrust].activated || - certutil.commands[cmd_CreateAndAddCert].activated || - certutil.commands[cmd_CheckCertValidity].activated) && - !certutil.options[opt_Nickname].activated) { - PR_fprintf(PR_STDERR, - "%s -%c: nickname is required for this command (-n).\n", - progName, commandToRun); - return 255; - } - - /* -A, -E, -M, -S require trust */ - if ((certutil.commands[cmd_AddCert].activated || - certutil.commands[cmd_AddEmailCert].activated || - certutil.commands[cmd_ModifyCertTrust].activated || - certutil.commands[cmd_CreateAndAddCert].activated) && - !certutil.options[opt_Trust].activated) { - PR_fprintf(PR_STDERR, - "%s -%c: trust is required for this command (-t).\n", - progName, commandToRun); - return 255; - } - - /* if -L is given raw or ascii mode, it must be for only one cert. */ - if (certutil.commands[cmd_ListCerts].activated && - (certutil.options[opt_ASCIIForIO].activated || - certutil.options[opt_BinaryDER].activated) && - !certutil.options[opt_Nickname].activated) { - PR_fprintf(PR_STDERR, - "%s: nickname is required to dump cert in raw or ascii mode.\n", - progName); - return 255; - } - - /* -L can only be in (raw || ascii). */ - if (certutil.commands[cmd_ListCerts].activated && - certutil.options[opt_ASCIIForIO].activated && - certutil.options[opt_BinaryDER].activated) { - PR_fprintf(PR_STDERR, - "%s: cannot specify both -r and -a when dumping cert.\n", - progName); - return 255; - } - - /* For now, deny -C -x combination */ - if (certutil.commands[cmd_CreateNewCert].activated && - certutil.options[opt_SelfSign].activated) { - PR_fprintf(PR_STDERR, - "%s: self-signing a cert request is not supported.\n", - progName); - return 255; - } - - /* If making a cert request, need a subject. */ - if ((certutil.commands[cmd_CertReq].activated || - certutil.commands[cmd_CreateAndAddCert].activated) && - !certutil.options[opt_Subject].activated) { - PR_fprintf(PR_STDERR, - "%s -%c: subject is required to create a cert request.\n", - progName, commandToRun); - return 255; - } - - /* If making a cert, need a serial number. */ - if ((certutil.commands[cmd_CreateNewCert].activated || - certutil.commands[cmd_CreateAndAddCert].activated) && - !certutil.options[opt_SerialNumber].activated) { - /* Make a default serial number from the current time. */ - PRTime now = PR_Now(); - LL_USHR(now, now, 19); - LL_L2UI(serialNumber, now); - } - - /* Validation needs the usage to validate for. */ - if (certutil.commands[cmd_CheckCertValidity].activated && - !certutil.options[opt_Usage].activated) { - PR_fprintf(PR_STDERR, - "%s -V: specify a usage to validate the cert for (-u).\n", - progName); - return 255; - } - - /* To make a cert, need either a issuer or to self-sign it. */ - if (certutil.commands[cmd_CreateAndAddCert].activated && - !(certutil.options[opt_IssuerName].activated || - certutil.options[opt_SelfSign].activated)) { - PR_fprintf(PR_STDERR, - "%s -S: must specify issuer (-c) or self-sign (-x).\n", - progName); - return 255; - } - - /* Using slotname == NULL for listing keys and certs on all slots, - * but only that. */ - if (!(certutil.commands[cmd_ListKeys].activated || - certutil.commands[cmd_DumpChain].activated || - certutil.commands[cmd_ListCerts].activated) && slotname == NULL) { - PR_fprintf(PR_STDERR, - "%s -%c: cannot use \"-h all\" for this command.\n", - progName, commandToRun); - return 255; - } - - /* Using keytype == nullKey for list all key types, but only that. */ - if (!certutil.commands[cmd_ListKeys].activated && keytype == nullKey) { - PR_fprintf(PR_STDERR, - "%s -%c: cannot use \"-k all\" for this command.\n", - progName, commandToRun); - return 255; - } - - /* -S open outFile, temporary file for cert request. */ - if (certutil.commands[cmd_CreateAndAddCert].activated) { - outFile = PR_Open(certreqfile, PR_RDWR | PR_CREATE_FILE, 00660); - if (!outFile) { - PR_fprintf(PR_STDERR, - "%s -o: unable to open \"%s\" for writing (%ld, %ld)\n", - progName, certreqfile, - PR_GetError(), PR_GetOSError()); - return 255; - } - } - - /* Open the input file. */ - if (certutil.options[opt_InputFile].activated) { - inFile = PR_Open(certutil.options[opt_InputFile].arg, PR_RDONLY, 0); - if (!inFile) { - PR_fprintf(PR_STDERR, - "%s: unable to open \"%s\" for reading (%ld, %ld).\n", - progName, certutil.options[opt_InputFile].arg, - PR_GetError(), PR_GetOSError()); - return 255; - } - } - - /* Open the output file. */ - if (certutil.options[opt_OutputFile].activated && !outFile) { - outFile = PR_Open(certutil.options[opt_OutputFile].arg, - PR_CREATE_FILE | PR_RDWR, 00660); - if (!outFile) { - PR_fprintf(PR_STDERR, - "%s: unable to open \"%s\" for writing (%ld, %ld).\n", - progName, certutil.options[opt_OutputFile].arg, - PR_GetError(), PR_GetOSError()); - return 255; - } - } - - name = SECU_GetOptionArg(&certutil, opt_Nickname); - - PK11_SetPasswordFunc(SECU_GetModulePassword); - - if (PR_TRUE == initialize) { - /* Initialize NSPR and NSS. */ - PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - rv = NSS_Initialize(SECU_ConfigDirectory(NULL), certPrefix, certPrefix, - "secmod.db", readOnly ? NSS_INIT_READONLY: 0); - if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - rv = SECFailure; - goto shutdown; - } - SECU_RegisterDynamicOids(); - } - certHandle = CERT_GetDefaultCertDB(); - - if (certutil.commands[cmd_Version].activated) { - printf("Certificate database content version: command not implemented.\n"); - } - - if (PL_strcmp(slotname, "internal") == 0) - slot = PK11_GetInternalKeySlot(); - else if (slotname != NULL) - slot = PK11_FindSlotByName(slotname); - - /* If creating new database, initialize the password. */ - if (certutil.commands[cmd_NewDBs].activated) { - SECU_ChangePW(slot, 0, certutil.options[opt_PasswordFile].arg); - } - - /* The following 8 options are mutually exclusive with all others. */ - - /* List certs (-L) */ - if (certutil.commands[cmd_ListCerts].activated) { - rv = ListCerts(certHandle, name, slot, - certutil.options[opt_BinaryDER].activated, - certutil.options[opt_ASCIIForIO].activated, - (outFile) ? outFile : PR_STDOUT, &pwdata); - goto shutdown; - } - if (certutil.commands[cmd_DumpChain].activated) { - rv = DumpChain(certHandle, name); - goto shutdown; - } - /* XXX needs work */ - /* List keys (-K) */ - if (certutil.commands[cmd_ListKeys].activated) { - rv = ListKeys(slot, name, 0 /*keyindex*/, keytype, PR_FALSE /*dopriv*/, - &pwdata); - goto shutdown; - } - /* List modules (-U) */ - if (certutil.commands[cmd_ListModules].activated) { - rv = ListModules(); - goto shutdown; - } - /* Delete cert (-D) */ - if (certutil.commands[cmd_DeleteCert].activated) { - rv = DeleteCert(certHandle, name); - goto shutdown; - } - /* Delete key (-F) */ - if (certutil.commands[cmd_DeleteKey].activated) { - rv = DeleteKey(name, &pwdata); - goto shutdown; - } - /* Modify trust attribute for cert (-M) */ - if (certutil.commands[cmd_ModifyCertTrust].activated) { - rv = ChangeTrustAttributes(certHandle, name, - certutil.options[opt_Trust].arg); - goto shutdown; - } - /* Change key db password (-W) (future - change pw to slot?) */ - if (certutil.commands[cmd_ChangePassword].activated) { - rv = SECU_ChangePW(slot, 0, certutil.options[opt_PasswordFile].arg); - goto shutdown; - } - /* Reset the a token */ - if (certutil.commands[cmd_TokenReset].activated) { - char *sso_pass = ""; - - if (certutil.options[opt_SSOPass].activated) { - sso_pass = certutil.options[opt_SSOPass].arg; - } - rv = PK11_ResetToken(slot,sso_pass); - - goto shutdown; - } - /* Check cert validity against current time (-V) */ - if (certutil.commands[cmd_CheckCertValidity].activated) { - /* XXX temporary hack for fips - must log in to get priv key */ - if (certutil.options[opt_VerifySig].activated) { - if (slot && PK11_NeedLogin(slot)) - PK11_Authenticate(slot, PR_TRUE, &pwdata); - } - rv = ValidateCert(certHandle, name, - certutil.options[opt_ValidityTime].arg, - certutil.options[opt_Usage].arg, - certutil.options[opt_VerifySig].activated, - certutil.options[opt_DetailedInfo].activated, - &pwdata); - goto shutdown; - } - - /* - * Key generation - */ - - /* These commands require keygen. */ - if (certutil.commands[cmd_CertReq].activated || - certutil.commands[cmd_CreateAndAddCert].activated || - certutil.commands[cmd_GenKeyPair].activated) { - /* XXX Give it a nickname. */ - privkey = - CERTUTIL_GeneratePrivateKey(keytype, slot, keysize, - publicExponent, - certutil.options[opt_NoiseFile].arg, - &pubkey, - certutil.options[opt_PQGFile].arg, - &pwdata); - if (privkey == NULL) { - SECU_PrintError(progName, "unable to generate key(s)\n"); - rv = SECFailure; - goto shutdown; - } - privkey->wincx = &pwdata; - PORT_Assert(pubkey != NULL); - - /* If all that was needed was keygen, exit. */ - if (certutil.commands[cmd_GenKeyPair].activated) { - rv = SECSuccess; - goto shutdown; - } - } - - /* - * Certificate request - */ - - /* Make a cert request (-R). */ - if (certutil.commands[cmd_CertReq].activated) { - rv = CertReq(privkey, pubkey, keytype, hashAlgTag, subject, - certutil.options[opt_PhoneNumber].arg, - certutil.options[opt_ASCIIForIO].activated, - certutil.options[opt_ExtendedEmailAddrs].arg, - certutil.options[opt_ExtendedDNSNames].arg, - certutil.options[opt_AddKeyUsageExt].activated, - certutil.options[opt_AddExtKeyUsageExt].activated, - certutil.options[opt_AddBasicConstraintExt].activated, - certutil.options[opt_AddAuthorityKeyIDExt].activated, - certutil.options[opt_AddCRLDistPtsExt].activated, - certutil.options[opt_AddNSCertTypeExt].activated, - outFile ? outFile : PR_STDOUT); - if (rv) - goto shutdown; - privkey->wincx = &pwdata; - } - - /* - * Certificate creation - */ - - /* If making and adding a cert, create a cert request file first without - * any extensions, then load it with the command line extensions - * and output the cert to another file. - */ - if (certutil.commands[cmd_CreateAndAddCert].activated) { - rv = CertReq(privkey, pubkey, keytype, hashAlgTag, subject, - certutil.options[opt_PhoneNumber].arg, - certutil.options[opt_ASCIIForIO].activated, - NULL, - NULL, - PR_FALSE, - PR_FALSE, - PR_FALSE, - PR_FALSE, - PR_FALSE, - PR_FALSE, - outFile ? outFile : PR_STDOUT); - if (rv) - goto shutdown; - privkey->wincx = &pwdata; - PR_Close(outFile); - inFile = PR_Open(certreqfile, PR_RDONLY, 0); - if (!inFile) { - PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld).\n", - certreqfile, PR_GetError(), PR_GetOSError()); - rv = SECFailure; - goto shutdown; - } - outFile = PR_Open(certfile, PR_RDWR | PR_CREATE_FILE, 00660); - if (!outFile) { - PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld).\n", - certfile, PR_GetError(), PR_GetOSError()); - rv = SECFailure; - goto shutdown; - } - } - - /* Create a certificate (-C or -S). */ - if (certutil.commands[cmd_CreateAndAddCert].activated || - certutil.commands[cmd_CreateNewCert].activated) { - rv = CreateCert(certHandle, - certutil.options[opt_IssuerName].arg, - inFile, outFile, privkey, &pwdata, hashAlgTag, - serialNumber, warpmonths, validitylength, - certutil.options[opt_ExtendedEmailAddrs].arg, - certutil.options[opt_ExtendedDNSNames].arg, - certutil.options[opt_ASCIIForIO].activated, - certutil.options[opt_SelfSign].activated, - certutil.options[opt_AddKeyUsageExt].activated, - certutil.options[opt_AddExtKeyUsageExt].activated, - certutil.options[opt_AddBasicConstraintExt].activated, - certutil.options[opt_AddAuthorityKeyIDExt].activated, - certutil.options[opt_AddCRLDistPtsExt].activated, - certutil.options[opt_AddNSCertTypeExt].activated); - if (rv) - goto shutdown; - } - - /* - * Adding a cert to the database (or slot) - */ - - if (certutil.commands[cmd_CreateAndAddCert].activated) { - PORT_Assert(inFile != PR_STDIN); - PR_Close(inFile); - PR_Close(outFile); - inFile = PR_Open(certfile, PR_RDONLY, 0); - if (!inFile) { - PR_fprintf(PR_STDERR, "Failed to open file \"%s\" (%ld, %ld).\n", - certfile, PR_GetError(), PR_GetOSError()); - rv = SECFailure; - goto shutdown; - } - } - - /* -A -E or -S Add the cert to the DB */ - if (certutil.commands[cmd_CreateAndAddCert].activated || - certutil.commands[cmd_AddCert].activated || - certutil.commands[cmd_AddEmailCert].activated) { - rv = AddCert(slot, certHandle, name, - certutil.options[opt_Trust].arg, - inFile, - certutil.options[opt_ASCIIForIO].activated, - certutil.commands[cmd_AddEmailCert].activated,&pwdata); - if (rv) - goto shutdown; - } - - if (certutil.commands[cmd_CreateAndAddCert].activated) { - PORT_Assert(inFile != PR_STDIN); - PR_Close(inFile); - PR_Delete(certfile); - PR_Delete(certreqfile); - } - -shutdown: - if (slot) { - PK11_FreeSlot(slot); - } - if (privkey) { - SECKEY_DestroyPrivateKey(privkey); - } - if (pubkey) { - SECKEY_DestroyPublicKey(pubkey); - } - - /* Open the batch command file. - * - * - If -B option is specified, the contents in the - * command file will be interpreted as subsequent certutil - * commands to be executed in the current certutil process - * context after the current certutil command has been executed. - * - Each line in the command file consists of the command - * line arguments for certutil. - * - The -d option will be ignored if specified in the - * command file. - * - Quoting with double quote characters ("...") is supported - * to allow white space in a command line argument. The - * double quote character cannot be escaped and quoting cannot - * be nested in this version. - * - each line in the batch file is limited to 512 characters - */ - - if ((SECSuccess == rv) && certutil.options[opt_Batch].activated) { - FILE* batchFile = fopen(certutil.options[opt_Batch].arg, "r"); - char nextcommand[512]; - if (!batchFile) { - PR_fprintf(PR_STDERR, - "%s: unable to open \"%s\" for reading (%ld, %ld).\n", - progName, certutil.options[opt_Batch].arg, - PR_GetError(), PR_GetOSError()); - return 255; - } - /* read and execute command-lines in a loop */ - while ( (SECSuccess == rv ) && - fgets(nextcommand, sizeof(nextcommand), batchFile)) { - /* we now need to split the command into argc / argv format */ - char* commandline = PORT_Strdup(nextcommand); - PRBool invalid = PR_FALSE; - int newargc = 2; - char* space = NULL; - char* nextarg = NULL; - char** newargv = NULL; - char* crlf = PORT_Strrchr(commandline, '\n'); - if (crlf) { - *crlf = '\0'; - } - - newargv = PORT_Alloc(sizeof(char*)*(newargc+1)); - newargv[0] = progName; - newargv[1] = commandline; - nextarg = commandline; - while ((space = PORT_Strpbrk(nextarg, " \f\n\r\t\v")) ) { - while (isspace(*space) ) { - *space = '\0'; - space ++; - } - if (*space == '\0') { - break; - } else if (*space != '\"') { - nextarg = space; - } else { - char* closingquote = strchr(space+1, '\"'); - if (closingquote) { - *closingquote = '\0'; - space++; - nextarg = closingquote+1; - } else { - invalid = PR_TRUE; - nextarg = space; - } - } - newargc++; - newargv = PORT_Realloc(newargv, sizeof(char*)*(newargc+1)); - newargv[newargc-1] = space; - } - newargv[newargc] = NULL; - - /* invoke next command */ - if (PR_TRUE == invalid) { - PR_fprintf(PR_STDERR, "Missing closing quote in batch command :\n%s\nNot executed.\n", - nextcommand); - rv = SECFailure; - } else { - if (0 != certutil_main(newargc, newargv, PR_FALSE) ) - rv = SECFailure; - } - PORT_Free(newargv); - PORT_Free(commandline); - } - fclose(batchFile); - } - - if ((initialize == PR_TRUE) && NSS_Shutdown() != SECSuccess) { - exit(1); - } - - if (rv == SECSuccess) { - return 0; - } else { - return 255; - } -} - -int -main(int argc, char **argv) -{ - return certutil_main(argc, argv, PR_TRUE); -} diff --git a/security/nss/cmd/certutil/keystuff.c b/security/nss/cmd/certutil/keystuff.c deleted file mode 100644 index 2167304098..0000000000 --- a/security/nss/cmd/certutil/keystuff.c +++ /dev/null @@ -1,583 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * Dr Vipul Gupta , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include -#include -#include "secutil.h" - -#if defined(XP_UNIX) -#include -#include -#include -#endif - -#if defined(XP_WIN) || defined (XP_PC) -#include -#include -#endif - -#if defined(__sun) && !defined(SVR4) -extern int fclose(FILE*); -extern int fprintf(FILE *, char *, ...); -extern int isatty(int); -extern char *sys_errlist[]; -#define strerror(errno) sys_errlist[errno] -#endif - -#include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" - -#include "pk11func.h" - -#define NUM_KEYSTROKES 120 -#define RAND_BUF_SIZE 60 - -#define ERROR_BREAK rv = SECFailure;break; - -const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) }, - { 0, } -}; - -/* returns 0 for success, -1 for failure (EOF encountered) */ -static int -UpdateRNG(void) -{ - char * randbuf; - int fd, i, count; - int c; - int rv = 0; -#ifdef XP_UNIX - cc_t orig_cc_min; - cc_t orig_cc_time; - tcflag_t orig_lflag; - struct termios tio; -#endif - -#define FPS fprintf(stderr, - FPS "\n"); - FPS "A random seed must be generated that will be used in the\n"); - FPS "creation of your key. One of the easiest ways to create a\n"); - FPS "random seed is to use the timing of keystrokes on a keyboard.\n"); - FPS "\n"); - FPS "To begin, type keys on the keyboard until this progress meter\n"); - FPS "is full. DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!\n"); - FPS "\n"); - FPS "\n"); - FPS "Continue typing until the progress meter is full:\n\n"); - FPS "| |\r"); - - /* turn off echo on stdin & return on 1 char instead of NL */ - fd = fileno(stdin); - -#if defined(XP_UNIX) && !defined(VMS) - tcgetattr(fd, &tio); - orig_lflag = tio.c_lflag; - orig_cc_min = tio.c_cc[VMIN]; - orig_cc_time = tio.c_cc[VTIME]; - tio.c_lflag &= ~ECHO; - tio.c_lflag &= ~ICANON; - tio.c_cc[VMIN] = 1; - tio.c_cc[VTIME] = 0; - tcsetattr(fd, TCSAFLUSH, &tio); -#endif - - /* Get random noise from keyboard strokes */ - randbuf = (char *) PORT_Alloc(RAND_BUF_SIZE); - count = 0; - while (count < NUM_KEYSTROKES+1) { -#ifdef VMS - c = GENERIC_GETCHAR_NOECHO(); -#elif XP_UNIX - c = getc(stdin); -#else - c = getch(); -#endif - if (c == EOF) { - rv = -1; - break; - } - PK11_RandomUpdate(randbuf, sizeof(randbuf)); - if (c != randbuf[0]) { - randbuf[0] = c; - FPS "\r|"); - for (i=0; iarena = arena; - - buf = (char *)ATOB_AsciiToData(str, &len); - if ((buf == NULL) || (len == 0)) - goto loser; - - status = SEC_ASN1Decode(arena, params, SECKEY_PQGParamsTemplate, buf, len); - if (status != SECSuccess) - goto loser; - - return params; - -loser: - if (arena != NULL) - PORT_FreeArena(arena, PR_FALSE); - return NULL; -} - -void -CERTUTIL_DestroyParamsPQG(SECKEYPQGParams *params) -{ - if (params->arena) { - PORT_FreeArena(params->arena, PR_FALSE); - } -} - -static int -pqg_prime_bits(const SECKEYPQGParams *params) -{ - int primeBits = 0; - - if (params != NULL) { - int i; - for (i = 0; params->prime.data[i] == 0; i++) { - /* empty */; - } - primeBits = (params->prime.len - i) * 8; - } - - return primeBits; -} - -static char * -getPQGString(const char *filename) -{ - unsigned char *buf = NULL; - PRFileDesc *src; - PRInt32 numBytes; - PRStatus prStatus; - PRFileInfo info; - - src = PR_Open(filename, PR_RDONLY, 0); - if (!src) { - fprintf(stderr, "Failed to open PQG file %s\n", filename); - return NULL; - } - - prStatus = PR_GetOpenFileInfo(src, &info); - - if (prStatus == PR_SUCCESS) { - buf = (unsigned char*)PORT_Alloc(info.size + 1); - } - if (!buf) { - PR_Close(src); - fprintf(stderr, "Failed to read PQG file %s\n", filename); - return NULL; - } - - numBytes = PR_Read(src, buf, info.size); - PR_Close(src); - if (numBytes != info.size) { - PORT_Free(buf); - fprintf(stderr, "Failed to read PQG file %s\n", filename); - PORT_SetError(SEC_ERROR_IO); - return NULL; - } - - if (buf[numBytes-1] == '\n') - numBytes--; - if (buf[numBytes-1] == '\r') - numBytes--; - buf[numBytes] = 0; - - return (char *)buf; -} - -static SECKEYPQGParams* -getpqgfromfile(int keyBits, const char *pqgFile) -{ - char *end, *str, *pqgString; - SECKEYPQGParams* params = NULL; - - str = pqgString = getPQGString(pqgFile); - if (!str) - return NULL; - - do { - end = PORT_Strchr(str, ','); - if (end) - *end = '\0'; - params = decode_pqg_params(str); - if (params) { - int primeBits = pqg_prime_bits(params); - if (keyBits == primeBits) - break; - CERTUTIL_DestroyParamsPQG(params); - params = NULL; - } - if (end) - str = end + 1; - } while (end); - - PORT_Free(pqgString); - return params; -} - -static SECStatus -CERTUTIL_FileForRNG(const char *noise) -{ - char buf[2048]; - PRFileDesc *fd; - PRInt32 count; - - fd = PR_Open(noise,PR_RDONLY,0); - if (!fd) { - fprintf(stderr, "failed to open noise file."); - return SECFailure; - } - - do { - count = PR_Read(fd,buf,sizeof(buf)); - if (count > 0) { - PK11_RandomUpdate(buf,count); - } - } while (count > 0); - - PR_Close(fd); - return SECSuccess; -} - -#ifdef NSS_ENABLE_ECC -typedef struct curveNameTagPairStr { - char *curveName; - SECOidTag curveOidTag; -} CurveNameTagPair; - -#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1 -/* #define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP160R1 */ - -static CurveNameTagPair nameTagPair[] = -{ - { "sect163k1", SEC_OID_SECG_EC_SECT163K1}, - { "nistk163", SEC_OID_SECG_EC_SECT163K1}, - { "sect163r1", SEC_OID_SECG_EC_SECT163R1}, - { "sect163r2", SEC_OID_SECG_EC_SECT163R2}, - { "nistb163", SEC_OID_SECG_EC_SECT163R2}, - { "sect193r1", SEC_OID_SECG_EC_SECT193R1}, - { "sect193r2", SEC_OID_SECG_EC_SECT193R2}, - { "sect233k1", SEC_OID_SECG_EC_SECT233K1}, - { "nistk233", SEC_OID_SECG_EC_SECT233K1}, - { "sect233r1", SEC_OID_SECG_EC_SECT233R1}, - { "nistb233", SEC_OID_SECG_EC_SECT233R1}, - { "sect239k1", SEC_OID_SECG_EC_SECT239K1}, - { "sect283k1", SEC_OID_SECG_EC_SECT283K1}, - { "nistk283", SEC_OID_SECG_EC_SECT283K1}, - { "sect283r1", SEC_OID_SECG_EC_SECT283R1}, - { "nistb283", SEC_OID_SECG_EC_SECT283R1}, - { "sect409k1", SEC_OID_SECG_EC_SECT409K1}, - { "nistk409", SEC_OID_SECG_EC_SECT409K1}, - { "sect409r1", SEC_OID_SECG_EC_SECT409R1}, - { "nistb409", SEC_OID_SECG_EC_SECT409R1}, - { "sect571k1", SEC_OID_SECG_EC_SECT571K1}, - { "nistk571", SEC_OID_SECG_EC_SECT571K1}, - { "sect571r1", SEC_OID_SECG_EC_SECT571R1}, - { "nistb571", SEC_OID_SECG_EC_SECT571R1}, - { "secp160k1", SEC_OID_SECG_EC_SECP160K1}, - { "secp160r1", SEC_OID_SECG_EC_SECP160R1}, - { "secp160r2", SEC_OID_SECG_EC_SECP160R2}, - { "secp192k1", SEC_OID_SECG_EC_SECP192K1}, - { "secp192r1", SEC_OID_SECG_EC_SECP192R1}, - { "nistp192", SEC_OID_SECG_EC_SECP192R1}, - { "secp224k1", SEC_OID_SECG_EC_SECP224K1}, - { "secp224r1", SEC_OID_SECG_EC_SECP224R1}, - { "nistp224", SEC_OID_SECG_EC_SECP224R1}, - { "secp256k1", SEC_OID_SECG_EC_SECP256K1}, - { "secp256r1", SEC_OID_SECG_EC_SECP256R1}, - { "nistp256", SEC_OID_SECG_EC_SECP256R1}, - { "secp384r1", SEC_OID_SECG_EC_SECP384R1}, - { "nistp384", SEC_OID_SECG_EC_SECP384R1}, - { "secp521r1", SEC_OID_SECG_EC_SECP521R1}, - { "nistp521", SEC_OID_SECG_EC_SECP521R1}, - - { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 }, - { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 }, - { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 }, - { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 }, - { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 }, - { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 }, - - { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 }, - { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 }, - { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 }, - { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 }, - { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 }, - { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 }, - { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 }, - { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 }, - { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 }, - { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 }, - { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 }, - { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 }, - { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 }, - { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 }, - { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 }, - { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 }, - { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 }, - { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 }, - { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 }, - { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 }, - - { "secp112r1", SEC_OID_SECG_EC_SECP112R1}, - { "secp112r2", SEC_OID_SECG_EC_SECP112R2}, - { "secp128r1", SEC_OID_SECG_EC_SECP128R1}, - { "secp128r2", SEC_OID_SECG_EC_SECP128R2}, - - { "sect113r1", SEC_OID_SECG_EC_SECT113R1}, - { "sect113r2", SEC_OID_SECG_EC_SECT113R2}, - { "sect131r1", SEC_OID_SECG_EC_SECT131R1}, - { "sect131r2", SEC_OID_SECG_EC_SECT131R2}, -}; - -static SECKEYECParams * -getECParams(const char *curve) -{ - SECKEYECParams *ecparams; - SECOidData *oidData = NULL; - SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */ - int i, numCurves; - - if (curve != NULL) { - numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair); - for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); - i++) { - if (PL_strcmp(curve, nameTagPair[i].curveName) == 0) - curveOidTag = nameTagPair[i].curveOidTag; - } - } - - /* Return NULL if curve name is not recognized */ - if ((curveOidTag == SEC_OID_UNKNOWN) || - (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) { - fprintf(stderr, "Unrecognized elliptic curve %s\n", curve); - return NULL; - } - - ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len)); - - /* - * ecparams->data needs to contain the ASN encoding of an object ID (OID) - * representing the named curve. The actual OID is in - * oidData->oid.data so we simply prepend 0x06 and OID length - */ - ecparams->data[0] = SEC_ASN1_OBJECT_ID; - ecparams->data[1] = oidData->oid.len; - memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len); - - return ecparams; -} -#endif /* NSS_ENABLE_ECC */ - -SECKEYPrivateKey * -CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, - int publicExponent, const char *noise, - SECKEYPublicKey **pubkeyp, const char *pqgFile, - secuPWData *pwdata) -{ - CK_MECHANISM_TYPE mechanism; - SECOidTag algtag; - PK11RSAGenParams rsaparams; - SECKEYPQGParams * dsaparams = NULL; - void * params; - SECKEYPrivateKey * privKey = NULL; - - if (slot == NULL) - return NULL; - - if (PK11_Authenticate(slot, PR_TRUE, pwdata) != SECSuccess) - return NULL; - - /* - * Do some random-number initialization. - */ - - if (noise) { - SECStatus rv = CERTUTIL_FileForRNG(noise); - if (rv != SECSuccess) { - PORT_SetError(PR_END_OF_FILE_ERROR); /* XXX */ - return NULL; - } - } else { - int rv = UpdateRNG(); - if (rv) { - PORT_SetError(PR_END_OF_FILE_ERROR); - return NULL; - } - } - - switch (keytype) { - case rsaKey: - rsaparams.keySizeInBits = size; - rsaparams.pe = publicExponent; - mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; - algtag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; - params = &rsaparams; - break; - case dsaKey: - mechanism = CKM_DSA_KEY_PAIR_GEN; - algtag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; - if (pqgFile) { - dsaparams = getpqgfromfile(size, pqgFile); - if (dsaparams == NULL) - return NULL; - params = dsaparams; - } else { - /* cast away const, and don't set dsaparams */ - params = (void *)&default_pqg_params; - } - break; -#ifdef NSS_ENABLE_ECC - case ecKey: - mechanism = CKM_EC_KEY_PAIR_GEN; - /* For EC keys, PQGFile determines EC parameters */ - if ((params = (void *) getECParams(pqgFile)) == NULL) - return NULL; - break; -#endif /* NSS_ENABLE_ECC */ - default: - return NULL; - } - - fprintf(stderr, "\n\n"); - fprintf(stderr, "Generating key. This may take a few moments...\n\n"); - - privKey = PK11_GenerateKeyPair(slot, mechanism, params, pubkeyp, - PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/, - pwdata /*wincx*/); - /* free up the params */ - switch (keytype) { - case rsaKey: /* nothing to free */ break; - case dsaKey: if (dsaparams) CERTUTIL_DestroyParamsPQG(dsaparams); - break; -#ifdef NSS_ENABLE_ECC - case ecKey: SECITEM_FreeItem((SECItem *)params, PR_TRUE); break; -#endif - } - return privKey; -} diff --git a/security/nss/cmd/certutil/manifest.mn b/security/nss/cmd/certutil/manifest.mn deleted file mode 100644 index 3aa07fcb0a..0000000000 --- a/security/nss/cmd/certutil/manifest.mn +++ /dev/null @@ -1,60 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -DEFINES += -DNSPR20 - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = \ - certutil.c \ - keystuff.c \ - $(NULL) - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = dbm seccmd - -PROGRAM = certutil - -ifdef NSS_ENABLE_ECC -DEFINES += -DNSS_ENABLE_ECC -endif - -#USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/checkcert/Makefile b/security/nss/cmd/checkcert/Makefile deleted file mode 100644 index 140b4191ff..0000000000 --- a/security/nss/cmd/checkcert/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - -include ../platrules.mk - diff --git a/security/nss/cmd/checkcert/checkcert.c b/security/nss/cmd/checkcert/checkcert.c deleted file mode 100644 index 3b6a8669d4..0000000000 --- a/security/nss/cmd/checkcert/checkcert.c +++ /dev/null @@ -1,642 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include "secutil.h" -#include "plgetopt.h" -#include "cert.h" -#include "secoid.h" -#include "cryptohi.h" - -/* maximum supported modulus length in bits (indicate problem if over this) */ -#define MAX_MODULUS (1024) - - -static void Usage(char *progName) -{ - fprintf(stderr, "Usage: %s [aAvf] [certtocheck] [issuingcert]\n", - progName); - fprintf(stderr, "%-20s Cert to check is base64 encoded\n", - "-a"); - fprintf(stderr, "%-20s Issuer's cert is base64 encoded\n", - "-A"); - fprintf(stderr, "%-20s Verbose (indicate decoding progress etc.)\n", - "-v"); - fprintf(stderr, "%-20s Force sanity checks even if pretty print fails.\n", - "-f"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", - "-o output"); - fprintf(stderr, "%-20s Specify the input type (no default)\n", - "-t type"); - exit(-1); -} - - -/* - * Check integer field named fieldName, printing out results and - * returning the length of the integer in bits - */ - -static -int checkInteger(SECItem *intItem, char *fieldName, int verbose) -{ - int len, bitlen; - if (verbose) { - printf("Checking %s\n", fieldName); - } - - len = intItem->len; - - if (len && (intItem->data[0] & 0x80)) { - printf("PROBLEM: %s is NEGATIVE 2's-complement integer.\n", - fieldName); - } - - - /* calculate bit length and check for unnecessary leading zeros */ - bitlen = len << 3; - if (len > 1 && intItem->data[0] == 0) { - /* leading zero byte(s) */ - if (!(intItem->data[1] & 0x80)) { - printf("PROBLEM: %s has unneeded leading zeros. Violates DER.\n", - fieldName); - } - /* strip leading zeros in length calculation */ - { - int i=0; - while (bitlen > 8 && intItem->data[i] == 0) { - bitlen -= 8; - i++; - } - } - } - return bitlen; -} - - - - -static -void checkName(CERTName *n, char *fieldName, int verbose) -{ - char *v=0; - if (verbose) { - printf("Checking %s\n", fieldName); - } - - v = CERT_GetCountryName(n); - if (!v) { - printf("PROBLEM: %s lacks Country Name (C)\n", - fieldName); - } - PORT_Free(v); - - v = CERT_GetOrgName(n); - if (!v) { - printf("PROBLEM: %s lacks Organization Name (O)\n", - fieldName); - } - PORT_Free(v); - - v = CERT_GetOrgUnitName(n); - if (!v) { - printf("WARNING: %s lacks Organization Unit Name (OU)\n", - fieldName); - } - PORT_Free(v); - - v = CERT_GetCommonName(n); - if (!v) { - printf("PROBLEM: %s lacks Common Name (CN)\n", - fieldName); - } - PORT_Free(v); -} - - - - -/* - * Private version of verification that checks for agreement between - * signature algorithm oid (at the SignedData level) and oid in DigestInfo. - * - */ - - -/* Returns the tag for the hash algorithm in the given signature algorithm */ - static - int hashAlg(int sigAlgTag) { - int rv; - switch(sigAlgTag) { - case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION: - rv = SEC_OID_MD2; - break; - case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: - rv = SEC_OID_MD5; - break; - case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: - rv = SEC_OID_SHA1; - break; - default: - rv = -1; - } - return rv; - } - - - -struct VFYContextStr { - int alg; - unsigned char digest[32]; - void *hasher; - void (*begin)(void *); - void (*update)(void *, unsigned char*, unsigned); - SECStatus (*end)(void *, unsigned char*, unsigned int*, unsigned); - void (*destroy)(void *, PRBool); -}; - - -static -SECStatus -OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key, - SECItem *sig, SECAlgorithmID *sigAlgorithm) -{ - SECStatus rv; - VFYContext *cx; - SECOidData *sigAlgOid, *oiddata; - int sigAlgTag; - int hashAlgTag; - int showDigestOid=0; - - cx = VFY_CreateContext(key, sig, SECOID_GetAlgorithmTag(sigAlgorithm), - NULL); - if (cx == NULL) - return SECFailure; - - sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm); - if (sigAlgOid == 0) - return SECFailure; - sigAlgTag = sigAlgOid->offset; - - hashAlgTag = hashAlg(sigAlgTag); - if (hashAlgTag == -1) { - printf("PROBLEM: Unsupported Digest Algorithm in DigestInfo"); - showDigestOid = 1; - } else if (hashAlgTag != cx->alg) { - printf("PROBLEM: Digest OID in DigestInfo is incompatible " - "with Signature Algorithm\n"); - showDigestOid = 1; - } - - if (showDigestOid) { - oiddata = SECOID_FindOIDByTag(cx->alg); - if ( oiddata ) { - printf("PROBLEM: (cont) Digest OID is %s\n", oiddata->desc); - } else { - SECU_PrintAsHex(stdout, - &oiddata->oid, "PROBLEM: UNKNOWN OID", 0); - } - } - - rv = VFY_Begin(cx); - if (rv == SECSuccess) { - rv = VFY_Update(cx, buf, len); - if (rv == SECSuccess) - rv = VFY_End(cx); - } - - VFY_DestroyContext(cx, PR_TRUE); - return rv; -} - - - -static -SECStatus -OurVerifySignedData(CERTSignedData *sd, CERTCertificate *cert) -{ - SECItem sig; - SECKEYPublicKey *pubKey = 0; - SECStatus rv; - - /* check the certificate's validity */ - rv = CERT_CertTimesValid(cert); - if ( rv ) { - return(SECFailure); - } - - /* get cert's public key */ - pubKey = CERT_ExtractPublicKey(cert); - if ( !pubKey ) { - return(SECFailure); - } - - /* check the signature */ - sig = sd->signature; - DER_ConvertBitString(&sig); - rv = OurVerifyData(sd->data.data, sd->data.len, pubKey, &sig, - &sd->signatureAlgorithm); - - SECKEY_DestroyPublicKey(pubKey); - - if ( rv ) { - return(SECFailure); - } - - return(SECSuccess); -} - - - - -static -CERTCertificate *createEmptyCertificate(void) -{ - PRArenaPool *arena = 0; - CERTCertificate *c = 0; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - return 0; - } - - - c = (CERTCertificate *) PORT_ArenaZAlloc(arena, sizeof(CERTCertificate)); - - if (c) { - c->referenceCount = 1; - c->arena = arena; - } else { - PORT_FreeArena(arena,PR_TRUE); - } - - return c; -} - - - - -int main(int argc, char **argv) -{ - int rv, verbose=0, force=0; - int ascii=0, issuerAscii=0; - char *progName=0; - PRFileDesc *inFile=0, *issuerCertFile=0; - SECItem derCert, derIssuerCert; - PRArenaPool *arena=0; - CERTSignedData *signedData=0; - CERTCertificate *cert=0, *issuerCert=0; - SECKEYPublicKey *rsapubkey=0; - SECAlgorithmID md5WithRSAEncryption, md2WithRSAEncryption; - SECAlgorithmID sha1WithRSAEncryption, rsaEncryption; - SECItem spk; - int selfSigned=0; - int invalid=0; - char *inFileName = NULL, *issuerCertFileName = NULL; - PLOptState *optstate; - PLOptStatus status; - - PORT_Memset(&md5WithRSAEncryption, 0, sizeof(md5WithRSAEncryption)); - PORT_Memset(&md2WithRSAEncryption, 0, sizeof(md2WithRSAEncryption)); - PORT_Memset(&sha1WithRSAEncryption, 0, sizeof(sha1WithRSAEncryption)); - PORT_Memset(&rsaEncryption, 0, sizeof(rsaEncryption)); - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - optstate = PL_CreateOptState(argc, argv, "aAvf"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case 'v': - verbose = 1; - break; - - case 'f': - force = 1; - break; - - case 'a': - ascii = 1; - break; - - case 'A': - issuerAscii = 1; - break; - - case '\0': - if (!inFileName) - inFileName = PL_strdup(optstate->value); - else if (!issuerCertFileName) - issuerCertFileName = PL_strdup(optstate->value); - else - Usage(progName); - break; - } - } - - if (!inFileName || !issuerCertFileName || status == PL_OPT_BAD) { - /* insufficient or excess args */ - Usage(progName); - } - - inFile = PR_Open(inFileName, PR_RDONLY, 0); - if (!inFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, inFileName); - exit(1); - } - - issuerCertFile = PR_Open(issuerCertFileName, PR_RDONLY, 0); - if (!issuerCertFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, issuerCertFileName); - exit(1); - } - - if (SECU_ReadDERFromFile(&derCert, inFile, ascii) != SECSuccess) { - printf("Couldn't read input certificate as DER binary or base64\n"); - exit(1); - } - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == 0) { - fprintf(stderr,"%s: can't allocate scratch arena!", progName); - exit(1); - } - - if (issuerCertFile) { - CERTSignedData *issuerCertSD=0; - if (SECU_ReadDERFromFile(&derIssuerCert, issuerCertFile, issuerAscii) - != SECSuccess) { - printf("Couldn't read issuer certificate as DER binary or base64.\n"); - exit(1); - } - issuerCertSD = PORT_ArenaZNew(arena, CERTSignedData); - if (!issuerCertSD) { - fprintf(stderr,"%s: can't allocate issuer signed data!", progName); - exit(1); - } - rv = SEC_ASN1DecodeItem(arena, issuerCertSD, - SEC_ASN1_GET(CERT_SignedDataTemplate), - &derIssuerCert); - if (rv) { - fprintf(stderr, "%s: Issuer cert isn't X509 SIGNED Data?\n", - progName); - exit(1); - } - issuerCert = createEmptyCertificate(); - if (!issuerCert) { - printf("%s: can't allocate space for issuer cert.", progName); - exit(1); - } - rv = SEC_ASN1DecodeItem(arena, issuerCert, - SEC_ASN1_GET(CERT_CertificateTemplate), - &issuerCertSD->data); - if (rv) { - printf("%s: Does not appear to be an X509 Certificate.\n", - progName); - exit(1); - } - } - - signedData = PORT_ArenaZNew(arena,CERTSignedData); - if (!signedData) { - fprintf(stderr,"%s: can't allocate signedData!", progName); - exit(1); - } - - rv = SEC_ASN1DecodeItem(arena, signedData, - SEC_ASN1_GET(CERT_SignedDataTemplate), - &derCert); - if (rv) { - fprintf(stderr, "%s: Does not appear to be X509 SIGNED Data.\n", - progName); - exit(1); - } - - if (verbose) { - printf("Decoded ok as X509 SIGNED data.\n"); - } - - cert = createEmptyCertificate(); - if (!cert) { - fprintf(stderr, "%s: can't allocate cert", progName); - exit(1); - } - - rv = SEC_ASN1DecodeItem(arena, cert, - SEC_ASN1_GET(CERT_CertificateTemplate), - &signedData->data); - if (rv) { - fprintf(stderr, "%s: Does not appear to be an X509 Certificate.\n", - progName); - exit(1); - } - - - if (verbose) { - printf("Decoded ok as an X509 certificate.\n"); - } - - SECU_RegisterDynamicOids(); - rv = SECU_PrintSignedData(stdout, &derCert, "Certificate", 0, - SECU_PrintCertificate); - - if (rv) { - fprintf(stderr, "%s: Unable to pretty print cert. Error: %d\n", - progName, PORT_GetError()); - if (!force) { - exit(1); - } - } - - - /* Do various checks on the cert */ - - printf("\n"); - - /* Check algorithms */ - SECOID_SetAlgorithmID(arena, &md5WithRSAEncryption, - SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, NULL); - - SECOID_SetAlgorithmID(arena, &md2WithRSAEncryption, - SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NULL); - - SECOID_SetAlgorithmID(arena, &sha1WithRSAEncryption, - SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION, NULL); - - SECOID_SetAlgorithmID(arena, &rsaEncryption, - SEC_OID_PKCS1_RSA_ENCRYPTION, NULL); - - { - int isMD5RSA = (SECOID_CompareAlgorithmID(&cert->signature, - &md5WithRSAEncryption) == 0); - int isMD2RSA = (SECOID_CompareAlgorithmID(&cert->signature, - &md2WithRSAEncryption) == 0); - int isSHA1RSA = (SECOID_CompareAlgorithmID(&cert->signature, - &sha1WithRSAEncryption) == 0); - - if (verbose) { - printf("\nDoing algorithm checks.\n"); - } - - if (!(isMD5RSA || isMD2RSA || isSHA1RSA)) { - printf("PROBLEM: Signature not PKCS1 MD5, MD2, or SHA1 + RSA.\n"); - } else if (!isMD5RSA) { - printf("WARNING: Signature not PKCS1 MD5 with RSA Encryption\n"); - } - - if (SECOID_CompareAlgorithmID(&cert->signature, - &signedData->signatureAlgorithm)) { - printf("PROBLEM: Algorithm in sig and certInfo don't match.\n"); - } - } - - if (SECOID_CompareAlgorithmID(&cert->subjectPublicKeyInfo.algorithm, - &rsaEncryption)) { - printf("PROBLEM: Public key algorithm is not PKCS1 RSA Encryption.\n"); - } - - /* Check further public key properties */ - spk = cert->subjectPublicKeyInfo.subjectPublicKey; - DER_ConvertBitString(&spk); - - if (verbose) { - printf("\nsubjectPublicKey DER\n"); - rv = DER_PrettyPrint(stdout, &spk, PR_FALSE); - printf("\n"); - } - - rsapubkey = (SECKEYPublicKey *) - PORT_ArenaZAlloc(arena,sizeof(SECKEYPublicKey)); - if (!rsapubkey) { - fprintf(stderr, "%s: rsapubkey allocation failed.\n", progName); - exit(1); - } - - rv = SEC_ASN1DecodeItem(arena, rsapubkey, - SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), &spk); - if (rv) { - printf("PROBLEM: subjectPublicKey is not a DER PKCS1 RSAPublicKey.\n"); - } else { - int mlen; - int pubexp; - if (verbose) { - printf("Decoded RSA Public Key ok. Doing key checks.\n"); - } - PORT_Assert(rsapubkey->keyType == rsaKey); /* XXX RSA */ - mlen = checkInteger(&rsapubkey->u.rsa.modulus, "Modulus", verbose); - printf("INFO: Public Key modulus length in bits: %d\n", mlen); - if (mlen > MAX_MODULUS) { - printf("PROBLEM: Modulus length exceeds %d bits.\n", - MAX_MODULUS); - } - if (mlen < 512) { - printf("WARNING: Short modulus.\n"); - } - if (mlen != (1 << (ffs(mlen)-1))) { - printf("WARNING: Unusual modulus length (not a power of two).\n"); - } - checkInteger(&rsapubkey->u.rsa.publicExponent, "Public Exponent", - verbose); - pubexp = DER_GetInteger(&rsapubkey->u.rsa.publicExponent); - if (pubexp != 17 && pubexp != 3 && pubexp != 65537) { - printf("WARNING: Public exponent not any of: 3, 17, 65537\n"); - } - } - - - /* Name checks */ - checkName(&cert->issuer, "Issuer Name", verbose); - checkName(&cert->subject, "Subject Name", verbose); - - if (issuerCert) { - SECComparison c = - CERT_CompareName(&cert->issuer, &issuerCert->subject); - if (c) { - printf("PROBLEM: Issuer Name and Subject in Issuing Cert differ\n"); - } - } - - /* Check if self-signed */ - selfSigned = (CERT_CompareName(&cert->issuer, &cert->subject) == 0); - if (selfSigned) { - printf("INFO: Certificate is self signed.\n"); - } else { - printf("INFO: Certificate is NOT self-signed.\n"); - } - - - /* Validity time check */ - if (CERT_CertTimesValid(cert) == SECSuccess) { - printf("INFO: Inside validity period of certificate.\n"); - } else { - printf("PROBLEM: Not in validity period of certificate.\n"); - invalid = 1; - } - - /* Signature check if self-signed */ - if (selfSigned && !invalid) { - if (rsapubkey->u.rsa.modulus.len) { - SECStatus ver; - if (verbose) { - printf("Checking self signature.\n"); - } - ver = OurVerifySignedData(signedData, cert); - if (ver != SECSuccess) { - printf("PROBLEM: Verification of self-signature failed!\n"); - } else { - printf("INFO: Self-signature verifies ok.\n"); - } - } else { - printf("INFO: Not checking signature due to key problems.\n"); - } - } else if (!selfSigned && !invalid && issuerCert) { - SECStatus ver; - ver = OurVerifySignedData(signedData, issuerCert); - if (ver != SECSuccess) { - printf("PROBLEM: Verification of issuer's signature failed!\n"); - } else { - printf("INFO: Issuer's signature verifies ok.\n"); - } - } else { - printf("INFO: Not checking signature.\n"); - } - - return 0; -} - - - diff --git a/security/nss/cmd/checkcert/manifest.mn b/security/nss/cmd/checkcert/manifest.mn deleted file mode 100644 index 91cbf1f4c7..0000000000 --- a/security/nss/cmd/checkcert/manifest.mn +++ /dev/null @@ -1,51 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = checkcert.c - -PROGRAM = checkcert diff --git a/security/nss/cmd/crlutil/Makefile b/security/nss/cmd/crlutil/Makefile deleted file mode 100644 index 0f01f4c47f..0000000000 --- a/security/nss/cmd/crlutil/Makefile +++ /dev/null @@ -1,85 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -# -# crlgen_lex can be generated on linux by flex or solaris by lex -# -crlgen_lex: - ${LEX} -t crlgen_lex_orig.l > crlgen_lex_fix.c - sed -f crlgen_lex_fix.sed < crlgen_lex_fix.c > crlgen_lex.c - rm -f crlgen_lex_fix.c - -include ../platrules.mk diff --git a/security/nss/cmd/crlutil/crlgen.c b/security/nss/cmd/crlutil/crlgen.c deleted file mode 100644 index 15e542cac5..0000000000 --- a/security/nss/cmd/crlutil/crlgen.c +++ /dev/null @@ -1,1627 +0,0 @@ -/* - * The contents of this file are subject to the Maxilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -/* -** crlgen.c -** -** utility for managing certificates revocation lists generation -** -*/ - - -#include -#include - -#include "nspr.h" -#include "plgetopt.h" -#include "nss.h" -#include "secutil.h" -#include "cert.h" -#include "certi.h" -#include "certdb.h" -#include "pk11func.h" -#include "crlgen.h" - - -/* these reroutines were taken from secitem.c, which is supposed to - * replace this file some day */ -/* - * This is the hash function. We simply XOR the encoded form with - * itself in sizeof(PLHashNumber)-byte chunks. Improving this - * routine is left as an excercise for the more mathematically - * inclined student. - */ -PLHashNumber PR_CALLBACK -SECITEM_Hash ( const void *key) -{ - const SECItem *item = (const SECItem *)key; - PLHashNumber rv = 0; - - PRUint8 *data = (PRUint8 *)item->data; - PRUint32 i; - PRUint8 *rvc = (PRUint8 *)&rv; - - for( i = 0; i < item->len; i++ ) { - rvc[ i % sizeof(rv) ] ^= *data; - data++; - } - - return rv; -} - -/* - * This is the key-compare function. It simply does a lexical - * comparison on the item data. This does not result in - * quite the same ordering as the "sequence of numbers" order, - * but heck it's only used internally by the hash table anyway. - */ -PRIntn PR_CALLBACK -SECITEM_HashCompare ( const void *k1, const void *k2) -{ - const SECItem *i1 = (const SECItem *)k1; - const SECItem *i2 = (const SECItem *)k2; - - return SECITEM_ItemsAreEqual(i1,i2); -} - -/* Destroys extHandle and data. data was create on heap. - * extHandle creaded by CERT_StartCRLEntryExtensions. entry - * was allocated on arena.*/ -static void -destroyEntryData(CRLGENEntryData *data) -{ - if (!data) - return; - PORT_Assert(data->entry); - if (data->extHandle) - CERT_FinishExtensions(data->extHandle); - PORT_Free(data); -} - - -/* Prints error messages along with line number */ -void -crlgen_PrintError(int line, char *msg, ...) -{ - va_list args; - - va_start(args, msg); - - fprintf(stderr, "crlgen: (line: %d) ", line); - vfprintf(stderr, msg, args); - - va_end(args); -} -/* Finds CRLGENEntryData in hashtable according PRUint64 value - * - certId : cert serial number*/ -static CRLGENEntryData* -crlgen_FindEntry(CRLGENGeneratorData *crlGenData, SECItem *certId) -{ - if (!crlGenData->entryDataHashTable || !certId) - return NULL; - return (CRLGENEntryData*) - PL_HashTableLookup(crlGenData->entryDataHashTable, - certId); -} - - -/* Removes CRLGENEntryData from hashtable according to certId - * - certId : cert serial number*/ -static SECStatus -crlgen_RmEntry(CRLGENGeneratorData *crlGenData, SECItem *certId) -{ - CRLGENEntryData *data = NULL; - - if (!crlGenData->entryDataHashTable) - return SECSuccess; - data = crlgen_FindEntry(crlGenData, certId); - if (!data) - return SECSuccess; - if (PL_HashTableRemove(crlGenData->entryDataHashTable, certId)) - return SECSuccess; - destroyEntryData(data); - return SECFailure; -} - - -/* Stores CRLGENEntryData in hashtable according to certId - * - certId : cert serial number*/ -static CRLGENEntryData* -crlgen_PlaceAnEntry(CRLGENGeneratorData *crlGenData, - CERTCrlEntry *entry, SECItem *certId) -{ - CRLGENEntryData *newData = NULL; - - PORT_Assert(crlGenData && crlGenData->entryDataHashTable && - entry); - if (!crlGenData || !crlGenData->entryDataHashTable || !entry) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } - - newData = PORT_ZNew(CRLGENEntryData); - if (!newData) { - return NULL; - } - newData->entry = entry; - newData->certId = certId; - if (!PL_HashTableAdd(crlGenData->entryDataHashTable, - newData->certId, newData)) { - crlgen_PrintError(crlGenData->parsedLineNum, - "Can not add entryData structure\n"); - return NULL; - } - return newData; -} - -/* Use this structure to keep pointer when commiting entries extensions */ -struct commitData { - int pos; - CERTCrlEntry **entries; -}; - -/* HT PL_HashTableEnumerateEntries callback. Sorts hashtable entries of the - * table he. Returns value through arg parameter*/ -static PRIntn PR_CALLBACK -crlgen_CommitEntryData(PLHashEntry *he, PRIntn i, void *arg) -{ - CRLGENEntryData *data = NULL; - - PORT_Assert(he); - if (!he) { - return HT_ENUMERATE_NEXT; - } - data = (CRLGENEntryData*)he->value; - - PORT_Assert(data); - PORT_Assert(arg); - - if (data) { - struct commitData *dt = (struct commitData*)arg; - dt->entries[dt->pos++] = data->entry; - destroyEntryData(data); - } - return HT_ENUMERATE_NEXT; -} - - - -/* Copy char * datainto allocated in arena SECItem */ -static SECStatus -crlgen_SetString(PRArenaPool *arena, const char *dataIn, SECItem *value) -{ - SECItem item; - - PORT_Assert(arena && dataIn); - if (!arena || !dataIn) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - item.data = (void*)dataIn; - item.len = PORT_Strlen(dataIn); - - return SECITEM_CopyItem(arena, value, &item); -} - -/* Creates CERTGeneralName from parsed data for the Authority Key Extension */ -static CERTGeneralName * -crlgen_GetGeneralName (PRArenaPool *arena, CRLGENGeneratorData *crlGenData, - const char *data) -{ - CERTGeneralName *namesList = NULL; - CERTGeneralName *current; - CERTGeneralName *tail = NULL; - SECStatus rv = SECSuccess; - const char *nextChunk = NULL; - const char *currData = NULL; - int intValue; - char buffer[512]; - void *mark; - - if (!data) - return NULL; - PORT_Assert (arena); - if (!arena) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } - - mark = PORT_ArenaMark (arena); - - nextChunk = data; - currData = data; - do { - int nameLen = 0; - char name[128]; - const char *sepPrt = NULL; - nextChunk = PORT_Strchr(currData, '|'); - if (!nextChunk) - nextChunk = data + strlen(data); - sepPrt = PORT_Strchr(currData, ':'); - if (sepPrt == NULL || sepPrt >= nextChunk) { - *buffer = '\0'; - sepPrt = nextChunk; - } else { - PORT_Memcpy(buffer, sepPrt + 1, - (nextChunk - sepPrt - 1)); - buffer[nextChunk - sepPrt - 1] = '\0'; - } - nameLen = PR_MIN(sepPrt - currData, sizeof(name) - 1 ); - PORT_Memcpy(name, currData, nameLen); - name[nameLen] = '\0'; - currData = nextChunk + 1; - - if (!PORT_Strcmp(name, "otherName")) - intValue = certOtherName; - else if (!PORT_Strcmp(name, "rfc822Name")) - intValue = certRFC822Name; - else if (!PORT_Strcmp(name, "dnsName")) - intValue = certDNSName; - else if (!PORT_Strcmp(name, "x400Address")) - intValue = certX400Address; - else if (!PORT_Strcmp(name, "directoryName")) - intValue = certDirectoryName; - else if (!PORT_Strcmp(name, "ediPartyName")) - intValue = certEDIPartyName; - else if (!PORT_Strcmp(name, "URI")) - intValue = certURI; - else if (!PORT_Strcmp(name, "ipAddress")) - intValue = certIPAddress; - else if (!PORT_Strcmp(name, "registerID")) - intValue = certRegisterID; - else intValue = -1; - - if (intValue >= certOtherName && intValue <= certRegisterID) { - if (namesList == NULL) { - namesList = current = tail = PORT_ArenaZNew(arena, - CERTGeneralName); - } else { - current = PORT_ArenaZNew(arena, CERTGeneralName); - } - if (current == NULL) { - rv = SECFailure; - break; - } - } else { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - break; - } - current->type = intValue; - switch (current->type) { - case certURI: - case certDNSName: - case certRFC822Name: - current->name.other.data = PORT_ArenaAlloc (arena, strlen (buffer)); - if (current->name.other.data == NULL) { - rv = SECFailure; - break; - } - PORT_Memcpy(current->name.other.data, buffer, - current->name.other.len = strlen(buffer)); - break; - - case certEDIPartyName: - case certIPAddress: - case certOtherName: - case certRegisterID: - case certX400Address: { - - current->name.other.data = PORT_ArenaAlloc (arena, strlen (buffer) + 2); - if (current->name.other.data == NULL) { - rv = SECFailure; - break; - } - - PORT_Memcpy (current->name.other.data + 2, buffer, strlen (buffer)); -/* This may not be accurate for all cases.For now, use this tag type */ - current->name.other.data[0] = (char)(((current->type - 1) & 0x1f)| 0x80); - current->name.other.data[1] = (char)strlen (buffer); - current->name.other.len = strlen (buffer) + 2; - break; - } - - case certDirectoryName: { - CERTName *directoryName = NULL; - - directoryName = CERT_AsciiToName (buffer); - if (!directoryName) { - rv = SECFailure; - break; - } - - rv = CERT_CopyName (arena, ¤t->name.directoryName, directoryName); - CERT_DestroyName (directoryName); - - break; - } - } - if (rv != SECSuccess) - break; - current->l.next = &(namesList->l); - current->l.prev = &(tail->l); - tail->l.next = &(current->l); - tail = current; - - } while(nextChunk != data + strlen(data)); - - if (rv != SECSuccess) { - PORT_ArenaRelease (arena, mark); - namesList = NULL; - } - return (namesList); -} - -/* Creates CERTGeneralName from parsed data for the Authority Key Extension */ -static CERTGeneralName * -crlgen_DistinguishedName (PRArenaPool *arena, CRLGENGeneratorData *crlGenData, - const char *data) -{ - CERTName *directoryName = NULL; - CERTGeneralName *current; - SECStatus rv = SECFailure; - void *mark; - - if (!data) - return NULL; - PORT_Assert (arena); - if (!arena) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } - - mark = PORT_ArenaMark (arena); - - current = PORT_ArenaZNew(arena, CERTGeneralName); - if (current == NULL) { - goto loser; - } - current->type = certDirectoryName; - current->l.next = ¤t->l; - current->l.prev = ¤t->l; - - directoryName = CERT_AsciiToName ((char*)data); - if (!directoryName) { - goto loser; - } - - rv = CERT_CopyName (arena, ¤t->name.directoryName, directoryName); - CERT_DestroyName (directoryName); - - loser: - if (rv != SECSuccess) { - PORT_SetError (rv); - PORT_ArenaRelease (arena, mark); - current = NULL; - } - return (current); -} - - -/* Adding Authority Key ID extension to extension handle. */ -static SECStatus -crlgen_AddAuthKeyID (CRLGENGeneratorData *crlGenData, - const char **dataArr) -{ - void *extHandle = NULL; - CERTAuthKeyID *authKeyID = NULL; - PRArenaPool *arena = NULL; - SECStatus rv = SECSuccess; - - PORT_Assert(dataArr && crlGenData); - if (!crlGenData || !dataArr) { - return SECFailure; - } - - extHandle = crlGenData->crlExtHandle; - - if (!dataArr[0] || !dataArr[1] || !dataArr[2]) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of parameters.\n"); - return SECFailure; - } - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (!arena) { - return SECFailure; - } - - authKeyID = PORT_ArenaZNew(arena, CERTAuthKeyID); - if (authKeyID == NULL) { - rv = SECFailure; - goto loser; - } - - if (dataArr[3] == NULL) { - rv = crlgen_SetString (arena, dataArr[2], &authKeyID->keyID); - if (rv != SECSuccess) - goto loser; - } else { - rv = crlgen_SetString (arena, dataArr[3], - &authKeyID->authCertSerialNumber); - if (rv != SECSuccess) - goto loser; - - authKeyID->authCertIssuer = - crlgen_DistinguishedName (arena, crlGenData, dataArr[2]); - if (authKeyID->authCertIssuer == NULL && SECFailure == PORT_GetError ()){ - crlgen_PrintError(crlGenData->parsedLineNum, "syntax error.\n"); - rv = SECFailure; - goto loser; - } - } - - rv = - SECU_EncodeAndAddExtensionValue(arena, extHandle, authKeyID, - (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE, - SEC_OID_X509_AUTH_KEY_ID, - (EXTEN_EXT_VALUE_ENCODER) CERT_EncodeAuthKeyID); - loser: - if (arena) - PORT_FreeArena (arena, PR_FALSE); - return rv; -} - -/* Creates and add Subject Alternative Names extension */ -static SECStatus -crlgen_AddIssuerAltNames(CRLGENGeneratorData *crlGenData, - const char **dataArr) -{ - CERTGeneralName *nameList = NULL; - PRArenaPool *arena = NULL; - void *extHandle = NULL; - SECStatus rv = SECSuccess; - - - PORT_Assert(dataArr && crlGenData); - if (!crlGenData || !dataArr) { - return SECFailure; - } - - if (!dataArr || !dataArr[0] || !dataArr[1] || !dataArr[2]) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of arguments.\n"); - return SECFailure; - } - - PORT_Assert(dataArr && crlGenData); - if (!crlGenData || !dataArr) { - return SECFailure; - } - - extHandle = crlGenData->crlExtHandle; - - if (!dataArr[0] || !dataArr[1] || !dataArr[2]) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of parameters.\n"); - return SECFailure; - } - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (!arena) { - return SECFailure; - } - - nameList = crlgen_GetGeneralName(arena, crlGenData, dataArr[2]); - if (nameList == NULL) { - crlgen_PrintError(crlGenData->parsedLineNum, "syntax error.\n"); - rv = SECFailure; - goto loser; - } - - rv = - SECU_EncodeAndAddExtensionValue(arena, extHandle, nameList, - (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE, - SEC_OID_X509_ISSUER_ALT_NAME, - (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeAltNameExtension); - loser: - if (arena) - PORT_FreeArena (arena, PR_FALSE); - return rv; -} - -/* Creates and adds CRLNumber extension to extension handle. - * Since, this is CRL extension, extension handle is the one - * related to CRL extensions */ -static SECStatus -crlgen_AddCrlNumber(CRLGENGeneratorData *crlGenData, const char **dataArr) -{ - PRArenaPool *arena = NULL; - SECItem encodedItem; - void *extHandle = crlGenData->crlExtHandle; - void *dummy; - SECStatus rv = SECFailure; - int code = 0; - - PORT_Assert(dataArr && crlGenData); - if (!crlGenData || !dataArr) { - goto loser; - } - - if (!dataArr[0] || !dataArr[1] || !dataArr[2]) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of arguments.\n"); - goto loser; - } - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - goto loser; - } - - code = atoi(dataArr[2]); - if (code == 0 && *dataArr[2] != '0') { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - goto loser; - } - - dummy = SEC_ASN1EncodeInteger(arena, &encodedItem, code); - if (!dummy) { - rv = SECFailure; - goto loser; - } - - rv = CERT_AddExtension (extHandle, SEC_OID_X509_CRL_NUMBER, &encodedItem, - (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE, - PR_TRUE); - - loser: - if (arena) - PORT_FreeArena(arena, PR_FALSE); - return rv; - -} - - -/* Creates Cert Revocation Reason code extension. Encodes it and - * returns as SECItem structure */ -static SECItem* -crlgen_CreateReasonCode(PRArenaPool *arena, const char **dataArr, - int *extCode) -{ - SECItem *encodedItem; - void *dummy; - void *mark; - int code = 0; - - PORT_Assert(arena && dataArr); - if (!arena || !dataArr) { - goto loser; - } - - mark = PORT_ArenaMark(arena); - - encodedItem = PORT_ArenaZNew (arena, SECItem); - if (encodedItem == NULL) { - goto loser; - } - - if (dataArr[2] == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - goto loser; - } - - code = atoi(dataArr[2]); - /* aACompromise(10) is the last possible of the values - * for the Reason Core Extension */ - if ((code == 0 && *dataArr[2] != '0') || code > 10) { - - PORT_SetError(SEC_ERROR_INVALID_ARGS); - goto loser; - } - - dummy = SEC_ASN1EncodeInteger(arena, encodedItem, code); - if (!dummy) { - goto loser; - } - - *extCode = SEC_OID_X509_REASON_CODE; - return encodedItem; - - loser: - PORT_ArenaRelease (arena, mark); - return NULL; -} - -/* Creates Cert Invalidity Date extension. Encodes it and - * returns as SECItem structure */ -static SECItem* -crlgen_CreateInvalidityDate(PRArenaPool *arena, const char **dataArr, - int *extCode) -{ - SECItem *encodedItem; - int length = 0; - void *mark; - - PORT_Assert(arena && dataArr); - if (!arena || !dataArr) { - goto loser; - } - - mark = PORT_ArenaMark(arena); - - encodedItem = PORT_ArenaZNew(arena, SECItem); - if (encodedItem == NULL) { - goto loser; - } - - length = PORT_Strlen(dataArr[2]); - - encodedItem->type = siGeneralizedTime; - encodedItem->data = PORT_ArenaAlloc(arena, length); - if (!encodedItem->data) { - goto loser; - } - - PORT_Memcpy(encodedItem->data, dataArr[2], (encodedItem->len = length) * - sizeof(char)); - - *extCode = SEC_OID_X509_INVALID_DATE; - return encodedItem; - - loser: - PORT_ArenaRelease(arena, mark); - return NULL; -} - -/* Creates(by calling extCreator function) and adds extension to a set - * of already added certs. Uses values of rangeFrom and rangeTo from - * CRLGENCrlGenCtl structure for identifying the inclusive set of certs */ -static SECStatus -crlgen_AddEntryExtension(CRLGENGeneratorData *crlGenData, - const char **dataArr, char *extName, - SECItem* (*extCreator)(PRArenaPool *arena, - const char **dataArr, - int *extCode)) -{ - PRUint64 i = 0; - SECStatus rv = SECFailure; - int extCode = 0; - PRUint64 lastRange ; - SECItem *ext = NULL; - PRArenaPool *arena = NULL; - - - PORT_Assert(crlGenData && dataArr); - if (!crlGenData || !dataArr) { - goto loser; - } - - if (!dataArr[0] || !dataArr[1]) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of arguments.\n"); - } - - lastRange = crlGenData->rangeTo - crlGenData->rangeFrom + 1; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - goto loser; - } - - ext = extCreator(arena, dataArr, &extCode); - if (ext == NULL) { - crlgen_PrintError(crlGenData->parsedLineNum, - "got error while creating extension: %s\n", - extName); - goto loser; - } - - for (i = 0;i < lastRange;i++) { - CRLGENEntryData * extData = NULL; - void *extHandle = NULL; - SECItem * certIdItem = - SEC_ASN1EncodeInteger(arena, NULL, - crlGenData->rangeFrom + i); - if (!certIdItem) { - rv = SECFailure; - goto loser; - } - - extData = crlgen_FindEntry(crlGenData, certIdItem); - if (!extData) { - crlgen_PrintError(crlGenData->parsedLineNum, - "can not add extension: crl entry " - "(serial number: %d) is not in the list yet.\n", - crlGenData->rangeFrom + i); - continue; - } - - extHandle = extData->extHandle; - if (extHandle == NULL) { - extHandle = extData->extHandle = - CERT_StartCRLEntryExtensions(&crlGenData->signCrl->crl, - (CERTCrlEntry*)extData->entry); - } - rv = CERT_AddExtension (extHandle, extCode, ext, - (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE, - PR_TRUE); - if (rv == SECFailure) { - goto loser; - } - } - - loser: - if (arena) - PORT_FreeArena(arena, PR_FALSE); - return rv; -} - - -/* Commits all added entries and their's extensions into CRL. */ -SECStatus -CRLGEN_CommitExtensionsAndEntries(CRLGENGeneratorData *crlGenData) -{ - int size = 0; - CERTCrl *crl; - PRArenaPool *arena; - SECStatus rv = SECSuccess; - void *mark; - - PORT_Assert(crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena); - if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - arena = crlGenData->signCrl->arena; - crl = &crlGenData->signCrl->crl; - - mark = PORT_ArenaMark(arena); - - if (crlGenData->crlExtHandle) - CERT_FinishExtensions(crlGenData->crlExtHandle); - - size = crlGenData->entryDataHashTable->nentries; - crl->entries = NULL; - if (size) { - crl->entries = PORT_ArenaZNewArray(arena, CERTCrlEntry*, size + 1); - if (!crl->entries) { - rv = SECFailure; - } else { - struct commitData dt; - dt.entries = crl->entries; - dt.pos = 0; - PL_HashTableEnumerateEntries(crlGenData->entryDataHashTable, - &crlgen_CommitEntryData, &dt); - /* Last should be NULL */ - crl->entries[size] = NULL; - } - } - - if (rv != SECSuccess) - PORT_ArenaRelease(arena, mark); - return rv; -} - -/* Initializes extHandle with data from extensions array */ -static SECStatus -crlgen_InitExtensionHandle(void *extHandle, - CERTCertExtension **extensions) -{ - CERTCertExtension *extension = NULL; - - if (!extensions) - return SECSuccess; - - PORT_Assert(extHandle != NULL); - if (!extHandle) { - return SECFailure; - } - - extension = *extensions; - while (extension) { - SECOidTag oidTag = SECOID_FindOIDTag (&extension->id); -/* shell we skip unknown extensions? */ - CERT_AddExtension (extHandle, oidTag, &extension->value, - (extension->critical.len != 0) ? PR_TRUE : PR_FALSE, - PR_FALSE); - extension = *(++extensions); - } - return SECSuccess; -} - -/* Used for initialization of extension handles for crl and certs - * extensions from existing CRL data then modifying existing CRL.*/ -SECStatus -CRLGEN_ExtHandleInit(CRLGENGeneratorData *crlGenData) -{ - CERTCrl *crl = NULL; - PRUint64 maxSN = 0; - - PORT_Assert(crlGenData && crlGenData->signCrl && - crlGenData->entryDataHashTable); - if (!crlGenData || !crlGenData->signCrl || - !crlGenData->entryDataHashTable) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - crl = &crlGenData->signCrl->crl; - crlGenData->crlExtHandle = CERT_StartCRLExtensions(crl); - crlgen_InitExtensionHandle(crlGenData->crlExtHandle, - crl->extensions); - crl->extensions = NULL; - - if (crl->entries) { - CERTCrlEntry **entry = crl->entries; - while (*entry) { - PRUint64 sn = DER_GetInteger(&(*entry)->serialNumber); - CRLGENEntryData *extData = - crlgen_PlaceAnEntry(crlGenData, *entry, &(*entry)->serialNumber); - if ((*entry)->extensions) { - extData->extHandle = - CERT_StartCRLEntryExtensions(&crlGenData->signCrl->crl, - (CERTCrlEntry*)extData->entry); - if (crlgen_InitExtensionHandle(extData->extHandle, - (*entry)->extensions) == SECFailure) - return SECFailure; - } - (*entry)->extensions = NULL; - entry++; - maxSN = PR_MAX(maxSN, sn); - } - } - - crlGenData->rangeFrom = crlGenData->rangeTo = maxSN + 1; - return SECSuccess; -} - -/***************************************************************************** - * Parser trigger functions start here - */ - -/* Sets new internal range value for add/rm certs.*/ -static SECStatus -crlgen_SetNewRangeField(CRLGENGeneratorData *crlGenData, char *value) -{ - long rangeFrom = 0, rangeTo = 0; - char *dashPos = NULL; - - PORT_Assert(crlGenData); - if (!crlGenData) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - if (value == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of arguments.\n"); - return SECFailure; - } - - if ((dashPos = strchr(value, '-')) != NULL) { - char *rangeToS, *rangeFromS = value; - *dashPos = '\0'; - rangeFrom = atoi(rangeFromS); - *dashPos = '-'; - - rangeToS = (char*)(dashPos + 1); - rangeTo = atol(rangeToS); - } else { - rangeFrom = atol(value); - rangeTo = rangeFrom; - } - - if (rangeFrom < 1 || rangeToparsedLineNum, - "bad cert id range: %s.\n", value); - return SECFailure; - } - - crlGenData->rangeFrom = rangeFrom; - crlGenData->rangeTo = rangeTo; - - return SECSuccess; -} - -/* Changes issuer subject field in CRL. By default this data is taken from - * issuer cert subject field.Not yet implemented */ -static SECStatus -crlgen_SetIssuerField(CRLGENGeneratorData *crlGenData, char *value) -{ - crlgen_PrintError(crlGenData->parsedLineNum, - "Can not change CRL issuer field.\n"); - return SECFailure; -} - -/* Encode and sets CRL thisUpdate and nextUpdate time fields*/ -static SECStatus -crlgen_SetTimeField(CRLGENGeneratorData *crlGenData, char *value, - PRBool setThisUpdate) -{ - CERTSignedCrl *signCrl; - PRArenaPool *arena; - CERTCrl *crl; - int length = 0; - SECItem *timeDest = NULL; - - PORT_Assert(crlGenData && crlGenData->signCrl && - crlGenData->signCrl->arena); - if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - signCrl = crlGenData->signCrl; - arena = signCrl->arena; - crl = &signCrl->crl; - - if (value == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of arguments.\n"); - return SECFailure; - } - length = PORT_Strlen(value); - - if (setThisUpdate == PR_TRUE) { - timeDest = &crl->lastUpdate; - } else { - timeDest = &crl->nextUpdate; - } - - timeDest->type = siGeneralizedTime; - timeDest->data = PORT_ArenaAlloc(arena, length); - if (!timeDest->data) { - return SECFailure; - } - PORT_Memcpy(timeDest->data, value, length); - timeDest->len = length; - - return SECSuccess; -} - - -/* Adds new extension into CRL or added cert handles */ -static SECStatus -crlgen_AddExtension(CRLGENGeneratorData *crlGenData, const char **extData) -{ - PORT_Assert(crlGenData && crlGenData->crlExtHandle); - if (!crlGenData || !crlGenData->crlExtHandle) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - if (extData == NULL || *extData == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of arguments.\n"); - return SECFailure; - } - if (!PORT_Strcmp(*extData, "authKeyId")) - return crlgen_AddAuthKeyID(crlGenData, extData); - else if (!PORT_Strcmp(*extData, "issuerAltNames")) - return crlgen_AddIssuerAltNames(crlGenData, extData); - else if (!PORT_Strcmp(*extData, "crlNumber")) - return crlgen_AddCrlNumber(crlGenData, extData); - else if (!PORT_Strcmp(*extData, "reasonCode")) - return crlgen_AddEntryExtension(crlGenData, extData, "reasonCode", - crlgen_CreateReasonCode); - else if (!PORT_Strcmp(*extData, "invalidityDate")) - return crlgen_AddEntryExtension(crlGenData, extData, "invalidityDate", - crlgen_CreateInvalidityDate); - else { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of arguments.\n"); - return SECFailure; - } -} - - - -/* Created CRLGENEntryData for cert with serial number certId and - * adds it to entryDataHashTable. certId can be a single cert serial - * number or an inclusive rage of certs */ -static SECStatus -crlgen_AddCert(CRLGENGeneratorData *crlGenData, - char *certId, char *revocationDate) -{ - CERTSignedCrl *signCrl; - SECItem *certIdItem; - PRArenaPool *arena; - PRUint64 rangeFrom = 0, rangeTo = 0, i = 0; - int timeValLength = -1; - SECStatus rv = SECFailure; - void *mark; - - - PORT_Assert(crlGenData && crlGenData->signCrl && - crlGenData->signCrl->arena); - if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - signCrl = crlGenData->signCrl; - arena = signCrl->arena; - - if (!certId || !revocationDate) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "insufficient number of arguments.\n"); - return SECFailure; - } - - timeValLength = strlen(revocationDate); - - if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure && - certId) { - return SECFailure; - } - rangeFrom = crlGenData->rangeFrom; - rangeTo = crlGenData->rangeTo; - - for (i = 0;i < rangeTo - rangeFrom + 1;i++) { - CERTCrlEntry *entry; - mark = PORT_ArenaMark(arena); - entry = PORT_ArenaZNew(arena, CERTCrlEntry); - if (entry == NULL) { - goto loser; - } - - certIdItem = SEC_ASN1EncodeInteger(arena, &entry->serialNumber, - rangeFrom + i); - if (!certIdItem) { - goto loser; - } - - if (crlgen_FindEntry(crlGenData, certIdItem)) { - crlgen_PrintError(crlGenData->parsedLineNum, - "entry already exists. Use \"range\" " - "and \"rmcert\" before adding a new one with the " - "same serial number %ld\n", rangeFrom + i); - goto loser; - } - - entry->serialNumber.type = siBuffer; - - entry->revocationDate.type = siGeneralizedTime; - - entry->revocationDate.data = - PORT_ArenaAlloc(arena, timeValLength); - if (entry->revocationDate.data == NULL) { - goto loser; - } - - PORT_Memcpy(entry->revocationDate.data, revocationDate, - timeValLength * sizeof(char)); - entry->revocationDate.len = timeValLength; - - - entry->extensions = NULL; - if (!crlgen_PlaceAnEntry(crlGenData, entry, certIdItem)) { - goto loser; - } - mark = NULL; - } - - rv = SECSuccess; - loser: - if (mark) { - PORT_ArenaRelease(arena, mark); - } - return rv; -} - - -/* Removes certs from entryDataHashTable which have certId serial number. - * certId can have value of a range of certs */ -static SECStatus -crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId) -{ - PRUint64 i = 0; - PRArenaPool *arena; - - PORT_Assert(crlGenData && certId); - if (!crlGenData || !certId) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - arena = crlGenData->signCrl->arena; - - if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure && - certId) { - return SECFailure; - } - - for (i = 0;i < crlGenData->rangeTo - crlGenData->rangeFrom + 1;i++) { - SECItem* certIdItem = SEC_ASN1EncodeInteger(NULL, NULL, - crlGenData->rangeFrom + i); - if (certIdItem) { - CRLGENEntryData *extData = - crlgen_FindEntry(crlGenData, certIdItem); - if (!extData) { - printf("Cert with id %s is not in the list\n", certId); - } else { - crlgen_RmEntry(crlGenData, certIdItem); - } - SECITEM_FreeItem(certIdItem, PR_TRUE); - } - } - - return SECSuccess; -} - -/************************************************************************* - * Lex Parser Helper functions are used to store parsed information - * in context related structures. Context(or state) is identified base on - * a type of a instruction parser currently is going through. New context - * is identified by first token in a line. It can be addcert context, - * addext context, etc. */ - -/* Updates CRL field depending on current context */ -static SECStatus -crlgen_updateCrlFn_field(CRLGENGeneratorData *crlGenData, void *str) -{ - CRLGENCrlField *fieldStr = (CRLGENCrlField*)str; - - PORT_Assert(crlGenData); - if (!crlGenData) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - switch(crlGenData->contextId) { - case CRLGEN_ISSUER_CONTEXT: - crlgen_SetIssuerField(crlGenData, fieldStr->value); - break; - case CRLGEN_UPDATE_CONTEXT: - return crlgen_SetTimeField(crlGenData, fieldStr->value, PR_TRUE); - break; - case CRLGEN_NEXT_UPDATE_CONTEXT: - return crlgen_SetTimeField(crlGenData, fieldStr->value, PR_FALSE); - break; - case CRLGEN_CHANGE_RANGE_CONTEXT: - return crlgen_SetNewRangeField(crlGenData, fieldStr->value); - break; - default: - crlgen_PrintError(crlGenData->parsedLineNum, - "syntax error (unknow token type: %d)\n", - crlGenData->contextId); - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - return SECSuccess; -} - -/* Sets parsed data for CRL field update into temporary structure */ -static SECStatus -crlgen_setNextDataFn_field(CRLGENGeneratorData *crlGenData, void *str, - void *data, unsigned short dtype) -{ - CRLGENCrlField *fieldStr = (CRLGENCrlField*)str; - - PORT_Assert(crlGenData); - if (!crlGenData) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - switch (crlGenData->contextId) { - case CRLGEN_CHANGE_RANGE_CONTEXT: - if (dtype != CRLGEN_TYPE_DIGIT || dtype != CRLGEN_TYPE_DIGIT_RANGE) { - crlgen_PrintError(crlGenData->parsedLineNum, - "range value should have " - "numeric or numeric range values.\n"); - return SECFailure; - } - break; - case CRLGEN_NEXT_UPDATE_CONTEXT: - case CRLGEN_UPDATE_CONTEXT: - if (dtype != CRLGEN_TYPE_ZDATE){ - crlgen_PrintError(crlGenData->parsedLineNum, - "bad formated date. Should be " - "YYYYMMDDHHMMSSZ.\n"); - return SECFailure; - } - break; - default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "syntax error (unknow token type: %d).\n", - crlGenData->contextId, data); - return SECFailure; - } - fieldStr->value = PORT_Strdup(data); - if (!fieldStr->value) { - return SECFailure; - } - return SECSuccess; -} - -/* Triggers cert entries update depending on current context */ -static SECStatus -crlgen_updateCrlFn_cert(CRLGENGeneratorData *crlGenData, void *str) -{ - CRLGENCertEntry *certStr = (CRLGENCertEntry*)str; - - PORT_Assert(crlGenData); - if (!crlGenData) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - switch(crlGenData->contextId) { - case CRLGEN_ADD_CERT_CONTEXT: - return crlgen_AddCert(crlGenData, certStr->certId, - certStr->revocationTime); - case CRLGEN_RM_CERT_CONTEXT: - return crlgen_RmCert(crlGenData, certStr->certId); - default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "syntax error (unknow token type: %d).\n", - crlGenData->contextId); - return SECFailure; - } -} - - -/* Sets parsed data for CRL entries update into temporary structure */ -static SECStatus -crlgen_setNextDataFn_cert(CRLGENGeneratorData *crlGenData, void *str, - void *data, unsigned short dtype) -{ - CRLGENCertEntry *certStr = (CRLGENCertEntry*)str; - - PORT_Assert(crlGenData); - if (!crlGenData) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - switch(dtype) { - case CRLGEN_TYPE_DIGIT: - case CRLGEN_TYPE_DIGIT_RANGE: - certStr->certId = PORT_Strdup(data); - if (!certStr->certId) { - return SECFailure; - } - break; - case CRLGEN_TYPE_DATE: - case CRLGEN_TYPE_ZDATE: - certStr->revocationTime = PORT_Strdup(data); - if (!certStr->revocationTime) { - return SECFailure; - } - break; - default: - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "syntax error (unknow token type: %d).\n", - crlGenData->contextId); - return SECFailure; - } - return SECSuccess; -} - -/* Triggers cert entries/crl extension update */ -static SECStatus -crlgen_updateCrlFn_extension(CRLGENGeneratorData *crlGenData, void *str) -{ - CRLGENExtensionEntry *extStr = (CRLGENExtensionEntry*)str; - - return crlgen_AddExtension(crlGenData, (const char**)extStr->extData); -} - -/* Defines maximum number of fields extension may have */ -#define MAX_EXT_DATA_LENGTH 10 - -/* Sets parsed extension data for CRL entries/CRL extensions update - * into temporary structure */ -static SECStatus -crlgen_setNextDataFn_extension(CRLGENGeneratorData *crlGenData, void *str, - void *data, unsigned short dtype) -{ - CRLGENExtensionEntry *extStr = (CRLGENExtensionEntry*)str; - - PORT_Assert(crlGenData); - if (!crlGenData) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - if (extStr->extData == NULL) { - extStr->extData = PORT_ZNewArray(char *, MAX_EXT_DATA_LENGTH); - if (!extStr->extData) { - return SECFailure; - } - } - if (extStr->nextUpdatedData >= MAX_EXT_DATA_LENGTH) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - crlgen_PrintError(crlGenData->parsedLineNum, - "number of fields in extension " - "exceeded maximum allowed data length: %d.\n", - MAX_EXT_DATA_LENGTH); - return SECFailure; - } - extStr->extData[extStr->nextUpdatedData] = PORT_Strdup(data); - if (!extStr->extData[extStr->nextUpdatedData]) { - return SECFailure; - } - extStr->nextUpdatedData += 1; - - return SECSuccess; -} - - -/**************************************************************************************** - * Top level functions are triggered directly by parser. - */ - -/* - * crl generation script parser recreates a temporary data staructure - * for each line it is going through. This function cleans temp structure. - */ -void -crlgen_destroyTempData(CRLGENGeneratorData *crlGenData) -{ - if (crlGenData->contextId != CRLGEN_UNKNOWN_CONTEXT) { - switch(crlGenData->contextId) { - case CRLGEN_ISSUER_CONTEXT: - case CRLGEN_UPDATE_CONTEXT: - case CRLGEN_NEXT_UPDATE_CONTEXT: - case CRLGEN_CHANGE_RANGE_CONTEXT: - if (crlGenData->crlField->value) - PORT_Free(crlGenData->crlField->value); - PORT_Free(crlGenData->crlField); - break; - case CRLGEN_ADD_CERT_CONTEXT: - case CRLGEN_RM_CERT_CONTEXT: - if (crlGenData->certEntry->certId) - PORT_Free(crlGenData->certEntry->certId); - if (crlGenData->certEntry->revocationTime) - PORT_Free(crlGenData->certEntry->revocationTime); - PORT_Free(crlGenData->certEntry); - break; - case CRLGEN_ADD_EXTENSION_CONTEXT: - if (crlGenData->extensionEntry->extData) { - int i = 0; - for (;i < crlGenData->extensionEntry->nextUpdatedData;i++) - PORT_Free(*(crlGenData->extensionEntry->extData + i)); - PORT_Free(crlGenData->extensionEntry->extData); - } - PORT_Free(crlGenData->extensionEntry); - break; - } - crlGenData->contextId = CRLGEN_UNKNOWN_CONTEXT; - } -} - -SECStatus -crlgen_updateCrl(CRLGENGeneratorData *crlGenData) -{ - SECStatus rv = SECSuccess; - - PORT_Assert(crlGenData); - if (!crlGenData) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - switch(crlGenData->contextId) { - case CRLGEN_ISSUER_CONTEXT: - case CRLGEN_UPDATE_CONTEXT: - case CRLGEN_NEXT_UPDATE_CONTEXT: - case CRLGEN_CHANGE_RANGE_CONTEXT: - rv = crlGenData->crlField->updateCrlFn(crlGenData, crlGenData->crlField); - break; - case CRLGEN_RM_CERT_CONTEXT: - case CRLGEN_ADD_CERT_CONTEXT: - rv = crlGenData->certEntry->updateCrlFn(crlGenData, crlGenData->certEntry); - break; - case CRLGEN_ADD_EXTENSION_CONTEXT: - rv = crlGenData->extensionEntry-> - updateCrlFn(crlGenData, crlGenData->extensionEntry); - break; - case CRLGEN_UNKNOWN_CONTEXT: - break; - default: - crlgen_PrintError(crlGenData->parsedLineNum, - "unknown lang context type code: %d.\n", - crlGenData->contextId); - PORT_Assert(0); - return SECFailure; - } - /* Clrean structures after crl update */ - crlgen_destroyTempData(crlGenData); - - crlGenData->parsedLineNum += 1; - - return rv; -} - -SECStatus -crlgen_setNextData(CRLGENGeneratorData *crlGenData, void *data, - unsigned short dtype) -{ - SECStatus rv = SECSuccess; - - PORT_Assert(crlGenData); - if (!crlGenData) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - switch(crlGenData->contextId) { - case CRLGEN_ISSUER_CONTEXT: - case CRLGEN_UPDATE_CONTEXT: - case CRLGEN_NEXT_UPDATE_CONTEXT: - case CRLGEN_CHANGE_RANGE_CONTEXT: - rv = crlGenData->crlField->setNextDataFn(crlGenData, crlGenData->crlField, - data, dtype); - break; - case CRLGEN_ADD_CERT_CONTEXT: - case CRLGEN_RM_CERT_CONTEXT: - rv = crlGenData->certEntry->setNextDataFn(crlGenData, crlGenData->certEntry, - data, dtype); - break; - case CRLGEN_ADD_EXTENSION_CONTEXT: - rv = - crlGenData->extensionEntry-> - setNextDataFn(crlGenData, crlGenData->extensionEntry, data, dtype); - break; - case CRLGEN_UNKNOWN_CONTEXT: - break; - default: - crlgen_PrintError(crlGenData->parsedLineNum, - "unknown context type: %d.\n", - crlGenData->contextId); - PORT_Assert(0); - return SECFailure; - } - return rv; -} - -SECStatus -crlgen_createNewLangStruct(CRLGENGeneratorData *crlGenData, - unsigned structType) -{ - PORT_Assert(crlGenData && - crlGenData->contextId == CRLGEN_UNKNOWN_CONTEXT); - if (!crlGenData || - crlGenData->contextId != CRLGEN_UNKNOWN_CONTEXT) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - switch(structType) { - case CRLGEN_ISSUER_CONTEXT: - case CRLGEN_UPDATE_CONTEXT: - case CRLGEN_NEXT_UPDATE_CONTEXT: - case CRLGEN_CHANGE_RANGE_CONTEXT: - crlGenData->crlField = PORT_New(CRLGENCrlField); - if (!crlGenData->crlField) { - return SECFailure; - } - crlGenData->contextId = structType; - crlGenData->crlField->value = NULL; - crlGenData->crlField->updateCrlFn = &crlgen_updateCrlFn_field; - crlGenData->crlField->setNextDataFn = &crlgen_setNextDataFn_field; - break; - case CRLGEN_RM_CERT_CONTEXT: - case CRLGEN_ADD_CERT_CONTEXT: - crlGenData->certEntry = PORT_New(CRLGENCertEntry); - if (!crlGenData->certEntry) { - return SECFailure; - } - crlGenData->contextId = structType; - crlGenData->certEntry->certId = 0; - crlGenData->certEntry->revocationTime = NULL; - crlGenData->certEntry->updateCrlFn = &crlgen_updateCrlFn_cert; - crlGenData->certEntry->setNextDataFn = &crlgen_setNextDataFn_cert; - break; - case CRLGEN_ADD_EXTENSION_CONTEXT: - crlGenData->extensionEntry = PORT_New(CRLGENExtensionEntry); - if (!crlGenData->extensionEntry) { - return SECFailure; - } - crlGenData->contextId = structType; - crlGenData->extensionEntry->extData = NULL; - crlGenData->extensionEntry->nextUpdatedData = 0; - crlGenData->extensionEntry->updateCrlFn = - &crlgen_updateCrlFn_extension; - crlGenData->extensionEntry->setNextDataFn = - &crlgen_setNextDataFn_extension; - break; - case CRLGEN_UNKNOWN_CONTEXT: - break; - default: - crlgen_PrintError(crlGenData->parsedLineNum, - "unknown context type: %d.\n", structType); - PORT_Assert(0); - return SECFailure; - } - return SECSuccess; -} - - -/* Parser initialization function */ -CRLGENGeneratorData* -CRLGEN_InitCrlGeneration(CERTSignedCrl *signCrl, PRFileDesc *src) -{ - CRLGENGeneratorData *crlGenData = NULL; - - PORT_Assert(signCrl && src); - if (!signCrl || !src) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } - - crlGenData = PORT_ZNew(CRLGENGeneratorData); - if (!crlGenData) { - return NULL; - } - - crlGenData->entryDataHashTable = - PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare, - PL_CompareValues, NULL, NULL); - if (!crlGenData->entryDataHashTable) { - PORT_Free(crlGenData); - return NULL; - } - - crlGenData->src = src; - crlGenData->parsedLineNum = 1; - crlGenData->contextId = CRLGEN_UNKNOWN_CONTEXT; - crlGenData->signCrl = signCrl; - crlGenData->rangeFrom = 0; - crlGenData->rangeTo = 0; - crlGenData->crlExtHandle = NULL; - - PORT_SetError(0); - - return crlGenData; -} - -void -CRLGEN_FinalizeCrlGeneration(CRLGENGeneratorData *crlGenData) -{ - if (!crlGenData) - return; - if (crlGenData->src) - PR_Close(crlGenData->src); - PL_HashTableDestroy(crlGenData->entryDataHashTable); - PORT_Free(crlGenData); -} - diff --git a/security/nss/cmd/crlutil/crlgen.h b/security/nss/cmd/crlutil/crlgen.h deleted file mode 100644 index 4eb5304e35..0000000000 --- a/security/nss/cmd/crlutil/crlgen.h +++ /dev/null @@ -1,182 +0,0 @@ - -#ifndef _CRLGEN_H_ -#define _CRLGEN_H_ - -#include "prio.h" -#include "prprf.h" -#include "plhash.h" -#include "seccomon.h" -#include "certt.h" -#include "secoidt.h" - - -#define CRLGEN_UNKNOWN_CONTEXT 0 -#define CRLGEN_ISSUER_CONTEXT 1 -#define CRLGEN_UPDATE_CONTEXT 2 -#define CRLGEN_NEXT_UPDATE_CONTEXT 3 -#define CRLGEN_ADD_EXTENSION_CONTEXT 4 -#define CRLGEN_ADD_CERT_CONTEXT 6 -#define CRLGEN_CHANGE_RANGE_CONTEXT 7 -#define CRLGEN_RM_CERT_CONTEXT 8 - -#define CRLGEN_TYPE_DATE 0 -#define CRLGEN_TYPE_ZDATE 1 -#define CRLGEN_TYPE_DIGIT 2 -#define CRLGEN_TYPE_DIGIT_RANGE 3 -#define CRLGEN_TYPE_OID 4 -#define CRLGEN_TYPE_STRING 5 -#define CRLGEN_TYPE_ID 6 - - -typedef struct CRLGENGeneratorDataStr CRLGENGeneratorData; -typedef struct CRLGENEntryDataStr CRLGENEntryData; -typedef struct CRLGENExtensionEntryStr CRLGENExtensionEntry; -typedef struct CRLGENCertEntrySrt CRLGENCertEntry; -typedef struct CRLGENCrlFieldStr CRLGENCrlField; -typedef struct CRLGENEntriesSortedDataStr CRLGENEntriesSortedData; - -/* Exported functions */ - -/* Used for initialization of extension handles for crl and certs - * extensions from existing CRL data then modifying existing CRL.*/ -extern SECStatus CRLGEN_ExtHandleInit(CRLGENGeneratorData *crlGenData); - -/* Commits all added entries and their's extensions into CRL. */ -extern SECStatus CRLGEN_CommitExtensionsAndEntries(CRLGENGeneratorData *crlGenData); - -/* Lunches the crl generation script parse */ -extern SECStatus CRLGEN_StartCrlGen(CRLGENGeneratorData *crlGenData); - -/* Closes crl generation script file and frees crlGenData */ -extern void CRLGEN_FinalizeCrlGeneration(CRLGENGeneratorData *crlGenData); - -/* Parser initialization function. Creates CRLGENGeneratorData structure - * for the current thread */ -extern CRLGENGeneratorData* CRLGEN_InitCrlGeneration(CERTSignedCrl *newCrl, - PRFileDesc *src); - - -/* This lock is defined in crlgen_lex.c(derived from crlgen_lex.l). - * It controls access to invocation of yylex, allows to parse one - * script at a time */ -extern void CRLGEN_InitCrlGenParserLock(); -extern void CRLGEN_DestroyCrlGenParserLock(); - - -/* The following function types are used to define functions for each of - * CRLGENExtensionEntryStr, CRLGENCertEntrySrt, CRLGENCrlFieldStr to - * provide functionality needed for these structures*/ -typedef SECStatus updateCrlFn_t(CRLGENGeneratorData *crlGenData, void *str); -typedef SECStatus setNextDataFn_t(CRLGENGeneratorData *crlGenData, void *str, - void *data, unsigned short dtype); -typedef SECStatus createNewLangStructFn_t(CRLGENGeneratorData *crlGenData, - void *str, unsigned i); - -/* Sets reports failure to parser if anything goes wrong */ -extern void crlgen_setFailure(CRLGENGeneratorData *str, char *); - -/* Collects data in to one of the current data structure that corresponds - * to the correct context type. This function gets called after each token - * is found for a particular line */ -extern SECStatus crlgen_setNextData(CRLGENGeneratorData *str, void *data, - unsigned short dtype); - -/* initiates crl update with collected data. This function is called at the - * end of each line */ -extern SECStatus crlgen_updateCrl(CRLGENGeneratorData *str); - -/* Creates new context structure depending on token that was parsed - * at the beginning of a line */ -extern SECStatus crlgen_createNewLangStruct(CRLGENGeneratorData *str, - unsigned structType); - - -/* CRLGENExtensionEntry is used to store addext request data for either - * CRL extensions or CRL entry extensions. The differentiation between - * is based on order and type of extension been added. - * - extData : all data in request staring from name of the extension are - * in saved here. - * - nextUpdatedData: counter of elements added to extData - */ -struct CRLGENExtensionEntryStr { - char **extData; - int nextUpdatedData; - updateCrlFn_t *updateCrlFn; - setNextDataFn_t *setNextDataFn; -}; - -/* CRLGENCeryestEntry is used to store addcert request data - * - certId : certificate id or range of certificate with dash as a delimiter - * All certs from range will be inclusively added to crl - * - revocationTime: revocation time of cert(s) - */ -struct CRLGENCertEntrySrt { - char *certId; - char *revocationTime; - updateCrlFn_t *updateCrlFn; - setNextDataFn_t *setNextDataFn; -}; - - -/* CRLGENCrlField is used to store crl fields record like update time, next - * update time, etc. - * - value: value of the parsed field data*/ -struct CRLGENCrlFieldStr { - char *value; - updateCrlFn_t *updateCrlFn; - setNextDataFn_t *setNextDataFn; -}; - -/* Can not create entries extension until completely done with parsing. - * Therefore need to keep joined data - * - certId : serial number of certificate - * - extHandle: head pointer to a list of extensions that belong to - * entry - * - entry : CERTCrlEntry structure pointer*/ -struct CRLGENEntryDataStr { - SECItem *certId; - void *extHandle; - CERTCrlEntry *entry; -}; - -/* Crl generator/parser main structure. Keeps info regarding current state of - * parser(context, status), parser helper functions pointers, parsed data and - * generated data. - * - contextId : current parsing context. Context in this parser environment - * defines what type of crl operations parser is going through - * in the current line of crl generation script. - * setting or new cert or an extension addition, etc. - * - createNewLangStructFn: pointer to top level function which creates - * data structures according contextId - * - setNextDataFn : pointer to top level function which sets new parsed data - * in temporary structure - * - updateCrlFn : pointer to top level function which triggers actual - * crl update functions with gathered data - * - union : data union create according to contextId - * - rangeFrom, rangeTo : holds last range in which certs was added - * - newCrl : pointer to CERTSignedCrl newly created crl - * - crlExtHandle : pointer to crl extension handle - * - entryDataHashTable: hash of CRLGENEntryData. - * key: cert serial number - * data: CRLGENEntryData pointer - * - parserStatus : current status of parser. Triggers parser to abort when - * set to SECFailure - * - src : PRFileDesc structure pointer of crl generator config file - * - parsedLineNum : currently parsing line. Keeping it to report errors */ -struct CRLGENGeneratorDataStr { - unsigned short contextId; - CRLGENCrlField *crlField; - CRLGENCertEntry *certEntry; - CRLGENExtensionEntry *extensionEntry; - PRUint64 rangeFrom; - PRUint64 rangeTo; - CERTSignedCrl *signCrl; - void *crlExtHandle; - PLHashTable *entryDataHashTable; - - PRFileDesc *src; - int parsedLineNum; -}; - - -#endif /* _CRLGEN_H_ */ diff --git a/security/nss/cmd/crlutil/crlgen_lex.c b/security/nss/cmd/crlutil/crlgen_lex.c deleted file mode 100644 index 26a888d609..0000000000 --- a/security/nss/cmd/crlutil/crlgen_lex.c +++ /dev/null @@ -1,1783 +0,0 @@ -/* A lexical scanner generated by flex */ - -/* Scanner skeleton version: - * $Header$ - */ - -#define FLEX_SCANNER -#define YY_FLEX_MAJOR_VERSION 2 -#define YY_FLEX_MINOR_VERSION 5 - -#include -#ifndef _WIN32 -#include -#endif - - -/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ -#ifdef c_plusplus -#ifndef __cplusplus -#define __cplusplus -#endif -#endif - - -#ifdef __cplusplus - -#include - -/* Use prototypes in function declarations. */ -#define YY_USE_PROTOS - -/* The "const" storage-class-modifier is valid. */ -#define YY_USE_CONST - -#else /* ! __cplusplus */ - -#if __STDC__ - -#define YY_USE_PROTOS -#define YY_USE_CONST - -#endif /* __STDC__ */ -#endif /* ! __cplusplus */ - -#ifdef __TURBOC__ - #pragma warn -rch - #pragma warn -use -#include -#include -#define YY_USE_CONST -#define YY_USE_PROTOS -#endif - -#ifdef YY_USE_CONST -#define yyconst const -#else -#define yyconst -#endif - - -#ifdef YY_USE_PROTOS -#define YY_PROTO(proto) proto -#else -#define YY_PROTO(proto) () -#endif - -/* Returned upon end-of-file. */ -#define YY_NULL 0 - -/* Promotes a possibly negative, possibly signed char to an unsigned - * integer for use as an array index. If the signed char is negative, - * we want to instead treat it as an 8-bit unsigned char, hence the - * double cast. - */ -#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) - -/* Enter a start condition. This macro really ought to take a parameter, - * but we do it the disgusting crufty way forced on us by the ()-less - * definition of BEGIN. - */ -#define BEGIN yy_start = 1 + 2 * - -/* Translate the current start state into a value that can be later handed - * to BEGIN to return to the state. The YYSTATE alias is for lex - * compatibility. - */ -#define YY_START ((yy_start - 1) / 2) -#define YYSTATE YY_START - -/* Action number for EOF rule of a given start state. */ -#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) - -/* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart( yyin ) - -#define YY_END_OF_BUFFER_CHAR 0 - -/* Size of default input buffer. */ -#define YY_BUF_SIZE 16384 - -typedef struct yy_buffer_state *YY_BUFFER_STATE; - -extern int yyleng; -extern FILE *yyin, *yyout; - -#define EOB_ACT_CONTINUE_SCAN 0 -#define EOB_ACT_END_OF_FILE 1 -#define EOB_ACT_LAST_MATCH 2 - -/* The funky do-while in the following #define is used to turn the definition - * int a single C statement (which needs a semi-colon terminator). This - * avoids problems with code like: - * - * if ( condition_holds ) - * yyless( 5 ); - * else - * do_something_else(); - * - * Prior to using the do-while the compiler would get upset at the - * "else" because it interpreted the "if" statement as being all - * done when it reached the ';' after the yyless() call. - */ - -/* Return all but the first 'n' matched characters back to the input stream. */ - -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - *yy_cp = yy_hold_char; \ - YY_RESTORE_YY_MORE_OFFSET \ - yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ - YY_DO_BEFORE_ACTION; /* set up yytext again */ \ - } \ - while ( 0 ) - -#define unput(c) yyunput( c, yytext_ptr ) - -/* The following is because we cannot portably get our hands on size_t - * (without autoconf's help, which isn't available because we want - * flex-generated scanners to compile on their own). - */ -typedef unsigned int yy_size_t; - - -struct yy_buffer_state - { - FILE *yy_input_file; - - char *yy_ch_buf; /* input buffer */ - char *yy_buf_pos; /* current position in input buffer */ - - /* Size of input buffer in bytes, not including room for EOB - * characters. - */ - yy_size_t yy_buf_size; - - /* Number of characters read into yy_ch_buf, not including EOB - * characters. - */ - int yy_n_chars; - - /* Whether we "own" the buffer - i.e., we know we created it, - * and can realloc() it to grow it, and should free() it to - * delete it. - */ - int yy_is_our_buffer; - - /* Whether this is an "interactive" input source; if so, and - * if we're using stdio for input, then we want to use getc() - * instead of fread(), to make sure we stop fetching input after - * each newline. - */ - int yy_is_interactive; - - /* Whether we're considered to be at the beginning of a line. - * If so, '^' rules will be active on the next match, otherwise - * not. - */ - int yy_at_bol; - - /* Whether to try to fill the input buffer when we reach the - * end of it. - */ - int yy_fill_buffer; - - int yy_buffer_status; -#define YY_BUFFER_NEW 0 -#define YY_BUFFER_NORMAL 1 - /* When an EOF's been seen but there's still some text to process - * then we mark the buffer as YY_EOF_PENDING, to indicate that we - * shouldn't try reading from the input source any more. We might - * still have a bunch of tokens to match, though, because of - * possible backing-up. - * - * When we actually see the EOF, we change the status to "new" - * (via yyrestart()), so that the user can continue scanning by - * just pointing yyin at a new input file. - */ -#define YY_BUFFER_EOF_PENDING 2 - }; - -static YY_BUFFER_STATE yy_current_buffer = 0; - -/* We provide macros for accessing buffer states in case in the - * future we want to put the buffer states in a more general - * "scanner state". - */ -#define YY_CURRENT_BUFFER yy_current_buffer - - -/* yy_hold_char holds the character lost when yytext is formed. */ -static char yy_hold_char; - -static int yy_n_chars; /* number of characters read into yy_ch_buf */ - - -int yyleng; - -/* Points to current character in buffer. */ -static char *yy_c_buf_p = (char *) 0; -static int yy_init = 1; /* whether we need to initialize */ -static int yy_start = 0; /* start state number */ - -/* Flag which is used to allow yywrap()'s to do buffer switches - * instead of setting up a fresh yyin. A bit of a hack ... - */ -static int yy_did_buffer_switch_on_eof; - -void yyrestart YY_PROTO(( FILE *input_file )); - -void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); -void yy_load_buffer_state YY_PROTO(( void )); -YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); -void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); -void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); -void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); -#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) - -YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); -YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); -YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); - -static void *yy_flex_alloc YY_PROTO(( yy_size_t )); -static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); -static void yy_flex_free YY_PROTO(( void * )); - -#define yy_new_buffer yy_create_buffer - -#define yy_set_interactive(is_interactive) \ - { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_is_interactive = is_interactive; \ - } - -#define yy_set_bol(at_bol) \ - { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_at_bol = at_bol; \ - } - -#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) - -typedef unsigned char YY_CHAR; -FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; -typedef int yy_state_type; -extern char *yytext; -#define yytext_ptr yytext - -static yy_state_type yy_get_previous_state YY_PROTO(( void )); -static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); -static int yy_get_next_buffer YY_PROTO(( void )); -static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); - -/* Done after the current pattern has been matched and before the - * corresponding action - sets up yytext. - */ -#define YY_DO_BEFORE_ACTION \ - yytext_ptr = yy_bp; \ - yytext_ptr -= yy_more_len; \ - yyleng = (int) (yy_cp - yytext_ptr); \ - yy_hold_char = *yy_cp; \ - *yy_cp = '\0'; \ - yy_c_buf_p = yy_cp; - -#define YY_NUM_RULES 17 -#define YY_END_OF_BUFFER 18 -static yyconst short int yy_accept[67] = - { 0, - 0, 0, 18, 16, 14, 15, 16, 11, 12, 2, - 10, 9, 9, 9, 9, 9, 13, 14, 15, 11, - 12, 0, 12, 2, 9, 9, 9, 9, 9, 13, - 3, 4, 2, 9, 9, 9, 9, 2, 9, 9, - 9, 9, 2, 2, 9, 9, 8, 9, 2, 5, - 9, 6, 2, 9, 2, 9, 2, 9, 2, 7, - 2, 2, 2, 2, 1, 0 - } ; - -static yyconst int yy_ec[256] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, - 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 1, 5, 6, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 7, 8, 1, 9, 9, 10, - 11, 12, 12, 12, 13, 13, 13, 14, 1, 1, - 15, 1, 1, 1, 16, 16, 16, 16, 16, 16, - 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, - 16, 16, 16, 16, 16, 16, 16, 16, 16, 17, - 1, 1, 1, 1, 1, 1, 18, 16, 16, 19, - - 20, 16, 21, 16, 22, 16, 16, 16, 16, 23, - 16, 24, 16, 25, 26, 27, 28, 16, 16, 29, - 16, 16, 1, 14, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1 - } ; - -static yyconst int yy_meta[30] = - { 0, - 1, 1, 2, 1, 3, 1, 1, 4, 5, 5, - 5, 5, 5, 4, 1, 4, 4, 4, 4, 4, - 4, 4, 4, 4, 4, 4, 4, 4, 4 - } ; - -static yyconst short int yy_base[72] = - { 0, - 0, 149, 154, 205, 138, 205, 103, 0, 0, 23, - 205, 29, 30, 31, 32, 33, 0, 99, 205, 0, - 0, 0, 50, 55, 34, 61, 41, 63, 64, 0, - 0, 0, 79, 65, 68, 86, 66, 99, 105, 88, - 106, 90, 118, 76, 107, 110, 89, 125, 43, 91, - 127, 128, 138, 144, 113, 129, 154, 160, 160, 130, - 172, 166, 177, 144, 0, 205, 190, 192, 194, 199, - 76 - } ; - -static yyconst short int yy_def[72] = - { 0, - 66, 1, 66, 66, 66, 66, 66, 67, 68, 68, - 66, 69, 69, 69, 69, 69, 70, 66, 66, 67, - 68, 71, 68, 10, 69, 69, 69, 69, 69, 70, - 71, 23, 10, 69, 69, 69, 69, 10, 69, 69, - 69, 69, 10, 38, 69, 69, 69, 69, 38, 69, - 69, 69, 38, 69, 38, 69, 38, 69, 38, 69, - 38, 38, 38, 38, 68, 0, 66, 66, 66, 66, - 66 - } ; - -static yyconst short int yy_nxt[235] = - { 0, - 4, 5, 6, 7, 8, 4, 4, 9, 10, 10, - 10, 10, 10, 9, 11, 12, 12, 12, 12, 12, - 12, 13, 14, 12, 15, 12, 12, 16, 12, 22, - 23, 24, 24, 24, 24, 24, 21, 21, 21, 21, - 21, 21, 21, 21, 21, 21, 21, 21, 21, 28, - 27, 53, 53, 53, 21, 26, 29, 32, 32, 32, - 32, 32, 32, 33, 33, 33, 33, 33, 21, 35, - 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, - 31, 21, 37, 42, 44, 36, 34, 38, 38, 38, - 38, 38, 39, 21, 40, 21, 21, 21, 21, 21, - - 18, 21, 21, 21, 21, 19, 41, 43, 44, 44, - 44, 44, 21, 21, 21, 46, 48, 21, 21, 21, - 21, 57, 57, 21, 45, 47, 49, 49, 49, 49, - 49, 50, 21, 51, 21, 21, 21, 21, 21, 18, - 21, 21, 21, 21, 52, 54, 55, 55, 55, 55, - 55, 21, 44, 66, 17, 58, 66, 21, 66, 66, - 65, 56, 59, 59, 59, 59, 59, 21, 61, 61, - 61, 61, 66, 21, 63, 63, 63, 63, 66, 60, - 62, 62, 62, 62, 62, 64, 64, 64, 64, 64, - 20, 20, 66, 20, 20, 21, 21, 25, 25, 30, - - 66, 30, 30, 30, 3, 66, 66, 66, 66, 66, - 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, - 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, - 66, 66, 66, 66 - } ; - -static yyconst short int yy_chk[235] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 10, - 10, 10, 10, 10, 10, 10, 12, 13, 14, 15, - 16, 25, 12, 13, 14, 15, 16, 25, 27, 15, - 14, 49, 49, 49, 27, 13, 16, 23, 23, 23, - 23, 23, 23, 24, 24, 24, 24, 24, 26, 27, - 28, 29, 34, 37, 26, 35, 28, 29, 34, 37, - 71, 35, 29, 37, 44, 28, 26, 33, 33, 33, - 33, 33, 34, 36, 35, 40, 47, 42, 50, 36, - - 18, 40, 47, 42, 50, 7, 36, 38, 38, 38, - 38, 38, 39, 41, 45, 40, 42, 46, 39, 41, - 45, 55, 55, 46, 39, 41, 43, 43, 43, 43, - 43, 45, 48, 46, 51, 52, 56, 60, 48, 5, - 51, 52, 56, 60, 48, 51, 53, 53, 53, 53, - 53, 54, 64, 3, 2, 56, 0, 54, 0, 0, - 64, 54, 57, 57, 57, 57, 57, 58, 59, 59, - 59, 59, 0, 58, 62, 62, 62, 62, 0, 58, - 61, 61, 61, 61, 61, 63, 63, 63, 63, 63, - 67, 67, 0, 67, 67, 68, 68, 69, 69, 70, - - 0, 70, 70, 70, 66, 66, 66, 66, 66, 66, - 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, - 66, 66, 66, 66, 66, 66, 66, 66, 66, 66, - 66, 66, 66, 66 - } ; - -static yy_state_type yy_last_accepting_state; -static char *yy_last_accepting_cpos; - -/* The intent behind this definition is that it'll catch - * any uses of REJECT which flex missed. - */ -#define REJECT reject_used_but_not_detected -static int yy_more_flag = 0; -static int yy_more_len = 0; -#define yymore() (yy_more_flag = 1) -#define YY_MORE_ADJ yy_more_len -#define YY_RESTORE_YY_MORE_OFFSET -char *yytext; -#line 1 "crlgen_lex_orig.l" -#define INITIAL 0 -#line 2 "crlgen_lex_orig.l" - -#include "crlgen.h" - -static SECStatus parserStatus = SECSuccess; -static CRLGENGeneratorData *parserData; -static PRFileDesc *src; - -#define YY_INPUT(buf,result,max_size) \ - if ( parserStatus != SECFailure) { \ - if (((result = PR_Read(src, buf, max_size)) == 0) && \ - ferror( yyin )) \ - return SECFailure; \ - } else { return SECFailure; } - - - -/* Macros after this point can all be overridden by user definitions in - * section 1. - */ - -#ifndef YY_SKIP_YYWRAP -#ifdef __cplusplus -extern "C" int yywrap YY_PROTO(( void )); -#else -extern int yywrap YY_PROTO(( void )); -#endif -#endif - -#ifndef YY_NO_UNPUT -static void yyunput YY_PROTO(( int c, char *buf_ptr )); -#endif - -#ifndef yytext_ptr -static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); -#endif - -#ifdef YY_NEED_STRLEN -static int yy_flex_strlen YY_PROTO(( yyconst char * )); -#endif - -#ifndef YY_NO_INPUT -#ifdef __cplusplus -static int yyinput YY_PROTO(( void )); -#else -static int input YY_PROTO(( void )); -#endif -#endif - -#if YY_STACK_USED -static int yy_start_stack_ptr = 0; -static int yy_start_stack_depth = 0; -static int *yy_start_stack = 0; -#ifndef YY_NO_PUSH_STATE -static void yy_push_state YY_PROTO(( int new_state )); -#endif -#ifndef YY_NO_POP_STATE -static void yy_pop_state YY_PROTO(( void )); -#endif -#ifndef YY_NO_TOP_STATE -static int yy_top_state YY_PROTO(( void )); -#endif - -#else -#define YY_NO_PUSH_STATE 1 -#define YY_NO_POP_STATE 1 -#define YY_NO_TOP_STATE 1 -#endif - -#ifdef YY_MALLOC_DECL -YY_MALLOC_DECL -#else -#if __STDC__ -#ifndef __cplusplus -#include -#endif -#else -/* Just try to get by without declaring the routines. This will fail - * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) - * or sizeof(void*) != sizeof(int). - */ -#endif -#endif - -/* Amount of stuff to slurp up with each read. */ -#ifndef YY_READ_BUF_SIZE -#define YY_READ_BUF_SIZE 8192 -#endif - -/* Copy whatever the last rule matched to the standard output. */ - -#ifndef ECHO -/* This used to be an fputs(), but since the string might contain NUL's, - * we now use fwrite(). - */ -#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) -#endif - -/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, - * is returned in "result". - */ -#ifndef YY_INPUT -#define YY_INPUT(buf,result,max_size) \ - if ( yy_current_buffer->yy_is_interactive ) \ - { \ - int c = '*', n; \ - for ( n = 0; n < max_size && \ - (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ - buf[n] = (char) c; \ - if ( c == '\n' ) \ - buf[n++] = (char) c; \ - if ( c == EOF && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - result = n; \ - } \ - else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ - && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); -#endif - -/* No semi-colon after return; correct usage is to write "yyterminate();" - - * we don't want an extra ';' after the "return" because that will cause - * some compilers to complain about unreachable statements. - */ -#ifndef yyterminate -#define yyterminate() return YY_NULL -#endif - -/* Number of entries by which start-condition stack grows. */ -#ifndef YY_START_STACK_INCR -#define YY_START_STACK_INCR 25 -#endif - -/* Report a fatal error. */ -#ifndef YY_FATAL_ERROR -#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) -#endif - -/* Default declaration of generated scanner - a define so the user can - * easily add parameters. - */ -#ifndef YY_DECL -#define YY_DECL int yylex YY_PROTO(( void )) -#endif - -/* Code executed at the beginning of each rule, after yytext and yyleng - * have been set up. - */ -#ifndef YY_USER_ACTION -#define YY_USER_ACTION -#endif - -/* Code executed at the end of each rule. */ -#ifndef YY_BREAK -#define YY_BREAK break; -#endif - -#define YY_RULE_SETUP \ - if ( yyleng > 0 ) \ - yy_current_buffer->yy_at_bol = \ - (yytext[yyleng - 1] == '\n'); \ - YY_USER_ACTION - -YY_DECL - { - register yy_state_type yy_current_state; - register char *yy_cp = NULL, *yy_bp = NULL; - register int yy_act; - -#line 28 "crlgen_lex_orig.l" - - - - if ( yy_init ) - { - yy_init = 0; - -#ifdef YY_USER_INIT - YY_USER_INIT; -#endif - - if ( ! yy_start ) - yy_start = 1; /* first start state */ - - if ( ! yyin ) - yyin = stdin; - - if ( ! yyout ) - yyout = stdout; - - if ( ! yy_current_buffer ) - yy_current_buffer = - yy_create_buffer( yyin, YY_BUF_SIZE ); - - yy_load_buffer_state(); - } - - while ( 1 ) /* loops until end-of-file is reached */ - { - yy_more_len = 0; - if ( yy_more_flag ) - { - yy_more_len = yy_c_buf_p - yytext_ptr; - yy_more_flag = 0; - } - yy_cp = yy_c_buf_p; - - /* Support of yytext. */ - *yy_cp = yy_hold_char; - - /* yy_bp points to the position in yy_ch_buf of the start of - * the current run. - */ - yy_bp = yy_cp; - - yy_current_state = yy_start; - yy_current_state += YY_AT_BOL(); -yy_match: - do - { - register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 67 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - ++yy_cp; - } - while ( yy_base[yy_current_state] != 205 ); - -yy_find_action: - yy_act = yy_accept[yy_current_state]; - if ( yy_act == 0 ) - { /* have to back up */ - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; - yy_act = yy_accept[yy_current_state]; - } - - YY_DO_BEFORE_ACTION; - - -do_action: /* This label is used only to access EOF actions. */ - - - switch ( yy_act ) - { /* beginning of action switch */ - case 0: /* must back up */ - /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = yy_hold_char; - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; - goto yy_find_action; - -case 1: -YY_RULE_SETUP -#line 30 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ZDATE); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 2: -YY_RULE_SETUP -#line 36 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 3: -YY_RULE_SETUP -#line 42 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT_RANGE); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 4: -YY_RULE_SETUP -#line 48 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_OID); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 5: -YY_RULE_SETUP -#line 54 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_ISSUER_CONTEXT); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 6: -YY_RULE_SETUP -#line 60 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_UPDATE_CONTEXT); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 7: -YY_RULE_SETUP -#line 65 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_NEXT_UPDATE_CONTEXT); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 8: -YY_RULE_SETUP -#line 71 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_CHANGE_RANGE_CONTEXT); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 9: -YY_RULE_SETUP -#line 77 "crlgen_lex_orig.l" -{ -if (strcmp(yytext, "addcert") == 0) { - parserStatus = crlgen_createNewLangStruct(parserData, - CRLGEN_ADD_CERT_CONTEXT); - if (parserStatus != SECSuccess) - return parserStatus; -} else if (strcmp(yytext, "rmcert") == 0) { - parserStatus = crlgen_createNewLangStruct(parserData, - CRLGEN_RM_CERT_CONTEXT); - if (parserStatus != SECSuccess) - return parserStatus; -} else if (strcmp(yytext, "addext") == 0) { - parserStatus = crlgen_createNewLangStruct(parserData, - CRLGEN_ADD_EXTENSION_CONTEXT); - if (parserStatus != SECSuccess) - return parserStatus; -} else { - parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ID); - if (parserStatus != SECSuccess) - return parserStatus; -} -} - YY_BREAK -case 10: -YY_RULE_SETUP -#line 100 "crlgen_lex_orig.l" - - YY_BREAK -case 11: -YY_RULE_SETUP -#line 102 "crlgen_lex_orig.l" -{ -if (yytext[yyleng-1] == '\\') { - yymore(); -} else { - register int c; - c = input(); - if (c != '\"') { - printf( "Error: Line ending \" is missing: %c\n", c); - unput(c); - } else { - parserStatus = crlgen_setNextData(parserData, yytext + 1, - CRLGEN_TYPE_STRING); - if (parserStatus != SECSuccess) - return parserStatus; - } -} -} - YY_BREAK -case 12: -YY_RULE_SETUP -#line 120 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_STRING); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 13: -YY_RULE_SETUP -#line 128 "crlgen_lex_orig.l" -/* eat up one-line comments */ {} - YY_BREAK -case 14: -YY_RULE_SETUP -#line 130 "crlgen_lex_orig.l" -{} - YY_BREAK -case 15: -YY_RULE_SETUP -#line 132 "crlgen_lex_orig.l" -{ -parserStatus = crlgen_updateCrl(parserData); -if (parserStatus != SECSuccess) - return parserStatus; -} - YY_BREAK -case 16: -YY_RULE_SETUP -#line 138 "crlgen_lex_orig.l" -{ - fprintf(stderr, "Syntax error at line %d: unknown token %s\n", - parserData->parsedLineNum, yytext); - return SECFailure; -} - YY_BREAK -case 17: -YY_RULE_SETUP -#line 144 "crlgen_lex_orig.l" -ECHO; - YY_BREAK -case YY_STATE_EOF(INITIAL): - yyterminate(); - - case YY_END_OF_BUFFER: - { - /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; - - /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = yy_hold_char; - YY_RESTORE_YY_MORE_OFFSET - - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) - { - /* We're scanning a new file or input source. It's - * possible that this happened because the user - * just pointed yyin at a new source and called - * yylex(). If so, then we have to assure - * consistency between yy_current_buffer and our - * globals. Here is the right place to do so, because - * this is the first action (other than possibly a - * back-up) that will match for the new input source. - */ - yy_n_chars = yy_current_buffer->yy_n_chars; - yy_current_buffer->yy_input_file = yyin; - yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; - } - - /* Note that here we test for yy_c_buf_p "<=" to the position - * of the first EOB in the buffer, since yy_c_buf_p will - * already have been incremented past the NUL character - * (since all states make transitions on EOB to the - * end-of-buffer state). Contrast this with the test - * in input(). - */ - if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) - { /* This was really a NUL. */ - yy_state_type yy_next_state; - - yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state(); - - /* Okay, we're now positioned to make the NUL - * transition. We couldn't have - * yy_get_previous_state() go ahead and do it - * for us because it doesn't know how to deal - * with the possibility of jamming (and we don't - * want to build jamming into it because then it - * will run more slowly). - */ - - yy_next_state = yy_try_NUL_trans( yy_current_state ); - - yy_bp = yytext_ptr + YY_MORE_ADJ; - - if ( yy_next_state ) - { - /* Consume the NUL. */ - yy_cp = ++yy_c_buf_p; - yy_current_state = yy_next_state; - goto yy_match; - } - - else - { - yy_cp = yy_c_buf_p; - goto yy_find_action; - } - } - - else switch ( yy_get_next_buffer() ) - { - case EOB_ACT_END_OF_FILE: - { - yy_did_buffer_switch_on_eof = 0; - - if ( yywrap() ) - { - /* Note: because we've taken care in - * yy_get_next_buffer() to have set up - * yytext, we can now set up - * yy_c_buf_p so that if some total - * hoser (like flex itself) wants to - * call the scanner after we return the - * YY_NULL, it'll still work - another - * YY_NULL will get returned. - */ - yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; - - yy_act = YY_STATE_EOF(YY_START); - goto do_action; - } - - else - { - if ( ! yy_did_buffer_switch_on_eof ) - YY_NEW_FILE; - } - break; - } - - case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = - yytext_ptr + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state(); - - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; - goto yy_match; - - case EOB_ACT_LAST_MATCH: - yy_c_buf_p = - &yy_current_buffer->yy_ch_buf[yy_n_chars]; - - yy_current_state = yy_get_previous_state(); - - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; - goto yy_find_action; - } - break; - } - - default: - YY_FATAL_ERROR( - "fatal flex scanner internal error--no action found" ); - } /* end of action switch */ - } /* end of scanning one token */ - } /* end of yylex */ - - -/* yy_get_next_buffer - try to read in a new buffer - * - * Returns a code representing an action: - * EOB_ACT_LAST_MATCH - - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position - * EOB_ACT_END_OF_FILE - end of file - */ - -static int yy_get_next_buffer() - { - register char *dest = yy_current_buffer->yy_ch_buf; - register char *source = yytext_ptr; - register int number_to_move, i; - int ret_val; - - if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) - YY_FATAL_ERROR( - "fatal flex scanner internal error--end of buffer missed" ); - - if ( yy_current_buffer->yy_fill_buffer == 0 ) - { /* Don't try to fill the buffer, so this is an EOF. */ - if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) - { - /* We matched a single character, the EOB, so - * treat this as a final EOF. - */ - return EOB_ACT_END_OF_FILE; - } - - else - { - /* We matched some text prior to the EOB, first - * process it. - */ - return EOB_ACT_LAST_MATCH; - } - } - - /* Try to read more data. */ - - /* First move last chars to start of buffer. */ - number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; - - for ( i = 0; i < number_to_move; ++i ) - *(dest++) = *(source++); - - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) - /* don't do the read, it's not guaranteed to return an EOF, - * just force an EOF - */ - yy_current_buffer->yy_n_chars = yy_n_chars = 0; - - else - { - int num_to_read = - yy_current_buffer->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) - { /* Not enough room in the buffer - grow it. */ -#ifdef YY_USES_REJECT - YY_FATAL_ERROR( -"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); -#else - - /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = yy_current_buffer; - - int yy_c_buf_p_offset = - (int) (yy_c_buf_p - b->yy_ch_buf); - - if ( b->yy_is_our_buffer ) - { - int new_size = b->yy_buf_size * 2; - - if ( new_size <= 0 ) - b->yy_buf_size += b->yy_buf_size / 8; - else - b->yy_buf_size *= 2; - - b->yy_ch_buf = (char *) - /* Include room in for 2 EOB chars. */ - yy_flex_realloc( (void *) b->yy_ch_buf, - b->yy_buf_size + 2 ); - } - else - /* Can't grow it, we don't own it. */ - b->yy_ch_buf = 0; - - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( - "fatal error - scanner input buffer overflow" ); - - yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; - - num_to_read = yy_current_buffer->yy_buf_size - - number_to_move - 1; -#endif - } - - if ( num_to_read > YY_READ_BUF_SIZE ) - num_to_read = YY_READ_BUF_SIZE; - - /* Read in more data. */ - YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), - yy_n_chars, num_to_read ); - - yy_current_buffer->yy_n_chars = yy_n_chars; - } - - if ( yy_n_chars == 0 ) - { - if ( number_to_move == YY_MORE_ADJ ) - { - ret_val = EOB_ACT_END_OF_FILE; - yyrestart( yyin ); - } - - else - { - ret_val = EOB_ACT_LAST_MATCH; - yy_current_buffer->yy_buffer_status = - YY_BUFFER_EOF_PENDING; - } - } - - else - ret_val = EOB_ACT_CONTINUE_SCAN; - - yy_n_chars += number_to_move; - yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; - yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; - - yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; - - return ret_val; - } - - -/* yy_get_previous_state - get the state just before the EOB char was reached */ - -static yy_state_type yy_get_previous_state() - { - register yy_state_type yy_current_state; - register char *yy_cp; - - yy_current_state = yy_start; - yy_current_state += YY_AT_BOL(); - - for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) - { - register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 67 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - } - - return yy_current_state; - } - - -/* yy_try_NUL_trans - try to make a transition on the NUL character - * - * synopsis - * next_state = yy_try_NUL_trans( current_state ); - */ - -#ifdef YY_USE_PROTOS -static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) -#else -static yy_state_type yy_try_NUL_trans( yy_current_state ) -yy_state_type yy_current_state; -#endif - { - register int yy_is_jam; - register char *yy_cp = yy_c_buf_p; - - register YY_CHAR yy_c = 1; - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 67 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 66); - - return yy_is_jam ? 0 : yy_current_state; - } - - -#ifndef YY_NO_UNPUT -#ifdef YY_USE_PROTOS -static void yyunput( int c, register char *yy_bp ) -#else -static void yyunput( c, yy_bp ) -int c; -register char *yy_bp; -#endif - { - register char *yy_cp = yy_c_buf_p; - - /* undo effects of setting up yytext */ - *yy_cp = yy_hold_char; - - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) - { /* need to shift things up to make room */ - /* +2 for EOB chars. */ - register int number_to_move = yy_n_chars + 2; - register char *dest = &yy_current_buffer->yy_ch_buf[ - yy_current_buffer->yy_buf_size + 2]; - register char *source = - &yy_current_buffer->yy_ch_buf[number_to_move]; - - while ( source > yy_current_buffer->yy_ch_buf ) - *--dest = *--source; - - yy_cp += (int) (dest - source); - yy_bp += (int) (dest - source); - yy_current_buffer->yy_n_chars = - yy_n_chars = yy_current_buffer->yy_buf_size; - - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) - YY_FATAL_ERROR( "flex scanner push-back overflow" ); - } - - *--yy_cp = (char) c; - - - yytext_ptr = yy_bp; - yy_hold_char = *yy_cp; - yy_c_buf_p = yy_cp; - } -#endif /* ifndef YY_NO_UNPUT */ - - -#ifndef YY_NO_INPUT -#ifdef __cplusplus -static int yyinput() -#else -static int input() -#endif - { - int c; - - *yy_c_buf_p = yy_hold_char; - - if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) - { - /* yy_c_buf_p now points to the character we want to return. - * If this occurs *before* the EOB characters, then it's a - * valid NUL; if not, then we've hit the end of the buffer. - */ - if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) - /* This was really a NUL. */ - *yy_c_buf_p = '\0'; - - else - { /* need more input */ - int offset = yy_c_buf_p - yytext_ptr; - ++yy_c_buf_p; - - switch ( yy_get_next_buffer() ) - { - case EOB_ACT_LAST_MATCH: - /* This happens because yy_g_n_b() - * sees that we've accumulated a - * token and flags that we need to - * try matching the token before - * proceeding. But for input(), - * there's no matching to consider. - * So convert the EOB_ACT_LAST_MATCH - * to EOB_ACT_END_OF_FILE. - */ - - /* Reset buffer status. */ - yyrestart( yyin ); - - /* fall through */ - - case EOB_ACT_END_OF_FILE: - { - if ( yywrap() ) - return EOF; - - if ( ! yy_did_buffer_switch_on_eof ) - YY_NEW_FILE; -#ifdef __cplusplus - return yyinput(); -#else - return input(); -#endif - } - - case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = yytext_ptr + offset; - break; - } - } - } - - c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ - *yy_c_buf_p = '\0'; /* preserve yytext */ - yy_hold_char = *++yy_c_buf_p; - - yy_current_buffer->yy_at_bol = (c == '\n'); - - return c; - } -#endif /* YY_NO_INPUT */ - -#ifdef YY_USE_PROTOS -void yyrestart( FILE *input_file ) -#else -void yyrestart( input_file ) -FILE *input_file; -#endif - { - if ( ! yy_current_buffer ) - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); - - yy_init_buffer( yy_current_buffer, input_file ); - yy_load_buffer_state(); - } - - -#ifdef YY_USE_PROTOS -void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) -#else -void yy_switch_to_buffer( new_buffer ) -YY_BUFFER_STATE new_buffer; -#endif - { - if ( yy_current_buffer == new_buffer ) - return; - - if ( yy_current_buffer ) - { - /* Flush out information for old buffer. */ - *yy_c_buf_p = yy_hold_char; - yy_current_buffer->yy_buf_pos = yy_c_buf_p; - yy_current_buffer->yy_n_chars = yy_n_chars; - } - - yy_current_buffer = new_buffer; - yy_load_buffer_state(); - - /* We don't actually know whether we did this switch during - * EOF (yywrap()) processing, but the only time this flag - * is looked at is after yywrap() is called, so it's safe - * to go ahead and always set it. - */ - yy_did_buffer_switch_on_eof = 1; - } - - -#ifdef YY_USE_PROTOS -void yy_load_buffer_state( void ) -#else -void yy_load_buffer_state() -#endif - { - yy_n_chars = yy_current_buffer->yy_n_chars; - yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; - yyin = yy_current_buffer->yy_input_file; - yy_hold_char = *yy_c_buf_p; - } - - -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) -#else -YY_BUFFER_STATE yy_create_buffer( file, size ) -FILE *file; -int size; -#endif - { - YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_buf_size = size; - - /* yy_ch_buf has to be 2 characters longer than the size given because - * we need to put in 2 end-of-buffer characters. - */ - b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_is_our_buffer = 1; - - yy_init_buffer( b, file ); - - return b; - } - - -#ifdef YY_USE_PROTOS -void yy_delete_buffer( YY_BUFFER_STATE b ) -#else -void yy_delete_buffer( b ) -YY_BUFFER_STATE b; -#endif - { - if ( ! b ) - return; - - if ( b == yy_current_buffer ) - yy_current_buffer = (YY_BUFFER_STATE) 0; - - if ( b->yy_is_our_buffer ) - yy_flex_free( (void *) b->yy_ch_buf ); - - yy_flex_free( (void *) b ); - } - - - -#ifdef YY_USE_PROTOS -void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) -#else -void yy_init_buffer( b, file ) -YY_BUFFER_STATE b; -FILE *file; -#endif - - - { - yy_flush_buffer( b ); - - b->yy_input_file = file; - b->yy_fill_buffer = 1; - -#if YY_ALWAYS_INTERACTIVE - b->yy_is_interactive = 1; -#else -#if YY_NEVER_INTERACTIVE - b->yy_is_interactive = 0; -#else - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; -#endif -#endif - } - - -#ifdef YY_USE_PROTOS -void yy_flush_buffer( YY_BUFFER_STATE b ) -#else -void yy_flush_buffer( b ) -YY_BUFFER_STATE b; -#endif - - { - if ( ! b ) - return; - - b->yy_n_chars = 0; - - /* We always need two end-of-buffer characters. The first causes - * a transition to the end-of-buffer state. The second causes - * a jam in that state. - */ - b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; - b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; - - b->yy_buf_pos = &b->yy_ch_buf[0]; - - b->yy_at_bol = 1; - b->yy_buffer_status = YY_BUFFER_NEW; - - if ( b == yy_current_buffer ) - yy_load_buffer_state(); - } - - -#ifndef YY_NO_SCAN_BUFFER -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) -#else -YY_BUFFER_STATE yy_scan_buffer( base, size ) -char *base; -yy_size_t size; -#endif - { - YY_BUFFER_STATE b; - - if ( size < 2 || - base[size-2] != YY_END_OF_BUFFER_CHAR || - base[size-1] != YY_END_OF_BUFFER_CHAR ) - /* They forgot to leave room for the EOB's. */ - return 0; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); - - b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ - b->yy_buf_pos = b->yy_ch_buf = base; - b->yy_is_our_buffer = 0; - b->yy_input_file = 0; - b->yy_n_chars = b->yy_buf_size; - b->yy_is_interactive = 0; - b->yy_at_bol = 1; - b->yy_fill_buffer = 0; - b->yy_buffer_status = YY_BUFFER_NEW; - - yy_switch_to_buffer( b ); - - return b; - } -#endif - - -#ifndef YY_NO_SCAN_STRING -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) -#else -YY_BUFFER_STATE yy_scan_string( yy_str ) -yyconst char *yy_str; -#endif - { - int len; - for ( len = 0; yy_str[len]; ++len ) - ; - - return yy_scan_bytes( yy_str, len ); - } -#endif - - -#ifndef YY_NO_SCAN_BYTES -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) -#else -YY_BUFFER_STATE yy_scan_bytes( bytes, len ) -yyconst char *bytes; -int len; -#endif - { - YY_BUFFER_STATE b; - char *buf; - yy_size_t n; - int i; - - /* Get memory for full buffer, including space for trailing EOB's. */ - n = len + 2; - buf = (char *) yy_flex_alloc( n ); - if ( ! buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); - - for ( i = 0; i < len; ++i ) - buf[i] = bytes[i]; - - buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; - - b = yy_scan_buffer( buf, n ); - if ( ! b ) - YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); - - /* It's okay to grow etc. this buffer, and we should throw it - * away when we're done. - */ - b->yy_is_our_buffer = 1; - - return b; - } -#endif - - -#ifndef YY_NO_PUSH_STATE -#ifdef YY_USE_PROTOS -static void yy_push_state( int new_state ) -#else -static void yy_push_state( new_state ) -int new_state; -#endif - { - if ( yy_start_stack_ptr >= yy_start_stack_depth ) - { - yy_size_t new_size; - - yy_start_stack_depth += YY_START_STACK_INCR; - new_size = yy_start_stack_depth * sizeof( int ); - - if ( ! yy_start_stack ) - yy_start_stack = (int *) yy_flex_alloc( new_size ); - - else - yy_start_stack = (int *) yy_flex_realloc( - (void *) yy_start_stack, new_size ); - - if ( ! yy_start_stack ) - YY_FATAL_ERROR( - "out of memory expanding start-condition stack" ); - } - - yy_start_stack[yy_start_stack_ptr++] = YY_START; - - BEGIN(new_state); - } -#endif - - -#ifndef YY_NO_POP_STATE -static void yy_pop_state() - { - if ( --yy_start_stack_ptr < 0 ) - YY_FATAL_ERROR( "start-condition stack underflow" ); - - BEGIN(yy_start_stack[yy_start_stack_ptr]); - } -#endif - - -#ifndef YY_NO_TOP_STATE -static int yy_top_state() - { - return yy_start_stack[yy_start_stack_ptr - 1]; - } -#endif - -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 -#endif - -#ifdef YY_USE_PROTOS -static void yy_fatal_error( yyconst char msg[] ) -#else -static void yy_fatal_error( msg ) -char msg[]; -#endif - { - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); - } - - - -/* Redefine yyless() so it works in section 3 code. */ - -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - yytext[yyleng] = yy_hold_char; \ - yy_c_buf_p = yytext + n; \ - yy_hold_char = *yy_c_buf_p; \ - *yy_c_buf_p = '\0'; \ - yyleng = n; \ - } \ - while ( 0 ) - - -/* Internal utility routines. */ - -#ifndef yytext_ptr -#ifdef YY_USE_PROTOS -static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) -#else -static void yy_flex_strncpy( s1, s2, n ) -char *s1; -yyconst char *s2; -int n; -#endif - { - register int i; - for ( i = 0; i < n; ++i ) - s1[i] = s2[i]; - } -#endif - -#ifdef YY_NEED_STRLEN -#ifdef YY_USE_PROTOS -static int yy_flex_strlen( yyconst char *s ) -#else -static int yy_flex_strlen( s ) -yyconst char *s; -#endif - { - register int n; - for ( n = 0; s[n]; ++n ) - ; - - return n; - } -#endif - - -#ifdef YY_USE_PROTOS -static void *yy_flex_alloc( yy_size_t size ) -#else -static void *yy_flex_alloc( size ) -yy_size_t size; -#endif - { - return (void *) malloc( size ); - } - -#ifdef YY_USE_PROTOS -static void *yy_flex_realloc( void *ptr, yy_size_t size ) -#else -static void *yy_flex_realloc( ptr, size ) -void *ptr; -yy_size_t size; -#endif - { - /* The cast to (char *) in the following accommodates both - * implementations that use char* generic pointers, and those - * that use void* generic pointers. It works with the latter - * because both ANSI C and C++ allow castless assignment from - * any pointer type to void*, and deal with argument conversions - * as though doing an assignment. - */ - return (void *) realloc( (char *) ptr, size ); - } - -#ifdef YY_USE_PROTOS -static void yy_flex_free( void *ptr ) -#else -static void yy_flex_free( ptr ) -void *ptr; -#endif - { - free( ptr ); - } - -#if YY_MAIN -int main() - { - yylex(); - return 0; - } -#endif -#line 144 "crlgen_lex_orig.l" - -#include "prlock.h" - -static PRLock *parserInvocationLock; - -void CRLGEN_InitCrlGenParserLock() -{ - parserInvocationLock = PR_NewLock(); -} - -void CRLGEN_DestroyCrlGenParserLock() -{ - PR_DestroyLock(parserInvocationLock); -} - - -SECStatus CRLGEN_StartCrlGen(CRLGENGeneratorData *parserCtlData) -{ - SECStatus rv; - - PR_Lock(parserInvocationLock); - - parserStatus = SECSuccess; - parserData = parserCtlData; - src = parserCtlData->src; - - rv = yylex(); - - PR_Unlock(parserInvocationLock); - - return rv; -} - -int yywrap() {return 1;} diff --git a/security/nss/cmd/crlutil/crlgen_lex_fix.sed b/security/nss/cmd/crlutil/crlgen_lex_fix.sed deleted file mode 100644 index 57125cd4ae..0000000000 --- a/security/nss/cmd/crlutil/crlgen_lex_fix.sed +++ /dev/null @@ -1,4 +0,0 @@ -// { - i #ifndef _WIN32 - a #endif -} diff --git a/security/nss/cmd/crlutil/crlgen_lex_orig.l b/security/nss/cmd/crlutil/crlgen_lex_orig.l deleted file mode 100644 index 7cb1e5cde7..0000000000 --- a/security/nss/cmd/crlutil/crlgen_lex_orig.l +++ /dev/null @@ -1,177 +0,0 @@ -%{ - -#include "crlgen.h" - -static SECStatus parserStatus = SECSuccess; -static CRLGENGeneratorData *parserData; -static PRFileDesc *src; - -#define YY_INPUT(buf,result,max_size) \ - if ( parserStatus != SECFailure) { \ - if (((result = PR_Read(src, buf, max_size)) == 0) && \ - ferror( yyin )) \ - return SECFailure; \ - } else { return SECFailure; } - - -%} - -%a 5000 -DIGIT [0-9]+ -DIGIT_RANGE [0-9]+-[0-9]+ -ID [a-zA-Z][a-zA-Z0-9]* -OID [0-9]+\.[\.0-9]+ -DATE [0-9]{4}[01][0-9][0-3][0-9][0-2][0-9][0-6][0-9][0-6][0-9] -ZDATE [0-9]{4}[01][0-9][0-3][0-9][0-2][0-9][0-6][0-9][0-6][0-9]Z -N_SP_STRING [a-zA-Z0-9\:\|\.]+ - -%% - -{ZDATE} { -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ZDATE); -if (parserStatus != SECSuccess) - return parserStatus; -} - -{DIGIT} { -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT); -if (parserStatus != SECSuccess) - return parserStatus; -} - -{DIGIT_RANGE} { -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT_RANGE); -if (parserStatus != SECSuccess) - return parserStatus; -} - -{OID} { -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_OID); -if (parserStatus != SECSuccess) - return parserStatus; -} - -issuer { -parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_ISSUER_CONTEXT); -if (parserStatus != SECSuccess) - return parserStatus; -} - -update { -parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_UPDATE_CONTEXT); -if (parserStatus != SECSuccess) - return parserStatus; -} -nextupdate { -parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_NEXT_UPDATE_CONTEXT); -if (parserStatus != SECSuccess) - return parserStatus; -} - -range { -parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_CHANGE_RANGE_CONTEXT); -if (parserStatus != SECSuccess) - return parserStatus; -} - -{ID} { -if (strcmp(yytext, "addcert") == 0) { - parserStatus = crlgen_createNewLangStruct(parserData, - CRLGEN_ADD_CERT_CONTEXT); - if (parserStatus != SECSuccess) - return parserStatus; -} else if (strcmp(yytext, "rmcert") == 0) { - parserStatus = crlgen_createNewLangStruct(parserData, - CRLGEN_RM_CERT_CONTEXT); - if (parserStatus != SECSuccess) - return parserStatus; -} else if (strcmp(yytext, "addext") == 0) { - parserStatus = crlgen_createNewLangStruct(parserData, - CRLGEN_ADD_EXTENSION_CONTEXT); - if (parserStatus != SECSuccess) - return parserStatus; -} else { - parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ID); - if (parserStatus != SECSuccess) - return parserStatus; -} -} - -"=" - -\"[^\"]* { -if (yytext[yyleng-1] == '\\') { - yymore(); -} else { - register int c; - c = input(); - if (c != '\"') { - printf( "Error: Line ending \" is missing: %c\n", c); - unput(c); - } else { - parserStatus = crlgen_setNextData(parserData, yytext + 1, - CRLGEN_TYPE_STRING); - if (parserStatus != SECSuccess) - return parserStatus; - } -} -} - -{N_SP_STRING} { -parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_STRING); -if (parserStatus != SECSuccess) - return parserStatus; -} - - - -^#[^\n]* /* eat up one-line comments */ {} - -[ \t]+ {} - -(\n|\r\n) { -parserStatus = crlgen_updateCrl(parserData); -if (parserStatus != SECSuccess) - return parserStatus; -} - -. { - fprintf(stderr, "Syntax error at line %d: unknown token %s\n", - parserData->parsedLineNum, yytext); - return SECFailure; -} - -%% -#include "prlock.h" - -static PRLock *parserInvocationLock; - -void CRLGEN_InitCrlGenParserLock() -{ - parserInvocationLock = PR_NewLock(); -} - -void CRLGEN_DestroyCrlGenParserLock() -{ - PR_DestroyLock(parserInvocationLock); -} - - -SECStatus CRLGEN_StartCrlGen(CRLGENGeneratorData *parserCtlData) -{ - SECStatus rv; - - PR_Lock(parserInvocationLock); - - parserStatus = SECSuccess; - parserData = parserCtlData; - src = parserCtlData->src; - - rv = yylex(); - - PR_Unlock(parserInvocationLock); - - return rv; -} - -int yywrap() {return 1;} diff --git a/security/nss/cmd/crlutil/crlutil.c b/security/nss/cmd/crlutil/crlutil.c deleted file mode 100644 index ab066c33ae..0000000000 --- a/security/nss/cmd/crlutil/crlutil.c +++ /dev/null @@ -1,1020 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* -** certutil.c -** -** utility for managing certificates and the cert database -** -*/ -/* test only */ - -#include "nspr.h" -#include "plgetopt.h" -#include "secutil.h" -#include "cert.h" -#include "certi.h" -#include "certdb.h" -#include "nss.h" -#include "pk11func.h" -#include "crlgen.h" - -#define SEC_CERT_DB_EXISTS 0 -#define SEC_CREATE_CERT_DB 1 - -static char *progName; - -static CERTSignedCrl *FindCRL - (CERTCertDBHandle *certHandle, char *name, int type) -{ - CERTSignedCrl *crl = NULL; - CERTCertificate *cert = NULL; - - - cert = CERT_FindCertByNickname(certHandle, name); - if (!cert) { - SECU_PrintError(progName, "could not find certificate named %s", name); - return ((CERTSignedCrl *)NULL); - } - - crl = SEC_FindCrlByName(certHandle, &cert->derSubject, type); - if (crl ==NULL) - SECU_PrintError - (progName, "could not find %s's CRL", name); - CERT_DestroyCertificate (cert); - return (crl); -} - -static void DisplayCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType) -{ - CERTSignedCrl *crl = NULL; - - crl = FindCRL (certHandle, nickName, crlType); - - if (crl) { - SECU_PrintCRLInfo (stdout, &crl->crl, "CRL Info:\n", 0); - SEC_DestroyCrl (crl); - } -} - -static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType, PRBool deletecrls) -{ - CERTCrlHeadNode *crlList = NULL; - CERTCrlNode *crlNode = NULL; - CERTName *name = NULL; - PRArenaPool *arena = NULL; - SECStatus rv; - - do { - arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE); - if (arena == NULL) { - fprintf(stderr, "%s: fail to allocate memory\n", progName); - break; - } - - name = PORT_ArenaZAlloc (arena, sizeof(*name)); - if (name == NULL) { - fprintf(stderr, "%s: fail to allocate memory\n", progName); - break; - } - name->arena = arena; - - rv = SEC_LookupCrls (certHandle, &crlList, crlType); - if (rv != SECSuccess) { - fprintf(stderr, "%s: fail to look up CRLs (%s)\n", progName, - SECU_Strerror(PORT_GetError())); - break; - } - - /* just in case */ - if (!crlList) - break; - - crlNode = crlList->first; - - fprintf (stdout, "\n"); - fprintf (stdout, "\n%-40s %-5s\n\n", "CRL names", "CRL Type"); - while (crlNode) { - char* asciiname = NULL; - name = &crlNode->crl->crl.name; - if (!name){ - fprintf(stderr, "%s: fail to get the CRL issuer name (%s)\n", progName, - SECU_Strerror(PORT_GetError())); - break; - } - - asciiname = CERT_NameToAscii(name); - fprintf (stdout, "\n%-40s %-5s\n", asciiname, "CRL"); - if (asciiname) { - PORT_Free(asciiname); - } - if ( PR_TRUE == deletecrls) { - CERTSignedCrl* acrl = NULL; - SECItem* issuer = &crlNode->crl->crl.derName; - acrl = SEC_FindCrlByName(certHandle, issuer, crlType); - if (acrl) - { - SEC_DeletePermCRL(acrl); - SEC_DestroyCrl(acrl); - } - } - crlNode = crlNode->next; - } - - } while (0); - if (crlList) - PORT_FreeArena (crlList->arena, PR_FALSE); - PORT_FreeArena (arena, PR_FALSE); -} - -static void ListCRL (CERTCertDBHandle *certHandle, char *nickName, int crlType) -{ - if (nickName == NULL) - ListCRLNames (certHandle, crlType, PR_FALSE); - else - DisplayCRL (certHandle, nickName, crlType); -} - - - -static SECStatus DeleteCRL (CERTCertDBHandle *certHandle, char *name, int type) -{ - CERTSignedCrl *crl = NULL; - SECStatus rv = SECFailure; - - crl = FindCRL (certHandle, name, type); - if (!crl) { - SECU_PrintError - (progName, "could not find the issuer %s's CRL", name); - return SECFailure; - } - rv = SEC_DeletePermCRL (crl); - SEC_DestroyCrl(crl); - if (rv != SECSuccess) { - SECU_PrintError(progName, "fail to delete the issuer %s's CRL " - "from the perm database (reason: %s)", - name, SECU_Strerror(PORT_GetError())); - return SECFailure; - } - return (rv); -} - -SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type, - PRFileDesc *inFile, PRInt32 importOptions, PRInt32 decodeOptions) -{ - CERTSignedCrl *crl = NULL; - SECItem crlDER; - PK11SlotInfo* slot = NULL; - int rv; -#if defined(DEBUG_jpierre) - PRIntervalTime starttime, endtime, elapsed; - PRUint32 mins, secs, msecs; -#endif - - crlDER.data = NULL; - - - /* Read in the entire file specified with the -f argument */ - rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE); - if (rv != SECSuccess) { - SECU_PrintError(progName, "unable to read input file"); - return (SECFailure); - } - - decodeOptions |= CRL_DECODE_DONT_COPY_DER; - - slot = PK11_GetInternalKeySlot(); - -#if defined(DEBUG_jpierre) - starttime = PR_IntervalNow(); -#endif - crl = PK11_ImportCRL(slot, &crlDER, url, type, - NULL, importOptions, NULL, decodeOptions); -#if defined(DEBUG_jpierre) - endtime = PR_IntervalNow(); - elapsed = endtime - starttime; - mins = PR_IntervalToSeconds(elapsed) / 60; - secs = PR_IntervalToSeconds(elapsed) % 60; - msecs = PR_IntervalToMilliseconds(elapsed) % 1000; - printf("Elapsed : %2d:%2d.%3d\n", mins, secs, msecs); -#endif - if (!crl) { - const char *errString; - - rv = SECFailure; - errString = SECU_Strerror(PORT_GetError()); - if ( errString && PORT_Strlen (errString) == 0) - SECU_PrintError (progName, - "CRL is not imported (error: input CRL is not up to date.)"); - else - SECU_PrintError (progName, "unable to import CRL"); - } else { - SEC_DestroyCrl (crl); - } - if (slot) { - PK11_FreeSlot(slot); - } - return (rv); -} - - -static CERTCertificate* -FindSigningCert(CERTCertDBHandle *certHandle, CERTSignedCrl *signCrl, - char *certNickName) -{ - CERTCertificate *cert = NULL, *certTemp = NULL; - SECStatus rv = SECFailure; - CERTAuthKeyID* authorityKeyID = NULL; - SECItem* subject = NULL; - - PORT_Assert(certHandle != NULL); - if (!certHandle || (!signCrl && !certNickName)) { - SECU_PrintError(progName, "invalid args for function " - "FindSigningCert \n"); - return NULL; - } - - if (signCrl) { -#if 0 - authorityKeyID = SECU_FindCRLAuthKeyIDExten(tmpArena, scrl); -#endif - subject = &signCrl->crl.derName; - } else { - certTemp = CERT_FindCertByNickname(certHandle, certNickName); - if (!certTemp) { - SECU_PrintError(progName, "could not find certificate \"%s\" " - "in database", certNickName); - goto loser; - } - subject = &certTemp->derSubject; - } - - cert = SECU_FindCrlIssuer(certHandle, subject, authorityKeyID, PR_Now()); - if (!cert) { - SECU_PrintError(progName, "could not find signing certificate " - "in database"); - goto loser; - } else { - rv = SECSuccess; - } - - loser: - if (certTemp) - CERT_DestroyCertificate(certTemp); - if (cert && rv != SECSuccess) - CERT_DestroyCertificate(cert); - return cert; -} - -static CERTSignedCrl* -DuplicateModCrl(PRArenaPool *arena, CERTCertDBHandle *certHandle, - CERTCertificate **cert, char *certNickName, - PRFileDesc *inFile, PRInt32 decodeOptions, - PRInt32 importOptions) -{ - SECItem crlDER; - CERTSignedCrl *signCrl = NULL; - CERTSignedCrl *modCrl = NULL; - PRArenaPool *modArena = NULL; - SECStatus rv = SECSuccess; - - PORT_Assert(arena != NULL && certHandle != NULL && - certNickName != NULL); - if (!arena || !certHandle || !certNickName) { - SECU_PrintError(progName, "DuplicateModCrl: invalid args\n"); - return NULL; - } - - modArena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); - if (!modArena) { - SECU_PrintError(progName, "fail to allocate memory\n"); - return NULL; - } - - if (inFile != NULL) { - rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE); - if (rv != SECSuccess) { - SECU_PrintError(progName, "unable to read input file"); - PORT_FreeArena(modArena, PR_FALSE); - goto loser; - } - - decodeOptions |= CRL_DECODE_DONT_COPY_DER; - - modCrl = CERT_DecodeDERCrlWithFlags(modArena, &crlDER, SEC_CRL_TYPE, - decodeOptions); - if (!modCrl) { - SECU_PrintError(progName, "fail to decode CRL"); - goto loser; - } - - if (0 == (importOptions & CRL_IMPORT_BYPASS_CHECKS)){ - /* If caCert is a v2 certificate, make sure that it - * can be used for crl signing purpose */ - *cert = FindSigningCert(certHandle, modCrl, NULL); - if (!*cert) { - goto loser; - } - - rv = CERT_VerifySignedData(&modCrl->signatureWrap, *cert, - PR_Now(), NULL); - if (rv != SECSuccess) { - SECU_PrintError(progName, "fail to verify signed data\n"); - goto loser; - } - } - } else { - modCrl = FindCRL(certHandle, certNickName, SEC_CRL_TYPE); - if (!modCrl) { - SECU_PrintError(progName, "fail to find crl %s in database\n", - certNickName); - goto loser; - } - } - - signCrl = PORT_ArenaZNew(arena, CERTSignedCrl); - if (signCrl == NULL) { - SECU_PrintError(progName, "fail to allocate memory\n"); - goto loser; - } - - rv = SECU_CopyCRL(arena, &signCrl->crl, &modCrl->crl); - if (rv != SECSuccess) { - SECU_PrintError(progName, "unable to dublicate crl for " - "modification."); - goto loser; - } - - signCrl->arena = arena; - - loser: - SECITEM_FreeItem(&crlDER, PR_FALSE); - if (modCrl) - SEC_DestroyCrl(modCrl); - if (rv != SECSuccess && signCrl) { - SEC_DestroyCrl(signCrl); - signCrl = NULL; - } - return signCrl; -} - - -static CERTSignedCrl* -CreateNewCrl(PRArenaPool *arena, CERTCertDBHandle *certHandle, - CERTCertificate *cert) -{ - CERTSignedCrl *signCrl = NULL; - void *dummy = NULL; - SECStatus rv; - void* mark = NULL; - - /* if the CERTSignedCrl structure changes, this function will need to be - updated as well */ - PORT_Assert(cert != NULL); - if (!cert || !arena) { - SECU_PrintError(progName, "invalid args for function " - "CreateNewCrl\n"); - return NULL; - } - - mark = PORT_ArenaMark(arena); - - signCrl = PORT_ArenaZNew(arena, CERTSignedCrl); - if (signCrl == NULL) { - SECU_PrintError(progName, "fail to allocate memory\n"); - return NULL; - } - - dummy = SEC_ASN1EncodeInteger(arena, &signCrl->crl.version, - SEC_CRL_VERSION_2); - /* set crl->version */ - if (!dummy) { - SECU_PrintError(progName, "fail to create crl version data " - "container\n"); - goto loser; - } - - /* copy SECItem name from cert */ - rv = SECITEM_CopyItem(arena, &signCrl->crl.derName, &cert->derSubject); - if (rv != SECSuccess) { - SECU_PrintError(progName, "fail to duplicate der name from " - "certificate.\n"); - goto loser; - } - - /* copy CERTName name structure from cert issuer */ - rv = CERT_CopyName (arena, &signCrl->crl.name, &cert->subject); - if (rv != SECSuccess) { - SECU_PrintError(progName, "fail to duplicate RD name from " - "certificate.\n"); - goto loser; - } - - rv = DER_EncodeTimeChoice(arena, &signCrl->crl.lastUpdate, PR_Now()); - if (rv != SECSuccess) { - SECU_PrintError(progName, "fail to encode current time\n"); - goto loser; - } - - /* set fields */ - signCrl->arena = arena; - signCrl->dbhandle = certHandle; - signCrl->crl.arena = arena; - - return signCrl; - - loser: - PORT_ArenaRelease(arena, mark); - return NULL; -} - - -static SECStatus -UpdateCrl(CERTSignedCrl *signCrl, PRFileDesc *inCrlInitFile) -{ - CRLGENGeneratorData *crlGenData = NULL; - SECStatus rv; - - PORT_Assert(signCrl != NULL && inCrlInitFile != NULL); - if (!signCrl || !inCrlInitFile) { - SECU_PrintError(progName, "invalid args for function " - "CreateNewCrl\n"); - return SECFailure; - } - - crlGenData = CRLGEN_InitCrlGeneration(signCrl, inCrlInitFile); - if (!crlGenData) { - SECU_PrintError(progName, "can not initialize parser structure.\n"); - return SECFailure; - } - - rv = CRLGEN_ExtHandleInit(crlGenData); - if (rv == SECFailure) { - SECU_PrintError(progName, "can not initialize entries handle.\n"); - goto loser; - } - - rv = CRLGEN_StartCrlGen(crlGenData); - if (rv != SECSuccess) { - SECU_PrintError(progName, "crl generation failed"); - goto loser; - } - - loser: - /* CommitExtensionsAndEntries is partially responsible for freeing - * up memory that was used for CRL generation. Should be called regardless - * of previouse call status, but only after initialization of - * crlGenData was done. It will commit all changes that was done before - * an error has occured. - */ - if (SECSuccess != CRLGEN_CommitExtensionsAndEntries(crlGenData)) { - SECU_PrintError(progName, "crl generation failed"); - rv = SECFailure; - } - CRLGEN_FinalizeCrlGeneration(crlGenData); - return rv; -} - -static SECStatus -SignAndStoreCrl(CERTSignedCrl *signCrl, CERTCertificate *cert, - char *outFileName, SECOidTag hashAlgTag, int ascii, - char *slotName, char *url, secuPWData *pwdata) -{ - PK11SlotInfo *slot = NULL; - PRFileDesc *outFile = NULL; - SECStatus rv; - SignAndEncodeFuncExitStat errCode; - - PORT_Assert(signCrl && (!ascii || outFileName)); - if (!signCrl || (ascii && !outFileName)) { - SECU_PrintError(progName, "invalid args for function " - "SignAndStoreCrl\n"); - return SECFailure; - } - - if (!slotName || !PL_strcmp(slotName, "internal")) - slot = PK11_GetInternalKeySlot(); - else - slot = PK11_FindSlotByName(slotName); - if (!slot) { - SECU_PrintError(progName, "can not find requested slot"); - return SECFailure; - } - - if (PK11_NeedLogin(slot)) { - rv = PK11_Authenticate(slot, PR_TRUE, pwdata); - if (rv != SECSuccess) - goto loser; - } - - rv = SECU_SignAndEncodeCRL(cert, signCrl, hashAlgTag, &errCode); - if (rv != SECSuccess) { - char* errMsg = NULL; - switch (errCode) - { - case noKeyFound: - errMsg = "No private key found of signing cert"; - break; - - case noSignatureMatch: - errMsg = "Key and Algorithm OId are do not match"; - break; - - default: - case failToEncode: - errMsg = "Failed to encode crl structure"; - break; - - case failToSign: - errMsg = "Failed to sign crl structure"; - break; - - case noMem: - errMsg = "Can not allocate memory"; - break; - } - SECU_PrintError(progName, "%s\n", errMsg); - goto loser; - } - - if (outFileName) { - outFile = PR_Open(outFileName, PR_WRONLY|PR_CREATE_FILE, PR_IRUSR | PR_IWUSR); - if (!outFile) { - SECU_PrintError(progName, "unable to open \"%s\" for writing\n", - outFileName); - goto loser; - } - } - - rv = SECU_StoreCRL(slot, signCrl->derCrl, outFile, ascii, url); - if (rv != SECSuccess) { - SECU_PrintError(progName, "fail to save CRL\n"); - } - - loser: - if (outFile) - PR_Close(outFile); - if (slot) - PK11_FreeSlot(slot); - return rv; -} - -static SECStatus -GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName, - PRFileDesc *inCrlInitFile, PRFileDesc *inFile, - char *outFileName, int ascii, char *slotName, - PRInt32 importOptions, char *alg, PRBool quiet, - PRInt32 decodeOptions, char *url, secuPWData *pwdata, - int modifyFlag) -{ - CERTCertificate *cert = NULL; - CERTSignedCrl *signCrl = NULL; - PRArenaPool *arena = NULL; - SECStatus rv; - SECOidTag hashAlgTag = SEC_OID_UNKNOWN; - - if (alg) { - hashAlgTag = SECU_StringToSignatureAlgTag(alg); - if (hashAlgTag == SEC_OID_UNKNOWN) { - SECU_PrintError(progName, "%s -Z: %s is not a recognized type.\n", - progName, alg); - return SECFailure; - } - } else { - hashAlgTag = SEC_OID_UNKNOWN; - } - - arena = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE); - if (!arena) { - SECU_PrintError(progName, "fail to allocate memory\n"); - return SECFailure; - } - - if (modifyFlag == PR_TRUE) { - signCrl = DuplicateModCrl(arena, certHandle, &cert, certNickName, - inFile, decodeOptions, importOptions); - if (signCrl == NULL) { - goto loser; - } - } - - if (!cert) { - cert = FindSigningCert(certHandle, signCrl, certNickName); - if (cert == NULL) { - goto loser; - } - } - - if (!signCrl) { - if (modifyFlag == PR_TRUE) { - if (!outFileName) { - int len = strlen(certNickName) + 5; - outFileName = PORT_ArenaAlloc(arena, len); - PR_snprintf(outFileName, len, "%s.crl", certNickName); - } - SECU_PrintError(progName, "Will try to generate crl. " - "It will be saved in file: %s", - outFileName); - } - signCrl = CreateNewCrl(arena, certHandle, cert); - if (!signCrl) - goto loser; - } - - rv = UpdateCrl(signCrl, inCrlInitFile); - if (rv != SECSuccess) { - goto loser; - } - - rv = SignAndStoreCrl(signCrl, cert, outFileName, hashAlgTag, ascii, - slotName, url, pwdata); - if (rv != SECSuccess) { - goto loser; - } - - if (signCrl && !quiet) { - SECU_PrintCRLInfo (stdout, &signCrl->crl, "CRL Info:\n", 0); - } - - loser: - if (arena && (!signCrl || !signCrl->arena)) - PORT_FreeArena (arena, PR_FALSE); - if (signCrl) - SEC_DestroyCrl (signCrl); - if (cert) - CERT_DestroyCertificate (cert); - return (rv); -} - -static void Usage(char *progName) -{ - fprintf(stderr, - "Usage: %s -L [-n nickname] [-d keydir] [-P dbprefix] [-t crlType]\n" - " %s -D -n nickname [-d keydir] [-P dbprefix]\n" - " %s -I -i crl -t crlType [-u url] [-d keydir] [-P dbprefix] [-B] " - "[-p pwd-file] -w [pwd-string]\n" - " %s -E -t crlType [-d keydir] [-P dbprefix]\n" - " %s -T\n" - " %s -G|-M -c crl-init-file -n nickname [-i crl] [-u url] " - "[-d keydir] [-P dbprefix] [-Z alg] ] [-p pwd-file] -w [pwd-string] " - "[-a] [-B]\n", - progName, progName, progName, progName, progName, progName); - - fprintf (stderr, "%-15s List CRL\n", "-L"); - fprintf(stderr, "%-20s Specify the nickname of the CA certificate\n", - "-n nickname"); - fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n", - "-d keydir"); - fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n", - "-P dbprefix"); - - fprintf (stderr, "%-15s Delete a CRL from the cert database\n", "-D"); - fprintf(stderr, "%-20s Specify the nickname for the CA certificate\n", - "-n nickname"); - fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType"); - fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n", - "-d keydir"); - fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n", - "-P dbprefix"); - - fprintf (stderr, "%-15s Erase all CRLs of specified type from hte cert database\n", "-E"); - fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType"); - fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n", - "-d keydir"); - fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n", - "-P dbprefix"); - - fprintf (stderr, "%-15s Import a CRL to the cert database\n", "-I"); - fprintf(stderr, "%-20s Specify the file which contains the CRL to import\n", - "-i crl"); - fprintf(stderr, "%-20s Specify the url.\n", "-u url"); - fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType"); - fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n", - "-d keydir"); - fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n", - "-P dbprefix"); -#ifdef DEBUG - fprintf (stderr, "%-15s Test . Only for debugging purposes. See source code\n", "-T"); -#endif - fprintf(stderr, "%-20s CRL Types (default is SEC_CRL_TYPE):\n", " "); - fprintf(stderr, "%-20s \t 0 - SEC_KRL_TYPE\n", " "); - fprintf(stderr, "%-20s \t 1 - SEC_CRL_TYPE\n", " "); - fprintf(stderr, "\n%-20s Bypass CA certificate checks.\n", "-B"); - fprintf(stderr, "\n%-20s Partial decode for faster operation.\n", "-p"); - fprintf(stderr, "%-20s Repeat the operation.\n", "-r "); - fprintf(stderr, "\n%-15s Create CRL\n", "-G"); - fprintf(stderr, "%-15s Modify CRL\n", "-M"); - fprintf(stderr, "%-20s Specify crl initialization file\n", - "-c crl-conf-file"); - fprintf(stderr, "%-20s Specify the nickname of the CA certificate\n", - "-n nickname"); - fprintf(stderr, "%-20s Specify the file which contains the CRL to import\n", - "-i crl"); - fprintf(stderr, "%-20s Specify a CRL output file\n", - "-o crl-output-file"); - fprintf(stderr, "%-20s Specify to use base64 encoded CRL output format\n", - "-a"); - fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n", - "-d keydir"); - fprintf(stderr, "%-20s Provide path to a default pwd file\n", - "-f pwd-file"); - fprintf(stderr, "%-20s Provide db password in command line\n", - "-w pwd-string"); - fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n", - "-P dbprefix"); - fprintf(stderr, "%-20s Specify the url.\n", "-u url"); - fprintf(stderr, "\n%-20s Bypass CA certificate checks.\n", "-B"); - - exit(-1); -} - -int main(int argc, char **argv) -{ - SECItem privKeyDER; - CERTCertDBHandle *certHandle; - FILE *certFile; - PRFileDesc *inFile; - PRFileDesc *inCrlInitFile = NULL; - int generateCRL; - int modifyCRL; - int listCRL; - int importCRL; - int deleteCRL; - int rv; - char *nickName; - char *url; - char *dbPrefix = ""; - char *alg = NULL; - char *outFile = NULL; - char *slotName = NULL; - int ascii = 0; - int crlType; - PLOptState *optstate; - PLOptStatus status; - SECStatus secstatus; - PRInt32 decodeOptions = CRL_DECODE_DEFAULT_OPTIONS; - PRInt32 importOptions = CRL_IMPORT_DEFAULT_OPTIONS; - PRBool quiet = PR_FALSE; - PRBool test = PR_FALSE; - PRBool erase = PR_FALSE; - PRInt32 i = 0; - PRInt32 iterations = 1; - - secuPWData pwdata = { PW_NONE, 0 }; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - rv = 0; - deleteCRL = importCRL = listCRL = generateCRL = modifyCRL = 0; - certFile = NULL; - inFile = NULL; - nickName = url = NULL; - privKeyDER.data = NULL; - certHandle = NULL; - crlType = SEC_CRL_TYPE; - /* - * Parse command line arguments - */ - optstate = PL_CreateOptState(argc, argv, "sqBCDGILMTEP:f:d:i:h:n:p:t:u:r:aZ:o:c:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case '?': - Usage(progName); - break; - - case 'T': - test = PR_TRUE; - break; - - case 'E': - erase = PR_TRUE; - break; - - case 'B': - importOptions |= CRL_IMPORT_BYPASS_CHECKS; - break; - - case 'G': - generateCRL = 1; - break; - - case 'M': - modifyCRL = 1; - break; - - case 'D': - deleteCRL = 1; - break; - - case 'I': - importCRL = 1; - break; - - case 'C': - case 'L': - listCRL = 1; - break; - - case 'P': - dbPrefix = strdup(optstate->value); - break; - - case 'Z': - alg = strdup(optstate->value); - break; - - case 'a': - ascii = 1; - break; - - case 'c': - inCrlInitFile = PR_Open(optstate->value, PR_RDONLY, 0); - if (!inCrlInitFile) { - PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - PL_DestroyOptState(optstate); - return -1; - } - break; - - case 'd': - SECU_ConfigDirectory(optstate->value); - break; - - case 'f': - pwdata.source = PW_FROMFILE; - pwdata.data = strdup(optstate->value); - break; - - case 'h': - slotName = strdup(optstate->value); - break; - - case 'i': - inFile = PR_Open(optstate->value, PR_RDONLY, 0); - if (!inFile) { - PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - PL_DestroyOptState(optstate); - return -1; - } - break; - - case 'n': - nickName = strdup(optstate->value); - break; - - case 'o': - outFile = strdup(optstate->value); - break; - - case 'p': - decodeOptions |= CRL_DECODE_SKIP_ENTRIES; - break; - - case 'r': { - const char* str = optstate->value; - if (str && atoi(str)>0) - iterations = atoi(str); - } - break; - - case 't': { - char *type; - - type = strdup(optstate->value); - crlType = atoi (type); - if (crlType != SEC_CRL_TYPE && crlType != SEC_KRL_TYPE) { - PR_fprintf(PR_STDERR, "%s: invalid crl type\n", progName); - PL_DestroyOptState(optstate); - return -1; - } - break; - - case 'q': - quiet = PR_TRUE; - break; - - case 'w': - pwdata.source = PW_PLAINTEXT; - pwdata.data = strdup(optstate->value); - break; - - case 'u': - url = strdup(optstate->value); - break; - - } - } - } - PL_DestroyOptState(optstate); - - if (deleteCRL && !nickName) Usage (progName); - if (importCRL && !inFile) Usage (progName); - if ((generateCRL && !nickName) || - (modifyCRL && !inFile && !nickName)) Usage (progName); - if (!(listCRL || deleteCRL || importCRL || generateCRL || - modifyCRL || test || erase)) Usage (progName); - - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - - PK11_SetPasswordFunc(SECU_GetModulePassword); - - secstatus = NSS_Initialize(SECU_ConfigDirectory(NULL), dbPrefix, dbPrefix, - "secmod.db", 0); - if (secstatus != SECSuccess) { - SECU_PrintPRandOSError(progName); - return -1; - } - SECU_RegisterDynamicOids(); - - certHandle = CERT_GetDefaultCertDB(); - if (certHandle == NULL) { - SECU_PrintError(progName, "unable to open the cert db"); - /*ignoring return value of NSS_Shutdown() as code returns -1*/ - (void) NSS_Shutdown(); - return (-1); - } - - CRLGEN_InitCrlGenParserLock(); - - for (i=0; i -#include -#include - -#define DEFAULT_ALLOC_SIZE 200 -#define DEFAULT_CGI_VARS 20 - -typedef struct CGIVariableStr { - char *name; - char *value; -} CGIVariable; - -typedef struct CGIVarTableStr { - CGIVariable **variables; - int numVars; - int numAlloc; -} CGIVarTable; - -typedef struct CertResponseInfoStr { - CERTCertificate *cert; - long certReqID; -} CertResponseInfo; - -typedef struct ChallengeCreationInfoStr { - long random; - SECKEYPublicKey *pubKey; -} ChallengeCreationInfo; - -char *missingVar = NULL; - -/* - * Error values. - */ -typedef enum { - NO_ERROR = 0, - NSS_INIT_FAILED, - AUTH_FAILED, - REQ_CGI_VAR_NOT_PRESENT, - CRMF_REQ_NOT_PRESENT, - BAD_ASCII_FOR_REQ, - CGI_VAR_MISSING, - COULD_NOT_FIND_CA, - COULD_NOT_DECODE_REQS, - OUT_OF_MEMORY, - ERROR_RETRIEVING_REQUEST_MSG, - ERROR_RETRIEVING_CERT_REQUEST, - ERROR_RETRIEVING_SUBJECT_FROM_REQ, - ERROR_RETRIEVING_PUBLIC_KEY_FROM_REQ, - ERROR_CREATING_NEW_CERTIFICATE, - COULD_NOT_START_EXTENSIONS, - ERROR_RETRIEVING_EXT_FROM_REQ, - ERROR_ADDING_EXT_TO_CERT, - ERROR_ENDING_EXTENSIONS, - COULD_NOT_FIND_ISSUER_PRIVATE_KEY, - UNSUPPORTED_SIGN_OPERATION_FOR_ISSUER, - ERROR_SETTING_SIGN_ALG, - ERROR_ENCODING_NEW_CERT, - ERROR_SIGNING_NEW_CERT, - ERROR_CREATING_CERT_REP_CONTENT, - ERROR_CREATING_SINGLE_CERT_RESPONSE, - ERROR_SETTING_CERT_RESPONSES, - ERROR_CREATING_CA_LIST, - ERROR_ADDING_ISSUER_TO_CA_LIST, - ERROR_ENCODING_CERT_REP_CONTENT, - NO_POP_FOR_REQUEST, - UNSUPPORTED_POP, - ERROR_RETRIEVING_POP_SIGN_KEY, - ERROR_RETRIEVING_ALG_ID_FROM_SIGN_KEY, - ERROR_RETRIEVING_SIGNATURE_FROM_POP_SIGN_KEY, - DO_CHALLENGE_RESPONSE, - ERROR_RETRIEVING_PUB_KEY_FROM_NEW_CERT, - ERROR_ENCODING_CERT_REQ_FOR_POP, - ERROR_VERIFYING_SIGNATURE_POP, - ERROR_RETRIEVING_PUB_KEY_FOR_CHALL, - ERROR_CREATING_EMPTY_CHAL_CONTENT, - ERROR_EXTRACTING_GEN_NAME_FROM_ISSUER, - ERROR_SETTING_CHALLENGE, - ERROR_ENCODING_CHALL, - ERROR_CONVERTING_CHALL_TO_BASE64, - ERROR_CONVERTING_RESP_FROM_CHALL_TO_BIN, - ERROR_CREATING_KEY_RESP_FROM_DER, - ERROR_RETRIEVING_CLIENT_RESPONSE_TO_CHALLENGE, - ERROR_RETURNED_CHALL_NOT_VALUE_EXPECTED, - ERROR_GETTING_KEY_ENCIPHERMENT, - ERROR_NO_POP_FOR_PRIVKEY, - ERROR_UNSUPPORTED_POPOPRIVKEY_TYPE -} ErrorCode; - -const char * -CGITableFindValue(CGIVarTable *varTable, const char *key); - -void -spitOutHeaders(void) -{ - printf("Content-type: text/html\n\n"); -} - -void -dumpRequest(CGIVarTable *varTable) -{ - int i; - CGIVariable *var; - - printf ("\n"); - printf ("" - "\n"); - for (i=0; inumVars; i++) { - var = varTable->variables[i]; - printf ("\n", - var->name, var->value); - } - printf("
Variable Name
Value
%s
%s
\n"); -} - -void -echo_request(CGIVarTable *varTable) -{ - spitOutHeaders(); - printf("CGI Echo Page\n" - "

Got the following request

\n"); - dumpRequest(varTable); - printf(""); -} - -void -processVariable(CGIVariable *var) -{ - char *plusSign, *percentSign; - - /*First look for all of the '+' and convert them to spaces */ - plusSign = var->value; - while ((plusSign=strchr(plusSign, '+')) != NULL) { - *plusSign = ' '; - } - percentSign = var->value; - while ((percentSign=strchr(percentSign, '%')) != NULL) { - char string[3]; - int value; - - string[0] = percentSign[1]; - string[1] = percentSign[2]; - string[2] = '\0'; - - sscanf(string,"%x", &value); - *percentSign = (char)value; - memmove(&percentSign[1], &percentSign[3], 1+strlen(&percentSign[3])); - } -} - -char * -parseNextVariable(CGIVarTable *varTable, char *form_output) -{ - char *ampersand, *equal; - CGIVariable *var; - - if (varTable->numVars == varTable->numAlloc) { - CGIVariable **newArr = realloc(varTable->variables, - (varTable->numAlloc + DEFAULT_CGI_VARS)*sizeof(CGIVariable*)); - if (newArr == NULL) { - return NULL; - } - varTable->variables = newArr; - varTable->numAlloc += DEFAULT_CGI_VARS; - } - equal = strchr(form_output, '='); - if (equal == NULL) { - return NULL; - } - ampersand = strchr(equal, '&'); - if (ampersand == NULL) { - return NULL; - } - equal[0] = '\0'; - if (ampersand != NULL) { - ampersand[0] = '\0'; - } - var = malloc(sizeof(CGIVariable)); - var->name = form_output; - var->value = &equal[1]; - varTable->variables[varTable->numVars] = var; - varTable->numVars++; - processVariable(var); - return (ampersand != NULL) ? &ersand[1] : NULL; -} - -void -ParseInputVariables(CGIVarTable *varTable, char *form_output) -{ - varTable->variables = malloc(sizeof(CGIVariable*)*DEFAULT_CGI_VARS); - varTable->numVars = 0; - varTable->numAlloc = DEFAULT_CGI_VARS; - while (form_output && form_output[0] != '\0') { - form_output = parseNextVariable(varTable, form_output); - } -} - -const char * -CGITableFindValue(CGIVarTable *varTable, const char *key) -{ - const char *retVal = NULL; - int i; - - for (i=0; inumVars; i++) { - if (strcmp(varTable->variables[i]->name, key) == 0) { - retVal = varTable->variables[i]->value; - break; - } - } - return retVal; -} - -char* -passwordCallback(PK11SlotInfo *slot, PRBool retry, void *arg) -{ - const char *passwd; - if (retry) { - return NULL; - } - passwd = CGITableFindValue((CGIVarTable*)arg, "dbPassword"); - if (passwd == NULL) { - return NULL; - } - return PORT_Strdup(passwd); -} - -ErrorCode -initNSS(CGIVarTable *varTable) -{ - const char *nssDir; - PK11SlotInfo *keySlot; - SECStatus rv; - - nssDir = CGITableFindValue(varTable,"NSSDirectory"); - if (nssDir == NULL) { - missingVar = "NSSDirectory"; - return REQ_CGI_VAR_NOT_PRESENT; - } - rv = NSS_Init(nssDir); - if (rv != SECSuccess) { - return NSS_INIT_FAILED; - } - PK11_SetPasswordFunc(passwordCallback); - keySlot = PK11_GetInternalKeySlot(); - rv = PK11_Authenticate(keySlot, PR_FALSE, varTable); - PK11_FreeSlot(keySlot); - if (rv != SECSuccess) { - return AUTH_FAILED; - } - return NO_ERROR; -} - -void -dumpErrorMessage(ErrorCode errNum) -{ - spitOutHeaders(); - printf("Error

Error processing " - "data

Received the error %d

", errNum); - if (errNum == REQ_CGI_VAR_NOT_PRESENT) { - printf ("The missing variable is %s.", missingVar); - } - printf ("More useful information here in the future."); -} - -ErrorCode -initOldCertReq(CERTCertificateRequest *oldCertReq, - CERTName *subject, CERTSubjectPublicKeyInfo *spki) -{ - PRArenaPool *poolp; - - poolp = oldCertReq->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - SEC_ASN1EncodeInteger(poolp, &oldCertReq->version, - SEC_CERTIFICATE_VERSION_3); - CERT_CopyName(poolp, &oldCertReq->subject, subject); - SECKEY_CopySubjectPublicKeyInfo(poolp, &oldCertReq->subjectPublicKeyInfo, - spki); - oldCertReq->attributes = NULL; - return NO_ERROR; -} - -ErrorCode -addExtensions(CERTCertificate *newCert, CRMFCertRequest *certReq) -{ - int numExtensions, i; - void *extHandle; - ErrorCode rv = NO_ERROR; - CRMFCertExtension *ext; - SECStatus srv; - - numExtensions = CRMF_CertRequestGetNumberOfExtensions(certReq); - if (numExtensions == 0) { - /* No extensions to add */ - return NO_ERROR; - } - extHandle = CERT_StartCertExtensions(newCert); - if (extHandle == NULL) { - rv = COULD_NOT_START_EXTENSIONS; - goto loser; - } - for (i=0; idata, der->len); - PR_Close(outfile); - -} - -ErrorCode -createNewCert(CERTCertificate**issuedCert,CERTCertificateRequest *oldCertReq, - CRMFCertReqMsg *currReq, CRMFCertRequest *certReq, - CERTCertificate *issuerCert, CGIVarTable *varTable) -{ - CERTCertificate *newCert = NULL; - CERTValidity *validity; - PRExplodedTime printableTime; - PRTime now, after; - ErrorCode rv=NO_ERROR; - SECKEYPrivateKey *issuerPrivKey; - SECItem derCert = { 0 }; - SECOidTag signTag; - SECStatus srv; - long version; - - now = PR_Now(); - PR_ExplodeTime(now, PR_GMTParameters, &printableTime); - printableTime.tm_month += 9; - after = PR_ImplodeTime(&printableTime); - validity = CERT_CreateValidity(now, after); - newCert = *issuedCert = - CERT_CreateCertificate(rand(), &(issuerCert->subject), validity, - oldCertReq); - if (newCert == NULL) { - rv = ERROR_CREATING_NEW_CERTIFICATE; - goto loser; - } - rv = addExtensions(newCert, certReq); - if (rv != NO_ERROR) { - goto loser; - } - issuerPrivKey = PK11_FindKeyByAnyCert(issuerCert, varTable); - if (issuerPrivKey == NULL) { - rv = COULD_NOT_FIND_ISSUER_PRIVATE_KEY; - } - switch(issuerPrivKey->keyType) { - case rsaKey: - signTag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; - break; - case dsaKey: - signTag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; - break; - default: - rv = UNSUPPORTED_SIGN_OPERATION_FOR_ISSUER; - goto loser; - } - srv = SECOID_SetAlgorithmID(newCert->arena, &newCert->signature, - signTag, 0); - if (srv != SECSuccess) { - rv = ERROR_SETTING_SIGN_ALG; - goto loser; - } - srv = CRMF_CertRequestGetCertTemplateVersion(certReq, &version); - if (srv != SECSuccess) { - /* No version included in the request */ - *(newCert->version.data) = SEC_CERTIFICATE_VERSION_3; - } else { - SECITEM_FreeItem(&newCert->version, PR_FALSE); - SEC_ASN1EncodeInteger(newCert->arena, &newCert->version, version); - } - SEC_ASN1EncodeItem(newCert->arena, &derCert, newCert, - CERT_CertificateTemplate); - if (derCert.data == NULL) { - rv = ERROR_ENCODING_NEW_CERT; - goto loser; - } - srv = SEC_DerSignData(newCert->arena, &(newCert->derCert), derCert.data, - derCert.len, issuerPrivKey, signTag); - if (srv != SECSuccess) { - rv = ERROR_SIGNING_NEW_CERT; - goto loser; - } -#ifdef WRITE_OUT_RESPONSE - writeOutItem("newcert.der", &newCert->derCert); -#endif - return NO_ERROR; - loser: - *issuedCert = NULL; - if (newCert) { - CERT_DestroyCertificate(newCert); - } - return rv; - -} - -void -formatCMMFResponse(char *nickname, char *base64Response) -{ - char *currLine, *nextLine; - - printf("var retVal = crypto.importUserCertificates(\"%s\",\n", nickname); - currLine = base64Response; - while (1) { - nextLine = strchr(currLine, '\n'); - if (nextLine == NULL) { - /* print out the last line here. */ - printf ("\"%s\",\n", currLine); - break; - } - nextLine[0] = '\0'; - printf("\"%s\\n\"+\n", currLine); - currLine = nextLine+1; - } - printf("true);\n" - "if(retVal == '') {\n" - "\tdocument.write(\"

New Certificate Succesfully Imported.

\");\n" - "} else {\n" - "\tdocument.write(\"

Unable to import New Certificate

\");\n" - "\tdocument.write(\"crypto.importUserCertificates returned \");\n" - "\tdocument.write(retVal);\n" - "\tdocument.write(\"\");\n" - "}\n"); -} - -void -spitOutCMMFResponse(char *nickname, char *base64Response) -{ - spitOutHeaders(); - printf("\n\nCMMF Resonse Page\n\n\n" - "

CMMF Response Page

\n" - "\n\n"); -} - -char* -getNickname(CERTCertificate *cert) -{ - char *nickname; - - if (cert->nickname != NULL) { - return cert->nickname; - } - nickname = CERT_GetCommonName(&cert->subject); - if (nickname != NULL) { - return nickname; - } - return CERT_NameToAscii(&cert->subject); -} - -ErrorCode -createCMMFResponse(CertResponseInfo *issuedCerts, int numCerts, - CERTCertificate *issuerCert, char **base64der) -{ - CMMFCertRepContent *certRepContent=NULL; - ErrorCode rv = NO_ERROR; - CMMFCertResponse **responses, *currResponse; - CERTCertList *caList; - int i; - SECStatus srv; - PRArenaPool *poolp; - SECItem *der; - - certRepContent = CMMF_CreateCertRepContent(); - if (certRepContent == NULL) { - rv = ERROR_CREATING_CERT_REP_CONTENT; - goto loser; - } - responses = PORT_NewArray(CMMFCertResponse*, numCerts); - if (responses == NULL) { - rv = OUT_OF_MEMORY; - goto loser; - } - for (i=0; idata, der->len); - return NO_ERROR; - loser: - return rv; -} - -ErrorCode -issueCerts(CertResponseInfo *issuedCerts, int numCerts, - CERTCertificate *issuerCert) -{ - ErrorCode rv; - char *base64Response; - - rv = createCMMFResponse(issuedCerts, numCerts, issuerCert, &base64Response); - if (rv != NO_ERROR) { - goto loser; - } - spitOutCMMFResponse(getNickname(issuedCerts[0].cert),base64Response); - return NO_ERROR; - loser: - return rv; -} - -ErrorCode -verifySignature(CGIVarTable *varTable, CRMFCertReqMsg *currReq, - CRMFCertRequest *certReq, CERTCertificate *newCert) -{ - SECStatus srv; - ErrorCode rv = NO_ERROR; - CRMFPOPOSigningKey *signKey = NULL; - SECAlgorithmID *algID = NULL; - SECItem *signature = NULL; - SECKEYPublicKey *pubKey = NULL; - SECItem *reqDER = NULL; - - srv = CRMF_CertReqMsgGetPOPOSigningKey(currReq, &signKey); - if (srv != SECSuccess || signKey == NULL) { - rv = ERROR_RETRIEVING_POP_SIGN_KEY; - goto loser; - } - algID = CRMF_POPOSigningKeyGetAlgID(signKey); - if (algID == NULL) { - rv = ERROR_RETRIEVING_ALG_ID_FROM_SIGN_KEY; - goto loser; - } - signature = CRMF_POPOSigningKeyGetSignature(signKey); - if (signature == NULL) { - rv = ERROR_RETRIEVING_SIGNATURE_FROM_POP_SIGN_KEY; - goto loser; - } - /* Make the length the number of bytes instead of bits */ - signature->len = (signature->len+7)/8; - pubKey = CERT_ExtractPublicKey(newCert); - if (pubKey == NULL) { - rv = ERROR_RETRIEVING_PUB_KEY_FROM_NEW_CERT; - goto loser; - } - reqDER = SEC_ASN1EncodeItem(NULL, NULL, certReq, CRMFCertRequestTemplate); - if (reqDER == NULL) { - rv = ERROR_ENCODING_CERT_REQ_FOR_POP; - goto loser; - } - srv = VFY_VerifyData(reqDER->data, reqDER->len, pubKey, signature, - SECOID_FindOIDTag(&algID->algorithm), varTable); - if (srv != SECSuccess) { - rv = ERROR_VERIFYING_SIGNATURE_POP; - goto loser; - } - /* Fall thru in successfull case. */ - loser: - if (pubKey != NULL) { - SECKEY_DestroyPublicKey(pubKey); - } - if (reqDER != NULL) { - SECITEM_FreeItem(reqDER, PR_TRUE); - } - if (signature != NULL) { - SECITEM_FreeItem(signature, PR_TRUE); - } - if (algID != NULL) { - SECOID_DestroyAlgorithmID(algID, PR_TRUE); - } - if (signKey != NULL) { - CRMF_DestroyPOPOSigningKey(signKey); - } - return rv; -} - -ErrorCode -doChallengeResponse(CGIVarTable *varTable, CRMFCertReqMsg *currReq, - CRMFCertRequest *certReq, CERTCertificate *newCert, - ChallengeCreationInfo *challs, int *numChall) -{ - CRMFPOPOPrivKey *privKey = NULL; - CRMFPOPOPrivKeyChoice privKeyChoice; - SECStatus srv; - ErrorCode rv = NO_ERROR; - - srv = CRMF_CertReqMsgGetPOPKeyEncipherment(currReq, &privKey); - if (srv != SECSuccess || privKey == NULL) { - rv = ERROR_GETTING_KEY_ENCIPHERMENT; - goto loser; - } - privKeyChoice = CRMF_POPOPrivKeyGetChoice(privKey); - CRMF_DestroyPOPOPrivKey(privKey); - switch (privKeyChoice) { - case crmfSubsequentMessage: - challs = &challs[*numChall]; - challs->random = rand(); - challs->pubKey = CERT_ExtractPublicKey(newCert); - if (challs->pubKey == NULL) { - rv = ERROR_RETRIEVING_PUB_KEY_FOR_CHALL; - goto loser; - } - (*numChall)++; - rv = DO_CHALLENGE_RESPONSE; - break; - case crmfThisMessage: - /* There'd better be a PKIArchiveControl in this message */ - if (!CRMF_CertRequestIsControlPresent(certReq, - crmfPKIArchiveOptionsControl)) { - rv = ERROR_NO_POP_FOR_PRIVKEY; - goto loser; - } - break; - default: - rv = ERROR_UNSUPPORTED_POPOPRIVKEY_TYPE; - goto loser; - } -loser: - return rv; -} - -ErrorCode -doProofOfPossession(CGIVarTable *varTable, CRMFCertReqMsg *currReq, - CRMFCertRequest *certReq, CERTCertificate *newCert, - ChallengeCreationInfo *challs, int *numChall) -{ - CRMFPOPChoice popChoice; - ErrorCode rv = NO_ERROR; - - popChoice = CRMF_CertReqMsgGetPOPType(currReq); - if (popChoice == crmfNoPOPChoice) { - rv = NO_POP_FOR_REQUEST; - goto loser; - } - switch (popChoice) { - case crmfSignature: - rv = verifySignature(varTable, currReq, certReq, newCert); - break; - case crmfKeyEncipherment: - rv = doChallengeResponse(varTable, currReq, certReq, newCert, - challs, numChall); - break; - case crmfRAVerified: - case crmfKeyAgreement: - default: - rv = UNSUPPORTED_POP; - goto loser; - } - loser: - return rv; -} - -void -convertB64ToJS(char *base64) -{ - int i; - - for (i=0; base64[i] != '\0'; i++) { - if (base64[i] == '\n') { - printf ("\\n"); - }else { - printf ("%c", base64[i]); - } - } -} - -void -formatChallenge(char *chall64, char *certRepContentDER, - ChallengeCreationInfo *challInfo, int numChalls) -{ - printf ("function respondToChallenge() {\n" - " var chalForm = document.chalForm;\n\n" - " chalForm.CertRepContent.value = '"); - convertB64ToJS(certRepContentDER); - printf ("';\n" - " chalForm.ChallResponse.value = crypto.popChallengeResponse('"); - convertB64ToJS(chall64); - printf("');\n" - " chalForm.submit();\n" - "}\n"); - -} - -void -spitOutChallenge(char *chall64, char *certRepContentDER, - ChallengeCreationInfo *challInfo, int numChalls, - char *nickname) -{ - int i; - - spitOutHeaders(); - printf("\n" - "\n" - "Challenge Page\n" - "\n" - "\n" - "\n" - "

Cartman is now responding to the Challenge " - "presented by the CGI

\n" - "\n" - "\n" - "\n"); - for (i=0;i\n", - i+1, challInfo[i].random); - } - printf("\n", nickname); - printf("\n\n"); -} - -ErrorCode -issueChallenge(CertResponseInfo *issuedCerts, int numCerts, - ChallengeCreationInfo *challInfo, int numChalls, - CERTCertificate *issuer, CGIVarTable *varTable) -{ - ErrorCode rv = NO_ERROR; - CMMFPOPODecKeyChallContent *chalContent = NULL; - int i; - SECStatus srv; - PRArenaPool *poolp; - CERTGeneralName *genName; - SECItem *challDER = NULL; - char *chall64, *certRepContentDER; - - rv = createCMMFResponse(issuedCerts, numCerts, issuer, - &certRepContentDER); - if (rv != NO_ERROR) { - goto loser; - } - chalContent = CMMF_CreatePOPODecKeyChallContent(); - if (chalContent == NULL) { - rv = ERROR_CREATING_EMPTY_CHAL_CONTENT; - goto loser; - } - poolp = PORT_NewArena(1024); - if (poolp == NULL) { - rv = OUT_OF_MEMORY; - goto loser; - } - genName = CERT_GetCertificateNames(issuer, poolp); - if (genName == NULL) { - rv = ERROR_EXTRACTING_GEN_NAME_FROM_ISSUER; - goto loser; - } - for (i=0;idata, challDER->len); - SECITEM_FreeItem(challDER, PR_TRUE); - if (chall64 == NULL) { - rv = ERROR_CONVERTING_CHALL_TO_BASE64; - goto loser; - } - spitOutChallenge(chall64, certRepContentDER, challInfo, numChalls, - getNickname(issuedCerts[0].cert)); - loser: - return rv; -} - - -ErrorCode -processRequest(CGIVarTable *varTable) -{ - CERTCertDBHandle *certdb; - SECKEYKeyDBHandle *keydb; - CRMFCertReqMessages *certReqs = NULL; - const char *crmfReq; - const char *caNickname; - CERTCertificate *caCert = NULL; - CertResponseInfo *issuedCerts = NULL; - CERTSubjectPublicKeyInfo spki = { 0 }; - ErrorCode rv=NO_ERROR; - PRBool doChallengeResponse = PR_FALSE; - SECItem der = { 0 }; - SECStatus srv; - CERTCertificateRequest oldCertReq = { 0 }; - CRMFCertReqMsg **reqMsgs = NULL,*currReq = NULL; - CRMFCertRequest **reqs = NULL, *certReq = NULL; - CERTName subject = { 0 }; - int numReqs,i; - ChallengeCreationInfo *challInfo=NULL; - int numChalls = 0; - - certdb = CERT_GetDefaultCertDB(); - keydb = SECKEY_GetDefaultKeyDB(); - crmfReq = CGITableFindValue(varTable, "CRMFRequest"); - if (crmfReq == NULL) { - rv = CGI_VAR_MISSING; - missingVar = "CRMFRequest"; - goto loser; - } - caNickname = CGITableFindValue(varTable, "CANickname"); - if (caNickname == NULL) { - rv = CGI_VAR_MISSING; - missingVar = "CANickname"; - goto loser; - } - caCert = CERT_FindCertByNickname(certdb, caNickname); - if (caCert == NULL) { - rv = COULD_NOT_FIND_CA; - goto loser; - } - srv = ATOB_ConvertAsciiToItem(&der, crmfReq); - if (srv != SECSuccess) { - rv = BAD_ASCII_FOR_REQ; - goto loser; - } - certReqs = CRMF_CreateCertReqMessagesFromDER(der.data, der.len); - SECITEM_FreeItem(&der, PR_FALSE); - if (certReqs == NULL) { - rv = COULD_NOT_DECODE_REQS; - goto loser; - } - numReqs = CRMF_CertReqMessagesGetNumMessages(certReqs); - issuedCerts = PORT_ZNewArray(CertResponseInfo, numReqs); - challInfo = PORT_ZNewArray(ChallengeCreationInfo, numReqs); - if (issuedCerts == NULL || challInfo == NULL) { - rv = OUT_OF_MEMORY; - goto loser; - } - reqMsgs = PORT_ZNewArray(CRMFCertReqMsg*, numReqs); - reqs = PORT_ZNewArray(CRMFCertRequest*, numReqs); - if (reqMsgs == NULL || reqs == NULL) { - rv = OUT_OF_MEMORY; - goto loser; - } - for (i=0; i= form_output_len) { - form_output_len += DEFAULT_ALLOC_SIZE; - form_output = PORT_Realloc(form_output, form_output_len+1); - } - form_output_used += fread(&form_output[form_output_used], sizeof(char), - DEFAULT_ALLOC_SIZE, stdin); - } - ParseInputVariables(&varTable, form_output); - certRepContent = CGITableFindValue(&varTable, "CertRepContent"); - if (certRepContent == NULL) { - errNum = initNSS(&varTable); - if (errNum != 0) { - goto loser; - } - errNum = processRequest(&varTable); - } else { - errNum = processChallengeResponse(&varTable, certRepContent); - } - if (errNum != NO_ERROR) { - goto loser; - } - goto done; -loser: - dumpErrorMessage(errNum); -done: - free (form_output); - return 0; -} - diff --git a/security/nss/cmd/crmf-cgi/crmfcgi.html b/security/nss/cmd/crmf-cgi/crmfcgi.html deleted file mode 100644 index f6f0d8defc..0000000000 --- a/security/nss/cmd/crmf-cgi/crmfcgi.html +++ /dev/null @@ -1,168 +0,0 @@ - - - - -CRMF Test Page for PSM - - - -

CRMF Test page for PSM

-This page is designed to be used in combination with the executable -produced by ns/security/cmd/crmf-cgi in a CGI environment. In order -to successfully use this page, modify its action to post to a a server -where you have installed the crmfcgi executable and you'll be able to -test the functionality. -
-
-

Certificate Database information

-First, enter all the information for the CGI to use for initializing -NSS. The CGI will use the directory entered below as the directory -where to look for the certificate and key databases. -
-Path for NSS Config: 
-
-Enter the password for the certificate database found in the direcotry -above. -
-Database Password:   
-
-Now enter the nickname of the certificate to use for signing the -certificate issued during this test. -
-CA Nickname:         
-
-

Now, figure out which type of key generation you want to test:

- - -
- -
- - diff --git a/security/nss/cmd/crmf-cgi/manifest.mn b/security/nss/cmd/crmf-cgi/manifest.mn deleted file mode 100644 index c8c38e2244..0000000000 --- a/security/nss/cmd/crmf-cgi/manifest.mn +++ /dev/null @@ -1,65 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. -MODULE = sectools - -EXPORTS = \ - $(NULL) - -CSRCS = \ - crmfcgi.c \ - $(NULL) - - -REQUIRES = nss dbm seccmd - -ifdef ATTACH_CGI -DEFINES += -DATTACH_CGI -endif - -ifdef WRITE_OUT_RESPONSE -DEFINES += -DWRITE_OUT_RESPONSE -endif - -PROGRAM = crmfcgi - -USE_STATIC_LIBS = 1 - -INCLUDES = - -DEFINES = -DNSPR20 diff --git a/security/nss/cmd/crmftest/Makefile b/security/nss/cmd/crmftest/Makefile deleted file mode 100644 index 66d334a7da..0000000000 --- a/security/nss/cmd/crmftest/Makefile +++ /dev/null @@ -1,96 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### -include config.mk - -ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.2) -OS_LIBS += -lsvld -endif - -ifeq ($(OS_TARGET)$(OS_RELEASE), SunOS5.6) -OS_LIBS += -ldl -lxnet -lposix4 -lsocket -lnsl -endif - -EXTRA_LIBS += $(DIST)/lib/$(LIB_PREFIX)crmf.$(LIB_SUFFIX) - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -LDDIST = $(DIST)/lib - -ifeq (,$(filter-out WIN%,$(OS_TARGET))) -EXTRA_LIBS += $(LDDIST)/sectool.lib -endif - -include ../platrules.mk diff --git a/security/nss/cmd/crmftest/manifest.mn b/security/nss/cmd/crmftest/manifest.mn deleted file mode 100644 index 93786ee49e..0000000000 --- a/security/nss/cmd/crmftest/manifest.mn +++ /dev/null @@ -1,57 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. -DEPTH = . - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -EXPORTS = \ - $(NULL) - -CSRCS = \ - testcrmf.c \ - $(NULL) - - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -# REQUIRES = dbm - -PROGRAM = crmftest - diff --git a/security/nss/cmd/crmftest/testcrmf.c b/security/nss/cmd/crmftest/testcrmf.c deleted file mode 100644 index 11f96ab752..0000000000 --- a/security/nss/cmd/crmftest/testcrmf.c +++ /dev/null @@ -1,1697 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* - * This program does 5 separate functions. By default, it does them all. - * It can be told to do any subset of them. - * It does them in this order: - * - * 1. Generate file of CRMF cert requests. - * Generates 2 keys pairs, one for signing, one for encryption. - * Can generate RSA or DSA (XXX - DSA is only useful for signing). - * Generate a cert request for each of the two public keys. - * Generate a single CRMF cert request message that requests both certs. - * Leave the generated CRMF request message in file - * configdir/CertReqMessages.der - * - * 2. Decode CRMF Request(s) Message. - * Reads in the file configdir/CertReqMessages.der - * (either generated by step 1 above, or user supplied). - * Decodes it. NOTHING MORE. Drops these decoded results on the floor. - * The CMMF response (below) contains a completely unrelated cert. :-( - * - * 3. CMMF "Stuff". - * a) Generates a CMMF response, containing a single cert chain, as if - * it was a response to a received CRMF request. But the cert is - * simply a user cert from the user's local soft token, whose - * nickname is given in the -p option. The CMMF response has no - * relationship to the request generated above. The CMMF message - * is placed in configdir/CertRepContent.der. - * b) Decodes the newly generated CMMF response found in file - * configdir/CertRepContent.der and discards the result. 8-/ - * c) Generate a CMMF Key Escrow message - * needs 2 nicknames: - * It takes the public and private keys for the cert identified - * by -p nickname, and wraps them with a sym key that is in turn - * wrapped with the pubkey in the CA cert, whose nickname is - * given with the -s option. - * Store the message in configdir/KeyRecRepContent.der - * d) Decode the CMMF Key Escrow message generated just above. - * Get it from file configdir/KeyRecRepContent.der - * This is just a decoder test. Results are discarded. - * - * 4. Key Recovery - * This code does not yet compile, and what it was intended to do - * has not been fully determined. - * - * 5. Challenge/Response. - * Haven't analyzed this code yet. - * - * - */ - -/* KNOWN BUGS: -** 1. generates BOTH signing and encryption cert requests, even for DSA keys. -** -** 2. Does not verify the siganture in the "Proof of Posession" in the -** decoded cert requests. It only checks syntax of the POP. -** 3. CMMF "Stuff" should be broken up into separate steps, each of -** which may be optionally selected. -*/ - -#include -#include "nspr.h" -#include "nss.h" -#include "crmf.h" -#include "secerr.h" -#include "pk11func.h" -#include "key.h" -#include "cmmf.h" -#include "plgetopt.h" -#include "secutil.h" -#include "pk11pqg.h" - -#if 0 -#include "pkcs11.h" -#include "secmod.h" -#include "secmodi.h" -#include "pqggen.h" -#include "secmod.h" -#include "secmodi.h" -#include "pkcs11.h" -#include "secitem.h" -#include "secasn1.h" -#include "sechash.h" -#endif - -#define MAX_KEY_LEN 512 -#define PATH_LEN 150 -#define BUFF_SIZE 150 -#define UID_BITS 800 -#define BPB 8 -#define CRMF_FILE "CertReqMessages.der" - -PRTime notBefore; -char *personalCert = NULL; -char *recoveryEncrypter = NULL; -char *caCertName = NULL; -static secuPWData pwdata = { PW_NONE, 0 }; -char *configdir; -PRBool doingDSA = PR_FALSE; - -CERTCertDBHandle *db; - -typedef struct { - SECKEYPrivateKey *privKey; - SECKEYPublicKey *pubKey; - CRMFCertRequest *certReq; - CRMFCertReqMsg *certReqMsg; -} TESTKeyPair; - -void -debug_test(SECItem *src, char *filePath) -{ - PRFileDesc *fileDesc; - - fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, - 0666); - if (fileDesc == NULL) { - printf ("Could not cretae file %s.\n", filePath); - return; - } - PR_Write(fileDesc, src->data, src->len); - -} - -SECStatus -get_serial_number(long *dest) -{ - SECStatus rv; - - if (dest == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - rv = PK11_GenerateRandom((unsigned char *)dest, sizeof(long)); - /* make serial number positive */ - if (*dest < 0L) - *dest = - *dest; - return SECSuccess; -} - -PK11RSAGenParams * -GetRSAParams(void) -{ - PK11RSAGenParams *rsaParams; - - rsaParams = PORT_ZNew(PK11RSAGenParams); - - if (rsaParams == NULL) - return NULL; - - rsaParams->keySizeInBits = MAX_KEY_LEN; - rsaParams->pe = 0x10001; - - return rsaParams; - -} - -PQGParams* -GetDSAParams(void) -{ - PQGParams *params = NULL; - PQGVerify *vfy = NULL; - - SECStatus rv; - - rv = PK11_PQG_ParamGen(0, ¶ms, &vfy); - if (rv != SECSuccess) { - return NULL; - } - PK11_PQG_DestroyVerify(vfy); - return params; -} - -/* Generate a key pair, and then generate a subjectPublicKeyInfo -** for the public key in that pair. return all 3. -*/ -CERTSubjectPublicKeyInfo * -GetSubjectPubKeyInfo(TESTKeyPair *pair) -{ - CERTSubjectPublicKeyInfo *spki = NULL; - SECKEYPrivateKey *privKey = NULL; - SECKEYPublicKey *pubKey = NULL; - PK11SlotInfo *keySlot = NULL; - - keySlot = PK11_GetInternalKeySlot(); - PK11_Authenticate(keySlot, PR_FALSE, &pwdata); - - - if (!doingDSA) { - PK11RSAGenParams *rsaParams = GetRSAParams(); - if (rsaParams == NULL) { - PK11_FreeSlot(keySlot); - return NULL; - } - privKey = PK11_GenerateKeyPair(keySlot, CKM_RSA_PKCS_KEY_PAIR_GEN, - (void*)rsaParams, &pubKey, PR_FALSE, - PR_FALSE, &pwdata); - } else { - PQGParams *dsaParams = GetDSAParams(); - if (dsaParams == NULL) { - PK11_FreeSlot(keySlot); - return NULL; - } - privKey = PK11_GenerateKeyPair(keySlot, CKM_DSA_KEY_PAIR_GEN, - (void*)dsaParams, &pubKey, PR_FALSE, - PR_FALSE, &pwdata); - } - PK11_FreeSlot(keySlot); - if (privKey == NULL || pubKey == NULL) { - if (pubKey) { - SECKEY_DestroyPublicKey(pubKey); - } - if (privKey) { - SECKEY_DestroyPrivateKey(privKey); - } - return NULL; - } - - spki = SECKEY_CreateSubjectPublicKeyInfo(pubKey); - pair->privKey = privKey; - pair->pubKey = pubKey; - return spki; -} - - -SECStatus -InitPKCS11(void) -{ - PK11SlotInfo *keySlot; - - PK11_SetPasswordFunc(SECU_GetModulePassword); - - keySlot = PK11_GetInternalKeySlot(); - - if (PK11_NeedUserInit(keySlot) && PK11_NeedLogin(keySlot)) { - if (SECU_ChangePW(keySlot, NULL, NULL) != SECSuccess) { - printf ("Initializing the PINs failed.\n"); - return SECFailure; - } - } - - PK11_FreeSlot(keySlot); - return SECSuccess; -} - - -void -WriteItOut (void *arg, const char *buf, unsigned long len) -{ - PRFileDesc *fileDesc = (PRFileDesc*)arg; - - PR_Write(fileDesc, (void*)buf, len); -} - - - -CRMFCertExtCreationInfo* -GetExtensions(void) -{ - unsigned char keyUsage[4] = { 0x03, 0x02, 0x07, KU_DIGITAL_SIGNATURE }; - /* What are these magic numbers? */ - SECItem data = { 0, NULL, 0 }; - CRMFCertExtension *extension; - CRMFCertExtCreationInfo *extInfo = - PORT_ZNew(CRMFCertExtCreationInfo); - - data.data = keyUsage; - data.len = sizeof keyUsage; - - - extension = - CRMF_CreateCertExtension(SEC_OID_X509_KEY_USAGE, PR_FALSE, &data); - if (extension && extInfo) { - extInfo->numExtensions = 1; - extInfo->extensions = PORT_ZNewArray(CRMFCertExtension*, 1); - extInfo->extensions[0] = extension; - } - return extInfo; -} - -void -FreeExtInfo(CRMFCertExtCreationInfo *extInfo) -{ - int i; - - for (i=0; inumExtensions; i++) { - CRMF_DestroyCertExtension(extInfo->extensions[i]); - } - PORT_Free(extInfo->extensions); - PORT_Free(extInfo); -} - -int -InjectCertName( CRMFCertRequest * certReq, - CRMFCertTemplateField inTemplateField, - const char * inNameString) -{ - char * nameStr; - CERTName * name; - int irv = 0; - - nameStr = PORT_Strdup(inNameString); - if (!nameStr) - return 5; - name = CERT_AsciiToName(nameStr); - if (name == NULL) { - printf ("Could not create CERTName structure from %s.\n", nameStr); - irv = 5; - goto finish; - } - - irv = CRMF_CertRequestSetTemplateField(certReq, inTemplateField, (void*)name); - if (irv != SECSuccess) { - printf ("Could not add name to cert template\n"); - irv = 6; - } - -finish: - PORT_Free(nameStr); - if (name) - CERT_DestroyName(name); - return irv; -} - -int -CreateCertRequest(TESTKeyPair *pair, long inRequestID) -{ - CERTCertificate * caCert; - CERTSubjectPublicKeyInfo *spki; - CRMFCertExtCreationInfo * extInfo; - CRMFCertRequest * certReq; - CRMFEncryptedKey * encKey; - CRMFPKIArchiveOptions * pkiArchOpt; - SECAlgorithmID * algID; - long serialNumber; - long version = 3; - SECStatus rv; - CRMFValidityCreationInfo validity; - unsigned char UIDbuf[UID_BITS / BPB]; - SECItem issuerUID = { siBuffer, UIDbuf, UID_BITS }; - SECItem subjectUID = { siBuffer, UIDbuf, UID_BITS }; - /* len in bits */ - - pair->certReq = NULL; - certReq = CRMF_CreateCertRequest(inRequestID); - if (certReq == NULL) { - printf ("Could not initialize a certificate request.\n"); - return 1; - } - - /* set to version 3 */ - rv = CRMF_CertRequestSetTemplateField(certReq, crmfVersion, - (void*)(&version)); - if (rv != SECSuccess) { - printf("Could not add the version number to the " - "Certificate Request.\n"); - CRMF_DestroyCertRequest(certReq); - return 2; - } - - /* set serial number */ - if (get_serial_number(&serialNumber) != SECSuccess) { - printf ("Could not generate a serial number for cert request.\n"); - CRMF_DestroyCertRequest(certReq); - return 3; - } - rv = CRMF_CertRequestSetTemplateField (certReq, crmfSerialNumber, - (void*)(&serialNumber)); - if (rv != SECSuccess) { - printf ("Could not add serial number to certificate template\n."); - CRMF_DestroyCertRequest(certReq); - return 4; - } - - /* Set issuer name */ - rv = InjectCertName(certReq, crmfIssuer, - "CN=mozilla CA Shack,O=Information Systems"); - if (rv) { - printf ("Could not add issuer to cert template\n"); - CRMF_DestroyCertRequest(certReq); - return 5; - } - - /* Set Subject Name */ - rv = InjectCertName(certReq, crmfSubject, - "CN=mozilla CA Shack ID,O=Engineering,C=US"); - if (rv) { - printf ("Could not add Subject to cert template\n"); - CRMF_DestroyCertRequest(certReq); - return 5; - } - - /* Set Algorithm ID */ - algID = PK11_CreatePBEAlgorithmID(SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC, - 1, NULL); - if (algID == NULL) { - printf ("Couldn't create algorithm ID\n"); - CRMF_DestroyCertRequest(certReq); - return 9; - } - rv = CRMF_CertRequestSetTemplateField(certReq, crmfSigningAlg, (void*)algID); - SECOID_DestroyAlgorithmID(algID, PR_TRUE); - if (rv != SECSuccess) { - printf ("Could not add the signing algorithm to the cert template.\n"); - CRMF_DestroyCertRequest(certReq); - return 10; - } - - /* Set Validity Dates */ - validity.notBefore = ¬Before; - validity.notAfter = NULL; - notBefore = PR_Now(); - rv = CRMF_CertRequestSetTemplateField(certReq, crmfValidity,(void*)(&validity)); - if (rv != SECSuccess) { - printf ("Could not add validity to cert template\n"); - CRMF_DestroyCertRequest(certReq); - return 11; - } - - /* Generate a key pair and Add the spki to the request */ - spki = GetSubjectPubKeyInfo(pair); - if (spki == NULL) { - printf ("Could not create a Subject Public Key Info to add\n"); - CRMF_DestroyCertRequest(certReq); - return 12; - } - rv = CRMF_CertRequestSetTemplateField(certReq, crmfPublicKey, (void*)spki); - SECKEY_DestroySubjectPublicKeyInfo(spki); - if (rv != SECSuccess) { - printf ("Could not add the public key to the template\n"); - CRMF_DestroyCertRequest(certReq); - return 13; - } - - /* Set the requested isser Unique ID */ - PK11_GenerateRandom(UIDbuf, sizeof UIDbuf); - CRMF_CertRequestSetTemplateField(certReq,crmfIssuerUID, (void*)&issuerUID); - - /* Set the requested Subject Unique ID */ - PK11_GenerateRandom(UIDbuf, sizeof UIDbuf); - CRMF_CertRequestSetTemplateField(certReq,crmfSubjectUID, (void*)&subjectUID); - - /* Add extensions - XXX need to understand these magic numbers */ - extInfo = GetExtensions(); - CRMF_CertRequestSetTemplateField(certReq, crmfExtension, (void*)extInfo); - FreeExtInfo(extInfo); - - /* get the recipient CA's cert */ - caCert = CERT_FindCertByNickname(db, caCertName); - if (caCert == NULL) { - printf ("Could not find the certificate for %s\n", caCertName); - CRMF_DestroyCertRequest(certReq); - return 50; - } - encKey = CRMF_CreateEncryptedKeyWithEncryptedValue(pair->privKey, caCert); - CERT_DestroyCertificate(caCert); - if (encKey == NULL) { - printf ("Could not create Encrypted Key with Encrypted Value.\n"); - return 14; - } - pkiArchOpt = CRMF_CreatePKIArchiveOptions(crmfEncryptedPrivateKey, encKey); - CRMF_DestroyEncryptedKey(encKey); - if (pkiArchOpt == NULL) { - printf ("Could not create PKIArchiveOptions.\n"); - return 15; - } - rv = CRMF_CertRequestSetPKIArchiveOptions(certReq, pkiArchOpt); - CRMF_DestroyPKIArchiveOptions(pkiArchOpt); - if (rv != SECSuccess) { - printf ("Could not add the PKIArchiveControl to Cert Request.\n"); - return 16; - } - pair->certReq = certReq; - return 0; -} - -int -Encode(CRMFCertReqMsg *inCertReq1, CRMFCertReqMsg *inCertReq2) -{ - PRFileDesc *fileDesc; - SECStatus rv; - int irv = 0; - CRMFCertReqMsg *msgArr[3]; - char filePath[PATH_LEN]; - - PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, CRMF_FILE); - fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, - 0666); - if (fileDesc == NULL) { - printf ("Could not open file %s\n", filePath); - irv = 14; - goto finish; - } - msgArr[0] = inCertReq1; - msgArr[1] = inCertReq2; - msgArr[2] = NULL; - rv = CRMF_EncodeCertReqMessages(msgArr, WriteItOut, (void*)fileDesc); - if (rv != SECSuccess) { - printf ("An error occurred while encoding.\n"); - irv = 15; - } -finish: - PR_Close(fileDesc); - return irv; -} - -int -AddProofOfPossession(TESTKeyPair *pair, - CRMFPOPChoice inPOPChoice) -{ - - switch(inPOPChoice){ - case crmfSignature: - CRMF_CertReqMsgSetSignaturePOP(pair->certReqMsg, pair->privKey, - pair->pubKey, NULL, NULL, &pwdata); - break; - case crmfRAVerified: - CRMF_CertReqMsgSetRAVerifiedPOP(pair->certReqMsg); - break; - case crmfKeyEncipherment: - CRMF_CertReqMsgSetKeyEnciphermentPOP(pair->certReqMsg, - crmfSubsequentMessage, - crmfChallengeResp, NULL); - break; - case crmfKeyAgreement: - { - SECItem pendejo; - unsigned char lame[] = { 0xf0, 0x0f, 0xf0, 0x0f, 0xf0 }; - - pendejo.data = lame; - pendejo.len = 5; - - CRMF_CertReqMsgSetKeyAgreementPOP(pair->certReqMsg, crmfThisMessage, - crmfNoSubseqMess, &pendejo); - } - break; - default: - return 1; - } - return 0; -} - - -int -Decode(void) -{ - PRFileDesc *fileDesc; - CRMFCertReqMsg *certReqMsg; - CRMFCertRequest *certReq; - CRMFCertReqMessages *certReqMsgs; - SECStatus rv; - int numMsgs, i; - long lame; - CRMFGetValidity validity = {NULL, NULL}; - SECItem item = { siBuffer, NULL, 0 }; - char filePath[PATH_LEN]; - - PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, CRMF_FILE); - fileDesc = PR_Open(filePath, PR_RDONLY, 0644); - if (fileDesc == NULL) { - printf ("Could not open file %s\n", filePath); - return 214; - } - rv = SECU_FileToItem(&item, fileDesc); - PR_Close(fileDesc); - if (rv != SECSuccess) { - return 215; - } - - certReqMsgs = CRMF_CreateCertReqMessagesFromDER((char *)item.data, item.len); - if (certReqMsgs == NULL) { - printf ("Error decoding CertReqMessages.\n"); - return 202; - } - numMsgs = CRMF_CertReqMessagesGetNumMessages(certReqMsgs); - if (numMsgs <= 0) { - printf ("WARNING: The DER contained %d messages.\n", numMsgs); - } - for (i=0; i < numMsgs; i++) { - SECStatus rv; - printf("crmftest: Processing cert request %d\n", i); - certReqMsg = CRMF_CertReqMessagesGetCertReqMsgAtIndex(certReqMsgs, i); - if (certReqMsg == NULL) { - printf ("ERROR: Could not access the message at index %d of %s\n", - i, filePath); - } - rv = CRMF_CertReqMsgGetID(certReqMsg, &lame); - if (rv) { - SECU_PrintError("crmftest", "CRMF_CertReqMsgGetID"); - } - certReq = CRMF_CertReqMsgGetCertRequest(certReqMsg); - if (!certReq) { - SECU_PrintError("crmftest", "CRMF_CertReqMsgGetCertRequest"); - } - rv = CRMF_CertRequestGetCertTemplateValidity(certReq, &validity); - if (rv) { - SECU_PrintError("crmftest", "CRMF_CertRequestGetCertTemplateValidity"); - } - if (!validity.notBefore) { - /* We encoded a notBefore, so somthing's wrong if it's not here. */ - printf("ERROR: Validity period notBefore date missing.\n"); - } - /* XXX It's all parsed now. We probably should DO SOMETHING with it. - ** But nope. We just throw it all away. - ** Maybe this was intended to be no more than a decoder test. - */ - CRMF_DestroyGetValidity(&validity); - CRMF_DestroyCertRequest(certReq); - CRMF_DestroyCertReqMsg(certReqMsg); - } - CRMF_DestroyCertReqMessages(certReqMsgs); - SECITEM_FreeItem(&item, PR_FALSE); - return 0; -} - -int -GetBitsFromFile(const char *filePath, SECItem *item) -{ - PRFileDesc *fileDesc; - SECStatus rv; - - fileDesc = PR_Open(filePath, PR_RDONLY, 0644); - if (fileDesc == NULL) { - printf ("Could not open file %s\n", filePath); - return 14; - } - - rv = SECU_FileToItem(item, fileDesc); - PR_Close(fileDesc); - - if (rv != SECSuccess) { - item->data = NULL; - item->len = 0; - return 15; - } - return 0; -} - -int -DecodeCMMFCertRepContent(char *derFile) -{ - CMMFCertRepContent *certRepContent; - int irv = 0; - SECItem fileBits = { siBuffer, NULL, 0 }; - - GetBitsFromFile(derFile, &fileBits); - if (fileBits.data == NULL) { - printf("Could not get bits from file %s\n", derFile); - return 304; - } - certRepContent = CMMF_CreateCertRepContentFromDER(db, - (char*)fileBits.data, fileBits.len); - if (certRepContent == NULL) { - printf ("Error while decoding %s\n", derFile); - irv = 303; - } else { - /* That was fun. Now, let's throw it away! */ - CMMF_DestroyCertRepContent(certRepContent); - } - SECITEM_FreeItem(&fileBits, PR_FALSE); - return irv; -} - -int -EncodeCMMFCertReply(const char *filePath, - CERTCertificate *cert, - CERTCertList *list) -{ - int rv = 0; - SECStatus srv; - PRFileDesc *fileDesc = NULL; - CMMFCertRepContent *certRepContent = NULL; - CMMFCertResponse *certResp = NULL; - CMMFCertResponse *certResponses[3]; - - certResp = CMMF_CreateCertResponse(0xff123); - CMMF_CertResponseSetPKIStatusInfoStatus(certResp, cmmfGranted); - - CMMF_CertResponseSetCertificate(certResp, cert); - - certResponses[0] = certResp; - certResponses[1] = NULL; - certResponses[2] = NULL; - - certRepContent = CMMF_CreateCertRepContent(); - CMMF_CertRepContentSetCertResponses(certRepContent, certResponses, 1); - - CMMF_CertRepContentSetCAPubs(certRepContent, list); - - fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, - 0666); - if (fileDesc == NULL) { - printf ("Could not open file %s\n", filePath); - rv = 400; - goto finish; - } - - srv = CMMF_EncodeCertRepContent(certRepContent, WriteItOut, - (void*)fileDesc); - PR_Close(fileDesc); - if (srv != SECSuccess) { - printf ("CMMF_EncodeCertRepContent failed,\n"); - rv = 401; - } -finish: - if (certRepContent) { - CMMF_DestroyCertRepContent(certRepContent); - } - if (certResp) { - CMMF_DestroyCertResponse(certResp); - } - return rv; -} - - -/* Extract the public key from the cert whose nickname is given. */ -int -extractPubKeyFromNamedCert(const char * nickname, SECKEYPublicKey **pPubKey) -{ - CERTCertificate *caCert = NULL; - SECKEYPublicKey *caPubKey = NULL; - int rv = 0; - - caCert = CERT_FindCertByNickname(db, (char *)nickname); - if (caCert == NULL) { - printf ("Could not get the certifcate for %s\n", caCertName); - rv = 411; - goto finish; - } - caPubKey = CERT_ExtractPublicKey(caCert); - if (caPubKey == NULL) { - printf ("Could not extract the public from the " - "certificate for \n%s\n", caCertName); - rv = 412; - } -finish: - *pPubKey = caPubKey; - CERT_DestroyCertificate(caCert); - caCert = NULL; - return rv; -} - -int -EncodeCMMFRecoveryMessage(const char * filePath, - CERTCertificate *cert, - CERTCertList *list) -{ - SECKEYPublicKey *caPubKey = NULL; - SECKEYPrivateKey *privKey = NULL; - CMMFKeyRecRepContent *repContent = NULL; - PRFileDesc *fileDesc; - int rv = 0; - SECStatus srv; - - /* Extract the public key from the cert whose nickname is given in - ** the -s option. - */ - rv = extractPubKeyFromNamedCert( caCertName, &caPubKey); - if (rv) - goto finish; - - repContent = CMMF_CreateKeyRecRepContent(); - if (repContent == NULL) { - printf ("Could not allocate a CMMFKeyRecRepContent structure\n"); - rv = 407; - goto finish; - } - srv = CMMF_KeyRecRepContentSetPKIStatusInfoStatus(repContent, - cmmfGrantedWithMods); - if (srv != SECSuccess) { - printf ("Error trying to set PKIStatusInfo for " - "CMMFKeyRecRepContent.\n"); - rv = 406; - goto finish; - } - srv = CMMF_KeyRecRepContentSetNewSignCert(repContent, cert); - if (srv != SECSuccess) { - printf ("Error trying to set the new signing certificate for " - "key recovery\n"); - rv = 408; - goto finish; - } - srv = CMMF_KeyRecRepContentSetCACerts(repContent, list); - if (srv != SECSuccess) { - printf ("Errory trying to add the list of CA certs to the " - "CMMFKeyRecRepContent structure.\n"); - rv = 409; - goto finish; - } - privKey = PK11_FindKeyByAnyCert(cert, &pwdata); - if (privKey == NULL) { - printf ("Could not get the private key associated with the\n" - "certificate %s\n", personalCert); - rv = 410; - goto finish; - } - - srv = CMMF_KeyRecRepContentSetCertifiedKeyPair(repContent, cert, privKey, - caPubKey); - if (srv != SECSuccess) { - printf ("Could not set the Certified Key Pair\n"); - rv = 413; - goto finish; - } - fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, - 0666); - if (fileDesc == NULL) { - printf ("Could not open file %s\n", filePath); - rv = 414; - goto finish; - } - - srv = CMMF_EncodeKeyRecRepContent(repContent, WriteItOut, - (void*)fileDesc); - PR_Close(fileDesc); - if (srv != SECSuccess) { - printf ("CMMF_EncodeKeyRecRepContent failed\n"); - rv = 415; - } -finish: - if (privKey) - SECKEY_DestroyPrivateKey(privKey); - if (caPubKey) - SECKEY_DestroyPublicKey(caPubKey); - if (repContent) - CMMF_DestroyKeyRecRepContent(repContent); - return rv; -} - -int -decodeCMMFRecoveryMessage(const char * filePath) -{ - CMMFKeyRecRepContent *repContent = NULL; - int rv = 0; - SECItem fileBits = { siBuffer, NULL, 0 }; - - GetBitsFromFile(filePath, &fileBits); - if (!fileBits.len) { - rv = 451; - goto finish; - } - repContent = - CMMF_CreateKeyRecRepContentFromDER(db, (const char *) fileBits.data, - fileBits.len); - if (repContent == NULL) { - printf ("ERROR: CMMF_CreateKeyRecRepContentFromDER failed on file:\n" - "\t%s\n", filePath); - rv = 452; - } -finish: - if (repContent) { - CMMF_DestroyKeyRecRepContent(repContent); - } - SECITEM_FreeItem(&fileBits, PR_FALSE); - return rv; -} - -int -DoCMMFStuff(void) -{ - CERTCertificate *cert = NULL; - CERTCertList *list = NULL; - int rv = 0; - char filePath[PATH_LEN]; - - /* Do common setup for the following steps. - */ - PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, "CertRepContent.der"); - - cert = CERT_FindCertByNickname(db, personalCert); - if (cert == NULL) { - printf ("Could not find the certificate for %s\n", personalCert); - rv = 416; - goto finish; - } - list = CERT_GetCertChainFromCert(cert, PR_Now(), certUsageEmailSigner); - if (list == NULL) { - printf ("Could not find the certificate chain for %s\n", personalCert); - rv = 418; - goto finish; - } - - /* a) Generate the CMMF response message, using a user cert named - ** by -p option, rather than a cert generated from the CRMF - ** request itself. The CMMF message is placed in - ** configdir/CertRepContent.der. - */ - rv = EncodeCMMFCertReply(filePath, cert, list); - if (rv != 0) { - goto finish; - } - - /* b) Decode the CMMF Cert granting message encoded just above, - ** found in configdir/CertRepContent.der. - ** This only tests the decoding. The decoded content is discarded. - */ - rv = DecodeCMMFCertRepContent(filePath); - if (rv != 0) { - goto finish; - } - - /* c) Generate a CMMF Key Excrow message - ** It takes the public and private keys for the cert identified - ** by -p nickname, and wraps them with a sym key that is in turn - ** wrapped with the pubkey in the CA cert, whose nickname is - ** given by the -s option. - ** Store the message in configdir/KeyRecRepContent.der - */ - PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, - "KeyRecRepContent.der"); - - rv = EncodeCMMFRecoveryMessage(filePath, cert, list); - if (rv) - goto finish; - - /* d) Decode the CMMF Key Excrow message generated just above. - ** Get it from file configdir/KeyRecRepContent.der - ** This is just a decoder test. Results are discarded. - */ - - rv = decodeCMMFRecoveryMessage(filePath); - - finish: - if (cert) { - CERT_DestroyCertificate(cert); - } - if (list) { - CERT_DestroyCertList(list); - } - return rv; -} - -static CK_MECHANISM_TYPE -mapWrapKeyType(KeyType keyType) -{ - switch (keyType) { - case rsaKey: - return CKM_RSA_PKCS; - default: - break; - } - return CKM_INVALID_MECHANISM; -} - -#define KNOWN_MESSAGE_LENGTH 20 /*160 bits*/ - -int -DoKeyRecovery( SECKEYPrivateKey *privKey) -{ -#ifdef DOING_KEY_RECOVERY /* Doesn't compile yet. */ - SECKEYPublicKey *pubKey; - PK11SlotInfo *slot; - unsigned char *ciphertext; - unsigned char *text_compared; - SECKEYPrivateKey *unwrappedPrivKey; - SECKEYPrivateKey *caPrivKey; - CMMFKeyRecRepContent *keyRecRep; - CMMFCertifiedKeyPair *certKeyPair; - CERTCertificate *caCert; - CERTCertificate *myCert; - SECKEYPublicKey *caPubKey; - PRFileDesc *fileDesc; - CK_ULONG max_bytes_encrypted; - CK_ULONG bytes_encrypted; - CK_ULONG bytes_compared; - CK_ULONG bytes_decrypted; - CK_RV crv; - CK_OBJECT_HANDLE id; - CK_MECHANISM mech = { CKM_INVALID_MECHANISM, NULL, 0}; - SECStatus rv; - SECItem fileBits; - SECItem nickname; - unsigned char plaintext[KNOWN_MESSAGE_LENGTH]; - char filePath[PATH_LEN]; - static const unsigned char known_message[] = { "Known Crypto Message" }; - - /*caCert = CERT_FindCertByNickname(db, caCertName);*/ - myCert = CERT_FindCertByNickname(db, personalCert); - if (myCert == NULL) { - printf ("Could not find the certificate for %s\n", personalCert); - return 700; - } - caCert = CERT_FindCertByNickname(db, recoveryEncrypter); - if (caCert == NULL) { - printf ("Could not find the certificate for %s\n", recoveryEncrypter); - return 701; - } - caPubKey = CERT_ExtractPublicKey(caCert); - pubKey = SECKEY_ConvertToPublicKey(privKey); - max_bytes_encrypted = PK11_GetPrivateModulusLen(privKey); - slot = PK11_GetBestSlot(mapWrapKeyType(privKey->keyType), NULL); - id = PK11_ImportPublicKey(slot, pubKey, PR_FALSE); - - switch(privKey->keyType) { - case rsaKey: - mech.mechanism = CKM_RSA_PKCS; - break; - case dsaKey: - mech.mechanism = CKM_DSA; - break; - case dhKey: - mech.mechanism = CKM_DH_PKCS_DERIVE; - break; - default: - printf ("Bad Key type in key recovery.\n"); - return 512; - - } - PK11_EnterSlotMonitor(slot); - crv = PK11_GETTAB(slot)->C_EncryptInit(slot->session, &mech, id); - if (crv != CKR_OK) { - PK11_ExitSlotMonitor(slot); - PK11_FreeSlot(slot); - printf ("C_EncryptInit failed in KeyRecovery\n"); - return 500; - } - ciphertext = PORT_NewArray(unsigned char, max_bytes_encrypted); - if (ciphertext == NULL) { - PK11_ExitSlotMonitor(slot); - PK11_FreeSlot(slot); - printf ("Could not allocate memory for ciphertext.\n"); - return 501; - } - bytes_encrypted = max_bytes_encrypted; - crv = PK11_GETTAB(slot)->C_Encrypt(slot->session, - known_message, - KNOWN_MESSAGE_LENGTH, - ciphertext, - &bytes_encrypted); - PK11_ExitSlotMonitor(slot); - PK11_FreeSlot(slot); - if (crv != CKR_OK) { - PORT_Free(ciphertext); - return 502; - } - /* Always use the smaller of these two values . . . */ - bytes_compared = ( bytes_encrypted > KNOWN_MESSAGE_LENGTH ) - ? KNOWN_MESSAGE_LENGTH - : bytes_encrypted; - - /* If there was a failure, the plaintext */ - /* goes at the end, therefore . . . */ - text_compared = ( bytes_encrypted > KNOWN_MESSAGE_LENGTH ) - ? (ciphertext + bytes_encrypted - - KNOWN_MESSAGE_LENGTH ) - : ciphertext; - - keyRecRep = CMMF_CreateKeyRecRepContent(); - if (keyRecRep == NULL) { - PORT_Free(ciphertext); - PK11_FreeSlot(slot); - CMMF_DestroyKeyRecRepContent(keyRecRep); - printf ("Could not allocate a CMMFKeyRecRepContent structre.\n"); - return 503; - } - rv = CMMF_KeyRecRepContentSetPKIStatusInfoStatus(keyRecRep, - cmmfGranted); - if (rv != SECSuccess) { - PORT_Free(ciphertext); - PK11_FreeSlot(slot); - CMMF_DestroyKeyRecRepContent(keyRecRep); - printf ("Could not set the status for the KeyRecRepContent\n"); - return 504; - } - /* The myCert here should correspond to the certificate corresponding - * to the private key, but for this test any certificate will do. - */ - rv = CMMF_KeyRecRepContentSetCertifiedKeyPair(keyRecRep, myCert, - privKey, caPubKey); - if (rv != SECSuccess) { - PORT_Free(ciphertext); - PK11_FreeSlot(slot); - CMMF_DestroyKeyRecRepContent(keyRecRep); - printf ("Could not set the Certified Key Pair\n"); - return 505; - } - PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, - "KeyRecRepContent.der"); - fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, - 0666); - if (fileDesc == NULL) { - PORT_Free(ciphertext); - PK11_FreeSlot(slot); - CMMF_DestroyKeyRecRepContent(keyRecRep); - printf ("Could not open file %s\n", filePath); - return 506; - } - rv = CMMF_EncodeKeyRecRepContent(keyRecRep, WriteItOut, fileDesc); - CMMF_DestroyKeyRecRepContent(keyRecRep); - PR_Close(fileDesc); - - if (rv != SECSuccess) { - PORT_Free(ciphertext); - PK11_FreeSlot(slot); - printf ("Error while encoding CMMFKeyRecRepContent\n"); - return 507; - } - GetBitsFromFile(filePath, &fileBits); - if (fileBits.data == NULL) { - PORT_Free(ciphertext); - PK11_FreeSlot(slot); - printf ("Could not get the bits from file %s\n", filePath); - return 508; - } - keyRecRep = - CMMF_CreateKeyRecRepContentFromDER(db,(const char*)fileBits.data, - fileBits.len); - if (keyRecRep == NULL) { - printf ("Could not decode the KeyRecRepContent in file %s\n", - filePath); - PORT_Free(ciphertext); - PK11_FreeSlot(slot); - return 509; - } - caPrivKey = PK11_FindKeyByAnyCert(caCert, &pwdata); - if (CMMF_KeyRecRepContentGetPKIStatusInfoStatus(keyRecRep) != - cmmfGranted) { - PORT_Free(ciphertext); - PK11_FreeSlot(slot); - CMMF_DestroyKeyRecRepContent(keyRecRep); - printf ("A bad status came back with the " - "KeyRecRepContent structure\n"); - return 510; - } - -#define NICKNAME "Key Recovery Test Key" - nickname.data = (unsigned char*)NICKNAME; - nickname.len = PORT_Strlen(NICKNAME); - - certKeyPair = CMMF_KeyRecRepContentGetCertKeyAtIndex(keyRecRep, 0); - CMMF_DestroyKeyRecRepContent(keyRecRep); - rv = CMMF_CertifiedKeyPairUnwrapPrivKey(certKeyPair, - caPrivKey, - &nickname, - PK11_GetInternalKeySlot(), - db, - &unwrappedPrivKey, &pwdata); - CMMF_DestroyCertifiedKeyPair(certKeyPair); - if (rv != SECSuccess) { - printf ("Unwrapping the private key failed.\n"); - return 511; - } - /*Now let's try to decrypt the ciphertext with the "recovered" key*/ - PK11_EnterSlotMonitor(slot); - crv = - PK11_GETTAB(slot)->C_DecryptInit(unwrappedPrivKey->pkcs11Slot->session, - &mech, - unwrappedPrivKey->pkcs11ID); - if (crv != CKR_OK) { - PK11_ExitSlotMonitor(slot); - PORT_Free(ciphertext); - PK11_FreeSlot(slot); - printf ("Decrypting with the recovered key failed.\n"); - return 513; - } - bytes_decrypted = KNOWN_MESSAGE_LENGTH; - crv = PK11_GETTAB(slot)->C_Decrypt(unwrappedPrivKey->pkcs11Slot->session, - ciphertext, - bytes_encrypted, plaintext, - &bytes_decrypted); - SECKEY_DestroyPrivateKey(unwrappedPrivKey); - PK11_ExitSlotMonitor(slot); - PORT_Free(ciphertext); - if (crv != CKR_OK) { - PK11_FreeSlot(slot); - printf ("Decrypting the ciphertext with recovered key failed.\n"); - return 514; - } - if ((bytes_decrypted != KNOWN_MESSAGE_LENGTH) || - (PORT_Memcmp(plaintext, known_message, KNOWN_MESSAGE_LENGTH) != 0)) { - PK11_FreeSlot(slot); - printf ("The recovered plaintext does not equal the known message:\n" - "\tKnown message: %s\n" - "\tRecovered plaintext: %s\n", known_message, plaintext); - return 515; - } -#endif - return 0; -} - -int -DoChallengeResponse(SECKEYPrivateKey *privKey, - SECKEYPublicKey *pubKey) -{ - CMMFPOPODecKeyChallContent *chalContent = NULL; - CMMFPOPODecKeyRespContent *respContent = NULL; - CERTCertificate *myCert = NULL; - CERTGeneralName *myGenName = NULL; - PRArenaPool *poolp = NULL; - PRFileDesc *fileDesc; - SECItem *publicValue; - SECItem *keyID; - SECKEYPrivateKey *foundPrivKey; - long *randomNums; - int numChallengesFound = 0; - int numChallengesSet = 1; - int i; - long retrieved; - SECStatus rv; - SECItem DecKeyChallBits; - char filePath[PATH_LEN]; - - chalContent = CMMF_CreatePOPODecKeyChallContent(); - myCert = CERT_FindCertByNickname(db, personalCert); - if (myCert == NULL) { - printf ("Could not find the certificate for %s\n", personalCert); - return 900; - } - poolp = PORT_NewArena(1024); - if (poolp == NULL) { - printf("Could no allocate a new arena in DoChallengeResponse\n"); - return 901; - } - myGenName = CERT_GetCertificateNames(myCert, poolp); - if (myGenName == NULL) { - printf ("Could not get the general names for %s certificate\n", - personalCert); - return 902; - } - randomNums = PORT_ArenaNewArray(poolp,long, numChallengesSet); - PK11_GenerateRandom((unsigned char *)randomNums, - numChallengesSet * sizeof(long)); - for (i=0; ipkcs11Slot, keyID, &pwdata); - if (foundPrivKey == NULL) { - printf ("Could not find the private key corresponding to the public" - " value.\n"); - return 910; - } - rv = CMMF_POPODecKeyChallContDecryptChallenge(chalContent, i, - foundPrivKey); - if (rv != SECSuccess) { - printf ("Could not decrypt the challenge at index %d\n", i); - return 911; - } - rv = CMMF_POPODecKeyChallContentGetRandomNumber(chalContent, i, - &retrieved); - if (rv != SECSuccess) { - printf ("Could not get the random number from the challenge at " - "index %d\n", i); - return 912; - } - if (retrieved != randomNums[i]) { - printf ("Retrieved the number (%d), expected (%d)\n", retrieved, - randomNums[i]); - return 913; - } - } - CMMF_DestroyPOPODecKeyChallContent(chalContent); - PR_snprintf(filePath, PATH_LEN, "%s/POPODecKeyRespContent.der", - configdir); - fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, - 0666); - if (fileDesc == NULL) { - printf ("Could not open file %s\n", filePath); - return 914; - } - rv = CMMF_EncodePOPODecKeyRespContent(randomNums, numChallengesSet, - WriteItOut, fileDesc); - PR_Close(fileDesc); - if (rv != 0) { - printf ("Could not encode the POPODecKeyRespContent\n"); - return 915; - } - GetBitsFromFile(filePath, &DecKeyChallBits); - respContent = - CMMF_CreatePOPODecKeyRespContentFromDER((const char*)DecKeyChallBits.data, - DecKeyChallBits.len); - if (respContent == NULL) { - printf ("Could not decode the contents of the file %s\n", filePath); - return 916; - } - numChallengesFound = - CMMF_POPODecKeyRespContentGetNumResponses(respContent); - if (numChallengesFound != numChallengesSet) { - printf ("Number of responses found (%d) does not match the number " - "of challenges set (%d)\n", - numChallengesFound, numChallengesSet); - return 917; - } - for (i=0; icertReq == NULL) { - goto loser; - } - - pair->certReqMsg = CRMF_CreateCertReqMsg(); - if (!pair->certReqMsg) { - irv = 999; - goto loser; - } - /* copy certReq into certReqMsg */ - CRMF_CertReqMsgSetCertRequest(pair->certReqMsg, pair->certReq); - irv = AddProofOfPossession(pair, inPOPChoice); -loser: - return irv; -} - -int -DestroyPairReqAndMsg(TESTKeyPair *pair) -{ - SECStatus rv = SECSuccess; - int irv = 0; - - if (pair->certReq) { - rv = CRMF_DestroyCertRequest(pair->certReq); - pair->certReq = NULL; - if (rv != SECSuccess) { - printf ("Error when destroying cert request.\n"); - irv = 100; - } - } - if (pair->certReqMsg) { - rv = CRMF_DestroyCertReqMsg(pair->certReqMsg); - pair->certReqMsg = NULL; - if (rv != SECSuccess) { - printf ("Error when destroying cert request msg.\n"); - if (!irv) - irv = 101; - } - } - return irv; -} - -int -DestroyPair(TESTKeyPair *pair) -{ - SECStatus rv = SECSuccess; - int irv = 0; - - if (pair->pubKey) { - SECKEY_DestroyPublicKey(pair->pubKey); - pair->pubKey = NULL; - } - if (pair->privKey) { - SECKEY_DestroyPrivateKey(pair->privKey); - pair->privKey = NULL; - } - DestroyPairReqAndMsg(pair); - return irv; -} - -int -DoCRMFRequest(TESTKeyPair *signPair, TESTKeyPair *cryptPair) -{ - int irv, tirv = 0; - - /* Generate a key pair and a cert request for it. */ - irv = MakeCertRequest(signPair, crmfSignature, 0x0f020304); - if (irv != 0 || signPair->certReq == NULL) { - goto loser; - } - - if (!doingDSA) { - irv = MakeCertRequest(cryptPair, crmfKeyAgreement, 0x0f050607); - if (irv != 0 || cryptPair->certReq == NULL) { - goto loser; - } - } - - /* encode the cert request messages into a unified request message. - ** leave it in a file with a fixed name. :( - */ - irv = Encode(signPair->certReqMsg, cryptPair->certReqMsg); - -loser: - if (signPair->certReq) { - tirv = DestroyPairReqAndMsg(signPair); - if (tirv && !irv) - irv = tirv; - } - if (cryptPair->certReq) { - tirv = DestroyPairReqAndMsg(cryptPair); - if (tirv && !irv) - irv = tirv; - } - return irv; -} - -void -Usage (void) -{ - printf ("Usage:\n" - "\tcrmftest -d [Database Directory] -p [Personal Cert]\n" - "\t -e [Encrypter] -s [CA Certificate] [-P password]\n\n" - "\t [crmf] [dsa] [decode] [cmmf] [recover] [challenge]\n" - "Database Directory\n" - "\tThis is the directory where the key3.db, cert7.db, and\n" - "\tsecmod.db files are located. This is also the directory\n" - "\twhere the program will place CRMF/CMMF der files\n" - "Personal Cert\n" - "\tThis is the certificate that already exists in the cert\n" - "\tdatabase to use while encoding the response. The private\n" - "\tkey associated with the certificate must also exist in the\n" - "\tkey database.\n" - "Encrypter\n" - "\tThis is the certificate to use when encrypting the the \n" - "\tkey recovery response. The private key for this cert\n" - "\tmust also be present in the key database.\n" - "CA Certificate\n" - "\tThis is the nickname of the certificate to use as the\n" - "\tCA when doing all of the encoding.\n"); -} - -#define TEST_MAKE_CRMF_REQ 0x0001 -#define TEST_USE_DSA 0x0002 -#define TEST_DECODE_CRMF_REQ 0x0004 -#define TEST_DO_CMMF_STUFF 0x0008 -#define TEST_KEY_RECOVERY 0x0010 -#define TEST_CHALLENGE_RESPONSE 0x0020 - -SECStatus -parsePositionalParam(const char * arg, PRUint32 *flags) -{ - if (!strcmp(arg, "crmf")) { - *flags |= TEST_MAKE_CRMF_REQ; - } else if (!strcmp(arg, "dsa")) { - *flags |= TEST_MAKE_CRMF_REQ | TEST_USE_DSA; - doingDSA = PR_TRUE; - } else if (!strcmp(arg, "decode")) { - *flags |= TEST_DECODE_CRMF_REQ; - } else if (!strcmp(arg, "cmmf")) { - *flags |= TEST_DO_CMMF_STUFF; - } else if (!strcmp(arg, "recover")) { - *flags |= TEST_KEY_RECOVERY; - } else if (!strcmp(arg, "challenge")) { - *flags |= TEST_CHALLENGE_RESPONSE; - } else { - printf("unknown positional paremeter: %s\n", arg); - return SECFailure; - } - return SECSuccess; -} - -/* it's not clear, in some cases, whether the desired key is from -** the sign pair or the crypt pair, so we're guessing in some places. -** This define serves to remind us of the places where we're guessing. -*/ -#define WHICH_KEY cryptPair - -int -main(int argc, char **argv) -{ - TESTKeyPair signPair, cryptPair; - PLOptState *optstate; - PLOptStatus status; - char *password = NULL; - int irv = 0; - PRUint32 flags = 0; - SECStatus rv; - PRBool nssInit = PR_FALSE; - PRBool pArg = PR_FALSE; - PRBool eArg = PR_FALSE; - PRBool sArg = PR_FALSE; - PRBool PArg = PR_FALSE; - - memset( &signPair, 0, sizeof signPair); - memset( &cryptPair, 0, sizeof cryptPair); - printf ("\ncrmftest v1.0\n"); - optstate = PL_CreateOptState(argc, argv, "d:p:e:s:P:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case 'd': - configdir = PORT_Strdup(optstate->value); - rv = NSS_Init(configdir); - if (rv != SECSuccess) { - printf ("NSS_Init (-d) failed\n"); - return 101; - } - nssInit = PR_TRUE; - break; - case 'p': - personalCert = PORT_Strdup(optstate->value); - if (personalCert == NULL) { - printf ("-p failed\n"); - return 603; - } - pArg = PR_TRUE; - break; - case 'e': - recoveryEncrypter = PORT_Strdup(optstate->value); - if (recoveryEncrypter == NULL) { - printf ("-e failed\n"); - return 602; - } - eArg = PR_TRUE; - break; - case 's': - caCertName = PORT_Strdup(optstate->value); - if (caCertName == NULL) { - printf ("-s failed\n"); - return 604; - } - sArg = PR_TRUE; - break; - case 'P': - password = PORT_Strdup(optstate->value); - if (password == NULL) { - printf ("-P failed\n"); - return 606; - } - PArg = PR_TRUE; - break; - case 0: /* positional parameter */ - rv = parsePositionalParam(optstate->value, &flags); - if (rv) { - printf ("bad positional parameter.\n"); - return 605; - } - break; - default: - Usage(); - return 601; - } - } - PL_DestroyOptState(optstate); - if (status == PL_OPT_BAD || !nssInit) { - Usage(); - return 600; - } - if (!flags) - flags = ~ TEST_USE_DSA; - db = CERT_GetDefaultCertDB(); - InitPKCS11(); - if (password) { - pwdata.source = PW_PLAINTEXT; - pwdata.data = password; - } - - if (flags & TEST_MAKE_CRMF_REQ) { - printf("Generating CRMF request\n"); - irv = DoCRMFRequest(&signPair, &cryptPair); - if (irv) - goto loser; - } - - if (flags & TEST_DECODE_CRMF_REQ) { - printf("Decoding CRMF request\n"); - irv = Decode(); - if (irv != 0) { - printf("Error while decoding\n"); - goto loser; - } - } - - if (flags & TEST_DO_CMMF_STUFF) { - printf("Doing CMMF Stuff\n"); - if ((irv = DoCMMFStuff()) != 0) { - printf ("CMMF tests failed.\n"); - goto loser; - } - } - - if (flags & TEST_KEY_RECOVERY) { - /* Requires some other options be set. - ** Once we know exactly what hey are, test for them here. - */ - printf("Doing Key Recovery\n"); - irv = DoKeyRecovery(WHICH_KEY.privKey); - if (irv != 0) { - printf ("Error doing key recovery\n"); - goto loser; - } - } - - if (flags & TEST_CHALLENGE_RESPONSE) { - printf("Doing Challenge / Response\n"); - irv = DoChallengeResponse(WHICH_KEY.privKey, WHICH_KEY.pubKey); - if (irv != 0) { - printf ("Error doing challenge-response\n"); - goto loser; - } - } - printf ("Exiting successfully!!!\n\n"); - irv = 0; - - loser: - DestroyPair(&signPair); - DestroyPair(&cryptPair); - rv = NSS_Shutdown(); - if (rv) { - printf("NSS_Shutdown did not shutdown cleanly!\n"); - } - PORT_Free(configdir); - if (irv) - printf("crmftest returning %d\n", irv); - return irv; -} diff --git a/security/nss/cmd/dbck/Makefile b/security/nss/cmd/dbck/Makefile deleted file mode 100644 index 834e1d62f5..0000000000 --- a/security/nss/cmd/dbck/Makefile +++ /dev/null @@ -1,79 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - diff --git a/security/nss/cmd/dbck/dbck.c b/security/nss/cmd/dbck/dbck.c deleted file mode 100644 index 2ff7362682..0000000000 --- a/security/nss/cmd/dbck/dbck.c +++ /dev/null @@ -1,1879 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* -** dbck.c -** -** utility for fixing corrupt cert databases -** -*/ -#include -#include - -#include "secutil.h" -#include "cdbhdl.h" -#include "certdb.h" -#include "cert.h" -#include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" - -static char *progName; - -/* placeholders for pointer error types */ -static void *WrongEntry; -static void *NoNickname; -static void *NoSMime; - -enum { - GOBOTH = 0, - GORIGHT, - GOLEFT -}; - -typedef struct -{ - PRBool verbose; - PRBool dograph; - PRFileDesc *out; - PRFileDesc *graphfile; - int dbErrors[10]; -} dbDebugInfo; - -/* - * A list node for a cert db entry. The index is a unique identifier - * to use for creating generic maps of a db. This struct handles - * the cert, nickname, and smime db entry types, as all three have a - * single handle to a subject entry. - * This structure is pointed to by certDBEntryListNode->appData. - */ -typedef struct -{ - PRArenaPool *arena; - int index; - certDBEntryListNode *pSubject; -} certDBEntryMap; - -/* - * Subject entry is special case, it has bidirectional handles. One - * subject entry can point to several certs (using the same DN), and - * a nickname and/or smime entry. - * This structure is pointed to by certDBEntryListNode->appData. - */ -typedef struct -{ - PRArenaPool *arena; - int index; - int numCerts; - certDBEntryListNode **pCerts; - certDBEntryListNode *pNickname; - certDBEntryListNode *pSMime; -} certDBSubjectEntryMap; - -/* - * A map of a certdb. - */ -typedef struct -{ - int numCerts; - int numSubjects; - int numNicknames; - int numSMime; - certDBEntryListNode certs; /* pointer to head of cert list */ - certDBEntryListNode subjects; /* pointer to head of subject list */ - certDBEntryListNode nicknames; /* pointer to head of nickname list */ - certDBEntryListNode smime; /* pointer to head of smime list */ -} certDBArray; - -/* Cast list to the base element, a certDBEntryListNode. */ -#define LISTNODE_CAST(node) \ - ((certDBEntryListNode *)(node)) - -static void -Usage(char *progName) -{ -#define FPS fprintf(stderr, - FPS "Type %s -H for more detailed descriptions\n", progName); - FPS "Usage: %s -D [-d certdir] [-i dbname] [-m] [-v [-f dumpfile]]\n", - progName); - FPS " %s -R -o newdbname [-d certdir] [-i dbname] [-aprsx] [-v [-f dumpfile]]\n", - progName); - exit(-1); -} - -static void -LongUsage(char *progName) -{ - FPS "%-15s Display this help message.\n", - "-H"); - FPS "%-15s Dump analysis. No changes will be made to the database.\n", - "-D"); - FPS "%-15s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-15s Input cert database name (default is cert7.db)\n", - " -i dbname"); - FPS "%-15s Mail a graph of the database to certdb@netscape.com.\n", - " -m"); - FPS "%-15s This will produce an index graph of your cert db and send\n", - ""); - FPS "%-15s it to Netscape for analysis. Personal info will be removed.\n", - ""); - FPS "%-15s Verbose mode. Dumps the entire contents of your cert7.db.\n", - " -v"); - FPS "%-15s File to dump verbose output into.\n", - " -f dumpfile"); - FPS "%-15s Repair the database. The program will look for broken\n", - "-R"); - FPS "%-15s dependencies between subject entries and certificates,\n", - ""); - FPS "%-15s between nickname entries and subjects, and between SMIME\n", - ""); - FPS "%-15s profiles and subjects. Any duplicate entries will be\n", - ""); - FPS "%-15s removed, any missing entries will be created.\n", - ""); - FPS "%-15s File to store new database in (default is new_cert7.db)\n", - " -o newdbname"); - FPS "%-15s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-15s Input cert database name (default is cert7.db)\n", - " -i dbname"); - FPS "%-15s Prompt before removing any certificates.\n", - " -p"); - FPS "%-15s Keep all possible certificates. Only remove certificates\n", - " -a"); - FPS "%-15s which prevent creation of a consistent database. Thus any\n", - ""); - FPS "%-15s expired or redundant entries will be kept.\n", - ""); - FPS "%-15s Keep redundant nickname/email entries. It is possible\n", - " -r"); - FPS "%-15s only one such entry will be usable.\n", - ""); - FPS "%-15s Don't require an S/MIME profile in order to keep an S/MIME\n", - " -s"); - FPS "%-15s cert. An empty profile will be created.\n", - ""); - FPS "%-15s Keep expired certificates.\n", - " -x"); - FPS "%-15s Verbose mode - report all activity while recovering db.\n", - " -v"); - FPS "%-15s File to dump verbose output into.\n", - " -f dumpfile"); - FPS "\n"); - exit(-1); -#undef FPS -} - -/******************************************************************* - * - * Functions for dbck. - * - ******************************************************************/ - -void -printHexString(PRFileDesc *out, SECItem *hexval) -{ - int i; - for (i = 0; i < hexval->len; i++) { - if (i != hexval->len - 1) { - PR_fprintf(out, "%02x:", hexval->data[i]); - } else { - PR_fprintf(out, "%02x", hexval->data[i]); - } - } - PR_fprintf(out, "\n"); -} - -typedef enum { -/* 0*/ NoSubjectForCert = 0, -/* 1*/ SubjectHasNoKeyForCert, -/* 2*/ NoNicknameOrSMimeForSubject, -/* 3*/ WrongNicknameForSubject, -/* 4*/ NoNicknameEntry, -/* 5*/ WrongSMimeForSubject, -/* 6*/ NoSMimeEntry, -/* 7*/ NoSubjectForNickname, -/* 8*/ NoSubjectForSMime, -/* 9*/ NicknameAndSMimeEntry -} dbErrorType; - -static char *dbErrorString[] = { -/* 0*/ "\nDid not find a subject entry for this certificate.", -/* 1*/ "\nSubject has certKey which is not in db.", -/* 2*/ "\nSubject does not have a nickname or email address.", -/* 3*/ "\nUsing this subject's nickname, found a nickname entry for a different subject.", -/* 4*/ "\nDid not find a nickname entry for this subject.", -/* 5*/ "\nUsing this subject's email, found an S/MIME entry for a different subject.", -/* 6*/ "\nDid not find an S/MIME entry for this subject.", -/* 7*/ "\nDid not find a subject entry for this nickname.", -/* 8*/ "\nDid not find a subject entry for this S/MIME profile.", -}; - -SECStatus -dumpCertificate(CERTCertificate *cert, int num, PRFileDesc *outfile) -{ - int userCert = 0; - CERTCertTrust *trust = cert->trust; - userCert = (SEC_GET_TRUST_FLAGS(trust, trustSSL) & CERTDB_USER) || - (SEC_GET_TRUST_FLAGS(trust, trustEmail) & CERTDB_USER) || - (SEC_GET_TRUST_FLAGS(trust, trustObjectSigning) & CERTDB_USER); - if (num >= 0) { - PR_fprintf(outfile, "Certificate: %3d\n", num); - } else { - PR_fprintf(outfile, "Certificate:\n"); - } - PR_fprintf(outfile, "----------------\n"); - if (userCert) - PR_fprintf(outfile, "(User Cert)\n"); - PR_fprintf(outfile, "## SUBJECT: %s\n", cert->subjectName); - PR_fprintf(outfile, "## ISSUER: %s\n", cert->issuerName); - PR_fprintf(outfile, "## SERIAL NUMBER: "); - printHexString(outfile, &cert->serialNumber); - { /* XXX should be separate function. */ - int64 timeBefore, timeAfter; - PRExplodedTime beforePrintable, afterPrintable; - char *beforestr, *afterstr; - DER_DecodeTimeChoice(&timeBefore, &cert->validity.notBefore); - DER_DecodeTimeChoice(&timeAfter, &cert->validity.notAfter); - PR_ExplodeTime(timeBefore, PR_GMTParameters, &beforePrintable); - PR_ExplodeTime(timeAfter, PR_GMTParameters, &afterPrintable); - beforestr = PORT_Alloc(100); - afterstr = PORT_Alloc(100); - PR_FormatTime(beforestr, 100, "%a %b %d %H:%M:%S %Y", &beforePrintable); - PR_FormatTime(afterstr, 100, "%a %b %d %H:%M:%S %Y", &afterPrintable); - PR_fprintf(outfile, "## VALIDITY: %s to %s\n", beforestr, afterstr); - } - PR_fprintf(outfile, "\n"); - return SECSuccess; -} - -SECStatus -dumpCertEntry(certDBEntryCert *entry, int num, PRFileDesc *outfile) -{ - CERTCertificate *cert; - cert = CERT_DecodeDERCertificate(&entry->derCert, PR_FALSE, NULL); - if (!cert) { - fprintf(stderr, "Failed to decode certificate.\n"); - return SECFailure; - } - cert->trust = &entry->trust; - dumpCertificate(cert, num, outfile); - CERT_DestroyCertificate(cert); - return SECSuccess; -} - -SECStatus -dumpSubjectEntry(certDBEntrySubject *entry, int num, PRFileDesc *outfile) -{ - char *subjectName; - subjectName = CERT_DerNameToAscii(&entry->derSubject); - PR_fprintf(outfile, "Subject: %3d\n", num); - PR_fprintf(outfile, "------------\n"); - PR_fprintf(outfile, "## %s\n", subjectName); - if (entry->nickname) - PR_fprintf(outfile, "## Subject nickname: %s\n", entry->nickname); - if (entry->emailAddr && entry->emailAddr[0]) - PR_fprintf(outfile, "## Subject email address: %s\n", - entry->emailAddr); - PR_fprintf(outfile, "## This subject has %d cert(s).\n", entry->ncerts); - PR_fprintf(outfile, "\n"); - PORT_Free(subjectName); - return SECSuccess; -} - -SECStatus -dumpNicknameEntry(certDBEntryNickname *entry, int num, PRFileDesc *outfile) -{ - PR_fprintf(outfile, "Nickname: %3d\n", num); - PR_fprintf(outfile, "-------------\n"); - PR_fprintf(outfile, "## \"%s\"\n\n", entry->nickname); - return SECSuccess; -} - -SECStatus -dumpSMimeEntry(certDBEntrySMime *entry, int num, PRFileDesc *outfile) -{ - PR_fprintf(outfile, "S/MIME Profile: %3d\n", num); - PR_fprintf(outfile, "-------------------\n"); - PR_fprintf(outfile, "## \"%s\"\n", entry->emailAddr); - PR_fprintf(outfile, "## OPTIONS: "); - printHexString(outfile, &entry->smimeOptions); - PR_fprintf(outfile, "## TIMESTAMP: "); - printHexString(outfile, &entry->optionsDate); - PR_fprintf(outfile, "\n"); - return SECSuccess; -} - -SECStatus -mapCertEntries(certDBArray *dbArray) -{ - certDBEntryCert *certEntry; - certDBEntrySubject *subjectEntry; - certDBEntryListNode *certNode, *subjNode; - certDBSubjectEntryMap *smap; - certDBEntryMap *map; - PRArenaPool *tmparena; - SECItem derSubject; - SECItem certKey; - PRCList *cElem, *sElem; - int i; - - /* Arena for decoded entries */ - tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (tmparena == NULL) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - return SECFailure; - } - - /* Iterate over cert entries and map them to subject entries. - * NOTE: mapSubjectEntries must be called first to alloc memory - * for array of subject->cert map. - */ - for (cElem = PR_LIST_HEAD(&dbArray->certs.link); - cElem != &dbArray->certs.link; cElem = PR_NEXT_LINK(cElem)) { - certNode = LISTNODE_CAST(cElem); - certEntry = (certDBEntryCert *)&certNode->entry; - map = (certDBEntryMap *)certNode->appData; - CERT_NameFromDERCert(&certEntry->derCert, &derSubject); - CERT_KeyFromDERCert(tmparena, &certEntry->derCert, &certKey); - /* Loop over found subjects for cert's DN. */ - for (sElem = PR_LIST_HEAD(&dbArray->subjects.link); - sElem != &dbArray->subjects.link; sElem = PR_NEXT_LINK(sElem)) { - subjNode = LISTNODE_CAST(sElem); - subjectEntry = (certDBEntrySubject *)&subjNode->entry; - if (SECITEM_ItemsAreEqual(&derSubject, &subjectEntry->derSubject)) { - /* Found matching subject name, create link. */ - map->pSubject = subjNode; - /* Make sure subject entry has cert's key. */ - for (i=0; incerts; i++) { - if (SECITEM_ItemsAreEqual(&certKey, - &subjectEntry->certKeys[i])) { - /* Found matching cert key. */ - smap = (certDBSubjectEntryMap *)subjNode->appData; - smap->pCerts[i] = certNode; - break; - } - } - } - } - } - PORT_FreeArena(tmparena, PR_FALSE); - return SECSuccess; -} - -SECStatus -mapSubjectEntries(certDBArray *dbArray) -{ - certDBEntrySubject *subjectEntry; - certDBEntryNickname *nicknameEntry; - certDBEntrySMime *smimeEntry; - certDBEntryListNode *subjNode, *nickNode, *smimeNode; - certDBSubjectEntryMap *subjMap; - certDBEntryMap *nickMap, *smimeMap; - PRCList *sElem, *nElem, *mElem; - - for (sElem = PR_LIST_HEAD(&dbArray->subjects.link); - sElem != &dbArray->subjects.link; sElem = PR_NEXT_LINK(sElem)) { - /* Iterate over subject entries and map subjects to nickname - * and smime entries. The cert<->subject map will be handled - * by a subsequent call to mapCertEntries. - */ - subjNode = LISTNODE_CAST(sElem); - subjectEntry = (certDBEntrySubject *)&subjNode->entry; - subjMap = (certDBSubjectEntryMap *)subjNode->appData; - /* need to alloc memory here for array of matching certs. */ - subjMap->pCerts = PORT_ArenaAlloc(subjMap->arena, - subjectEntry->ncerts*sizeof(int)); - subjMap->numCerts = subjectEntry->ncerts; - if (subjectEntry->nickname) { - /* Subject should have a nickname entry, so create a link. */ - for (nElem = PR_LIST_HEAD(&dbArray->nicknames.link); - nElem != &dbArray->nicknames.link; - nElem = PR_NEXT_LINK(nElem)) { - /* Look for subject's nickname in nickname entries. */ - nickNode = LISTNODE_CAST(nElem); - nicknameEntry = (certDBEntryNickname *)&nickNode->entry; - nickMap = (certDBEntryMap *)nickNode->appData; - if (PL_strcmp(subjectEntry->nickname, - nicknameEntry->nickname) == 0) { - /* Found a nickname entry for subject's nickname. */ - if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject, - &nicknameEntry->subjectName)) { - /* Nickname and subject match. */ - subjMap->pNickname = nickNode; - nickMap->pSubject = subjNode; - } else { - /* Nickname entry found is for diff. subject. */ - subjMap->pNickname = WrongEntry; - } - } - } - } else { - subjMap->pNickname = NoNickname; - } - if (subjectEntry->emailAddr && subjectEntry->emailAddr[0]) { - /* Subject should have an smime entry, so create a link. */ - for (mElem = PR_LIST_HEAD(&dbArray->smime.link); - mElem != &dbArray->smime.link; mElem = PR_NEXT_LINK(mElem)) { - /* Look for subject's email in S/MIME entries. */ - smimeNode = LISTNODE_CAST(mElem); - smimeEntry = (certDBEntrySMime *)&smimeNode->entry; - smimeMap = (certDBEntryMap *)smimeNode->appData; - if (PL_strcmp(subjectEntry->emailAddr, - smimeEntry->emailAddr) == 0) { - /* Found a S/MIME entry for subject's email. */ - if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject, - &smimeEntry->subjectName)) { - /* S/MIME entry and subject match. */ - subjMap->pSMime = smimeNode; - smimeMap->pSubject = subjNode; - } else { - /* S/MIME entry found is for diff. subject. */ - subjMap->pSMime = WrongEntry; - } - } - } - } else { - subjMap->pSMime = NoSMime; - } - } - return SECSuccess; -} - -void -printnode(dbDebugInfo *info, const char *str, int num) -{ - if (!info->dograph) - return; - if (num < 0) { - PR_fprintf(info->graphfile, str); - } else { - PR_fprintf(info->graphfile, str, num); - } -} - -PRBool -map_handle_is_ok(dbDebugInfo *info, void *mapPtr, int indent) -{ - if (mapPtr == NULL) { - if (indent > 0) - printnode(info, " ", -1); - if (indent >= 0) - printnode(info, "******************* ", -1); - return PR_FALSE; - } else if (mapPtr == WrongEntry) { - if (indent > 0) - printnode(info, " ", -1); - if (indent >= 0) - printnode(info, "??????????????????? ", -1); - return PR_FALSE; - } else { - return PR_TRUE; - } -} - -/* these call each other */ -void print_smime_graph(dbDebugInfo *info, certDBEntryMap *smimeMap, - int direction); -void print_nickname_graph(dbDebugInfo *info, certDBEntryMap *nickMap, - int direction); -void print_subject_graph(dbDebugInfo *info, certDBSubjectEntryMap *subjMap, - int direction, int optindex, int opttype); -void print_cert_graph(dbDebugInfo *info, certDBEntryMap *certMap, - int direction); - -/* Given an smime entry, print its unique identifier. If GOLEFT is - * specified, print the cert<-subject<-smime map, else just print - * the smime entry. - */ -void -print_smime_graph(dbDebugInfo *info, certDBEntryMap *smimeMap, int direction) -{ - certDBSubjectEntryMap *subjMap; - certDBEntryListNode *subjNode; - if (direction == GOLEFT) { - /* Need to output subject and cert first, see print_subject_graph */ - subjNode = smimeMap->pSubject; - if (map_handle_is_ok(info, (void *)subjNode, 1)) { - subjMap = (certDBSubjectEntryMap *)subjNode->appData; - print_subject_graph(info, subjMap, GOLEFT, - smimeMap->index, certDBEntryTypeSMimeProfile); - } else { - printnode(info, "<---- S/MIME %5d ", smimeMap->index); - } - } else { - printnode(info, "S/MIME %5d ", smimeMap->index); - } -} - -/* Given a nickname entry, print its unique identifier. If GOLEFT is - * specified, print the cert<-subject<-nickname map, else just print - * the nickname entry. - */ -void -print_nickname_graph(dbDebugInfo *info, certDBEntryMap *nickMap, int direction) -{ - certDBSubjectEntryMap *subjMap; - certDBEntryListNode *subjNode; - if (direction == GOLEFT) { - /* Need to output subject and cert first, see print_subject_graph */ - subjNode = nickMap->pSubject; - if (map_handle_is_ok(info, (void *)subjNode, 1)) { - subjMap = (certDBSubjectEntryMap *)subjNode->appData; - print_subject_graph(info, subjMap, GOLEFT, - nickMap->index, certDBEntryTypeNickname); - } else { - printnode(info, "<---- Nickname %5d ", nickMap->index); - } - } else { - printnode(info, "Nickname %5d ", nickMap->index); - } -} - -/* Given a subject entry, if going right print the graph of the nickname|smime - * that it maps to (by its unique identifier); and if going left - * print the list of certs that it points to. - */ -void -print_subject_graph(dbDebugInfo *info, certDBSubjectEntryMap *subjMap, - int direction, int optindex, int opttype) -{ - certDBEntryMap *map; - certDBEntryListNode *node; - int i; - /* The first line of output always contains the cert id, subject id, - * and nickname|smime id. Subsequent lines may contain additional - * cert id's for the subject if going left or both directions. - * Ex. of printing the graph for a subject entry: - * Cert 3 <- Subject 5 -> Nickname 32 - * Cert 8 / - * Cert 9 / - * means subject 5 has 3 certs, 3, 8, and 9, and corresponds - * to nickname entry 32. - * To accomplish the above, it is required to dump the entire first - * line left-to-right, regardless of the input direction, and then - * finish up any remaining cert entries. Hence the code is uglier - * than one may expect. - */ - if (direction == GOLEFT || direction == GOBOTH) { - /* In this case, nothing should be output until the first cert is - * located and output (cert 3 in the above example). - */ - if (subjMap->numCerts == 0 || subjMap->pCerts == NULL) - /* XXX uh-oh */ - return; - /* get the first cert and dump it. */ - node = subjMap->pCerts[0]; - if (map_handle_is_ok(info, (void *)node, 0)) { - map = (certDBEntryMap *)node->appData; - /* going left here stops. */ - print_cert_graph(info, map, GOLEFT); - } - /* Now it is safe to output the subject id. */ - if (direction == GOLEFT) - printnode(info, "Subject %5d <---- ", subjMap->index); - else /* direction == GOBOTH */ - printnode(info, "Subject %5d ----> ", subjMap->index); - } - if (direction == GORIGHT || direction == GOBOTH) { - /* Okay, now output the nickname|smime for this subject. */ - if (direction != GOBOTH) /* handled above */ - printnode(info, "Subject %5d ----> ", subjMap->index); - if (subjMap->pNickname) { - node = subjMap->pNickname; - if (map_handle_is_ok(info, (void *)node, 0)) { - map = (certDBEntryMap *)node->appData; - /* going right here stops. */ - print_nickname_graph(info, map, GORIGHT); - } - } - if (subjMap->pSMime) { - node = subjMap->pSMime; - if (map_handle_is_ok(info, (void *)node, 0)) { - map = (certDBEntryMap *)node->appData; - /* going right here stops. */ - print_smime_graph(info, map, GORIGHT); - } - } - if (!subjMap->pNickname && !subjMap->pSMime) { - printnode(info, "******************* ", -1); - } - } - if (direction != GORIGHT) { /* going right has only one cert */ - if (opttype == certDBEntryTypeNickname) - printnode(info, "Nickname %5d ", optindex); - else if (opttype == certDBEntryTypeSMimeProfile) - printnode(info, "S/MIME %5d ", optindex); - for (i=1 /* 1st one already done */; inumCerts; i++) { - printnode(info, "\n", -1); /* start a new line */ - node = subjMap->pCerts[i]; - if (map_handle_is_ok(info, (void *)node, 0)) { - map = (certDBEntryMap *)node->appData; - /* going left here stops. */ - print_cert_graph(info, map, GOLEFT); - printnode(info, "/", -1); - } - } - } -} - -/* Given a cert entry, print its unique identifer. If GORIGHT is specified, - * print the cert->subject->nickname|smime map, else just print - * the cert entry. - */ -void -print_cert_graph(dbDebugInfo *info, certDBEntryMap *certMap, int direction) -{ - certDBSubjectEntryMap *subjMap; - certDBEntryListNode *subjNode; - if (direction == GOLEFT) { - printnode(info, "Cert %5d <---- ", certMap->index); - /* only want cert entry, terminate here. */ - return; - } - /* Keep going right then. */ - printnode(info, "Cert %5d ----> ", certMap->index); - subjNode = certMap->pSubject; - if (map_handle_is_ok(info, (void *)subjNode, 0)) { - subjMap = (certDBSubjectEntryMap *)subjNode->appData; - print_subject_graph(info, subjMap, GORIGHT, -1, -1); - } -} - -SECStatus -computeDBGraph(certDBArray *dbArray, dbDebugInfo *info) -{ - PRCList *cElem, *sElem, *nElem, *mElem; - certDBEntryListNode *node; - certDBEntryMap *map; - certDBSubjectEntryMap *subjMap; - - /* Graph is of this form: - * - * certs: - * cert ---> subject ---> (nickname|smime) - * - * subjects: - * cert <--- subject ---> (nickname|smime) - * - * nicknames and smime: - * cert <--- subject <--- (nickname|smime) - */ - - /* Print cert graph. */ - for (cElem = PR_LIST_HEAD(&dbArray->certs.link); - cElem != &dbArray->certs.link; cElem = PR_NEXT_LINK(cElem)) { - /* Print graph of everything to right of cert entry. */ - node = LISTNODE_CAST(cElem); - map = (certDBEntryMap *)node->appData; - print_cert_graph(info, map, GORIGHT); - printnode(info, "\n", -1); - } - printnode(info, "\n", -1); - - /* Print subject graph. */ - for (sElem = PR_LIST_HEAD(&dbArray->subjects.link); - sElem != &dbArray->subjects.link; sElem = PR_NEXT_LINK(sElem)) { - /* Print graph of everything to both sides of subject entry. */ - node = LISTNODE_CAST(sElem); - subjMap = (certDBSubjectEntryMap *)node->appData; - print_subject_graph(info, subjMap, GOBOTH, -1, -1); - printnode(info, "\n", -1); - } - printnode(info, "\n", -1); - - /* Print nickname graph. */ - for (nElem = PR_LIST_HEAD(&dbArray->nicknames.link); - nElem != &dbArray->nicknames.link; nElem = PR_NEXT_LINK(nElem)) { - /* Print graph of everything to left of nickname entry. */ - node = LISTNODE_CAST(nElem); - map = (certDBEntryMap *)node->appData; - print_nickname_graph(info, map, GOLEFT); - printnode(info, "\n", -1); - } - printnode(info, "\n", -1); - - /* Print smime graph. */ - for (mElem = PR_LIST_HEAD(&dbArray->smime.link); - mElem != &dbArray->smime.link; mElem = PR_NEXT_LINK(mElem)) { - /* Print graph of everything to left of smime entry. */ - node = LISTNODE_CAST(mElem); - if (node == NULL) break; - map = (certDBEntryMap *)node->appData; - print_smime_graph(info, map, GOLEFT); - printnode(info, "\n", -1); - } - printnode(info, "\n", -1); - - return SECSuccess; -} - -/* - * List the entries in the db, showing handles between entry types. - */ -void -verboseOutput(certDBArray *dbArray, dbDebugInfo *info) -{ - int i, ref; - PRCList *elem; - certDBEntryListNode *node; - certDBEntryMap *map; - certDBSubjectEntryMap *smap; - certDBEntrySubject *subjectEntry; - - /* List certs */ - for (elem = PR_LIST_HEAD(&dbArray->certs.link); - elem != &dbArray->certs.link; elem = PR_NEXT_LINK(elem)) { - node = LISTNODE_CAST(elem); - map = (certDBEntryMap *)node->appData; - dumpCertEntry((certDBEntryCert*)&node->entry, map->index, info->out); - /* walk the cert handle to it's subject entry */ - if (map_handle_is_ok(info, map->pSubject, -1)) { - smap = (certDBSubjectEntryMap *)map->pSubject->appData; - ref = smap->index; - PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref); - } else { - PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n"); - } - } - /* List subjects */ - for (elem = PR_LIST_HEAD(&dbArray->subjects.link); - elem != &dbArray->subjects.link; elem = PR_NEXT_LINK(elem)) { - node = LISTNODE_CAST(elem); - subjectEntry = (certDBEntrySubject *)&node->entry; - smap = (certDBSubjectEntryMap *)node->appData; - dumpSubjectEntry(subjectEntry, smap->index, info->out); - /* iterate over subject's certs */ - for (i=0; inumCerts; i++) { - /* walk each subject handle to it's cert entries */ - if (map_handle_is_ok(info, smap->pCerts[i], -1)) { - ref = ((certDBEntryMap *)smap->pCerts[i]->appData)->index; - PR_fprintf(info->out, "-->(%d. certificate %d)\n", i, ref); - } else { - PR_fprintf(info->out, "-->(%d. MISSING CERT ENTRY)\n", i); - } - } - if (subjectEntry->nickname) { - /* walk each subject handle to it's nickname entry */ - if (map_handle_is_ok(info, smap->pNickname, -1)) { - ref = ((certDBEntryMap *)smap->pNickname->appData)->index; - PR_fprintf(info->out, "-->(nickname %d)\n", ref); - } else { - PR_fprintf(info->out, "-->(MISSING NICKNAME ENTRY)\n"); - } - } - if (subjectEntry->emailAddr && subjectEntry->emailAddr[0]) { - /* walk each subject handle to it's smime entry */ - if (map_handle_is_ok(info, smap->pSMime, -1)) { - ref = ((certDBEntryMap *)smap->pSMime->appData)->index; - PR_fprintf(info->out, "-->(s/mime %d)\n", ref); - } else { - PR_fprintf(info->out, "-->(MISSING S/MIME ENTRY)\n"); - } - } - PR_fprintf(info->out, "\n\n"); - } - for (elem = PR_LIST_HEAD(&dbArray->nicknames.link); - elem != &dbArray->nicknames.link; elem = PR_NEXT_LINK(elem)) { - node = LISTNODE_CAST(elem); - map = (certDBEntryMap *)node->appData; - dumpNicknameEntry((certDBEntryNickname*)&node->entry, map->index, - info->out); - if (map_handle_is_ok(info, map->pSubject, -1)) { - ref = ((certDBEntryMap *)map->pSubject->appData)->index; - PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref); - } else { - PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n"); - } - } - for (elem = PR_LIST_HEAD(&dbArray->smime.link); - elem != &dbArray->smime.link; elem = PR_NEXT_LINK(elem)) { - node = LISTNODE_CAST(elem); - map = (certDBEntryMap *)node->appData; - dumpSMimeEntry((certDBEntrySMime*)&node->entry, map->index, info->out); - if (map_handle_is_ok(info, map->pSubject, -1)) { - ref = ((certDBEntryMap *)map->pSubject->appData)->index; - PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref); - } else { - PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n"); - } - } - PR_fprintf(info->out, "\n\n"); -} - -char *errResult[] = { - "Certificate entries that had no subject entry.", - "Certificate entries that had no key in their subject entry.", - "Subject entries that had no nickname or email address.", - "Redundant nicknames (subjects with the same nickname).", - "Subject entries that had no nickname entry.", - "Redundant email addresses (subjects with the same email address).", - "Subject entries that had no S/MIME entry.", - "Nickname entries that had no subject entry.", - "S/MIME entries that had no subject entry.", -}; - -int -fillDBEntryArray(CERTCertDBHandle *handle, certDBEntryType type, - certDBEntryListNode *list) -{ - PRCList *elem; - certDBEntryListNode *node; - certDBEntryMap *mnode; - certDBSubjectEntryMap *smnode; - PRArenaPool *arena; - int count = 0; - /* Initialize a dummy entry in the list. The list head will be the - * next element, so this element is skipped by for loops. - */ - PR_INIT_CLIST((PRCList *)list); - /* Collect all of the cert db entries for this type into a list. */ - SEC_TraverseDBEntries(handle, type, SEC_GetCertDBEntryList, - (PRCList *)list); - for (elem = PR_LIST_HEAD(&list->link); - elem != &list->link; elem = PR_NEXT_LINK(elem)) { - /* Iterate over the entries and ... */ - node = (certDBEntryListNode *)elem; - if (type != certDBEntryTypeSubject) { - arena = PORT_NewArena(sizeof(*mnode)); - mnode = (certDBEntryMap *)PORT_ArenaZAlloc(arena, sizeof(*mnode)); - mnode->arena = arena; - /* ... assign a unique index number to each node, and ... */ - mnode->index = count; - /* ... set the map pointer for the node. */ - node->appData = (void *)mnode; - } else { - /* allocate some room for the cert pointers also */ - arena = PORT_NewArena(sizeof(*smnode) + 20*sizeof(void *)); - smnode = (certDBSubjectEntryMap *) - PORT_ArenaZAlloc(arena, sizeof(*smnode)); - smnode->arena = arena; - smnode->index = count; - node->appData = (void *)smnode; - } - count++; - } - return count; -} - -void -freeDBEntryList(PRCList *list) -{ - PRCList *next, *elem; - certDBEntryListNode *node; - certDBEntryMap *map; - - for (elem = PR_LIST_HEAD(list); elem != list;) { - next = PR_NEXT_LINK(elem); - node = (certDBEntryListNode *)elem; - map = (certDBEntryMap *)node->appData; - PR_REMOVE_LINK(&node->link); - PORT_FreeArena(map->arena, PR_TRUE); - PORT_FreeArena(node->entry.common.arena, PR_TRUE); - elem = next; - } -} - -void -DBCK_DebugDB(CERTCertDBHandle *handle, PRFileDesc *out, PRFileDesc *mailfile) -{ - int i, nCertsFound, nSubjFound, nErr; - int nCerts, nSubjects, nSubjCerts, nNicknames, nSMime; - PRCList *elem; - char c; - dbDebugInfo info; - certDBArray dbArray; - - PORT_Memset(&dbArray, 0, sizeof(dbArray)); - PORT_Memset(&info, 0, sizeof(info)); - info.verbose = (out == NULL) ? PR_FALSE : PR_TRUE ; - info.dograph = (mailfile == NULL) ? PR_FALSE : PR_TRUE ; - info.out = (out) ? out : PR_STDOUT; - info.graphfile = mailfile; - - /* Fill the array structure with cert/subject/nickname/smime entries. */ - dbArray.numCerts = fillDBEntryArray(handle, certDBEntryTypeCert, - &dbArray.certs); - dbArray.numSubjects = fillDBEntryArray(handle, certDBEntryTypeSubject, - &dbArray.subjects); - dbArray.numNicknames = fillDBEntryArray(handle, certDBEntryTypeNickname, - &dbArray.nicknames); - dbArray.numSMime = fillDBEntryArray(handle, certDBEntryTypeSMimeProfile, - &dbArray.smime); - - /* Compute the map between the database entries. */ - mapSubjectEntries(&dbArray); - mapCertEntries(&dbArray); - computeDBGraph(&dbArray, &info); - - /* Store the totals for later reference. */ - nCerts = dbArray.numCerts; - nSubjects = dbArray.numSubjects; - nNicknames = dbArray.numNicknames; - nSMime = dbArray.numSMime; - nSubjCerts = 0; - for (elem = PR_LIST_HEAD(&dbArray.subjects.link); - elem != &dbArray.subjects.link; elem = PR_NEXT_LINK(elem)) { - certDBSubjectEntryMap *smap; - smap = (certDBSubjectEntryMap *)LISTNODE_CAST(elem)->appData; - nSubjCerts += smap->numCerts; - } - - if (info.verbose) { - /* Dump the database contents. */ - verboseOutput(&dbArray, &info); - } - - freeDBEntryList(&dbArray.certs.link); - freeDBEntryList(&dbArray.subjects.link); - freeDBEntryList(&dbArray.nicknames.link); - freeDBEntryList(&dbArray.smime.link); - - PR_fprintf(info.out, "\n"); - PR_fprintf(info.out, "Database statistics:\n"); - PR_fprintf(info.out, "N0: Found %4d Certificate entries.\n", - nCerts); - PR_fprintf(info.out, "N1: Found %4d Subject entries (unique DN's).\n", - nSubjects); - PR_fprintf(info.out, "N2: Found %4d Cert keys within Subject entries.\n", - nSubjCerts); - PR_fprintf(info.out, "N3: Found %4d Nickname entries.\n", - nNicknames); - PR_fprintf(info.out, "N4: Found %4d S/MIME entries.\n", - nSMime); - PR_fprintf(info.out, "\n"); - - nErr = 0; - for (i=0; isubjectName) { - return NULL; - } - - tmp1 = PORT_Strstr(cert->subjectName, "E="); - tmp2 = PORT_Strstr(cert->subjectName, "MAIL="); - /* XXX Nelson has cert for KTrilli which does not have either - * of above but is email cert (has cert->emailAddr). - */ - if (!tmp1 && !tmp2 && !(cert->emailAddr && cert->emailAddr[0])) { - return NULL; - } - - /* Server or CA cert, not personal email. */ - isCA = CERT_IsCACert(cert, NULL); - if (isCA) - return NULL; - - /* XXX CERT_IsCACert advertises checking the key usage ext., - but doesn't appear to. */ - /* Check the key usage extension. */ - if (cert->keyUsagePresent) { - /* Must at least be able to sign or encrypt (not neccesarily - * both if it is one of a dual cert). - */ - if (!((cert->rawKeyUsage & KU_DIGITAL_SIGNATURE) || - (cert->rawKeyUsage & KU_KEY_ENCIPHERMENT))) - return NULL; - - /* CA cert, not personal email. */ - if (cert->rawKeyUsage & (KU_KEY_CERT_SIGN | KU_CRL_SIGN)) - return NULL; - } - - if (cert->emailAddr && cert->emailAddr[0]) { - email = PORT_Strdup(cert->emailAddr); - } else { - if (tmp1) - tmp1 += 2; /* "E=" */ - else - tmp1 = tmp2 + 5; /* "MAIL=" */ - len = strcspn(tmp1, ", "); - email = (char*)PORT_Alloc(len+1); - PORT_Strncpy(email, tmp1, len); - email[len] = '\0'; - } - - return email; -} - -SECStatus -deleteit(CERTCertificate *cert, void *arg) -{ - return SEC_DeletePermCertificate(cert); -} - -/* Different than DeleteCertificate - has the added bonus of removing - * all certs with the same DN. - */ -SECStatus -deleteAllEntriesForCert(CERTCertDBHandle *handle, CERTCertificate *cert, - PRFileDesc *outfile) -{ -#if 0 - certDBEntrySubject *subjectEntry; - certDBEntryNickname *nicknameEntry; - certDBEntrySMime *smimeEntry; - int i; -#endif - - if (outfile) { - PR_fprintf(outfile, "$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n\n"); - PR_fprintf(outfile, "Deleting redundant certificate:\n"); - dumpCertificate(cert, -1, outfile); - } - - CERT_TraverseCertsForSubject(handle, cert->subjectList, deleteit, NULL); -#if 0 - CERT_LockDB(handle); - subjectEntry = ReadDBSubjectEntry(handle, &cert->derSubject); - /* It had better be there, or created a bad db. */ - PORT_Assert(subjectEntry); - for (i=0; incerts; i++) { - DeleteDBCertEntry(handle, &subjectEntry->certKeys[i]); - } - DeleteDBSubjectEntry(handle, &cert->derSubject); - if (subjectEntry->emailAddr && subjectEntry->emailAddr[0]) { - smimeEntry = ReadDBSMimeEntry(handle, subjectEntry->emailAddr); - if (smimeEntry) { - if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject, - &smimeEntry->subjectName)) - /* Only delete it if it's for this subject! */ - DeleteDBSMimeEntry(handle, subjectEntry->emailAddr); - SEC_DestroyDBEntry((certDBEntry*)smimeEntry); - } - } - if (subjectEntry->nickname) { - nicknameEntry = ReadDBNicknameEntry(handle, subjectEntry->nickname); - if (nicknameEntry) { - if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject, - &nicknameEntry->subjectName)) - /* Only delete it if it's for this subject! */ - DeleteDBNicknameEntry(handle, subjectEntry->nickname); - SEC_DestroyDBEntry((certDBEntry*)nicknameEntry); - } - } - SEC_DestroyDBEntry((certDBEntry*)subjectEntry); - CERT_UnlockDB(handle); -#endif - return SECSuccess; -} - -void -getCertsToDelete(char *numlist, int len, int *certNums, int nCerts) -{ - int j, num; - char *numstr, *numend, *end; - - numstr = numlist; - end = numstr + len - 1; - while (numstr != end) { - numend = strpbrk(numstr, ", \n"); - *numend = '\0'; - if (PORT_Strlen(numstr) == 0) - return; - num = PORT_Atoi(numstr); - if (numstr == numlist) - certNums[0] = num; - for (j=1; jpromptUser[errtype] == PR_FALSE) - return (info->removeType[errtype]); - switch (errtype) { - case dbInvalidCert: - PR_fprintf(PR_STDOUT, "******** Expired ********\n"); - PR_fprintf(PR_STDOUT, "Cert has expired.\n\n"); - dumpCertificate(certs[0], -1, PR_STDOUT); - PR_fprintf(PR_STDOUT, - "Keep it? (y/n - this one, Y/N - all expired certs) [n] "); - break; - case dbNoSMimeProfile: - PR_fprintf(PR_STDOUT, "******** No Profile ********\n"); - PR_fprintf(PR_STDOUT, "S/MIME cert has no profile.\n\n"); - dumpCertificate(certs[0], -1, PR_STDOUT); - PR_fprintf(PR_STDOUT, - "Keep it? (y/n - this one, Y/N - all S/MIME w/o profile) [n] "); - break; - case dbOlderCert: - PR_fprintf(PR_STDOUT, "******* Redundant nickname/email *******\n\n"); - PR_fprintf(PR_STDOUT, "These certs have the same nickname/email:\n"); - for (i=0; ipromptUser[errtype] = PR_FALSE; - info->removeType[errtype] = PR_TRUE; - return PR_TRUE; - } - getCertsToDelete(response, nb, certNums, nCerts); - return PR_TRUE; - } - /* User doesn't want to be prompted for this type anymore. */ - if (response[0] == 'Y') { - info->promptUser[errtype] = PR_FALSE; - info->removeType[errtype] = PR_FALSE; - return PR_FALSE; - } else if (response[0] == 'N') { - info->promptUser[errtype] = PR_FALSE; - info->removeType[errtype] = PR_TRUE; - return PR_TRUE; - } - return (response[0] != 'y') ? PR_TRUE : PR_FALSE; -} - -SECStatus -addCertToDB(certDBEntryCert *certEntry, dbRestoreInfo *info, - CERTCertDBHandle *oldhandle) -{ - SECStatus rv = SECSuccess; - PRBool allowOverride; - PRBool userCert; - SECCertTimeValidity validity; - CERTCertificate *oldCert = NULL; - CERTCertificate *dbCert = NULL; - CERTCertificate *newCert = NULL; - CERTCertTrust *trust; - certDBEntrySMime *smimeEntry = NULL; - char *email = NULL; - char *nickname = NULL; - int nCertsForSubject = 1; - - oldCert = CERT_DecodeDERCertificate(&certEntry->derCert, PR_FALSE, - certEntry->nickname); - if (!oldCert) { - info->dbErrors[dbBadCertificate]++; - SEC_DestroyDBEntry((certDBEntry*)certEntry); - return SECSuccess; - } - - oldCert->dbEntry = certEntry; - oldCert->trust = &certEntry->trust; - oldCert->dbhandle = oldhandle; - - trust = oldCert->trust; - - info->nOldCerts++; - - if (info->verbose) - PR_fprintf(info->out, "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\n\n"); - - if (oldCert->nickname) - nickname = PORT_Strdup(oldCert->nickname); - - /* Always keep user certs. Skip ahead. */ - /* XXX if someone sends themselves a signed message, it is possible - for their cert to be imported as an "other" cert, not a user cert. - this mucks with smime entries... */ - userCert = (SEC_GET_TRUST_FLAGS(trust, trustSSL) & CERTDB_USER) || - (SEC_GET_TRUST_FLAGS(trust, trustEmail) & CERTDB_USER) || - (SEC_GET_TRUST_FLAGS(trust, trustObjectSigning) & CERTDB_USER); - if (userCert) - goto createcert; - - /* If user chooses so, ignore expired certificates. */ - allowOverride = (PRBool)((oldCert->keyUsage == certUsageSSLServer) || - (oldCert->keyUsage == certUsageSSLServerWithStepUp)); - validity = CERT_CheckCertValidTimes(oldCert, PR_Now(), allowOverride); - /* If cert expired and user wants to delete it, ignore it. */ - if ((validity != secCertTimeValid) && - userSaysDeleteCert(&oldCert, 1, dbInvalidCert, info, 0)) { - info->dbErrors[dbInvalidCert]++; - if (info->verbose) { - PR_fprintf(info->out, "Deleting expired certificate:\n"); - dumpCertificate(oldCert, -1, info->out); - } - goto cleanup; - } - - /* New database will already have default certs, don't attempt - to overwrite them. */ - dbCert = CERT_FindCertByDERCert(info->handle, &oldCert->derCert); - if (dbCert) { - info->nCerts++; - if (info->verbose) { - PR_fprintf(info->out, "Added certificate to database:\n"); - dumpCertificate(oldCert, -1, info->out); - } - goto cleanup; - } - - /* Determine if cert is S/MIME and get its email if so. */ - email = IsEmailCert(oldCert); - - /* - XXX Just create empty profiles? - if (email) { - SECItem *profile = CERT_FindSMimeProfile(oldCert); - if (!profile && - userSaysDeleteCert(&oldCert, 1, dbNoSMimeProfile, info, 0)) { - info->dbErrors[dbNoSMimeProfile]++; - if (info->verbose) { - PR_fprintf(info->out, - "Deleted cert missing S/MIME profile.\n"); - dumpCertificate(oldCert, -1, info->out); - } - goto cleanup; - } else { - SECITEM_FreeItem(profile); - } - } - */ - -createcert: - - /* Sometimes happens... */ - if (!nickname && userCert) - nickname = PORT_Strdup(oldCert->subjectName); - - /* Create a new certificate, copy of the old one. */ - newCert = CERT_NewTempCertificate(info->handle, &oldCert->derCert, - nickname, PR_FALSE, PR_TRUE); - if (!newCert) { - PR_fprintf(PR_STDERR, "Unable to create new certificate.\n"); - dumpCertificate(oldCert, -1, PR_STDERR); - info->dbErrors[dbBadCertificate]++; - goto cleanup; - } - - /* Add the cert to the new database. */ - rv = CERT_AddTempCertToPerm(newCert, nickname, oldCert->trust); - if (rv) { - PR_fprintf(PR_STDERR, "Failed to write temp cert to perm database.\n"); - dumpCertificate(oldCert, -1, PR_STDERR); - info->dbErrors[dbCertNotWrittenToDB]++; - goto cleanup; - } - - if (info->verbose) { - PR_fprintf(info->out, "Added certificate to database:\n"); - dumpCertificate(oldCert, -1, info->out); - } - - /* If the cert is an S/MIME cert, and the first with it's subject, - * modify the subject entry to include the email address, - * CERT_AddTempCertToPerm does not do email addresses and S/MIME entries. - */ - if (smimeEntry) { /*&& !userCert && nCertsForSubject == 1) { */ -#if 0 - UpdateSubjectWithEmailAddr(newCert, email); -#endif - SECItem emailProfile, profileTime; - rv = CERT_FindFullSMimeProfile(oldCert, &emailProfile, &profileTime); - /* calls UpdateSubjectWithEmailAddr */ - if (rv == SECSuccess) - rv = CERT_SaveSMimeProfile(newCert, &emailProfile, &profileTime); - } - - info->nCerts++; - -cleanup: - - if (nickname) - PORT_Free(nickname); - if (email) - PORT_Free(email); - if (oldCert) - CERT_DestroyCertificate(oldCert); - if (dbCert) - CERT_DestroyCertificate(dbCert); - if (newCert) - CERT_DestroyCertificate(newCert); - if (smimeEntry) - SEC_DestroyDBEntry((certDBEntry*)smimeEntry); - return SECSuccess; -} - -#if 0 -SECStatus -copyDBEntry(SECItem *data, SECItem *key, certDBEntryType type, void *pdata) -{ - SECStatus rv; - CERTCertDBHandle *newdb = (CERTCertDBHandle *)pdata; - certDBEntryCommon common; - SECItem dbkey; - - common.type = type; - common.version = CERT_DB_FILE_VERSION; - common.flags = data->data[2]; - common.arena = NULL; - - dbkey.len = key->len + SEC_DB_KEY_HEADER_LEN; - dbkey.data = (unsigned char *)PORT_Alloc(dbkey.len*sizeof(unsigned char)); - PORT_Memcpy(&dbkey.data[SEC_DB_KEY_HEADER_LEN], key->data, key->len); - dbkey.data[0] = type; - - rv = WriteDBEntry(newdb, &common, &dbkey, data); - - PORT_Free(dbkey.data); - return rv; -} -#endif - -int -certIsOlder(CERTCertificate **cert1, CERTCertificate** cert2) -{ - return !CERT_IsNewer(*cert1, *cert2); -} - -int -findNewestSubjectForEmail(CERTCertDBHandle *handle, int subjectNum, - certDBArray *dbArray, dbRestoreInfo *info, - int *subjectWithSMime, int *smimeForSubject) -{ - int newestSubject; - int subjectsForEmail[50]; - int i, j, ns, sNum; - certDBEntryListNode *subjects = &dbArray->subjects; - certDBEntryListNode *smime = &dbArray->smime; - certDBEntrySubject *subjectEntry1, *subjectEntry2; - certDBEntrySMime *smimeEntry; - CERTCertificate **certs; - CERTCertificate *cert; - CERTCertTrust *trust; - PRBool userCert; - int *certNums; - - ns = 0; - subjectEntry1 = (certDBEntrySubject*)&subjects.entries[subjectNum]; - subjectsForEmail[ns++] = subjectNum; - - *subjectWithSMime = -1; - *smimeForSubject = -1; - newestSubject = subjectNum; - - cert = CERT_FindCertByKey(handle, &subjectEntry1->certKeys[0]); - if (cert) { - trust = cert->trust; - userCert = (SEC_GET_TRUST_FLAGS(trust, trustSSL) & CERTDB_USER) || - (SEC_GET_TRUST_FLAGS(trust, trustEmail) & CERTDB_USER) || - (SEC_GET_TRUST_FLAGS(trust, trustObjectSigning) & CERTDB_USER); - CERT_DestroyCertificate(cert); - } - - /* - * XXX Should we make sure that subjectEntry1->emailAddr is not - * a null pointer or an empty string before going into the next - * two for loops, which pass it to PORT_Strcmp? - */ - - /* Loop over the remaining subjects. */ - for (i=subjectNum+1; iemailAddr && subjectEntry2->emailAddr[0] && - PORT_Strcmp(subjectEntry1->emailAddr, - subjectEntry2->emailAddr) == 0) { - /* Found a subject using the same email address. */ - subjectsForEmail[ns++] = i; - } - } - - /* Find the S/MIME entry for this email address. */ - for (i=0; icommon.arena == NULL) - continue; - if (smimeEntry->emailAddr && smimeEntry->emailAddr[0] && - PORT_Strcmp(subjectEntry1->emailAddr, smimeEntry->emailAddr) == 0) { - /* Find which of the subjects uses this S/MIME entry. */ - for (j=0; jsubjectName, - &subjectEntry2->derSubject)) { - /* Found the subject corresponding to the S/MIME entry. */ - *subjectWithSMime = sNum; - *smimeForSubject = i; - } - } - SEC_DestroyDBEntry((certDBEntry*)smimeEntry); - PORT_Memset(smimeEntry, 0, sizeof(certDBEntry)); - break; - } - } - - if (ns <= 1) - return subjectNum; - - if (userCert) - return *subjectWithSMime; - - /* Now find which of the subjects has the newest cert. */ - certs = (CERTCertificate**)PORT_Alloc(ns*sizeof(CERTCertificate*)); - certNums = (int*)PORT_Alloc((ns+1)*sizeof(int)); - certNums[0] = 0; - for (i=0; icertKeys[0]); - certNums[i+1] = i; - } - /* Sort the array by validity. */ - qsort(certs, ns, sizeof(CERTCertificate*), - (int (*)(const void *, const void *))certIsOlder); - newestSubject = -1; - for (i=0; iderSubject, - &certs[0]->derSubject)) - newestSubject = sNum; - else - SEC_DestroyDBEntry((certDBEntry*)subjectEntry1); - } - if (info && userSaysDeleteCert(certs, ns, dbOlderCert, info, certNums)) { - for (i=1; i= 0 && certNums[i] != certNums[0]) { - deleteAllEntriesForCert(handle, certs[certNums[i]], info->out); - info->dbErrors[dbOlderCert]++; - } - } - } - CERT_DestroyCertArray(certs, ns); - return newestSubject; -} - -CERTCertDBHandle * -DBCK_ReconstructDBFromCerts(CERTCertDBHandle *oldhandle, char *newdbname, - PRFileDesc *outfile, PRBool removeExpired, - PRBool requireProfile, PRBool singleEntry, - PRBool promptUser) -{ - SECStatus rv; - dbRestoreInfo info; - certDBEntryContentVersion *oldContentVersion; - certDBArray dbArray; - int i; - - PORT_Memset(&dbArray, 0, sizeof(dbArray)); - PORT_Memset(&info, 0, sizeof(info)); - info.verbose = (outfile) ? PR_TRUE : PR_FALSE; - info.out = (outfile) ? outfile : PR_STDOUT; - info.removeType[dbInvalidCert] = removeExpired; - info.removeType[dbNoSMimeProfile] = requireProfile; - info.removeType[dbOlderCert] = singleEntry; - info.promptUser[dbInvalidCert] = promptUser; - info.promptUser[dbNoSMimeProfile] = promptUser; - info.promptUser[dbOlderCert] = promptUser; - - /* Allocate a handle to fill with CERT_OpenCertDB below. */ - info.handle = (CERTCertDBHandle *)PORT_ZAlloc(sizeof(CERTCertDBHandle)); - if (!info.handle) { - fprintf(stderr, "unable to get database handle"); - return NULL; - } - - /* Create a certdb with the most recent set of roots. */ - rv = CERT_OpenCertDBFilename(info.handle, newdbname, PR_FALSE); - - if (rv) { - fprintf(stderr, "could not open certificate database"); - goto loser; - } - - /* Create certificate, subject, nickname, and email records. - * mcom_db seems to have a sequential access bug. Though reads and writes - * should be allowed during traversal, they seem to screw up the sequence. - * So, stuff all the cert entries into an array, and loop over the array - * doing read/writes in the db. - */ - fillDBEntryArray(oldhandle, certDBEntryTypeCert, &dbArray.certs); - for (elem = PR_LIST_HEAD(&dbArray->certs.link); - elem != &dbArray->certs.link; elem = PR_NEXT_LINK(elem)) { - node = LISTNODE_CAST(elem); - addCertToDB((certDBEntryCert*)&node->entry, &info, oldhandle); - /* entries get destroyed in addCertToDB */ - } -#if 0 - rv = SEC_TraverseDBEntries(oldhandle, certDBEntryTypeSMimeProfile, - copyDBEntry, info.handle); -#endif - - /* Fix up the pointers between (nickname|S/MIME) --> (subject). - * Create S/MIME entries for S/MIME certs. - * Have the S/MIME entry point to the last-expiring cert using - * an email address. - */ -#if 0 - CERT_RedoHandlesForSubjects(info.handle, singleEntry, &info); -#endif - - freeDBEntryList(&dbArray.certs.link); - - /* Copy over the version record. */ - /* XXX Already exists - and _must_ be correct... */ - /* - versionEntry = ReadDBVersionEntry(oldhandle); - rv = WriteDBVersionEntry(info.handle, versionEntry); - */ - - /* Copy over the content version record. */ - /* XXX Can probably get useful info from old content version? - * Was this db created before/after this tool? etc. - */ -#if 0 - oldContentVersion = ReadDBContentVersionEntry(oldhandle); - CERT_SetDBContentVersion(oldContentVersion->contentVersion, info.handle); -#endif - -#if 0 - /* Copy over the CRL & KRL records. */ - rv = SEC_TraverseDBEntries(oldhandle, certDBEntryTypeRevocation, - copyDBEntry, info.handle); - /* XXX Only one KRL, just do db->get? */ - rv = SEC_TraverseDBEntries(oldhandle, certDBEntryTypeKeyRevocation, - copyDBEntry, info.handle); -#endif - - PR_fprintf(info.out, "Database had %d certificates.\n", info.nOldCerts); - - PR_fprintf(info.out, "Reconstructed %d certificates.\n", info.nCerts); - PR_fprintf(info.out, "(ax) Rejected %d expired certificates.\n", - info.dbErrors[dbInvalidCert]); - PR_fprintf(info.out, "(as) Rejected %d S/MIME certificates missing a profile.\n", - info.dbErrors[dbNoSMimeProfile]); - PR_fprintf(info.out, "(ar) Rejected %d certificates for which a newer certificate was found.\n", - info.dbErrors[dbOlderCert]); - PR_fprintf(info.out, " Rejected %d corrupt certificates.\n", - info.dbErrors[dbBadCertificate]); - PR_fprintf(info.out, " Rejected %d certificates which did not write to the DB.\n", - info.dbErrors[dbCertNotWrittenToDB]); - - if (rv) - goto loser; - - return info.handle; - -loser: - if (info.handle) - PORT_Free(info.handle); - return NULL; -} -#endif /* DORECOVER */ - -enum { - cmd_Debug = 0, - cmd_LongUsage, - cmd_Recover -}; - -enum { - opt_KeepAll = 0, - opt_CertDir, - opt_Dumpfile, - opt_InputDB, - opt_OutputDB, - opt_Mailfile, - opt_Prompt, - opt_KeepRedundant, - opt_KeepNoSMimeProfile, - opt_Verbose, - opt_KeepExpired -}; - -static secuCommandFlag dbck_commands[] = -{ - { /* cmd_Debug, */ 'D', PR_FALSE, 0, PR_FALSE }, - { /* cmd_LongUsage,*/ 'H', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Recover, */ 'R', PR_FALSE, 0, PR_FALSE } -}; - -static secuCommandFlag dbck_options[] = -{ - { /* opt_KeepAll, */ 'a', PR_FALSE, 0, PR_FALSE }, - { /* opt_CertDir, */ 'd', PR_TRUE, 0, PR_FALSE }, - { /* opt_Dumpfile, */ 'f', PR_TRUE, 0, PR_FALSE }, - { /* opt_InputDB, */ 'i', PR_TRUE, 0, PR_FALSE }, - { /* opt_OutputDB, */ 'o', PR_TRUE, 0, PR_FALSE }, - { /* opt_Mailfile, */ 'm', PR_FALSE, 0, PR_FALSE }, - { /* opt_Prompt, */ 'p', PR_FALSE, 0, PR_FALSE }, - { /* opt_KeepRedundant, */ 'r', PR_FALSE, 0, PR_FALSE }, - { /* opt_KeepNoSMimeProfile,*/ 's', PR_FALSE, 0, PR_FALSE }, - { /* opt_Verbose, */ 'v', PR_FALSE, 0, PR_FALSE }, - { /* opt_KeepExpired, */ 'x', PR_FALSE, 0, PR_FALSE } -}; - -int -main(int argc, char **argv) -{ - CERTCertDBHandle *certHandle; - - PRFileInfo fileInfo; - PRFileDesc *mailfile = NULL; - PRFileDesc *dumpfile = NULL; - - char * pathname = 0; - char * fullname = 0; - char * newdbname = 0; - - PRBool removeExpired, requireProfile, singleEntry; - - SECStatus rv; - - secuCommand dbck; - dbck.numCommands = sizeof(dbck_commands) / sizeof(secuCommandFlag); - dbck.numOptions = sizeof(dbck_options) / sizeof(secuCommandFlag); - dbck.commands = dbck_commands; - dbck.options = dbck_options; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - rv = SECU_ParseCommandLine(argc, argv, progName, &dbck); - - if (rv != SECSuccess) - Usage(progName); - - if (dbck.commands[cmd_LongUsage].activated) - LongUsage(progName); - - if (!dbck.commands[cmd_Debug].activated && - !dbck.commands[cmd_Recover].activated) { - PR_fprintf(PR_STDERR, "Please specify -D or -R.\n"); - Usage(progName); - } - - removeExpired = !(dbck.options[opt_KeepAll].activated || - dbck.options[opt_KeepExpired].activated); - - requireProfile = !(dbck.options[opt_KeepAll].activated || - dbck.options[opt_KeepNoSMimeProfile].activated); - - singleEntry = !(dbck.options[opt_KeepAll].activated || - dbck.options[opt_KeepRedundant].activated); - - if (dbck.options[opt_OutputDB].activated) { - newdbname = PL_strdup(dbck.options[opt_OutputDB].arg); - } else { - newdbname = PL_strdup("new_cert7.db"); - } - - /* Create a generic graph of the database. */ - if (dbck.options[opt_Mailfile].activated) { - mailfile = PR_Open("./mailfile", PR_RDWR | PR_CREATE_FILE, 00660); - if (!mailfile) { - fprintf(stderr, "Unable to create mailfile.\n"); - return -1; - } - } - - /* Dump all debugging info while running. */ - if (dbck.options[opt_Verbose].activated) { - if (dbck.options[opt_Dumpfile].activated) { - dumpfile = PR_Open(dbck.options[opt_Dumpfile].arg, - PR_RDWR | PR_CREATE_FILE, 00660); - } - if (!dumpfile) { - fprintf(stderr, "Unable to create dumpfile.\n"); - return -1; - } - } - - /* Set the cert database directory. */ - if (dbck.options[opt_CertDir].activated) { - SECU_ConfigDirectory(dbck.options[opt_CertDir].arg); - } - - PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - SEC_Init(); - - certHandle = (CERTCertDBHandle *)PORT_ZAlloc(sizeof(CERTCertDBHandle)); - if (!certHandle) { - SECU_PrintError(progName, "unable to get database handle"); - return -1; - } - - /* Open the possibly corrupt database. */ - if (dbck.options[opt_InputDB].activated) { - pathname = SECU_ConfigDirectory(NULL); - fullname = PR_smprintf("%s/%s", pathname, - dbck.options[opt_InputDB].arg); - if (PR_GetFileInfo(fullname, &fileInfo) != PR_SUCCESS) { - fprintf(stderr, "Unable to read file \"%s\".\n", fullname); - return -1; - } - rv = CERT_OpenCertDBFilename(certHandle, fullname, PR_TRUE); - } else { - /* Use the default. */ - fullname = SECU_CertDBNameCallback(NULL, CERT_DB_FILE_VERSION); - if (PR_GetFileInfo(fullname, &fileInfo) != PR_SUCCESS) { - fprintf(stderr, "Unable to read file \"%s\".\n", fullname); - return -1; - } - rv = CERT_OpenCertDB(certHandle, PR_TRUE, - SECU_CertDBNameCallback, NULL); - } - - if (rv) { - SECU_PrintError(progName, "unable to open cert database"); - return -1; - } - - if (dbck.commands[cmd_Debug].activated) { - DBCK_DebugDB(certHandle, dumpfile, mailfile); - return 0; - } - -#ifdef DORECOVER - if (dbck.commands[cmd_Recover].activated) { - DBCK_ReconstructDBFromCerts(certHandle, newdbname, - dumpfile, removeExpired, - requireProfile, singleEntry, - dbck.options[opt_Prompt].activated); - return 0; - } -#endif - - if (mailfile) - PR_Close(mailfile); - if (dumpfile) - PR_Close(dumpfile); - if (certHandle) { - CERT_ClosePermCertDB(certHandle); - PORT_Free(certHandle); - } - return -1; -} diff --git a/security/nss/cmd/dbck/manifest.mn b/security/nss/cmd/dbck/manifest.mn deleted file mode 100644 index 79327c08e1..0000000000 --- a/security/nss/cmd/dbck/manifest.mn +++ /dev/null @@ -1,53 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -DEFINES += -DNSPR20 - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = \ - dbck.c \ - $(NULL) - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = dbm seccmd - -PROGRAM = dbck diff --git a/security/nss/cmd/dbtest/Makefile b/security/nss/cmd/dbtest/Makefile deleted file mode 100644 index ea25b8125c..0000000000 --- a/security/nss/cmd/dbtest/Makefile +++ /dev/null @@ -1,92 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -ifdef XP_OS2_VACPP -CFLAGS += -I../modutil -endif - -ifeq (,$(filter-out WINNT WIN95 WIN16,$(OS_TARGET))) # omits WINCE -ifndef BUILD_OPT -ifndef NS_USE_GCC -LDFLAGS += /subsystem:console /profile /debug /machine:I386 /incremental:no -endif -OS_CFLAGS += -D_CONSOLE -endif -endif - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - -#include ../platlibs.mk - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -include ../platrules.mk - diff --git a/security/nss/cmd/dbtest/dbtest.c b/security/nss/cmd/dbtest/dbtest.c deleted file mode 100644 index d01c8180e4..0000000000 --- a/security/nss/cmd/dbtest/dbtest.c +++ /dev/null @@ -1,183 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * Sonja Mirtitsch Sun Microsystems - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* -** dbtest.c -** -** QA test for cert and key databases, especially to open -** database readonly (NSS_INIT_READONLY) and force initializations -** even if the databases cannot be opened (NSS_INIT_FORCEOPEN) -** -*/ -#include -#include - -#if defined(WIN32) -#include "fcntl.h" -#include "io.h" -#endif - -#include "secutil.h" - -#if defined(XP_UNIX) -#include -#endif - -#include "nspr.h" -#include "prtypes.h" -#include "certdb.h" -#include "nss.h" -#include "../modutil/modutil.h" - -#include "plgetopt.h" - -static char *progName; - -char *dbDir = NULL; - -static char *dbName[]={"secmod.db", "cert8.db", "key3.db"}; -static char* dbprefix = ""; -static char* secmodName = "secmod.db"; -PRBool verbose; - - -static void Usage(const char *progName) -{ - printf("Usage: %s [-r] [-f] [-d dbdir ] \n", - progName); - printf("%-20s open database readonly (NSS_INIT_READONLY)\n", "-r"); - printf("%-20s Continue to force initializations even if the\n", "-f"); - printf("%-20s databases cannot be opened (NSS_INIT_FORCEOPEN)\n", " "); - printf("%-20s Directory with cert database (default is .\n", - "-d certdir"); - exit(1); -} - -int main(int argc, char **argv) -{ - PLOptState *optstate; - PLOptStatus optstatus; - - PRUint32 flags = 0; - Error ret; - SECStatus rv; - char * dbString = NULL; - int i; - - progName = strrchr(argv[0], '/'); - if (!progName) - progName = strrchr(argv[0], '\\'); - progName = progName ? progName+1 : argv[0]; - - optstate = PL_CreateOptState(argc, argv, "rfd:h"); - - while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case 'h': - default : Usage(progName); break; - - case 'r': flags |= NSS_INIT_READONLY; break; - - case 'f': flags |= NSS_INIT_FORCEOPEN; break; - - case 'd': - dbDir = PORT_Strdup(optstate->value); - break; - - } - } - if (optstatus == PL_OPT_BAD) - Usage(progName); - - if (!dbDir) { - dbDir = SECU_DefaultSSLDir(); /* Look in $SSL_DIR */ - } - dbDir = SECU_ConfigDirectory(dbDir); - PR_fprintf(PR_STDERR, "dbdir selected is %s\n\n", dbDir); - - if( dbDir[0] == '\0') { - PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dbDir); - ret= DIR_DOESNT_EXIST_ERR; - goto loser; - } - - - PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); - - /* get the status of the directory and databases and output message */ - if(PR_Access(dbDir, PR_ACCESS_EXISTS) != PR_SUCCESS) { - PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dbDir); - } else if(PR_Access(dbDir, PR_ACCESS_READ_OK) != PR_SUCCESS) { - PR_fprintf(PR_STDERR, errStrings[DIR_NOT_READABLE_ERR], dbDir); - } else { - if( !( flags & NSS_INIT_READONLY ) && - PR_Access(dbDir, PR_ACCESS_WRITE_OK) != PR_SUCCESS) { - PR_fprintf(PR_STDERR, errStrings[DIR_NOT_WRITEABLE_ERR], dbDir); - } - for (i=0;i<3;i++) { - dbString=PR_smprintf("%s/%s",dbDir,dbName[i]); - PR_fprintf(PR_STDOUT, "database checked is %s\n",dbString); - if(PR_Access(dbString, PR_ACCESS_EXISTS) != PR_SUCCESS) { - PR_fprintf(PR_STDERR, errStrings[FILE_DOESNT_EXIST_ERR], - dbString); - } else if(PR_Access(dbString, PR_ACCESS_READ_OK) != PR_SUCCESS) { - PR_fprintf(PR_STDERR, errStrings[FILE_NOT_READABLE_ERR], - dbString); - } else if( !( flags & NSS_INIT_READONLY ) && - PR_Access(dbString, PR_ACCESS_WRITE_OK) != PR_SUCCESS) { - PR_fprintf(PR_STDERR, errStrings[FILE_NOT_WRITEABLE_ERR], - dbString); - } - } - } - - rv = NSS_Initialize(SECU_ConfigDirectory(dbDir), dbprefix, dbprefix, - secmodName, flags); - if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - ret=NSS_INITIALIZE_FAILED_ERR; - } else { - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - ret=SUCCESS; - } - -loser: - return ret; -} - diff --git a/security/nss/cmd/dbtest/manifest.mn b/security/nss/cmd/dbtest/manifest.mn deleted file mode 100644 index 0e3ba6c991..0000000000 --- a/security/nss/cmd/dbtest/manifest.mn +++ /dev/null @@ -1,54 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd dbm - -# DIRS = - -CSRCS = dbtest.c - -PROGRAM = dbtest - diff --git a/security/nss/cmd/derdump/Makefile b/security/nss/cmd/derdump/Makefile deleted file mode 100644 index 140b4191ff..0000000000 --- a/security/nss/cmd/derdump/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - -include ../platrules.mk - diff --git a/security/nss/cmd/derdump/derdump.c b/security/nss/cmd/derdump/derdump.c deleted file mode 100644 index 7103eef2c3..0000000000 --- a/security/nss/cmd/derdump/derdump.c +++ /dev/null @@ -1,137 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include "secutil.h" -#include "nss.h" -#include - -#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4)) -#if !defined(WIN32) -extern int fprintf(FILE *, char *, ...); -#endif -#endif -#include "plgetopt.h" - -static void Usage(char *progName) -{ - fprintf(stderr, - "Usage: %s [-r] [-i input] [-o output]\n", - progName); - fprintf(stderr, "%-20s For formatted items, dump raw bytes as well\n", - "-r"); - fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n", - "-i input"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", - "-o output"); - exit(-1); -} - -int main(int argc, char **argv) -{ - char *progName; - FILE *outFile; - PRFileDesc *inFile; - SECItem der; - SECStatus rv; - int16 xp_error; - PRBool raw = PR_FALSE; - PLOptState *optstate; - PLOptStatus status; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - /* Parse command line arguments */ - inFile = 0; - outFile = 0; - optstate = PL_CreateOptState(argc, argv, "i:o:r"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case 'i': - inFile = PR_Open(optstate->value, PR_RDONLY, 0); - if (!inFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - return -1; - } - break; - - case 'o': - outFile = fopen(optstate->value, "w"); - if (!outFile) { - fprintf(stderr, "%s: unable to open \"%s\" for writing\n", - progName, optstate->value); - return -1; - } - break; - - case 'r': - raw = PR_TRUE; - break; - - default: - Usage(progName); - break; - } - } - if (status == PL_OPT_BAD) - Usage(progName); - - if (!inFile) inFile = PR_STDIN; - if (!outFile) outFile = stdout; - - rv = NSS_NoDB_Init(NULL); /* XXX */ - if (rv != SECSuccess) { - SECU_PrintPRandOSError(progName); - return -1; - } - - rv = SECU_ReadDERFromFile(&der, inFile, PR_FALSE); - if (rv == SECSuccess) { - rv = DER_PrettyPrint(outFile, &der, raw); - if (rv == SECSuccess) - return 0; - } - - xp_error = PORT_GetError(); - if (xp_error) { - SECU_PrintError(progName, "error %d", xp_error); - } - if (errno) { - SECU_PrintSystemError(progName, "errno=%d", errno); - } - return 1; -} diff --git a/security/nss/cmd/derdump/manifest.mn b/security/nss/cmd/derdump/manifest.mn deleted file mode 100644 index f9299f0def..0000000000 --- a/security/nss/cmd/derdump/manifest.mn +++ /dev/null @@ -1,53 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = derdump.c - -PROGRAM = derdump diff --git a/security/nss/cmd/digest/Makefile b/security/nss/cmd/digest/Makefile deleted file mode 100644 index 140b4191ff..0000000000 --- a/security/nss/cmd/digest/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - -include ../platrules.mk - diff --git a/security/nss/cmd/digest/digest.c b/security/nss/cmd/digest/digest.c deleted file mode 100644 index 7a37856d9c..0000000000 --- a/security/nss/cmd/digest/digest.c +++ /dev/null @@ -1,256 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include "secutil.h" -#include "pk11func.h" -#include "secoid.h" - -#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4)) -#if !defined(WIN32) -extern int fread(char *, size_t, size_t, FILE*); -extern int fwrite(char *, size_t, size_t, FILE*); -extern int fprintf(FILE *, char *, ...); -#endif -#endif - -#include "plgetopt.h" - -static SECOidData * -HashTypeToOID(HASH_HashType hashtype) -{ - SECOidTag hashtag; - - if (hashtype <= HASH_AlgNULL || hashtype >= HASH_AlgTOTAL) - return NULL; - - switch (hashtype) { - case HASH_AlgMD2: - hashtag = SEC_OID_MD2; - break; - case HASH_AlgMD5: - hashtag = SEC_OID_MD5; - break; - case HASH_AlgSHA1: - hashtag = SEC_OID_SHA1; - break; - default: - fprintf(stderr, "A new hash type has been added to HASH_HashType.\n"); - fprintf(stderr, "This program needs to be updated!\n"); - return NULL; - } - - return SECOID_FindOIDByTag(hashtag); -} - -static SECOidData * -HashNameToOID(const char *hashName) -{ - HASH_HashType htype; - SECOidData *hashOID; - - for (htype = HASH_AlgNULL + 1; htype < HASH_AlgTOTAL; htype++) { - hashOID = HashTypeToOID(htype); - if (PORT_Strcasecmp(hashName, hashOID->desc) == 0) - break; - } - - if (htype == HASH_AlgTOTAL) - return NULL; - - return hashOID; -} - -static void -Usage(char *progName) -{ - HASH_HashType htype; - - fprintf(stderr, - "Usage: %s -t type [-i input] [-o output]\n", - progName); - fprintf(stderr, "%-20s Specify the digest method (must be one of\n", - "-t type"); - fprintf(stderr, "%-20s ", ""); - for (htype = HASH_AlgNULL + 1; htype < HASH_AlgTOTAL; htype++) { - fprintf(stderr, HashTypeToOID(htype)->desc); - if (htype == (HASH_AlgTOTAL - 2)) - fprintf(stderr, " or "); - else if (htype != (HASH_AlgTOTAL - 1)) - fprintf(stderr, ", "); - } - fprintf(stderr, " (case ignored))\n"); - fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n", - "-i input"); - fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n", - "-o output"); - exit(-1); -} - -static int -DigestFile(FILE *outFile, FILE *inFile, SECOidData *hashOID) -{ - int nb; - unsigned char ibuf[4096], digest[32]; - PK11Context *hashcx; - unsigned int len; - SECStatus rv; - - hashcx = PK11_CreateDigestContext(hashOID->offset); - if (hashcx == NULL) { - return -1; - } - PK11_DigestBegin(hashcx); - - - for (;;) { - if (feof(inFile)) break; - nb = fread(ibuf, 1, sizeof(ibuf), inFile); - if (nb != sizeof(ibuf)) { - if (nb == 0) { - if (ferror(inFile)) { - PORT_SetError(SEC_ERROR_IO); - PK11_DestroyContext(hashcx,PR_TRUE); - return -1; - } - /* eof */ - break; - } - } - rv = PK11_DigestOp(hashcx, ibuf, nb); - if (rv != SECSuccess) { - PK11_DestroyContext(hashcx, PR_TRUE); - return -1; - } - } - - rv = PK11_DigestFinal(hashcx, digest, &len, 32); - PK11_DestroyContext(hashcx, PR_TRUE); - - if (rv != SECSuccess) return -1; - - nb = fwrite(digest, 1, len, outFile); - if (nb != len) { - PORT_SetError(SEC_ERROR_IO); - return -1; - } - - return 0; -} - -#include "nss.h" - -int -main(int argc, char **argv) -{ - char *progName; - FILE *inFile, *outFile; - char *hashName; - SECOidData *hashOID; - PLOptState *optstate; - PLOptStatus status; - SECStatus rv; - - progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; - - inFile = NULL; - outFile = NULL; - hashName = NULL; - - rv = NSS_Init("/tmp"); - if (rv != SECSuccess) { - fprintf(stderr, "%s: NSS_Init failed in directory %s\n", - progName, "/tmp"); - return -1; - } - - /* - * Parse command line arguments - */ - optstate = PL_CreateOptState(argc, argv, "t:i:o:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - case '?': - Usage(progName); - break; - - case 'i': - inFile = fopen(optstate->value, "r"); - if (!inFile) { - fprintf(stderr, "%s: unable to open \"%s\" for reading\n", - progName, optstate->value); - return -1; - } - break; - - case 'o': - outFile = fopen(optstate->value, "w"); - if (!outFile) { - fprintf(stderr, "%s: unable to open \"%s\" for writing\n", - progName, optstate->value); - return -1; - } - break; - - case 't': - hashName = strdup(optstate->value); - break; - } - } - - if (!hashName) Usage(progName); - - if (!inFile) inFile = stdin; - if (!outFile) outFile = stdout; - - hashOID = HashNameToOID(hashName); - if (hashOID == NULL) { - fprintf(stderr, "%s: invalid digest type\n", progName); - Usage(progName); - } - - if (DigestFile(outFile, inFile, hashOID)) { - fprintf(stderr, "%s: problem digesting data (%s)\n", - progName, SECU_Strerror(PORT_GetError())); - return -1; - } - - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - - return 0; -} diff --git a/security/nss/cmd/digest/manifest.mn b/security/nss/cmd/digest/manifest.mn deleted file mode 100644 index e4c9193be9..0000000000 --- a/security/nss/cmd/digest/manifest.mn +++ /dev/null @@ -1,54 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -# This next line is used by .mk files -# and gets translated into $LINCS in manifest.mnw -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = seccmd dbm - -DEFINES = -DNSPR20 - -CSRCS = digest.c - -PROGRAM = digest - diff --git a/security/nss/cmd/fipstest/Makefile b/security/nss/cmd/fipstest/Makefile deleted file mode 100755 index 60f791f6cf..0000000000 --- a/security/nss/cmd/fipstest/Makefile +++ /dev/null @@ -1,86 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn -#MKPROG = purify -cache-dir=/u/mcgreer/pcache -best-effort \ -# -always-use-cache-dir $(CC) - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -#EXTRA_SHARED_LIBS += \ -# -L/usr/lib \ -# -lposix4 \ -# $(NULL) - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -include ../platrules.mk diff --git a/security/nss/cmd/fipstest/aes.sh b/security/nss/cmd/fipstest/aes.sh deleted file mode 100644 index 09ed494bf6..0000000000 --- a/security/nss/cmd/fipstest/aes.sh +++ /dev/null @@ -1,94 +0,0 @@ -#!/bin/sh -# -# A Bourne shell script for running the NIST AES Algorithm Validation Suite -# -# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment -# variables appropriately so that the fipstest command and the NSPR and NSS -# shared libraries/DLLs are on the search path. Then run this script in the -# directory where the REQUEST (.req) files reside. The script generates the -# RESPONSE (.rsp) files in the same directory. - -cbc_kat_requests=" -CBCGFSbox128.req -CBCGFSbox192.req -CBCGFSbox256.req -CBCKeySbox128.req -CBCKeySbox192.req -CBCKeySbox256.req -CBCVarKey128.req -CBCVarKey192.req -CBCVarKey256.req -CBCVarTxt128.req -CBCVarTxt192.req -CBCVarTxt256.req -" - -cbc_mct_requests=" -CBCMCT128.req -CBCMCT192.req -CBCMCT256.req -" - -cbc_mmt_requests=" -CBCMMT128.req -CBCMMT192.req -CBCMMT256.req -" - -ecb_kat_requests=" -ECBGFSbox128.req -ECBGFSbox192.req -ECBGFSbox256.req -ECBKeySbox128.req -ECBKeySbox192.req -ECBKeySbox256.req -ECBVarKey128.req -ECBVarKey192.req -ECBVarKey256.req -ECBVarTxt128.req -ECBVarTxt192.req -ECBVarTxt256.req -" - -ecb_mct_requests=" -ECBMCT128.req -ECBMCT192.req -ECBMCT256.req -" - -ecb_mmt_requests=" -ECBMMT128.req -ECBMMT192.req -ECBMMT256.req -" - -for request in $ecb_kat_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response - fipstest aes kat ecb $request > $response -done -for request in $ecb_mmt_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response - fipstest aes mmt ecb $request > $response -done -for request in $ecb_mct_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response - fipstest aes mct ecb $request > $response -done -for request in $cbc_kat_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response - fipstest aes kat cbc $request > $response -done -for request in $cbc_mmt_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response - fipstest aes mmt cbc $request > $response -done -for request in $cbc_mct_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response - fipstest aes mct cbc $request > $response -done diff --git a/security/nss/cmd/fipstest/ecdsa.sh b/security/nss/cmd/fipstest/ecdsa.sh deleted file mode 100644 index 306c8650f3..0000000000 --- a/security/nss/cmd/fipstest/ecdsa.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh -# -# A Bourne shell script for running the NIST ECDSA Validation System -# -# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment -# variables appropriately so that the fipstest command and the NSPR and NSS -# shared libraries/DLLs are on the search path. Then run this script in the -# directory where the REQUEST (.req) files reside. The script generates the -# RESPONSE (.rsp) files in the same directory. - -request=KeyPair.req -response=`echo $request | sed -e "s/req/rsp/"` -echo $request $response -fipstest ecdsa keypair $request > $response - -request=PKV.req -response=`echo $request | sed -e "s/req/rsp/"` -echo $request $response -fipstest ecdsa pkv $request > $response - -request=SigGen.req -response=`echo $request | sed -e "s/req/rsp/"` -echo $request $response -fipstest ecdsa siggen $request > $response - -request=SigVer.req -response=`echo $request | sed -e "s/req/rsp/"` -echo $request $response -fipstest ecdsa sigver $request > $response diff --git a/security/nss/cmd/fipstest/fipstest.c b/security/nss/cmd/fipstest/fipstest.c deleted file mode 100644 index 48d47f9f10..0000000000 --- a/security/nss/cmd/fipstest/fipstest.c +++ /dev/null @@ -1,3411 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include -#include -#include - -#include "secitem.h" -#include "blapi.h" -#include "nss.h" -#include "secerr.h" -#include "secoidt.h" -#include "keythi.h" -#include "ec.h" -#if 0 -#include "../../lib/freebl/mpi/mpi.h" -#endif - -#ifdef NSS_ENABLE_ECC - -extern SECStatus -EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams); - -#endif - -#define ENCRYPT 1 -#define DECRYPT 0 -#define BYTE unsigned char - -SECStatus -hex_from_2char(const unsigned char *c2, unsigned char *byteval) -{ - int i; - unsigned char offset; - *byteval = 0; - for (i=0; i<2; i++) { - if (c2[i] >= '0' && c2[i] <= '9') { - offset = c2[i] - '0'; - *byteval |= offset << 4*(1-i); - } else if (c2[i] >= 'a' && c2[i] <= 'f') { - offset = c2[i] - 'a'; - *byteval |= (offset + 10) << 4*(1-i); - } else if (c2[i] >= 'A' && c2[i] <= 'F') { - offset = c2[i] - 'A'; - *byteval |= (offset + 10) << 4*(1-i); - } else { - return SECFailure; - } - } - return SECSuccess; -} - -SECStatus -char2_from_hex(unsigned char byteval, unsigned char *c2, char a) -{ - int i; - unsigned char offset; - for (i=0; i<2; i++) { - offset = (byteval >> 4*(1-i)) & 0x0f; - if (offset < 10) { - c2[i] = '0' + offset; - } else { - c2[i] = a + offset - 10; - } - } - return SECSuccess; -} - -void -to_hex_str(char *str, const unsigned char *buf, unsigned int len) -{ - unsigned int i; - for (i=0; i 2*len) { - /* - * The input hex string is too long, but we allow it if the - * extra digits are leading 0's. - */ - for (j = 0; j < nxdigit-2*len; j++) { - if (str[j] != '0') { - return PR_FALSE; - } - } - /* skip leading 0's */ - str += nxdigit-2*len; - nxdigit = 2*len; - } - for (i=0, j=0; i< len; i++) { - if (2*i < 2*len-nxdigit) { - /* Handle a short input as if we padded it with leading 0's. */ - if (2*i+1 < 2*len-nxdigit) { - buf[i] = 0; - } else { - char tmp[2]; - tmp[0] = '0'; - tmp[1] = str[j]; - hex_from_2char(tmp, &buf[i]); - j++; - } - } else { - hex_from_2char(&str[j], &buf[i]); - j += 2; - } - } - return PR_TRUE; -} - -SECStatus -tdea_encrypt_buf( - int mode, - const unsigned char *key, - const unsigned char *iv, - unsigned char *output, unsigned int *outputlen, unsigned int maxoutputlen, - const unsigned char *input, unsigned int inputlen) -{ - SECStatus rv = SECFailure; - DESContext *cx; - unsigned char doublecheck[8*20]; /* 1 to 20 blocks */ - unsigned int doublechecklen = 0; - - cx = DES_CreateContext(key, iv, mode, PR_TRUE); - if (cx == NULL) { - goto loser; - } - rv = DES_Encrypt(cx, output, outputlen, maxoutputlen, input, inputlen); - if (rv != SECSuccess) { - goto loser; - } - if (*outputlen != inputlen) { - goto loser; - } - DES_DestroyContext(cx, PR_TRUE); - cx = NULL; - - /* - * Doublecheck our result by decrypting the ciphertext and - * compare the output with the input plaintext. - */ - cx = DES_CreateContext(key, iv, mode, PR_FALSE); - if (cx == NULL) { - goto loser; - } - rv = DES_Decrypt(cx, doublecheck, &doublechecklen, sizeof doublecheck, - output, *outputlen); - if (rv != SECSuccess) { - goto loser; - } - if (doublechecklen != *outputlen) { - goto loser; - } - DES_DestroyContext(cx, PR_TRUE); - cx = NULL; - if (memcmp(doublecheck, input, inputlen) != 0) { - goto loser; - } - rv = SECSuccess; - -loser: - if (cx != NULL) { - DES_DestroyContext(cx, PR_TRUE); - } - return rv; -} - -SECStatus -tdea_decrypt_buf( - int mode, - const unsigned char *key, - const unsigned char *iv, - unsigned char *output, unsigned int *outputlen, unsigned int maxoutputlen, - const unsigned char *input, unsigned int inputlen) -{ - SECStatus rv = SECFailure; - DESContext *cx; - unsigned char doublecheck[8*20]; /* 1 to 20 blocks */ - unsigned int doublechecklen = 0; - - cx = DES_CreateContext(key, iv, mode, PR_FALSE); - if (cx == NULL) { - goto loser; - } - rv = DES_Decrypt(cx, output, outputlen, maxoutputlen, - input, inputlen); - if (rv != SECSuccess) { - goto loser; - } - if (*outputlen != inputlen) { - goto loser; - } - DES_DestroyContext(cx, PR_TRUE); - cx = NULL; - - /* - * Doublecheck our result by encrypting the plaintext and - * compare the output with the input ciphertext. - */ - cx = DES_CreateContext(key, iv, mode, PR_TRUE); - if (cx == NULL) { - goto loser; - } - rv = DES_Encrypt(cx, doublecheck, &doublechecklen, sizeof doublecheck, - output, *outputlen); - if (rv != SECSuccess) { - goto loser; - } - if (doublechecklen != *outputlen) { - goto loser; - } - DES_DestroyContext(cx, PR_TRUE); - cx = NULL; - if (memcmp(doublecheck, input, inputlen) != 0) { - goto loser; - } - rv = SECSuccess; - -loser: - if (cx != NULL) { - DES_DestroyContext(cx, PR_TRUE); - } - return rv; -} - -/* - * Perform the TDEA Known Answer Test (KAT) or Multi-block Message - * Test (MMT) in ECB or CBC mode. The KAT (there are five types) - * and MMT have the same structure: given the key and IV (CBC mode - * only), encrypt the given plaintext or decrypt the given ciphertext. - * So we can handle them the same way. - * - * reqfn is the pathname of the REQUEST file. - * - * The output RESPONSE file is written to stdout. - */ -void -tdea_kat_mmt(char *reqfn) -{ - char buf[180]; /* holds one line from the input REQUEST file. - * needs to be large enough to hold the longest - * line "CIPHERTEXT = <180 hex digits>\n". - */ - FILE *req; /* input stream from the REQUEST file */ - FILE *resp; /* output stream to the RESPONSE file */ - int i, j; - int mode; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */ - int crypt = DECRYPT; /* 1 means encrypt, 0 means decrypt */ - unsigned char key[24]; /* TDEA 3 key bundle */ - unsigned int numKeys = 0; - unsigned char iv[8]; /* for all modes except ECB */ - unsigned char plaintext[8*20]; /* 1 to 20 blocks */ - unsigned int plaintextlen; - unsigned char ciphertext[8*20]; /* 1 to 20 blocks */ - unsigned int ciphertextlen; - SECStatus rv; - - req = fopen(reqfn, "r"); - resp = stdout; - while (fgets(buf, sizeof buf, req) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, resp); - continue; - } - /* [ENCRYPT] or [DECRYPT] */ - if (buf[0] == '[') { - if (strncmp(&buf[1], "ENCRYPT", 7) == 0) { - crypt = ENCRYPT; - } else { - crypt = DECRYPT; - } - fputs(buf, resp); - continue; - } - /* NumKeys */ - if (strncmp(&buf[0], "NumKeys", 7) == 0) { - i = 7; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - numKeys = buf[i]; - fputs(buf, resp); - continue; - } - /* "COUNT = x" begins a new data set */ - if (strncmp(buf, "COUNT", 5) == 0) { - /* mode defaults to ECB, if dataset has IV mode will be set CBC */ - mode = NSS_DES_EDE3; - /* zeroize the variables for the test with this data set */ - memset(key, 0, sizeof key); - memset(iv, 0, sizeof iv); - memset(plaintext, 0, sizeof plaintext); - plaintextlen = 0; - memset(ciphertext, 0, sizeof ciphertext); - ciphertextlen = 0; - fputs(buf, resp); - continue; - } - if (numKeys == 0) { - if (strncmp(buf, "KEYs", 4) == 0) { - i = 4; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; isxdigit(buf[i]); i+=2,j++) { - hex_from_2char(&buf[i], &key[j]); - key[j+8] = key[j]; - key[j+16] = key[j]; - } - fputs(buf, resp); - continue; - } - } else { - /* KEY1 = ... */ - if (strncmp(buf, "KEY1", 4) == 0) { - i = 4; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; isxdigit(buf[i]); i+=2,j++) { - hex_from_2char(&buf[i], &key[j]); - } - fputs(buf, resp); - continue; - } - /* KEY2 = ... */ - if (strncmp(buf, "KEY2", 4) == 0) { - i = 4; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=8; isxdigit(buf[i]); i+=2,j++) { - hex_from_2char(&buf[i], &key[j]); - } - fputs(buf, resp); - continue; - } - /* KEY3 = ... */ - if (strncmp(buf, "KEY3", 4) == 0) { - i = 4; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=16; isxdigit(buf[i]); i+=2,j++) { - hex_from_2char(&buf[i], &key[j]); - } - fputs(buf, resp); - continue; - } - } - - /* IV = ... */ - if (strncmp(buf, "IV", 2) == 0) { - mode = NSS_DES_EDE3_CBC; - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; j> 4; - in ^= in >> 2; - in ^= in >> 1; - return (BYTE)(out ^ !(in & 1)); -} - -/* - * Generate Keys [i+1] from Key[i], PT/CT[j-2], PT/CT[j-1], and PT/CT[j] - * for TDEA Monte Carlo Test (MCT) in ECB and CBC modes. - */ -void -tdea_mct_next_keys(unsigned char *key, - const unsigned char *text_2, const unsigned char *text_1, - const unsigned char *text, unsigned int numKeys) -{ - int k; - - /* key1[i+1] = key1[i] xor PT/CT[j] */ - for (k=0; k<8; k++) { - key[k] ^= text[k]; - } - /* key2 */ - if (numKeys == 2 || numKeys == 3) { - /* key2 independent */ - for (k=8; k<16; k++) { - /* key2[i+1] = KEY2[i] xor PT/CT[j-1] */ - key[k] ^= text_1[k-8]; - } - } else { - /* key2 == key 1 */ - for (k=8; k<16; k++) { - /* key2[i+1] = KEY2[i] xor PT/CT[j] */ - key[k] = key[k-8]; - } - } - /* key3 */ - if (numKeys == 1 || numKeys == 2) { - /* key3 == key 1 */ - for (k=16; k<24; k++) { - /* key3[i+1] = KEY3[i] xor PT/CT[j] */ - key[k] = key[k-16]; - } - } else { - /* key3 independent */ - for (k=16; k<24; k++) { - /* key3[i+1] = KEY3[i] xor PT/CT[j-2] */ - key[k] ^= text_2[k-16]; - } - } - /* set the parity bits */ - for (k=0; k<24; k++) { - key[k] = odd_parity(key[k]); - } -} - -/* - * Perform the Monte Carlo Test - * - * mode = NSS_DES_EDE3 or NSS_DES_EDE3_CBC - * crypt = ENCRYPT || DECRYPT - * inputtext = plaintext or Cyphertext depending on the value of crypt - * inputlength is expected to be size 8 bytes - * iv = needs to be set for NSS_DES_EDE3_CBC mode - * resp = is the output response file. - */ - void -tdea_mct_test(int mode, unsigned char* key, unsigned int numKeys, - unsigned int crypt, unsigned char* inputtext, - unsigned int inputlength, unsigned char* iv, FILE *resp) { - - int i, j; - unsigned char outputtext_1[8]; /* PT/CT[j-1] */ - unsigned char outputtext_2[8]; /* PT/CT[j-2] */ - char buf[80]; /* holds one line from the input REQUEST file. */ - unsigned int outputlen; - unsigned char outputtext[8]; - - - SECStatus rv; - - if (mode == NSS_DES_EDE3 && iv != NULL) { - printf("IV must be NULL for NSS_DES_EDE3 mode"); - goto loser; - } else if (mode == NSS_DES_EDE3_CBC && iv == NULL) { - printf("IV must not be NULL for NSS_DES_EDE3_CBC mode"); - goto loser; - } - - /* loop 400 times */ - for (i=0; i<400; i++) { - /* if i == 0 CV[0] = IV not necessary */ - /* record the count and key values and plainText */ - sprintf(buf, "COUNT = %d\n", i); - fputs(buf, resp); - /* Output KEY1[i] */ - fputs("KEY1 = ", resp); - to_hex_str(buf, key, 8); - fputs(buf, resp); - fputc('\n', resp); - /* Output KEY2[i] */ - fputs("KEY2 = ", resp); - to_hex_str(buf, &key[8], 8); - fputs(buf, resp); - fputc('\n', resp); - /* Output KEY3[i] */ - fputs("KEY3 = ", resp); - to_hex_str(buf, &key[16], 8); - fputs(buf, resp); - fputc('\n', resp); - if (mode == NSS_DES_EDE3_CBC) { - /* Output CV[i] */ - fputs("IV = ", resp); - to_hex_str(buf, iv, 8); - fputs(buf, resp); - fputc('\n', resp); - } - if (crypt == ENCRYPT) { - /* Output PT[0] */ - fputs("PLAINTEXT = ", resp); - } else { - /* Output CT[0] */ - fputs("CIPHERTEXT = ", resp); - } - - to_hex_str(buf, inputtext, inputlength); - fputs(buf, resp); - fputc('\n', resp); - - /* loop 10,000 times */ - for (j=0; j<10000; j++) { - - outputlen = 0; - if (crypt == ENCRYPT) { - /* inputtext == ciphertext outputtext == plaintext*/ - rv = tdea_encrypt_buf(mode, key, - (mode == NSS_DES_EDE3) ? NULL : iv, - outputtext, &outputlen, 8, - inputtext, 8); - } else { - /* inputtext == plaintext outputtext == ciphertext */ - rv = tdea_decrypt_buf(mode, key, - (mode == NSS_DES_EDE3) ? NULL : iv, - outputtext, &outputlen, 8, - inputtext, 8); - } - - if (rv != SECSuccess) { - goto loser; - } - if (outputlen != inputlength) { - goto loser; - } - - if (mode == NSS_DES_EDE3_CBC) { - if (crypt == ENCRYPT) { - if (j == 0) { - /*P[j+1] = CV[0] */ - memcpy(inputtext, iv, 8); - } else { - /* p[j+1] = C[j-1] */ - memcpy(inputtext, outputtext_1, 8); - } - /* CV[j+1] = C[j] */ - memcpy(iv, outputtext, 8); - if (j != 9999) { - /* save C[j-1] */ - memcpy(outputtext_1, outputtext, 8); - } - } else { /* DECRYPT */ - /* CV[j+1] = C[j] */ - memcpy(iv, inputtext, 8); - /* C[j+1] = P[j] */ - memcpy(inputtext, outputtext, 8); - } - } else { - /* ECB mode PT/CT[j+1] = CT/PT[j] */ - memcpy(inputtext, outputtext, 8); - } - - /* Save PT/CT[j-2] and PT/CT[j-1] */ - if (j==9997) memcpy(outputtext_2, outputtext, 8); - if (j==9998) memcpy(outputtext_1, outputtext, 8); - /* done at the end of the for(j) loop */ - } - - - if (crypt == ENCRYPT) { - /* Output CT[j] */ - fputs("CIPHERTEXT = ", resp); - } else { - /* Output PT[j] */ - fputs("PLAINTEXT = ", resp); - } - to_hex_str(buf, outputtext, 8); - fputs(buf, resp); - fputc('\n', resp); - - /* Key[i+1] = Key[i] xor ... outputtext_2 == PT/CT[j-2] - * outputtext_1 == PT/CT[j-1] outputtext == PT/CT[j] - */ - tdea_mct_next_keys(key, outputtext_2, - outputtext_1, outputtext, numKeys); - - if (mode == NSS_DES_EDE3_CBC) { - /* taken care of in the j=9999 iteration */ - if (crypt == ENCRYPT) { - /* P[i] = C[j-1] */ - /* CV[i] = C[j] */ - } else { - /* taken care of in the j=9999 iteration */ - /* CV[i] = C[j] */ - /* C[i] = P[j] */ - } - } else { - /* ECB PT/CT[i] = PT/CT[j] */ - memcpy(inputtext, outputtext, 8); - } - /* done at the end of the for(i) loop */ - fputc('\n', resp); - } - -loser: - return; -} - -/* - * Perform the TDEA Monte Carlo Test (MCT) in ECB/CBC modes. - * by gathering the input from the request file, and then - * calling tdea_mct_test. - * - * reqfn is the pathname of the input REQUEST file. - * - * The output RESPONSE file is written to stdout. - */ -void -tdea_mct(int mode, char *reqfn) -{ - int i, j; - char buf[80]; /* holds one line from the input REQUEST file. */ - FILE *req; /* input stream from the REQUEST file */ - FILE *resp; /* output stream to the RESPONSE file */ - unsigned int crypt = 0; /* 1 means encrypt, 0 means decrypt */ - unsigned char key[24]; /* TDEA 3 key bundle */ - unsigned int numKeys = 0; - unsigned char plaintext[8]; /* PT[j] */ - unsigned char ciphertext[8]; /* CT[j] */ - unsigned char iv[8]; - - /* zeroize the variables for the test with this data set */ - memset(key, 0, sizeof key); - memset(plaintext, 0, sizeof plaintext); - memset(ciphertext, 0, sizeof ciphertext); - memset(iv, 0, sizeof iv); - - req = fopen(reqfn, "r"); - resp = stdout; - while (fgets(buf, sizeof buf, req) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, resp); - continue; - } - /* [ENCRYPT] or [DECRYPT] */ - if (buf[0] == '[') { - if (strncmp(&buf[1], "ENCRYPT", 7) == 0) { - crypt = ENCRYPT; - } else { - crypt = DECRYPT; - } - fputs(buf, resp); - continue; - } - /* NumKeys */ - if (strncmp(&buf[0], "NumKeys", 7) == 0) { - i = 7; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - numKeys = atoi(&buf[i]); - continue; - } - /* KEY1 = ... */ - if (strncmp(buf, "KEY1", 4) == 0) { - i = 4; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; isxdigit(buf[i]); i+=2,j++) { - hex_from_2char(&buf[i], &key[j]); - } - continue; - } - /* KEY2 = ... */ - if (strncmp(buf, "KEY2", 4) == 0) { - i = 4; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=8; isxdigit(buf[i]); i+=2,j++) { - hex_from_2char(&buf[i], &key[j]); - } - continue; - } - /* KEY3 = ... */ - if (strncmp(buf, "KEY3", 4) == 0) { - i = 4; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=16; isxdigit(buf[i]); i+=2,j++) { - hex_from_2char(&buf[i], &key[j]); - } - continue; - } - - /* IV = ... */ - if (strncmp(buf, "IV", 2) == 0) { - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; j\n". - */ - FILE *aesreq; /* input stream from the REQUEST file */ - FILE *aesresp; /* output stream to the RESPONSE file */ - int i, j; - int mode; /* NSS_AES (ECB) or NSS_AES_CBC */ - int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ - unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; - unsigned char iv[16]; /* for all modes except ECB */ - unsigned char plaintext[10*16]; /* 1 to 10 blocks */ - unsigned int plaintextlen; - unsigned char ciphertext[10*16]; /* 1 to 10 blocks */ - unsigned int ciphertextlen; - SECStatus rv; - - aesreq = fopen(reqfn, "r"); - aesresp = stdout; - while (fgets(buf, sizeof buf, aesreq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, aesresp); - continue; - } - /* [ENCRYPT] or [DECRYPT] */ - if (buf[0] == '[') { - if (strncmp(&buf[1], "ENCRYPT", 7) == 0) { - encrypt = 1; - } else { - encrypt = 0; - } - fputs(buf, aesresp); - continue; - } - /* "COUNT = x" begins a new data set */ - if (strncmp(buf, "COUNT", 5) == 0) { - mode = NSS_AES; - /* zeroize the variables for the test with this data set */ - memset(key, 0, sizeof key); - keysize = 0; - memset(iv, 0, sizeof iv); - memset(plaintext, 0, sizeof plaintext); - plaintextlen = 0; - memset(ciphertext, 0, sizeof ciphertext); - ciphertextlen = 0; - fputs(buf, aesresp); - continue; - } - /* KEY = ... */ - if (strncmp(buf, "KEY", 3) == 0) { - i = 3; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; isxdigit(buf[i]); i+=2,j++) { - hex_from_2char(&buf[i], &key[j]); - } - keysize = j; - fputs(buf, aesresp); - continue; - } - /* IV = ... */ - if (strncmp(buf, "IV", 2) == 0) { - mode = NSS_AES_CBC; - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; j\n". - */ - FILE *aesreq; /* input stream from the REQUEST file */ - FILE *aesresp; /* output stream to the RESPONSE file */ - int i, j; - int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ - unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; - unsigned char plaintext[16]; /* PT[j] */ - unsigned char plaintext_1[16]; /* PT[j-1] */ - unsigned char ciphertext[16]; /* CT[j] */ - unsigned char ciphertext_1[16]; /* CT[j-1] */ - unsigned char doublecheck[16]; - unsigned int outputlen; - AESContext *cx = NULL; /* the operation being tested */ - AESContext *cx2 = NULL; /* the inverse operation done in parallel - * to doublecheck our result. - */ - SECStatus rv; - - aesreq = fopen(reqfn, "r"); - aesresp = stdout; - while (fgets(buf, sizeof buf, aesreq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, aesresp); - continue; - } - /* [ENCRYPT] or [DECRYPT] */ - if (buf[0] == '[') { - if (strncmp(&buf[1], "ENCRYPT", 7) == 0) { - encrypt = 1; - } else { - encrypt = 0; - } - fputs(buf, aesresp); - continue; - } - /* "COUNT = x" begins a new data set */ - if (strncmp(buf, "COUNT", 5) == 0) { - /* zeroize the variables for the test with this data set */ - memset(key, 0, sizeof key); - keysize = 0; - memset(plaintext, 0, sizeof plaintext); - memset(ciphertext, 0, sizeof ciphertext); - continue; - } - /* KEY = ... */ - if (strncmp(buf, "KEY", 3) == 0) { - /* Key[0] = Key */ - i = 3; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; isxdigit(buf[i]); i+=2,j++) { - hex_from_2char(&buf[i], &key[j]); - } - keysize = j; - continue; - } - /* PLAINTEXT = ... */ - if (strncmp(buf, "PLAINTEXT", 9) == 0) { - /* sanity check */ - if (!encrypt) { - goto loser; - } - /* PT[0] = PT */ - i = 9; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; j\n". - */ - FILE *aesreq; /* input stream from the REQUEST file */ - FILE *aesresp; /* output stream to the RESPONSE file */ - int i, j; - int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ - unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; - unsigned char iv[16]; - unsigned char plaintext[16]; /* PT[j] */ - unsigned char plaintext_1[16]; /* PT[j-1] */ - unsigned char ciphertext[16]; /* CT[j] */ - unsigned char ciphertext_1[16]; /* CT[j-1] */ - unsigned char doublecheck[16]; - unsigned int outputlen; - AESContext *cx = NULL; /* the operation being tested */ - AESContext *cx2 = NULL; /* the inverse operation done in parallel - * to doublecheck our result. - */ - SECStatus rv; - - aesreq = fopen(reqfn, "r"); - aesresp = stdout; - while (fgets(buf, sizeof buf, aesreq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, aesresp); - continue; - } - /* [ENCRYPT] or [DECRYPT] */ - if (buf[0] == '[') { - if (strncmp(&buf[1], "ENCRYPT", 7) == 0) { - encrypt = 1; - } else { - encrypt = 0; - } - fputs(buf, aesresp); - continue; - } - /* "COUNT = x" begins a new data set */ - if (strncmp(buf, "COUNT", 5) == 0) { - /* zeroize the variables for the test with this data set */ - memset(key, 0, sizeof key); - keysize = 0; - memset(iv, 0, sizeof iv); - memset(plaintext, 0, sizeof plaintext); - memset(ciphertext, 0, sizeof ciphertext); - continue; - } - /* KEY = ... */ - if (strncmp(buf, "KEY", 3) == 0) { - /* Key[0] = Key */ - i = 3; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; isxdigit(buf[i]); i+=2,j++) { - hex_from_2char(&buf[i], &key[j]); - } - keysize = j; - continue; - } - /* IV = ... */ - if (strncmp(buf, "IV", 2) == 0) { - /* IV[0] = IV */ - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; j= 0) { - if (rv == 0) { - if (strcmp(key, "mod") == 0) { - mod = atoi(val); - fprintf(rsp, "[mod=%d]\n", mod); - } else if (strcmp(key, "Prime") == 0) { - unsigned char octets[128]; - mp_int mp; - fprintf(rsp, "Prime= %s\n", val); - for (i=0; i= 0) { - if (rv == 0) { - if (strcmp(key, "mod") == 0) { - mod = atoi(val); - fprintf(rsp, "[mod=%d]\n", mod); - } else if (strcmp(key, "N") == 0) { - char str[264]; - unsigned int jj; - int N = atoi(val); - for (i=0; iseed.data[0] & 0x80)) { - to_hex_str(str, vfy->seed.data, vfy->seed.len); - fprintf(stderr, "rejected %s\n", str); - --i; - continue; - } -#endif - to_hex_str(str, pqg->prime.data, pqg->prime.len); - fprintf(rsp, "P= %s\n", str); - to_hex_str(str, pqg->subPrime.data, pqg->subPrime.len); - fprintf(rsp, "Q= %s\n", str); - to_hex_str(str, pqg->base.data, pqg->base.len); - fprintf(rsp, "G= %s\n", str); - to_hex_str(str, vfy->seed.data, vfy->seed.len); - fprintf(rsp, "Seed= %s\n", str); - to_hex_str(str, vfy->h.data, vfy->h.len); - fprintf(rsp, "H= "); - for (jj=vfy->h.len; jjprime.len; jj++) { - fprintf(rsp, "00"); - } - fprintf(rsp, "%s\n", str); - fprintf(rsp, "c= %d\n", vfy->counter); - } - } - } - } - fclose(req); - fclose(rsp); - return; -do_pqgver: - /* PQG Verification */ - sprintf(filename, "%s/verpqg.req", reqdir); - req = fopen(filename, "r"); - sprintf(filename, "%s/verpqg.rsp", rspdir); - rsp = fopen(filename, "w"); - memset(¶ms, 0, sizeof(params)); - memset(&verify, 0, sizeof(verify)); - while ((rv = get_next_line(req, key, val, rsp)) >= 0) { - if (rv == 0) { - if (strcmp(key, "mod") == 0) { - mod = atoi(val); - fprintf(rsp, "[mod=%d]\n", mod); - } else if (strcmp(key, "P") == 0) { - if (params.prime.data) { - SECITEM_ZfreeItem(¶ms.prime, PR_FALSE); - } - SECITEM_AllocItem(NULL, ¶ms.prime, strlen(val)/2); - for (i=0; i= 0); - for (j=0; j<=8; j++) { - char str[264]; - PQGParams *pqg; - PQGVerify *vfy; - fprintf(rsp, "[mod=%d]\n", 512 + j*64); - PQG_ParamGen(j, &pqg, &vfy); - to_hex_str(str, pqg->prime.data, pqg->prime.len); - fprintf(rsp, "P= %s\n", str); - to_hex_str(str, pqg->subPrime.data, pqg->subPrime.len); - fprintf(rsp, "Q= %s\n", str); - to_hex_str(str, pqg->base.data, pqg->base.len); - fprintf(rsp, "G= %s\n", str); - for (i=0; i<10; i++) { - DSAPrivateKey *dsakey; - DSA_NewKey(pqg, &dsakey); - to_hex_str(str, dsakey->privateValue.data,dsakey->privateValue.len); - fprintf(rsp, "X= %s\n", str); - to_hex_str(str, dsakey->publicValue.data, dsakey->publicValue.len); - fprintf(rsp, "Y= %s\n", str); - PORT_FreeArena(dsakey->params.arena, PR_TRUE); - dsakey = NULL; - } - } - fclose(req); - fclose(rsp); - return; -do_siggen: - /* Signature Gen */ - sprintf(filename, "%s/gensig.req", reqdir); - req = fopen(filename, "r"); - sprintf(filename, "%s/gensig.rsp", rspdir); - rsp = fopen(filename, "w"); - while ((rv = get_next_line(req, key, val, rsp)) >= 0) { - if (rv == 0) { - if (strcmp(key, "mod") == 0) { - mod = atoi(val); - fprintf(rsp, "[mod=%d]\n", mod); - } else if (strcmp(key, "P") == 0) { - if (privkey.params.prime.data) { - SECITEM_ZfreeItem(&privkey.params.prime, PR_FALSE); - } - SECITEM_AllocItem(NULL, &privkey.params.prime, strlen(val)/2); - for (i=0; i= 0) { - if (rv == 0) { - if (strcmp(key, "mod") == 0) { - mod = atoi(val); - fprintf(rsp, "[mod=%d]\n", mod); - } else if (strcmp(key, "P") == 0) { - if (pubkey.params.prime.data) { - SECITEM_ZfreeItem(&pubkey.params.prime, PR_FALSE); - } - SECITEM_AllocItem(NULL, &pubkey.params.prime, strlen(val)/2); - for (i=0; ioid.len)); - - /* - * ecparams->data needs to contain the ASN encoding of an object ID (OID) - * representing the named curve. The actual OID is in - * oidData->oid.data so we simply prepend 0x06 and OID length - */ - ecparams->data[0] = SEC_ASN1_OBJECT_ID; - ecparams->data[1] = oidData->oid.len; - memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len); - - return ecparams; -} - -/* - * Perform the ECDSA Key Pair Generation Test. - * - * reqfn is the pathname of the REQUEST file. - * - * The output RESPONSE file is written to stdout. - */ -void -ecdsa_keypair_test(char *reqfn) -{ - char buf[256]; /* holds one line from the input REQUEST file - * or to the output RESPONSE file. - * needs to be large enough to hold the longest - * line "Qx = <144 hex digits>\n". - */ - FILE *ecdsareq; /* input stream from the REQUEST file */ - FILE *ecdsaresp; /* output stream to the RESPONSE file */ - char curve[16]; /* "nistxddd" */ - ECParams *ecparams; - int N; - int i; - unsigned int len; - - ecdsareq = fopen(reqfn, "r"); - ecdsaresp = stdout; - strcpy(curve, "nist"); - while (fgets(buf, sizeof buf, ecdsareq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, ecdsaresp); - continue; - } - /* [X-ddd] */ - if (buf[0] == '[') { - const char *src; - char *dst; - SECKEYECParams *encodedparams; - - src = &buf[1]; - dst = &curve[4]; - *dst++ = tolower(*src); - src += 2; /* skip the hyphen */ - *dst++ = *src++; - *dst++ = *src++; - *dst++ = *src++; - *dst = '\0'; - encodedparams = getECParams(curve); - if (encodedparams == NULL) { - goto loser; - } - if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { - goto loser; - } - SECITEM_FreeItem(encodedparams, PR_TRUE); - fputs(buf, ecdsaresp); - continue; - } - /* N = x */ - if (buf[0] == 'N') { - if (sscanf(buf, "N = %d", &N) != 1) { - goto loser; - } - for (i = 0; i < N; i++) { - ECPrivateKey *ecpriv; - - if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) { - goto loser; - } - fputs("d = ", ecdsaresp); - to_hex_str(buf, ecpriv->privateValue.data, - ecpriv->privateValue.len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) - != SECSuccess) { - goto loser; - } - len = ecpriv->publicValue.len; - if (len%2 == 0) { - goto loser; - } - len = (len-1)/2; - if (ecpriv->publicValue.data[0] - != EC_POINT_FORM_UNCOMPRESSED) { - goto loser; - } - fputs("Qx = ", ecdsaresp); - to_hex_str(buf, &ecpriv->publicValue.data[1], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - fputs("Qy = ", ecdsaresp); - to_hex_str(buf, &ecpriv->publicValue.data[1+len], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - fputc('\n', ecdsaresp); - PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE); - } - PORT_FreeArena(ecparams->arena, PR_TRUE); - continue; - } - } -loser: - fclose(ecdsareq); -} - -/* - * Perform the ECDSA Public Key Validation Test. - * - * reqfn is the pathname of the REQUEST file. - * - * The output RESPONSE file is written to stdout. - */ -void -ecdsa_pkv_test(char *reqfn) -{ - char buf[256]; /* holds one line from the input REQUEST file. - * needs to be large enough to hold the longest - * line "Qx = <144 hex digits>\n". - */ - FILE *ecdsareq; /* input stream from the REQUEST file */ - FILE *ecdsaresp; /* output stream to the RESPONSE file */ - char curve[16]; /* "nistxddd" */ - ECParams *ecparams = NULL; - SECItem pubkey; - unsigned int i; - unsigned int len; - PRBool keyvalid = PR_TRUE; - - ecdsareq = fopen(reqfn, "r"); - ecdsaresp = stdout; - strcpy(curve, "nist"); - pubkey.data = NULL; - while (fgets(buf, sizeof buf, ecdsareq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, ecdsaresp); - continue; - } - /* [X-ddd] */ - if (buf[0] == '[') { - const char *src; - char *dst; - SECKEYECParams *encodedparams; - - src = &buf[1]; - dst = &curve[4]; - *dst++ = tolower(*src); - src += 2; /* skip the hyphen */ - *dst++ = *src++; - *dst++ = *src++; - *dst++ = *src++; - *dst = '\0'; - if (ecparams != NULL) { - PORT_FreeArena(ecparams->arena, PR_TRUE); - ecparams = NULL; - } - encodedparams = getECParams(curve); - if (encodedparams == NULL) { - goto loser; - } - if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { - goto loser; - } - SECITEM_FreeItem(encodedparams, PR_TRUE); - len = (ecparams->fieldID.size + 7) >> 3; - if (pubkey.data != NULL) { - PORT_Free(pubkey.data); - pubkey.data = NULL; - } - SECITEM_AllocItem(NULL, &pubkey, 2*len+1); - if (pubkey.data == NULL) { - goto loser; - } - pubkey.data[0] = EC_POINT_FORM_UNCOMPRESSED; - fputs(buf, ecdsaresp); - continue; - } - /* Qx = ... */ - if (strncmp(buf, "Qx", 2) == 0) { - fputs(buf, ecdsaresp); - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - keyvalid = from_hex_str(&pubkey.data[1], len, &buf[i]); - continue; - } - /* Qy = ... */ - if (strncmp(buf, "Qy", 2) == 0) { - fputs(buf, ecdsaresp); - if (!keyvalid) { - fputs("Result = F\n", ecdsaresp); - continue; - } - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - keyvalid = from_hex_str(&pubkey.data[1+len], len, &buf[i]); - if (!keyvalid) { - fputs("Result = F\n", ecdsaresp); - continue; - } - if (EC_ValidatePublicKey(ecparams, &pubkey) == SECSuccess) { - fputs("Result = P\n", ecdsaresp); - } else if (PORT_GetError() == SEC_ERROR_BAD_KEY) { - fputs("Result = F\n", ecdsaresp); - } else { - goto loser; - } - continue; - } - } -loser: - if (ecparams != NULL) { - PORT_FreeArena(ecparams->arena, PR_TRUE); - } - if (pubkey.data != NULL) { - PORT_Free(pubkey.data); - } - fclose(ecdsareq); -} - -/* - * Perform the ECDSA Signature Generation Test. - * - * reqfn is the pathname of the REQUEST file. - * - * The output RESPONSE file is written to stdout. - */ -void -ecdsa_siggen_test(char *reqfn) -{ - char buf[1024]; /* holds one line from the input REQUEST file - * or to the output RESPONSE file. - * needs to be large enough to hold the longest - * line "Msg = <256 hex digits>\n". - */ - FILE *ecdsareq; /* input stream from the REQUEST file */ - FILE *ecdsaresp; /* output stream to the RESPONSE file */ - char curve[16]; /* "nistxddd" */ - ECParams *ecparams = NULL; - int i, j; - unsigned int len; - unsigned char msg[512]; /* message to be signed (<= 128 bytes) */ - unsigned int msglen; - unsigned char sha1[20]; /* SHA-1 hash (160 bits) */ - unsigned char sig[2*MAX_ECKEY_LEN]; - SECItem signature, digest; - - ecdsareq = fopen(reqfn, "r"); - ecdsaresp = stdout; - strcpy(curve, "nist"); - while (fgets(buf, sizeof buf, ecdsareq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, ecdsaresp); - continue; - } - /* [X-ddd] */ - if (buf[0] == '[') { - const char *src; - char *dst; - SECKEYECParams *encodedparams; - - src = &buf[1]; - dst = &curve[4]; - *dst++ = tolower(*src); - src += 2; /* skip the hyphen */ - *dst++ = *src++; - *dst++ = *src++; - *dst++ = *src++; - *dst = '\0'; - if (ecparams != NULL) { - PORT_FreeArena(ecparams->arena, PR_TRUE); - ecparams = NULL; - } - encodedparams = getECParams(curve); - if (encodedparams == NULL) { - goto loser; - } - if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { - goto loser; - } - SECITEM_FreeItem(encodedparams, PR_TRUE); - fputs(buf, ecdsaresp); - continue; - } - /* Msg = ... */ - if (strncmp(buf, "Msg", 3) == 0) { - ECPrivateKey *ecpriv; - - i = 3; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; isxdigit(buf[i]); i+=2,j++) { - hex_from_2char(&buf[i], &msg[j]); - } - msglen = j; - if (SHA1_HashBuf(sha1, msg, msglen) != SECSuccess) { - goto loser; - } - fputs(buf, ecdsaresp); - - if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) { - goto loser; - } - if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) - != SECSuccess) { - goto loser; - } - len = ecpriv->publicValue.len; - if (len%2 == 0) { - goto loser; - } - len = (len-1)/2; - if (ecpriv->publicValue.data[0] != EC_POINT_FORM_UNCOMPRESSED) { - goto loser; - } - fputs("Qx = ", ecdsaresp); - to_hex_str(buf, &ecpriv->publicValue.data[1], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - fputs("Qy = ", ecdsaresp); - to_hex_str(buf, &ecpriv->publicValue.data[1+len], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - - digest.type = siBuffer; - digest.data = sha1; - digest.len = sizeof sha1; - signature.type = siBuffer; - signature.data = sig; - signature.len = sizeof sig; - if (ECDSA_SignDigest(ecpriv, &signature, &digest) != SECSuccess) { - goto loser; - } - len = signature.len; - if (len%2 != 0) { - goto loser; - } - len = len/2; - fputs("R = ", ecdsaresp); - to_hex_str(buf, &signature.data[0], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - fputs("S = ", ecdsaresp); - to_hex_str(buf, &signature.data[len], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - - PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE); - continue; - } - } -loser: - if (ecparams != NULL) { - PORT_FreeArena(ecparams->arena, PR_TRUE); - } - fclose(ecdsareq); -} - -/* - * Perform the ECDSA Signature Verification Test. - * - * reqfn is the pathname of the REQUEST file. - * - * The output RESPONSE file is written to stdout. - */ -void -ecdsa_sigver_test(char *reqfn) -{ - char buf[1024]; /* holds one line from the input REQUEST file. - * needs to be large enough to hold the longest - * line "Msg = <256 hex digits>\n". - */ - FILE *ecdsareq; /* input stream from the REQUEST file */ - FILE *ecdsaresp; /* output stream to the RESPONSE file */ - char curve[16]; /* "nistxddd" */ - ECParams *ecparams = NULL; - ECPublicKey ecpub; - unsigned int i, j; - unsigned int flen; /* length in bytes of the field size */ - unsigned int olen; /* length in bytes of the base point order */ - unsigned char msg[512]; /* message that was signed (<= 128 bytes) */ - unsigned int msglen; - unsigned char sha1[20]; /* SHA-1 hash (160 bits) */ - unsigned char sig[2*MAX_ECKEY_LEN]; - SECItem signature, digest; - PRBool keyvalid = PR_TRUE; - PRBool sigvalid = PR_TRUE; - - ecdsareq = fopen(reqfn, "r"); - ecdsaresp = stdout; - ecpub.publicValue.type = siBuffer; - ecpub.publicValue.data = NULL; - ecpub.publicValue.len = 0; - strcpy(curve, "nist"); - while (fgets(buf, sizeof buf, ecdsareq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, ecdsaresp); - continue; - } - /* [X-ddd] */ - if (buf[0] == '[') { - const char *src; - char *dst; - SECKEYECParams *encodedparams; - - src = &buf[1]; - dst = &curve[4]; - *dst++ = tolower(*src); - src += 2; /* skip the hyphen */ - *dst++ = *src++; - *dst++ = *src++; - *dst++ = *src++; - *dst = '\0'; - if (ecparams != NULL) { - PORT_FreeArena(ecparams->arena, PR_TRUE); - ecparams = NULL; - } - encodedparams = getECParams(curve); - if (encodedparams == NULL) { - goto loser; - } - if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { - goto loser; - } - SECITEM_FreeItem(encodedparams, PR_TRUE); - ecpub.ecParams = *ecparams; - flen = (ecparams->fieldID.size + 7) >> 3; - olen = ecparams->order.len; - if (2*olen > sizeof sig) { - goto loser; - } - if (ecpub.publicValue.data != NULL) { - SECITEM_FreeItem(&ecpub.publicValue, PR_FALSE); - } - SECITEM_AllocItem(NULL, &ecpub.publicValue, 2*flen+1); - if (ecpub.publicValue.data == NULL) { - goto loser; - } - ecpub.publicValue.data[0] = EC_POINT_FORM_UNCOMPRESSED; - fputs(buf, ecdsaresp); - continue; - } - /* Msg = ... */ - if (strncmp(buf, "Msg", 3) == 0) { - i = 3; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; isxdigit(buf[i]); i+=2,j++) { - hex_from_2char(&buf[i], &msg[j]); - } - msglen = j; - if (SHA1_HashBuf(sha1, msg, msglen) != SECSuccess) { - goto loser; - } - fputs(buf, ecdsaresp); - - digest.type = siBuffer; - digest.data = sha1; - digest.len = sizeof sha1; - - continue; - } - /* Qx = ... */ - if (strncmp(buf, "Qx", 2) == 0) { - fputs(buf, ecdsaresp); - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - keyvalid = from_hex_str(&ecpub.publicValue.data[1], flen, - &buf[i]); - continue; - } - /* Qy = ... */ - if (strncmp(buf, "Qy", 2) == 0) { - fputs(buf, ecdsaresp); - if (!keyvalid) { - continue; - } - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - keyvalid = from_hex_str(&ecpub.publicValue.data[1+flen], flen, - &buf[i]); - if (!keyvalid) { - continue; - } - if (EC_ValidatePublicKey(ecparams, &ecpub.publicValue) - != SECSuccess) { - if (PORT_GetError() == SEC_ERROR_BAD_KEY) { - keyvalid = PR_FALSE; - } else { - goto loser; - } - } - continue; - } - /* R = ... */ - if (buf[0] == 'R') { - fputs(buf, ecdsaresp); - i = 1; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - sigvalid = from_hex_str(sig, olen, &buf[i]); - continue; - } - /* S = ... */ - if (buf[0] == 'S') { - fputs(buf, ecdsaresp); - i = 1; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - if (sigvalid) { - sigvalid = from_hex_str(&sig[olen], olen, &buf[i]); - } - signature.type = siBuffer; - signature.data = sig; - signature.len = 2*olen; - - if (!keyvalid || !sigvalid) { - fputs("Result = F\n", ecdsaresp); - } else if (ECDSA_VerifyDigest(&ecpub, &signature, &digest) - == SECSuccess) { - fputs("Result = P\n", ecdsaresp); - } else { - fputs("Result = F\n", ecdsaresp); - } - continue; - } - } -loser: - if (ecparams != NULL) { - PORT_FreeArena(ecparams->arena, PR_TRUE); - } - if (ecpub.publicValue.data != NULL) { - SECITEM_FreeItem(&ecpub.publicValue, PR_FALSE); - } - fclose(ecdsareq); -} - -#endif - -void do_random() -{ - int i, j, k = 0; - unsigned char buf[500]; - for (i=0; i<5; i++) { - RNG_GenerateGlobalRandomBytes(buf, sizeof buf); - for (j=0; j.req */ - if (strcmp(argv[2], "kat") == 0) { - /* Known Answer Test (KAT) */ - tdea_kat_mmt(argv[4]); - } else if (strcmp(argv[2], "mmt") == 0) { - /* Multi-block Message Test (MMT) */ - tdea_kat_mmt(argv[4]); - } else if (strcmp(argv[2], "mct") == 0) { - /* Monte Carlo Test (MCT) */ - if (strcmp(argv[3], "ecb") == 0) { - /* ECB mode */ - tdea_mct(NSS_DES_EDE3, argv[4]); - } else if (strcmp(argv[3], "cbc") == 0) { - /* CBC mode */ - tdea_mct(NSS_DES_EDE3_CBC, argv[4]); - } - } - /*************/ - /* AES */ - /*************/ - } else if (strcmp(argv[1], "aes") == 0) { - /* argv[2]=kat|mmt|mct argv[3]=ecb|cbc argv[4]=.req */ - if ( strcmp(argv[2], "kat") == 0) { - /* Known Answer Test (KAT) */ - aes_kat_mmt(argv[4]); - } else if (strcmp(argv[2], "mmt") == 0) { - /* Multi-block Message Test (MMT) */ - aes_kat_mmt(argv[4]); - } else if (strcmp(argv[2], "mct") == 0) { - /* Monte Carlo Test (MCT) */ - if ( strcmp(argv[3], "ecb") == 0) { - /* ECB mode */ - aes_ecb_mct(argv[4]); - } else if (strcmp(argv[3], "cbc") == 0) { - /* CBC mode */ - aes_cbc_mct(argv[4]); - } - } - /*************/ - /* SHA */ - /*************/ - } else if (strcmp(argv[1], "sha") == 0) { - sha_test(argv[2]); - /*************/ - /* HMAC */ - /*************/ - } else if (strcmp(argv[1], "hmac") == 0) { - hmac_test(argv[2]); - /*************/ - /* DSS */ - /*************/ - } else if (strcmp(argv[1], "dss") == 0) { - dss_test(argv[2], argv[3]); - /*************/ - /* RNG */ - /*************/ - } else if (strcmp(argv[1], "rng") == 0) { - do_random(); -#ifdef NSS_ENABLE_ECC - /*************/ - /* ECDSA */ - /*************/ - } else if (strcmp(argv[1], "ecdsa") == 0) { - /* argv[2]=keypair|pkv|siggen|sigver argv[3]=.req */ - if ( strcmp(argv[2], "keypair") == 0) { - /* Key Pair Generation Test */ - ecdsa_keypair_test(argv[3]); - } else if (strcmp(argv[2], "pkv") == 0) { - /* Public Key Validation Test */ - ecdsa_pkv_test(argv[3]); - } else if (strcmp(argv[2], "siggen") == 0) { - /* Signature Generation Test */ - ecdsa_siggen_test(argv[3]); - } else if (strcmp(argv[2], "sigver") == 0) { - /* Signature Verification Test */ - ecdsa_sigver_test(argv[3]); - } -#endif - } - return 0; -} diff --git a/security/nss/cmd/fipstest/hmac.sh b/security/nss/cmd/fipstest/hmac.sh deleted file mode 100755 index ace988c7f8..0000000000 --- a/security/nss/cmd/fipstest/hmac.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -# -# A Bourne shell script for running the NIST HMAC Algorithm Validation Suite -# -# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment -# variables appropriately so that the fipstest command and the NSPR and NSS -# shared libraries/DLLs are on the search path. Then run this script in the -# directory where the REQUEST (.req) files reside. The script generates the -# RESPONSE (.rsp) files in the same directory. - -hmac_requests=" -HMAC.req -" - -for request in $hmac_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response - fipstest hmac $request > $response -done - diff --git a/security/nss/cmd/fipstest/manifest.mn b/security/nss/cmd/fipstest/manifest.mn deleted file mode 100644 index ba3b1a4485..0000000000 --- a/security/nss/cmd/fipstest/manifest.mn +++ /dev/null @@ -1,55 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -MODULE = nss - -PROGRAM = fipstest - -USE_STATIC_LIBS = 1 - -EXPORTS = \ - $(NULL) - -PRIVATE_EXPORTS = \ - $(NULL) - -CSRCS = \ - fipstest.c \ - $(NULL) - diff --git a/security/nss/cmd/fipstest/sha.sh b/security/nss/cmd/fipstest/sha.sh deleted file mode 100644 index 685a41b004..0000000000 --- a/security/nss/cmd/fipstest/sha.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh -# -# A Bourne shell script for running the NIST SHA Algorithm Validation Suite -# -# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment -# variables appropriately so that the fipstest command and the NSPR and NSS -# shared libraries/DLLs are on the search path. Then run this script in the -# directory where the REQUEST (.req) files reside. The script generates the -# RESPONSE (.rsp) files in the same directory. - -sha_ShortMsg_requests=" -SHA1ShortMsg.req -SHA256ShortMsg.req -SHA384ShortMsg.req -SHA512ShortMsg.req -" - -sha_LongMsg_requests=" -SHA1LongMsg.req -SHA256LongMsg.req -SHA384LongMsg.req -SHA512LongMsg.req -" - -sha_Monte_requests=" -SHA1Monte.req -SHA256Monte.req -SHA384Monte.req -SHA512Monte.req -" -for request in $sha_ShortMsg_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response - fipstest sha $request > $response -done -for request in $sha_LongMsg_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response - fipstest sha $request > $response -done -for request in $sha_Monte_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response - fipstest sha $request > $response -done - diff --git a/security/nss/cmd/fipstest/tdea.sh b/security/nss/cmd/fipstest/tdea.sh deleted file mode 100644 index 505478039d..0000000000 --- a/security/nss/cmd/fipstest/tdea.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/sh -# -# A Bourne shell script for running the NIST tdea Algorithm Validation Suite -# -# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment -# variables appropriately so that the fipstest command and the NSPR and NSS -# shared libraries/DLLs are on the search path. Then run this script in the -# directory where the REQUEST (.req) files reside. The script generates the -# RESPONSE (.rsp) files in the same directory. - -#CBC_Known_Answer_tests -#Initial Permutation KAT -#Permutation Operation KAT -#Subsitution Table KAT -#Variable Key KAT -#Variable PlainText KAT -cbc_kat_requests=" -TCBCinvperm.req -TCBCpermop.req -TCBCsubtab.req -TCBCvarkey.req -TCBCvartext.req -" - -#CBC Monte Carlo KATs -cbc_monte_requests=" -TCBCMonte1.req -TCBCMonte2.req -TCBCMonte3.req -" -#Multi-block Message KATs -cbc_mmt_requests=" -TCBCMMT1.req -TCBCMMT2.req -TCBCMMT3.req -" - -ecb_kat_requests=" -TECBinvperm.req -TECBpermop.req -TECBsubtab.req -TECBvarkey.req -TECBvartext.req -" - -ecb_monte_requests=" -TECBMonte1.req -TECBMonte2.req -TECBMonte3.req -" - -ecb_mmt_requests=" -TECBMMT1.req -TECBMMT2.req -TECBMMT3.req -" - -for request in $ecb_mmt_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response - fipstest tdea mmt ecb $request > $response -done -for request in $ecb_kat_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response - fipstest tdea kat ecb $request > $response -done -for request in $ecb_monte_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response - fipstest tdea mct ecb $request > $response -done -for request in $cbc_mmt_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response - fipstest tdea mmt cbc $request > $response -done -for request in $cbc_kat_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response - fipstest tdea kat cbc $request > $response -done -for request in $cbc_monte_requests; do - response=`echo $request | sed -e "s/req/rsp/"` - echo $request $response - fipstest tdea mct cbc $request > $response -done diff --git a/security/nss/cmd/lib/Makefile b/security/nss/cmd/lib/Makefile deleted file mode 100644 index 54ef29fdf7..0000000000 --- a/security/nss/cmd/lib/Makefile +++ /dev/null @@ -1,82 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -export:: private_export - -$(OBJDIR)/secerror$(OBJ_SUFFIX): NSPRerrs.h SECerrs.h SSLerrs.h - diff --git a/security/nss/cmd/lib/NSPRerrs.h b/security/nss/cmd/lib/NSPRerrs.h deleted file mode 100644 index b11169847c..0000000000 --- a/security/nss/cmd/lib/NSPRerrs.h +++ /dev/null @@ -1,153 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* General NSPR 2.0 errors */ -/* Caller must #include "prerror.h" */ - -ER2( PR_OUT_OF_MEMORY_ERROR, "Memory allocation attempt failed." ) -ER2( PR_BAD_DESCRIPTOR_ERROR, "Invalid file descriptor." ) -ER2( PR_WOULD_BLOCK_ERROR, "The operation would have blocked." ) -ER2( PR_ACCESS_FAULT_ERROR, "Invalid memory address argument." ) -ER2( PR_INVALID_METHOD_ERROR, "Invalid function for file type." ) -ER2( PR_ILLEGAL_ACCESS_ERROR, "Invalid memory address argument." ) -ER2( PR_UNKNOWN_ERROR, "Some unknown error has occurred." ) -ER2( PR_PENDING_INTERRUPT_ERROR,"Operation interrupted by another thread." ) -ER2( PR_NOT_IMPLEMENTED_ERROR, "function not implemented." ) -ER2( PR_IO_ERROR, "I/O function error." ) -ER2( PR_IO_TIMEOUT_ERROR, "I/O operation timed out." ) -ER2( PR_IO_PENDING_ERROR, "I/O operation on busy file descriptor." ) -ER2( PR_DIRECTORY_OPEN_ERROR, "The directory could not be opened." ) -ER2( PR_INVALID_ARGUMENT_ERROR, "Invalid function argument." ) -ER2( PR_ADDRESS_NOT_AVAILABLE_ERROR, "Network address not available (in use?)." ) -ER2( PR_ADDRESS_NOT_SUPPORTED_ERROR, "Network address type not supported." ) -ER2( PR_IS_CONNECTED_ERROR, "Already connected." ) -ER2( PR_BAD_ADDRESS_ERROR, "Network address is invalid." ) -ER2( PR_ADDRESS_IN_USE_ERROR, "Local Network address is in use." ) -ER2( PR_CONNECT_REFUSED_ERROR, "Connection refused by peer." ) -ER2( PR_NETWORK_UNREACHABLE_ERROR, "Network address is presently unreachable." ) -ER2( PR_CONNECT_TIMEOUT_ERROR, "Connection attempt timed out." ) -ER2( PR_NOT_CONNECTED_ERROR, "Network file descriptor is not connected." ) -ER2( PR_LOAD_LIBRARY_ERROR, "Failure to load dynamic library." ) -ER2( PR_UNLOAD_LIBRARY_ERROR, "Failure to unload dynamic library." ) -ER2( PR_FIND_SYMBOL_ERROR, -"Symbol not found in any of the loaded dynamic libraries." ) -ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." ) -ER2( PR_DIRECTORY_LOOKUP_ERROR, -"A directory lookup on a network address has failed." ) -ER2( PR_TPD_RANGE_ERROR, -"Attempt to access a TPD key that is out of range." ) -ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." ) -ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." ) -ER2( PR_NOT_SOCKET_ERROR, -"Network operation attempted on non-network file descriptor." ) -ER2( PR_NOT_TCP_SOCKET_ERROR, -"TCP-specific function attempted on a non-TCP file descriptor." ) -ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." ) -ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." ) -ER2( PR_OPERATION_NOT_SUPPORTED_ERROR, -"The requested operation is not supported by the platform." ) -ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR, -"The host operating system does not support the protocol requested." ) -ER2( PR_REMOTE_FILE_ERROR, "Access to the remote file has been severed." ) -ER2( PR_BUFFER_OVERFLOW_ERROR, -"The value requested is too large to be stored in the data buffer provided." ) -ER2( PR_CONNECT_RESET_ERROR, "TCP connection reset by peer." ) -ER2( PR_RANGE_ERROR, "Unused." ) -ER2( PR_DEADLOCK_ERROR, "The operation would have deadlocked." ) -ER2( PR_FILE_IS_LOCKED_ERROR, "The file is already locked." ) -ER2( PR_FILE_TOO_BIG_ERROR, -"Write would result in file larger than the system allows." ) -ER2( PR_NO_DEVICE_SPACE_ERROR, "The device for storing the file is full." ) -ER2( PR_PIPE_ERROR, "Unused." ) -ER2( PR_NO_SEEK_DEVICE_ERROR, "Unused." ) -ER2( PR_IS_DIRECTORY_ERROR, -"Cannot perform a normal file operation on a directory." ) -ER2( PR_LOOP_ERROR, "Symbolic link loop." ) -ER2( PR_NAME_TOO_LONG_ERROR, "File name is too long." ) -ER2( PR_FILE_NOT_FOUND_ERROR, "File not found." ) -ER2( PR_NOT_DIRECTORY_ERROR, -"Cannot perform directory operation on a normal file." ) -ER2( PR_READ_ONLY_FILESYSTEM_ERROR, -"Cannot write to a read-only file system." ) -ER2( PR_DIRECTORY_NOT_EMPTY_ERROR, -"Cannot delete a directory that is not empty." ) -ER2( PR_FILESYSTEM_MOUNTED_ERROR, -"Cannot delete or rename a file object while the file system is busy." ) -ER2( PR_NOT_SAME_DEVICE_ERROR, -"Cannot rename a file to a file system on another device." ) -ER2( PR_DIRECTORY_CORRUPTED_ERROR, -"The directory object in the file system is corrupted." ) -ER2( PR_FILE_EXISTS_ERROR, -"Cannot create or rename a filename that already exists." ) -ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR, -"Directory is full. No additional filenames may be added." ) -ER2( PR_INVALID_DEVICE_STATE_ERROR, -"The required device was in an invalid state." ) -ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." ) -ER2( PR_NO_MORE_FILES_ERROR, "No more entries in the directory." ) -ER2( PR_END_OF_FILE_ERROR, "Encountered end of file." ) -ER2( PR_FILE_SEEK_ERROR, "Seek error." ) -ER2( PR_FILE_IS_BUSY_ERROR, "The file is busy." ) -ER2( PR_IN_PROGRESS_ERROR, -"Operation is still in progress (probably a non-blocking connect)." ) -ER2( PR_ALREADY_INITIATED_ERROR, -"Operation has already been initiated (probably a non-blocking connect)." ) - -#ifdef PR_GROUP_EMPTY_ERROR -ER2( PR_GROUP_EMPTY_ERROR, "The wait group is empty." ) -#endif - -#ifdef PR_INVALID_STATE_ERROR -ER2( PR_INVALID_STATE_ERROR, "Object state improper for request." ) -#endif - -#ifdef PR_NETWORK_DOWN_ERROR -ER2( PR_NETWORK_DOWN_ERROR, "Network is down." ) -#endif - -#ifdef PR_SOCKET_SHUTDOWN_ERROR -ER2( PR_SOCKET_SHUTDOWN_ERROR, "The socket was previously shut down." ) -#endif - -#ifdef PR_CONNECT_ABORTED_ERROR -ER2( PR_CONNECT_ABORTED_ERROR, "TCP Connection aborted." ) -#endif - -#ifdef PR_HOST_UNREACHABLE_ERROR -ER2( PR_HOST_UNREACHABLE_ERROR, "Host is unreachable." ) -#endif - -/* always last */ -ER2( PR_MAX_ERROR, "Placeholder for the end of the list" ) diff --git a/security/nss/cmd/lib/SECerrs.h b/security/nss/cmd/lib/SECerrs.h deleted file mode 100644 index bd97dd791a..0000000000 --- a/security/nss/cmd/lib/SECerrs.h +++ /dev/null @@ -1,506 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* General security error codes */ -/* Caller must #include "secerr.h" */ - -ER3(SEC_ERROR_IO, SEC_ERROR_BASE + 0, -"An I/O error occurred during security authorization.") - -ER3(SEC_ERROR_LIBRARY_FAILURE, SEC_ERROR_BASE + 1, -"security library failure.") - -ER3(SEC_ERROR_BAD_DATA, SEC_ERROR_BASE + 2, -"security library: received bad data.") - -ER3(SEC_ERROR_OUTPUT_LEN, SEC_ERROR_BASE + 3, -"security library: output length error.") - -ER3(SEC_ERROR_INPUT_LEN, SEC_ERROR_BASE + 4, -"security library has experienced an input length error.") - -ER3(SEC_ERROR_INVALID_ARGS, SEC_ERROR_BASE + 5, -"security library: invalid arguments.") - -ER3(SEC_ERROR_INVALID_ALGORITHM, SEC_ERROR_BASE + 6, -"security library: invalid algorithm.") - -ER3(SEC_ERROR_INVALID_AVA, SEC_ERROR_BASE + 7, -"security library: invalid AVA.") - -ER3(SEC_ERROR_INVALID_TIME, SEC_ERROR_BASE + 8, -"Improperly formatted time string.") - -ER3(SEC_ERROR_BAD_DER, SEC_ERROR_BASE + 9, -"security library: improperly formatted DER-encoded message.") - -ER3(SEC_ERROR_BAD_SIGNATURE, SEC_ERROR_BASE + 10, -"Peer's certificate has an invalid signature.") - -ER3(SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_BASE + 11, -"Peer's Certificate has expired.") - -ER3(SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_BASE + 12, -"Peer's Certificate has been revoked.") - -ER3(SEC_ERROR_UNKNOWN_ISSUER, SEC_ERROR_BASE + 13, -"Peer's Certificate issuer is not recognized.") - -ER3(SEC_ERROR_BAD_KEY, SEC_ERROR_BASE + 14, -"Peer's public key is invalid.") - -ER3(SEC_ERROR_BAD_PASSWORD, SEC_ERROR_BASE + 15, -"The security password entered is incorrect.") - -ER3(SEC_ERROR_RETRY_PASSWORD, SEC_ERROR_BASE + 16, -"New password entered incorrectly. Please try again.") - -ER3(SEC_ERROR_NO_NODELOCK, SEC_ERROR_BASE + 17, -"security library: no nodelock.") - -ER3(SEC_ERROR_BAD_DATABASE, SEC_ERROR_BASE + 18, -"security library: bad database.") - -ER3(SEC_ERROR_NO_MEMORY, SEC_ERROR_BASE + 19, -"security library: memory allocation failure.") - -ER3(SEC_ERROR_UNTRUSTED_ISSUER, SEC_ERROR_BASE + 20, -"Peer's certificate issuer has been marked as not trusted by the user.") - -ER3(SEC_ERROR_UNTRUSTED_CERT, SEC_ERROR_BASE + 21, -"Peer's certificate has been marked as not trusted by the user.") - -ER3(SEC_ERROR_DUPLICATE_CERT, (SEC_ERROR_BASE + 22), -"Certificate already exists in your database.") - -ER3(SEC_ERROR_DUPLICATE_CERT_NAME, (SEC_ERROR_BASE + 23), -"Downloaded certificate's name duplicates one already in your database.") - -ER3(SEC_ERROR_ADDING_CERT, (SEC_ERROR_BASE + 24), -"Error adding certificate to database.") - -ER3(SEC_ERROR_FILING_KEY, (SEC_ERROR_BASE + 25), -"Error refiling the key for this certificate.") - -ER3(SEC_ERROR_NO_KEY, (SEC_ERROR_BASE + 26), -"The private key for this certificate cannot be found in key database") - -ER3(SEC_ERROR_CERT_VALID, (SEC_ERROR_BASE + 27), -"This certificate is valid.") - -ER3(SEC_ERROR_CERT_NOT_VALID, (SEC_ERROR_BASE + 28), -"This certificate is not valid.") - -ER3(SEC_ERROR_CERT_NO_RESPONSE, (SEC_ERROR_BASE + 29), -"Cert Library: No Response") - -ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, (SEC_ERROR_BASE + 30), -"The certificate issuer's certificate has expired. Check your system date and time.") - -ER3(SEC_ERROR_CRL_EXPIRED, (SEC_ERROR_BASE + 31), -"The CRL for the certificate's issuer has expired. Update it or check your system data and time.") - -ER3(SEC_ERROR_CRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 32), -"The CRL for the certificate's issuer has an invalid signature.") - -ER3(SEC_ERROR_CRL_INVALID, (SEC_ERROR_BASE + 33), -"New CRL has an invalid format.") - -ER3(SEC_ERROR_EXTENSION_VALUE_INVALID, (SEC_ERROR_BASE + 34), -"Certificate extension value is invalid.") - -ER3(SEC_ERROR_EXTENSION_NOT_FOUND, (SEC_ERROR_BASE + 35), -"Certificate extension not found.") - -ER3(SEC_ERROR_CA_CERT_INVALID, (SEC_ERROR_BASE + 36), -"Issuer certificate is invalid.") - -ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID, (SEC_ERROR_BASE + 37), -"Certificate path length constraint is invalid.") - -ER3(SEC_ERROR_CERT_USAGES_INVALID, (SEC_ERROR_BASE + 38), -"Certificate usages field is invalid.") - -ER3(SEC_INTERNAL_ONLY, (SEC_ERROR_BASE + 39), -"**Internal ONLY module**") - -ER3(SEC_ERROR_INVALID_KEY, (SEC_ERROR_BASE + 40), -"The key does not support the requested operation.") - -ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 41), -"Certificate contains unknown critical extension.") - -ER3(SEC_ERROR_OLD_CRL, (SEC_ERROR_BASE + 42), -"New CRL is not later than the current one.") - -ER3(SEC_ERROR_NO_EMAIL_CERT, (SEC_ERROR_BASE + 43), -"Not encrypted or signed: you do not yet have an email certificate.") - -ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY, (SEC_ERROR_BASE + 44), -"Not encrypted: you do not have certificates for each of the recipients.") - -ER3(SEC_ERROR_NOT_A_RECIPIENT, (SEC_ERROR_BASE + 45), -"Cannot decrypt: you are not a recipient, or matching certificate and \ -private key not found.") - -ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH, (SEC_ERROR_BASE + 46), -"Cannot decrypt: key encryption algorithm does not match your certificate.") - -ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE, (SEC_ERROR_BASE + 47), -"Signature verification failed: no signer found, too many signers found, \ -or improper or corrupted data.") - -ER3(SEC_ERROR_UNSUPPORTED_KEYALG, (SEC_ERROR_BASE + 48), -"Unsupported or unknown key algorithm.") - -ER3(SEC_ERROR_DECRYPTION_DISALLOWED, (SEC_ERROR_BASE + 49), -"Cannot decrypt: encrypted using a disallowed algorithm or key size.") - - -/* Fortezza Alerts */ -ER3(XP_SEC_FORTEZZA_BAD_CARD, (SEC_ERROR_BASE + 50), -"Fortezza card has not been properly initialized. \ -Please remove it and return it to your issuer.") - -ER3(XP_SEC_FORTEZZA_NO_CARD, (SEC_ERROR_BASE + 51), -"No Fortezza cards Found") - -ER3(XP_SEC_FORTEZZA_NONE_SELECTED, (SEC_ERROR_BASE + 52), -"No Fortezza card selected") - -ER3(XP_SEC_FORTEZZA_MORE_INFO, (SEC_ERROR_BASE + 53), -"Please select a personality to get more info on") - -ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND, (SEC_ERROR_BASE + 54), -"Personality not found") - -ER3(XP_SEC_FORTEZZA_NO_MORE_INFO, (SEC_ERROR_BASE + 55), -"No more information on that Personality") - -ER3(XP_SEC_FORTEZZA_BAD_PIN, (SEC_ERROR_BASE + 56), -"Invalid Pin") - -ER3(XP_SEC_FORTEZZA_PERSON_ERROR, (SEC_ERROR_BASE + 57), -"Couldn't initialize Fortezza personalities.") -/* end fortezza alerts. */ - -ER3(SEC_ERROR_NO_KRL, (SEC_ERROR_BASE + 58), -"No KRL for this site's certificate has been found.") - -ER3(SEC_ERROR_KRL_EXPIRED, (SEC_ERROR_BASE + 59), -"The KRL for this site's certificate has expired.") - -ER3(SEC_ERROR_KRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 60), -"The KRL for this site's certificate has an invalid signature.") - -ER3(SEC_ERROR_REVOKED_KEY, (SEC_ERROR_BASE + 61), -"The key for this site's certificate has been revoked.") - -ER3(SEC_ERROR_KRL_INVALID, (SEC_ERROR_BASE + 62), -"New KRL has an invalid format.") - -ER3(SEC_ERROR_NEED_RANDOM, (SEC_ERROR_BASE + 63), -"security library: need random data.") - -ER3(SEC_ERROR_NO_MODULE, (SEC_ERROR_BASE + 64), -"security library: no security module can perform the requested operation.") - -ER3(SEC_ERROR_NO_TOKEN, (SEC_ERROR_BASE + 65), -"The security card or token does not exist, needs to be initialized, or has been removed.") - -ER3(SEC_ERROR_READ_ONLY, (SEC_ERROR_BASE + 66), -"security library: read-only database.") - -ER3(SEC_ERROR_NO_SLOT_SELECTED, (SEC_ERROR_BASE + 67), -"No slot or token was selected.") - -ER3(SEC_ERROR_CERT_NICKNAME_COLLISION, (SEC_ERROR_BASE + 68), -"A certificate with the same nickname already exists.") - -ER3(SEC_ERROR_KEY_NICKNAME_COLLISION, (SEC_ERROR_BASE + 69), -"A key with the same nickname already exists.") - -ER3(SEC_ERROR_SAFE_NOT_CREATED, (SEC_ERROR_BASE + 70), -"error while creating safe object") - -ER3(SEC_ERROR_BAGGAGE_NOT_CREATED, (SEC_ERROR_BASE + 71), -"error while creating baggage object") - -ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR, (SEC_ERROR_BASE + 72), -"Couldn't remove the principal") - -ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR, (SEC_ERROR_BASE + 73), -"Couldn't delete the privilege") - -ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR, (SEC_ERROR_BASE + 74), -"This principal doesn't have a certificate") - -ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM, (SEC_ERROR_BASE + 75), -"Required algorithm is not allowed.") - -ER3(SEC_ERROR_EXPORTING_CERTIFICATES, (SEC_ERROR_BASE + 76), -"Error attempting to export certificates.") - -ER3(SEC_ERROR_IMPORTING_CERTIFICATES, (SEC_ERROR_BASE + 77), -"Error attempting to import certificates.") - -ER3(SEC_ERROR_PKCS12_DECODING_PFX, (SEC_ERROR_BASE + 78), -"Unable to import. Decoding error. File not valid.") - -ER3(SEC_ERROR_PKCS12_INVALID_MAC, (SEC_ERROR_BASE + 79), -"Unable to import. Invalid MAC. Incorrect password or corrupt file.") - -ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM, (SEC_ERROR_BASE + 80), -"Unable to import. MAC algorithm not supported.") - -ER3(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE,(SEC_ERROR_BASE + 81), -"Unable to import. Only password integrity and privacy modes supported.") - -ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE, (SEC_ERROR_BASE + 82), -"Unable to import. File structure is corrupt.") - -ER3(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, (SEC_ERROR_BASE + 83), -"Unable to import. Encryption algorithm not supported.") - -ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION, (SEC_ERROR_BASE + 84), -"Unable to import. File version not supported.") - -ER3(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT,(SEC_ERROR_BASE + 85), -"Unable to import. Incorrect privacy password.") - -ER3(SEC_ERROR_PKCS12_CERT_COLLISION, (SEC_ERROR_BASE + 86), -"Unable to import. Same nickname already exists in database.") - -ER3(SEC_ERROR_USER_CANCELLED, (SEC_ERROR_BASE + 87), -"The user pressed cancel.") - -ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA, (SEC_ERROR_BASE + 88), -"Not imported, already in database.") - -ER3(SEC_ERROR_MESSAGE_SEND_ABORTED, (SEC_ERROR_BASE + 89), -"Message not sent.") - -ER3(SEC_ERROR_INADEQUATE_KEY_USAGE, (SEC_ERROR_BASE + 90), -"Certificate key usage inadequate for attempted operation.") - -ER3(SEC_ERROR_INADEQUATE_CERT_TYPE, (SEC_ERROR_BASE + 91), -"Certificate type not approved for application.") - -ER3(SEC_ERROR_CERT_ADDR_MISMATCH, (SEC_ERROR_BASE + 92), -"Address in signing certificate does not match address in message headers.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY, (SEC_ERROR_BASE + 93), -"Unable to import. Error attempting to import private key.") - -ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN, (SEC_ERROR_BASE + 94), -"Unable to import. Error attempting to import certificate chain.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, (SEC_ERROR_BASE + 95), -"Unable to export. Unable to locate certificate or key by nickname.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY, (SEC_ERROR_BASE + 96), -"Unable to export. Private Key could not be located and exported.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, (SEC_ERROR_BASE + 97), -"Unable to export. Unable to write the export file.") - -ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ, (SEC_ERROR_BASE + 98), -"Unable to import. Unable to read the import file.") - -ER3(SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, (SEC_ERROR_BASE + 99), -"Unable to export. Key database corrupt or deleted.") - -ER3(SEC_ERROR_KEYGEN_FAIL, (SEC_ERROR_BASE + 100), -"Unable to generate public/private key pair.") - -ER3(SEC_ERROR_INVALID_PASSWORD, (SEC_ERROR_BASE + 101), -"Password entered is invalid. Please pick a different one.") - -ER3(SEC_ERROR_RETRY_OLD_PASSWORD, (SEC_ERROR_BASE + 102), -"Old password entered incorrectly. Please try again.") - -ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103), -"Certificate nickname already in use.") - -ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104), -"Peer FORTEZZA chain has a non-FORTEZZA Certificate.") - -ER3(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY, (SEC_ERROR_BASE + 105), -"A sensitive key cannot be moved to the slot where it is needed.") - -ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, (SEC_ERROR_BASE + 106), -"Invalid module name.") - -ER3(SEC_ERROR_JS_INVALID_DLL, (SEC_ERROR_BASE + 107), -"Invalid module path/filename") - -ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, (SEC_ERROR_BASE + 108), -"Unable to add module") - -ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, (SEC_ERROR_BASE + 109), -"Unable to delete module") - -ER3(SEC_ERROR_OLD_KRL, (SEC_ERROR_BASE + 110), -"New KRL is not later than the current one.") - -ER3(SEC_ERROR_CKL_CONFLICT, (SEC_ERROR_BASE + 111), -"New CKL has different issuer than current CKL. Delete current CKL.") - -ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, (SEC_ERROR_BASE + 112), -"The Certifying Authority for this certificate is not permitted to issue a \ -certificate with this name.") - -ER3(SEC_ERROR_KRL_NOT_YET_VALID, (SEC_ERROR_BASE + 113), -"The key revocation list for this certificate is not yet valid.") - -ER3(SEC_ERROR_CRL_NOT_YET_VALID, (SEC_ERROR_BASE + 114), -"The certificate revocation list for this certificate is not yet valid.") - -ER3(SEC_ERROR_UNKNOWN_CERT, (SEC_ERROR_BASE + 115), -"The requested certificate could not be found.") - -ER3(SEC_ERROR_UNKNOWN_SIGNER, (SEC_ERROR_BASE + 116), -"The signer's certificate could not be found.") - -ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, (SEC_ERROR_BASE + 117), -"The location for the certificate status server has invalid format.") - -ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE, (SEC_ERROR_BASE + 118), -"The OCSP response cannot be fully decoded; it is of an unknown type.") - -ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 119), -"The OCSP server returned unexpected/invalid HTTP data.") - -ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST, (SEC_ERROR_BASE + 120), -"The OCSP server found the request to be corrupted or improperly formed.") - -ER3(SEC_ERROR_OCSP_SERVER_ERROR, (SEC_ERROR_BASE + 121), -"The OCSP server experienced an internal error.") - -ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER, (SEC_ERROR_BASE + 122), -"The OCSP server suggests trying again later.") - -ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, (SEC_ERROR_BASE + 123), -"The OCSP server requires a signature on this request.") - -ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, (SEC_ERROR_BASE + 124), -"The OCSP server has refused this request as unauthorized.") - -ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, (SEC_ERROR_BASE + 125), -"The OCSP server returned an unrecognizable status.") - -ER3(SEC_ERROR_OCSP_UNKNOWN_CERT, (SEC_ERROR_BASE + 126), -"The OCSP server has no status for the certificate.") - -ER3(SEC_ERROR_OCSP_NOT_ENABLED, (SEC_ERROR_BASE + 127), -"You must enable OCSP before performing this operation.") - -ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER, (SEC_ERROR_BASE + 128), -"You must set the OCSP default responder before performing this operation.") - -ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE, (SEC_ERROR_BASE + 129), -"The response from the OCSP server was corrupted or improperly formed.") - -ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE, (SEC_ERROR_BASE + 130), -"The signer of the OCSP response is not authorized to give status for \ -this certificate.") - -ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE, (SEC_ERROR_BASE + 131), -"The OCSP response is not yet valid (contains a date in the future).") - -ER3(SEC_ERROR_OCSP_OLD_RESPONSE, (SEC_ERROR_BASE + 132), -"The OCSP response contains out-of-date information.") - -ER3(SEC_ERROR_DIGEST_NOT_FOUND, (SEC_ERROR_BASE + 133), -"The CMS or PKCS #7 Digest was not found in signed message.") - -ER3(SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE, (SEC_ERROR_BASE + 134), -"The CMS or PKCS #7 Message type is unsupported.") - -ER3(SEC_ERROR_MODULE_STUCK, (SEC_ERROR_BASE + 135), -"PKCS #11 module could not be removed because it is still in use.") - -ER3(SEC_ERROR_BAD_TEMPLATE, (SEC_ERROR_BASE + 136), -"Could not decode ASN.1 data. Specified template was invalid.") - -ER3(SEC_ERROR_CRL_NOT_FOUND, (SEC_ERROR_BASE + 137), -"No matching CRL was found.") - -ER3(SEC_ERROR_REUSED_ISSUER_AND_SERIAL, (SEC_ERROR_BASE + 138), -"You are attempting to import a cert with the same issuer/serial as \ -an existing cert, but that is not the same cert.") - -ER3(SEC_ERROR_BUSY, (SEC_ERROR_BASE + 139), -"NSS could not shutdown. Objects are still in use.") - -ER3(SEC_ERROR_EXTRA_INPUT, (SEC_ERROR_BASE + 140), -"DER-encoded message contained extra unused data.") - -ER3(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE, (SEC_ERROR_BASE + 141), -"Unsupported elliptic curve.") - -ER3(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM, (SEC_ERROR_BASE + 142), -"Unsupported elliptic curve point form.") - -ER3(SEC_ERROR_UNRECOGNIZED_OID, (SEC_ERROR_BASE + 143), -"Unrecognized Object IDentifier.") - -ER3(SEC_ERROR_OCSP_INVALID_SIGNING_CERT, (SEC_ERROR_BASE + 144), -"Invalid OCSP signing certificate in OCSP response.") - -ER3(SEC_ERROR_REVOKED_CERTIFICATE_CRL, (SEC_ERROR_BASE + 145), -"Certificate is revoked in issuer's certificate revocation list.") - -ER3(SEC_ERROR_REVOKED_CERTIFICATE_OCSP, (SEC_ERROR_BASE + 146), -"Issuer's OCSP responder reports certificate is revoked.") - -ER3(SEC_ERROR_CRL_INVALID_VERSION, (SEC_ERROR_BASE + 147), -"Issuer's Certificate Revocation List has an unknown version number.") - -ER3(SEC_ERROR_CRL_V1_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 148), -"Issuer's V1 Certificate Revocation List has a critical extension.") - -ER3(SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 149), -"Issuer's V2 Certificate Revocation List has an unknown critical extension.") - -ER3(SEC_ERROR_UNKNOWN_OBJECT_TYPE, (SEC_ERROR_BASE + 150), -"Unknown object type specified.") - -ER3(SEC_ERROR_INCOMPATIBLE_PKCS11, (SEC_ERROR_BASE + 151), -"PKCS #11 driver violates the spec in an incompatible way.") - -ER3(SEC_ERROR_NO_EVENT, (SEC_ERROR_BASE + 152), -"No new slot event is available at this time.") diff --git a/security/nss/cmd/lib/SSLerrs.h b/security/nss/cmd/lib/SSLerrs.h deleted file mode 100644 index 62ce99f03c..0000000000 --- a/security/nss/cmd/lib/SSLerrs.h +++ /dev/null @@ -1,372 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* SSL-specific security error codes */ -/* caller must include "sslerr.h" */ - -ER3(SSL_ERROR_EXPORT_ONLY_SERVER, SSL_ERROR_BASE + 0, -"Unable to communicate securely. Peer does not support high-grade encryption.") - -ER3(SSL_ERROR_US_ONLY_SERVER, SSL_ERROR_BASE + 1, -"Unable to communicate securely. Peer requires high-grade encryption which is not supported.") - -ER3(SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BASE + 2, -"Cannot communicate securely with peer: no common encryption algorithm(s).") - -ER3(SSL_ERROR_NO_CERTIFICATE, SSL_ERROR_BASE + 3, -"Unable to find the certificate or key necessary for authentication.") - -ER3(SSL_ERROR_BAD_CERTIFICATE, SSL_ERROR_BASE + 4, -"Unable to communicate securely with peer: peers's certificate was rejected.") - -/* unused (SSL_ERROR_BASE + 5),*/ - -ER3(SSL_ERROR_BAD_CLIENT, SSL_ERROR_BASE + 6, -"The server has encountered bad data from the client.") - -ER3(SSL_ERROR_BAD_SERVER, SSL_ERROR_BASE + 7, -"The client has encountered bad data from the server.") - -ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, SSL_ERROR_BASE + 8, -"Unsupported certificate type.") - -ER3(SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_BASE + 9, -"Peer using unsupported version of security protocol.") - -/* unused (SSL_ERROR_BASE + 10),*/ - -ER3(SSL_ERROR_WRONG_CERTIFICATE, SSL_ERROR_BASE + 11, -"Client authentication failed: private key in key database does not match public key in certificate database.") - -ER3(SSL_ERROR_BAD_CERT_DOMAIN, SSL_ERROR_BASE + 12, -"Unable to communicate securely with peer: requested domain name does not match the server's certificate.") - -/* SSL_ERROR_POST_WARNING (SSL_ERROR_BASE + 13), - defined in sslerr.h -*/ - -ER3(SSL_ERROR_SSL2_DISABLED, (SSL_ERROR_BASE + 14), -"Peer only supports SSL version 2, which is locally disabled.") - - -ER3(SSL_ERROR_BAD_MAC_READ, (SSL_ERROR_BASE + 15), -"SSL received a record with an incorrect Message Authentication Code.") - -ER3(SSL_ERROR_BAD_MAC_ALERT, (SSL_ERROR_BASE + 16), -"SSL peer reports incorrect Message Authentication Code.") - -ER3(SSL_ERROR_BAD_CERT_ALERT, (SSL_ERROR_BASE + 17), -"SSL peer cannot verify your certificate.") - -ER3(SSL_ERROR_REVOKED_CERT_ALERT, (SSL_ERROR_BASE + 18), -"SSL peer rejected your certificate as revoked.") - -ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19), -"SSL peer rejected your certificate as expired.") - -ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20), -"Cannot connect: SSL is disabled.") - -ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21), -"Cannot connect: SSL peer is in another FORTEZZA domain.") - - -ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE , (SSL_ERROR_BASE + 22), -"An unknown SSL cipher suite has been requested.") - -ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED , (SSL_ERROR_BASE + 23), -"No cipher suites are present and enabled in this program.") - -ER3(SSL_ERROR_BAD_BLOCK_PADDING , (SSL_ERROR_BASE + 24), -"SSL received a record with bad block padding.") - -ER3(SSL_ERROR_RX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 25), -"SSL received a record that exceeded the maximum permissible length.") - -ER3(SSL_ERROR_TX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 26), -"SSL attempted to send a record that exceeded the maximum permissible length.") - -/* - * Received a malformed (too long or short or invalid content) SSL handshake. - */ -ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST , (SSL_ERROR_BASE + 27), -"SSL received a malformed Hello Request handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO , (SSL_ERROR_BASE + 28), -"SSL received a malformed Client Hello handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO , (SSL_ERROR_BASE + 29), -"SSL received a malformed Server Hello handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE , (SSL_ERROR_BASE + 30), -"SSL received a malformed Certificate handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 31), -"SSL received a malformed Server Key Exchange handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST , (SSL_ERROR_BASE + 32), -"SSL received a malformed Certificate Request handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE , (SSL_ERROR_BASE + 33), -"SSL received a malformed Server Hello Done handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY , (SSL_ERROR_BASE + 34), -"SSL received a malformed Certificate Verify handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 35), -"SSL received a malformed Client Key Exchange handshake message.") - -ER3(SSL_ERROR_RX_MALFORMED_FINISHED , (SSL_ERROR_BASE + 36), -"SSL received a malformed Finished handshake message.") - -/* - * Received a malformed (too long or short) SSL record. - */ -ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER , (SSL_ERROR_BASE + 37), -"SSL received a malformed Change Cipher Spec record.") - -ER3(SSL_ERROR_RX_MALFORMED_ALERT , (SSL_ERROR_BASE + 38), -"SSL received a malformed Alert record.") - -ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE , (SSL_ERROR_BASE + 39), -"SSL received a malformed Handshake record.") - -ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40), -"SSL received a malformed Application Data record.") - -/* - * Received an SSL handshake that was inappropriate for the state we're in. - * E.g. Server received message from server, or wrong state in state machine. - */ -ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST , (SSL_ERROR_BASE + 41), -"SSL received an unexpected Hello Request handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO , (SSL_ERROR_BASE + 42), -"SSL received an unexpected Client Hello handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO , (SSL_ERROR_BASE + 43), -"SSL received an unexpected Server Hello handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE , (SSL_ERROR_BASE + 44), -"SSL received an unexpected Certificate handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45), -"SSL received an unexpected Server Key Exchange handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST , (SSL_ERROR_BASE + 46), -"SSL received an unexpected Certificate Request handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE , (SSL_ERROR_BASE + 47), -"SSL received an unexpected Server Hello Done handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY , (SSL_ERROR_BASE + 48), -"SSL received an unexpected Certificate Verify handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49), -"SSL received an unexpected Cllient Key Exchange handshake message.") - -ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED , (SSL_ERROR_BASE + 50), -"SSL received an unexpected Finished handshake message.") - -/* - * Received an SSL record that was inappropriate for the state we're in. - */ -ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER , (SSL_ERROR_BASE + 51), -"SSL received an unexpected Change Cipher Spec record.") - -ER3(SSL_ERROR_RX_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 52), -"SSL received an unexpected Alert record.") - -ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE , (SSL_ERROR_BASE + 53), -"SSL received an unexpected Handshake record.") - -ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54), -"SSL received an unexpected Application Data record.") - -/* - * Received record/message with unknown discriminant. - */ -ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE , (SSL_ERROR_BASE + 55), -"SSL received a record with an unknown content type.") - -ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE , (SSL_ERROR_BASE + 56), -"SSL received a handshake message with an unknown message type.") - -ER3(SSL_ERROR_RX_UNKNOWN_ALERT , (SSL_ERROR_BASE + 57), -"SSL received an alert record with an unknown alert description.") - -/* - * Received an alert reporting what we did wrong. (more alerts above) - */ -ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT , (SSL_ERROR_BASE + 58), -"SSL peer has closed this connection.") - -ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 59), -"SSL peer was not expecting a handshake message it received.") - -ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT , (SSL_ERROR_BASE + 60), -"SSL peer was unable to succesfully decompress an SSL record it received.") - -ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT , (SSL_ERROR_BASE + 61), -"SSL peer was unable to negotiate an acceptable set of security parameters.") - -ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT , (SSL_ERROR_BASE + 62), -"SSL peer rejected a handshake message for unacceptable content.") - -ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT , (SSL_ERROR_BASE + 63), -"SSL peer does not support certificates of the type it received.") - -ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT , (SSL_ERROR_BASE + 64), -"SSL peer had some unspecified issue with the certificate it received.") - - -ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE , (SSL_ERROR_BASE + 65), -"SSL experienced a failure of its random number generator.") - -ER3(SSL_ERROR_SIGN_HASHES_FAILURE , (SSL_ERROR_BASE + 66), -"Unable to digitally sign data required to verify your certificate.") - -ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE , (SSL_ERROR_BASE + 67), -"SSL was unable to extract the public key from the peer's certificate.") - -ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 68), -"Unspecified failure while processing SSL Server Key Exchange handshake.") - -ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 69), -"Unspecified failure while processing SSL Client Key Exchange handshake.") - -ER3(SSL_ERROR_ENCRYPTION_FAILURE , (SSL_ERROR_BASE + 70), -"Bulk data encryption algorithm failed in selected cipher suite.") - -ER3(SSL_ERROR_DECRYPTION_FAILURE , (SSL_ERROR_BASE + 71), -"Bulk data decryption algorithm failed in selected cipher suite.") - -ER3(SSL_ERROR_SOCKET_WRITE_FAILURE , (SSL_ERROR_BASE + 72), -"Attempt to write encrypted data to underlying socket failed.") - -ER3(SSL_ERROR_MD5_DIGEST_FAILURE , (SSL_ERROR_BASE + 73), -"MD5 digest function failed.") - -ER3(SSL_ERROR_SHA_DIGEST_FAILURE , (SSL_ERROR_BASE + 74), -"SHA-1 digest function failed.") - -ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE , (SSL_ERROR_BASE + 75), -"MAC computation failed.") - -ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE , (SSL_ERROR_BASE + 76), -"Failure to create Symmetric Key context.") - -ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE , (SSL_ERROR_BASE + 77), -"Failure to unwrap the Symmetric key in Client Key Exchange message.") - -ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED , (SSL_ERROR_BASE + 78), -"SSL Server attempted to use domestic-grade public key with export cipher suite.") - -ER3(SSL_ERROR_IV_PARAM_FAILURE , (SSL_ERROR_BASE + 79), -"PKCS11 code failed to translate an IV into a param.") - -ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE , (SSL_ERROR_BASE + 80), -"Failed to initialize the selected cipher suite.") - -ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE , (SSL_ERROR_BASE + 81), -"Client failed to generate session keys for SSL session.") - -ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG , (SSL_ERROR_BASE + 82), -"Server has no key for the attempted key exchange algorithm.") - -ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL , (SSL_ERROR_BASE + 83), -"PKCS#11 token was inserted or removed while operation was in progress.") - -ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND , (SSL_ERROR_BASE + 84), -"No PKCS#11 token could be found to do a required operation.") - -ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP , (SSL_ERROR_BASE + 85), -"Cannot communicate securely with peer: no common compression algorithm(s).") - -ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED , (SSL_ERROR_BASE + 86), -"Cannot initiate another SSL handshake until current handshake is complete.") - -ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE , (SSL_ERROR_BASE + 87), -"Received incorrect handshakes hash values from peer.") - -ER3(SSL_ERROR_CERT_KEA_MISMATCH , (SSL_ERROR_BASE + 88), -"The certificate provided cannot be used with the selected key exchange algorithm.") - -ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA , (SSL_ERROR_BASE + 89), -"No certificate authority is trusted for SSL client authentication.") - -ER3(SSL_ERROR_SESSION_NOT_FOUND , (SSL_ERROR_BASE + 90), -"Client's SSL session ID not found in server's session cache.") - -ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT , (SSL_ERROR_BASE + 91), -"Peer was unable to decrypt an SSL record it received.") - -ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT , (SSL_ERROR_BASE + 92), -"Peer received an SSL record that was longer than is permitted.") - -ER3(SSL_ERROR_UNKNOWN_CA_ALERT , (SSL_ERROR_BASE + 93), -"Peer does not recognize and trust the CA that issued your certificate.") - -ER3(SSL_ERROR_ACCESS_DENIED_ALERT , (SSL_ERROR_BASE + 94), -"Peer received a valid certificate, but access was denied.") - -ER3(SSL_ERROR_DECODE_ERROR_ALERT , (SSL_ERROR_BASE + 95), -"Peer could not decode an SSL handshake message.") - -ER3(SSL_ERROR_DECRYPT_ERROR_ALERT , (SSL_ERROR_BASE + 96), -"Peer reports failure of signature verification or key exchange.") - -ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT , (SSL_ERROR_BASE + 97), -"Peer reports negotiation not in compliance with export regulations.") - -ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT , (SSL_ERROR_BASE + 98), -"Peer reports incompatible or unsupported protocol version.") - -ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT , (SSL_ERROR_BASE + 99), -"Server requires ciphers more secure than those supported by client.") - -ER3(SSL_ERROR_INTERNAL_ERROR_ALERT , (SSL_ERROR_BASE + 100), -"Peer reports it experienced an internal error.") - -ER3(SSL_ERROR_USER_CANCELED_ALERT , (SSL_ERROR_BASE + 101), -"Peer user canceled handshake.") - -ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT , (SSL_ERROR_BASE + 102), -"Peer does not permit renegotiation of SSL security parameters.") - -ER3(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED , (SSL_ERROR_BASE + 103), -"SSL server cache not configured and not disabled for this socket.") - diff --git a/security/nss/cmd/lib/berparse.c b/security/nss/cmd/lib/berparse.c deleted file mode 100644 index 930d0b7c13..0000000000 --- a/security/nss/cmd/lib/berparse.c +++ /dev/null @@ -1,407 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -#include "secutil.h" - -typedef enum { - tagDone, lengthDone, leafDone, compositeDone, - notDone, - parseError, parseComplete -} ParseState; - -typedef unsigned char Byte; -typedef void (*ParseProc)(BERParse *h, unsigned char **buf, int *len); -typedef struct { - SECArb arb; - int pos; /* length from global start to item start */ - SECArb *parent; -} ParseStackElem; - -struct BERParseStr { - PRArenaPool *his; - PRArenaPool *mine; - ParseProc proc; - int stackDepth; - ParseStackElem *stackPtr; - ParseStackElem *stack; - int pending; /* bytes remaining to complete this part */ - int pos; /* running length of consumed characters */ - ParseState state; - PRBool keepLeaves; - PRBool derOnly; - BERFilterProc filter; - void *filterArg; - BERNotifyProc before; - void *beforeArg; - BERNotifyProc after; - void *afterArg; -}; - -#define UNKNOWN -1 - -static unsigned char NextChar(BERParse *h, unsigned char **buf, int *len) -{ - unsigned char c = *(*buf)++; - (*len)--; - h->pos++; - if (h->filter) - (*h->filter)(h->filterArg, &c, 1); - return c; -} - -static void ParseTag(BERParse *h, unsigned char **buf, int *len) -{ - SECArb* arb = &(h->stackPtr->arb); - arb->tag = NextChar(h, buf, len); - - PORT_Assert(h->state == notDone); - - /* - * NOTE: This does not handle the high-tag-number form - */ - if ((arb->tag & DER_HIGH_TAG_NUMBER) == DER_HIGH_TAG_NUMBER) { - PORT_SetError(SEC_ERROR_BAD_DER); - h->state = parseError; - return; - } - - h->pending = UNKNOWN; - arb->length = UNKNOWN; - if (arb->tag & DER_CONSTRUCTED) { - arb->body.cons.numSubs = 0; - arb->body.cons.subs = NULL; - } else { - arb->body.item.len = UNKNOWN; - arb->body.item.data = NULL; - } - - h->state = tagDone; -} - -static void ParseLength(BERParse *h, unsigned char **buf, int *len) -{ - Byte b; - SECArb *arb = &(h->stackPtr->arb); - - PORT_Assert(h->state == notDone); - - if (h->pending == UNKNOWN) { - b = NextChar(h, buf, len); - if ((b & 0x80) == 0) { /* short form */ - arb->length = b; - /* - * if the tag and the length are both zero bytes, then this - * should be the marker showing end of list for the - * indefinite length composite - */ - if (arb->length == 0 && arb->tag == 0) - h->state = compositeDone; - else - h->state = lengthDone; - return; - } - - h->pending = b & 0x7f; - /* 0 implies this is an indefinite length */ - if (h->pending > 4) { - PORT_SetError(SEC_ERROR_BAD_DER); - h->state = parseError; - return; - } - arb->length = 0; - } - - while ((*len > 0) && (h->pending > 0)) { - b = NextChar(h, buf, len); - arb->length = (arb->length << 8) + b; - h->pending--; - } - if (h->pending == 0) { - if (h->derOnly && (arb->length == 0)) - h->state = parseError; - else - h->state = lengthDone; - } - return; -} - -static void ParseLeaf(BERParse *h, unsigned char **buf, int *len) -{ - int count; - SECArb *arb = &(h->stackPtr->arb); - - PORT_Assert(h->state == notDone); - PORT_Assert(h->pending >= 0); - - if (*len < h->pending) - count = *len; - else - count = h->pending; - - if (h->keepLeaves) - memcpy(arb->body.item.data + arb->body.item.len, *buf, count); - if (h->filter) - (*h->filter)(h->filterArg, *buf, count); - *buf += count; - *len -= count; - arb->body.item.len += count; - h->pending -= count; - h->pos += count; - if (h->pending == 0) { - h->state = leafDone; - } - return; -} - -static void CreateArbNode(BERParse *h) -{ - SECArb *arb = PORT_ArenaAlloc(h->his, sizeof(SECArb)); - - *arb = h->stackPtr->arb; - - /* - * Special case closing the root - */ - if (h->stackPtr == h->stack) { - PORT_Assert(arb->tag & DER_CONSTRUCTED); - h->state = parseComplete; - } else { - SECArb *parent = h->stackPtr->parent; - parent->body.cons.subs = DS_ArenaGrow( - h->his, parent->body.cons.subs, - (parent->body.cons.numSubs) * sizeof(SECArb*), - (parent->body.cons.numSubs + 1) * sizeof(SECArb*)); - parent->body.cons.subs[parent->body.cons.numSubs] = arb; - parent->body.cons.numSubs++; - h->proc = ParseTag; - h->state = notDone; - h->pending = UNKNOWN; - } - if (h->after) - (*h->after)(h->afterArg, arb, h->stackPtr - h->stack, PR_FALSE); -} - -SECStatus BER_ParseSome(BERParse *h, unsigned char *buf, int len) -{ - if (h->state == parseError) return PR_TRUE; - - while (len) { - (*h->proc)(h, &buf, &len); - if (h->state == parseComplete) { - PORT_SetError(SEC_ERROR_BAD_DER); - h->state = parseError; - return PR_TRUE; - } - if (h->state == parseError) return PR_TRUE; - PORT_Assert(h->state != parseComplete); - - if (h->state <= compositeDone) { - if (h->proc == ParseTag) { - PORT_Assert(h->state == tagDone); - h->proc = ParseLength; - h->state = notDone; - } else if (h->proc == ParseLength) { - SECArb *arb = &(h->stackPtr->arb); - PORT_Assert(h->state == lengthDone || h->state == compositeDone); - - if (h->before) - (*h->before)(h->beforeArg, arb, - h->stackPtr - h->stack, PR_TRUE); - - /* - * Check to see if this is the end of an indefinite - * length composite - */ - if (h->state == compositeDone) { - SECArb *parent = h->stackPtr->parent; - PORT_Assert(parent); - PORT_Assert(parent->tag & DER_CONSTRUCTED); - if (parent->length != 0) { - PORT_SetError(SEC_ERROR_BAD_DER); - h->state = parseError; - return PR_TRUE; - } - /* - * NOTE: This does not check for an indefinite length - * composite being contained inside a definite length - * composite. It is not clear that is legal. - */ - h->stackPtr--; - CreateArbNode(h); - } else { - h->stackPtr->pos = h->pos; - - - if (arb->tag & DER_CONSTRUCTED) { - SECArb *parent; - /* - * Make sure there is room on the stack before we - * stick anything else there. - */ - PORT_Assert(h->stackPtr - h->stack < h->stackDepth); - if (h->stackPtr - h->stack == h->stackDepth - 1) { - int newDepth = h->stackDepth * 2; - h->stack = DS_ArenaGrow(h->mine, h->stack, - sizeof(ParseStackElem) * h->stackDepth, - sizeof(ParseStackElem) * newDepth); - h->stackPtr = h->stack + h->stackDepth + 1; - h->stackDepth = newDepth; - } - parent = &(h->stackPtr->arb); - h->stackPtr++; - h->stackPtr->parent = parent; - h->proc = ParseTag; - h->state = notDone; - h->pending = UNKNOWN; - } else { - if (arb->length < 0) { - PORT_SetError(SEC_ERROR_BAD_DER); - h->state = parseError; - return PR_TRUE; - } - arb->body.item.len = 0; - if (arb->length > 0 && h->keepLeaves) { - arb->body.item.data = - PORT_ArenaAlloc(h->his, arb->length); - } else { - arb->body.item.data = NULL; - } - h->proc = ParseLeaf; - h->state = notDone; - h->pending = arb->length; - } - } - } else { - ParseStackElem *parent; - PORT_Assert(h->state = leafDone); - PORT_Assert(h->proc == ParseLeaf); - - for (;;) { - CreateArbNode(h); - if (h->stackPtr == h->stack) - break; - parent = (h->stackPtr - 1); - PORT_Assert(parent->arb.tag & DER_CONSTRUCTED); - if (parent->arb.length == 0) /* need explicit end */ - break; - if (parent->pos + parent->arb.length > h->pos) - break; - if (parent->pos + parent->arb.length < h->pos) { - PORT_SetError(SEC_ERROR_BAD_DER); - h->state = parseError; - return PR_TRUE; - } - h->stackPtr = parent; - } - } - - } - } - return PR_FALSE; -} -BERParse *BER_ParseInit(PRArenaPool *arena, PRBool derOnly) -{ - BERParse *h; - PRArenaPool *temp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (temp == NULL) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - return NULL; - } - h = PORT_ArenaAlloc(temp, sizeof(BERParse)); - if (h == NULL) { - PORT_FreeArena(temp, PR_FALSE); - PORT_SetError(SEC_ERROR_NO_MEMORY); - return NULL; - } - h->his = arena; - h->mine = temp; - h->proc = ParseTag; - h->stackDepth = 20; - h->stack = PORT_ArenaZAlloc(h->mine, - sizeof(ParseStackElem) * h->stackDepth); - h->stackPtr = h->stack; - h->state = notDone; - h->pos = 0; - h->keepLeaves = PR_TRUE; - h->before = NULL; - h->after = NULL; - h->filter = NULL; - h->derOnly = derOnly; - return h; -} - -SECArb *BER_ParseFini(BERParse *h) -{ - PRArenaPool *myArena = h->mine; - SECArb *arb; - - if (h->state != parseComplete) { - arb = NULL; - } else { - arb = PORT_ArenaAlloc(h->his, sizeof(SECArb)); - *arb = h->stackPtr->arb; - } - - PORT_FreeArena(myArena, PR_FALSE); - - return arb; -} - - -void BER_SetFilter(BERParse *h, BERFilterProc proc, void *instance) -{ - h->filter = proc; - h->filterArg = instance; -} - -void BER_SetLeafStorage(BERParse *h, PRBool keep) -{ - h->keepLeaves = keep; -} - -void BER_SetNotifyProc(BERParse *h, BERNotifyProc proc, void *instance, - PRBool beforeData) -{ - if (beforeData) { - h->before = proc; - h->beforeArg = instance; - } else { - h->after = proc; - h->afterArg = instance; - } -} - - - diff --git a/security/nss/cmd/lib/config.mk b/security/nss/cmd/lib/config.mk deleted file mode 100644 index 665828c632..0000000000 --- a/security/nss/cmd/lib/config.mk +++ /dev/null @@ -1,47 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -# -# Override TARGETS variable so that only static libraries -# are specifed as dependencies within rules.mk. -# - -TARGETS = $(LIBRARY) -SHARED_LIBRARY = -IMPORT_LIBRARY = -PROGRAM = - diff --git a/security/nss/cmd/lib/derprint.c b/security/nss/cmd/lib/derprint.c deleted file mode 100644 index 50c6d02e6b..0000000000 --- a/security/nss/cmd/lib/derprint.c +++ /dev/null @@ -1,622 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -#include "secutil.h" -#include "secoid.h" - -#ifdef __sun -extern int fprintf(FILE *strm, const char *format, .../* args */); -extern int fflush(FILE *stream); -#endif - -#define RIGHT_MARGIN 24 -/*#define RAW_BYTES 1 */ - -static int prettyColumn = 0; - -static int -getInteger256(unsigned char *data, unsigned int nb) -{ - int val; - - switch (nb) { - case 1: - val = data[0]; - break; - case 2: - val = (data[0] << 8) | data[1]; - break; - case 3: - val = (data[0] << 16) | (data[1] << 8) | data[2]; - break; - case 4: - val = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; - break; - default: - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - - return val; -} - -static int -prettyNewline(FILE *out) -{ - int rv; - - if (prettyColumn != -1) { - rv = fprintf(out, "\n"); - prettyColumn = -1; - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - } - return 0; -} - -static int -prettyIndent(FILE *out, unsigned level) -{ - unsigned int i; - int rv; - - if (prettyColumn == -1) { - prettyColumn = level; - for (i = 0; i < level; i++) { - rv = fprintf(out, " "); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - } - } - - return 0; -} - -static int -prettyPrintByte(FILE *out, unsigned char item, unsigned int level) -{ - int rv; - - rv = prettyIndent(out, level); - if (rv < 0) - return rv; - - rv = fprintf(out, "%02x ", item); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - prettyColumn++; - if (prettyColumn >= RIGHT_MARGIN) { - return prettyNewline(out); - } - - return 0; -} - -static int -prettyPrintLeaf(FILE *out, unsigned char *data, - unsigned int len, unsigned int lv) -{ - unsigned int i; - int rv; - - for (i = 0; i < len; i++) { - rv = prettyPrintByte(out, *data++, lv); - if (rv < 0) - return rv; - } - return prettyNewline(out); -} - -static int -prettyPrintStringStart(FILE *out, unsigned char *str, - unsigned int len, unsigned int level) -{ -#define BUF_SIZE 100 - unsigned char buf[BUF_SIZE]; - int rv; - - if (len >= BUF_SIZE) - len = BUF_SIZE - 1; - - rv = prettyNewline(out); - if (rv < 0) - return rv; - - rv = prettyIndent(out, level); - if (rv < 0) - return rv; - - memcpy(buf, str, len); - buf[len] = '\000'; - - rv = fprintf(out, "\"%s\"", buf); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - return 0; -#undef BUF_SIZE -} - -static int -prettyPrintString(FILE *out, unsigned char *str, - unsigned int len, unsigned int level, PRBool raw) -{ - int rv; - - rv = prettyPrintStringStart(out, str, len, level); - if (rv < 0) - return rv; - - rv = prettyNewline(out); - if (rv < 0) - return rv; - - if (raw) { - rv = prettyPrintLeaf(out, str, len, level); - if (rv < 0) - return rv; - } - - return 0; -} - -static int -prettyPrintTime(FILE *out, unsigned char *str, - unsigned int len, unsigned int level, PRBool raw, PRBool utc) -{ - SECItem time_item; - int rv; - - rv = prettyPrintStringStart(out, str, len, level); - if (rv < 0) - return rv; - - time_item.data = str; - time_item.len = len; - - rv = fprintf(out, " ("); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - if (utc) - SECU_PrintUTCTime(out, &time_item, NULL, 0); - else - SECU_PrintGeneralizedTime(out, &time_item, NULL, 0); - - rv = fprintf(out, ")"); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - rv = prettyNewline(out); - if (rv < 0) - return rv; - - if (raw) { - rv = prettyPrintLeaf(out, str, len, level); - if (rv < 0) - return rv; - } - - return 0; -} - -static int -prettyPrintObjectID(FILE *out, unsigned char *data, - unsigned int len, unsigned int level, PRBool raw) -{ - SECOidData *oiddata; - SECItem oiditem; - unsigned int i; - unsigned long val; - int rv; - - - /* - * First print the Object Id in numeric format - */ - - rv = prettyIndent(out, level); - if (rv < 0) - return rv; - - val = data[0]; - i = val % 40; - val = val / 40; - rv = fprintf(out, "%lu %u ", val, i); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - val = 0; - for (i = 1; i < len; ++i) { - unsigned long j; - - j = data[i]; - val = (val << 7) | (j & 0x7f); - if (j & 0x80) - continue; - rv = fprintf(out, "%lu ", val); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - val = 0; - } - - /* - * Now try to look it up and print a symbolic version. - */ - oiditem.data = data; - oiditem.len = len; - oiddata = SECOID_FindOID(&oiditem); - if (oiddata != NULL) { - i = PORT_Strlen(oiddata->desc); - if ((prettyColumn + 1 + (i / 3)) > RIGHT_MARGIN) { - rv = prettyNewline(out); - if (rv < 0) - return rv; - } - - rv = prettyIndent(out, level); - if (rv < 0) - return rv; - - rv = fprintf(out, "(%s)", oiddata->desc); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - } - - /* - * Finally, on a new line, print the raw bytes (if requested). - */ - if (raw) { - rv = prettyNewline(out); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - for (i = 0; i < len; i++) { - rv = prettyPrintByte(out, *data++, level); - if (rv < 0) - return rv; - } - } - - return prettyNewline(out); -} - -static char *prettyTagType [32] = { - "End of Contents", - "Boolean", - "Integer", - "Bit String", - "Octet String", - "NULL", - "Object Identifier", - "0x07", - "0x08", - "0x09", - "Enumerated", - "0x0B", - "UTF8 String", - "0x0D", - "0x0E", - "0x0F", - "Sequence", - "Set", - "0x12", - "Printable String", - "T61 String", - "0x15", - "IA5 String", - "UTC Time", - "Generalized Time", - "0x19", - "Visible String", - "0x1B", - "Universal String", - "0x1D", - "BMP String", - "High-Tag-Number" -}; - -static int -prettyPrintTag(FILE *out, unsigned char *src, unsigned char *end, - unsigned char *codep, unsigned int level, PRBool raw) -{ - int rv; - unsigned char code, tagnum; - - if (src >= end) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - - code = *src; - tagnum = code & SEC_ASN1_TAGNUM_MASK; - - /* - * NOTE: This code does not (yet) handle the high-tag-number form! - */ - if (tagnum == SEC_ASN1_HIGH_TAG_NUMBER) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - - if (raw) - rv = prettyPrintByte(out, code, level); - else - rv = prettyIndent(out, level); - - if (rv < 0) - return rv; - - if (code & SEC_ASN1_CONSTRUCTED) { - rv = fprintf(out, "C-"); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - } - - switch (code & SEC_ASN1_CLASS_MASK) { - case SEC_ASN1_UNIVERSAL: - rv = fprintf(out, "%s ", prettyTagType[tagnum]); - break; - case SEC_ASN1_APPLICATION: - rv = fprintf(out, "Application: %d ", tagnum); - break; - case SEC_ASN1_CONTEXT_SPECIFIC: - rv = fprintf(out, "[%d] ", tagnum); - break; - case SEC_ASN1_PRIVATE: - rv = fprintf(out, "Private: %d ", tagnum); - break; - } - - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - *codep = code; - - return 1; -} - -static int -prettyPrintLength(FILE *out, unsigned char *data, unsigned char *end, - int *lenp, PRBool *indefinitep, unsigned int lv, PRBool raw) -{ - unsigned char lbyte; - int lenLen; - int rv; - - if (data >= end) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - - rv = fprintf(out, " "); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - *indefinitep = PR_FALSE; - - lbyte = *data++; - if (lbyte >= 0x80) { - /* Multibyte length */ - unsigned nb = (unsigned) (lbyte & 0x7f); - if (nb > 4) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - if (nb > 0) { - int il; - - if ((data + nb) > end) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - il = getInteger256(data, nb); - if (il < 0) return -1; - *lenp = (unsigned) il; - } else { - *lenp = 0; - *indefinitep = PR_TRUE; - } - lenLen = nb + 1; - if (raw) { - int i; - - rv = prettyPrintByte(out, lbyte, lv); - if (rv < 0) - return rv; - for (i = 0; i < nb; i++) { - rv = prettyPrintByte(out, data[i], lv); - if (rv < 0) - return rv; - } - } - } else { - *lenp = lbyte; - lenLen = 1; - if (raw) { - rv = prettyPrintByte(out, lbyte, lv); - if (rv < 0) - return rv; - } - } - if (*indefinitep) - rv = fprintf(out, "(indefinite)\n"); - else - rv = fprintf(out, "(%d)\n", *lenp); - if (rv < 0) { - PORT_SetError(SEC_ERROR_IO); - return rv; - } - - prettyColumn = -1; - return lenLen; -} - -static int -prettyPrintItem(FILE *out, unsigned char *data, unsigned char *end, - unsigned int lv, PRBool raw) -{ - int slen; - int lenLen; - unsigned char *orig = data; - int rv; - - while (data < end) { - unsigned char code; - PRBool indefinite; - - slen = prettyPrintTag(out, data, end, &code, lv, raw); - if (slen < 0) - return slen; - data += slen; - - lenLen = prettyPrintLength(out, data, end, &slen, &indefinite, lv, raw); - if (lenLen < 0) - return lenLen; - data += lenLen; - - /* - * Just quit now if slen more bytes puts us off the end. - */ - if ((data + slen) > end) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - - if (code & SEC_ASN1_CONSTRUCTED) { - if (slen > 0 || indefinite) { - slen = prettyPrintItem(out, data, - slen == 0 ? end : data + slen, - lv+1, raw); - if (slen < 0) - return slen; - data += slen; - } - } else if (code == 0) { - if (slen != 0 || lenLen != 1) { - PORT_SetError(SEC_ERROR_BAD_DER); - return -1; - } - break; - } else { - switch (code) { - case SEC_ASN1_PRINTABLE_STRING: - case SEC_ASN1_IA5_STRING: - case SEC_ASN1_VISIBLE_STRING: - rv = prettyPrintString(out, data, slen, lv+1, raw); - if (rv < 0) - return rv; - break; - case SEC_ASN1_UTC_TIME: - rv = prettyPrintTime(out, data, slen, lv+1, raw, PR_TRUE); - if (rv < 0) - return rv; - break; - case SEC_ASN1_GENERALIZED_TIME: - rv = prettyPrintTime(out, data, slen, lv+1, raw, PR_FALSE); - if (rv < 0) - return rv; - break; - case SEC_ASN1_OBJECT_ID: - rv = prettyPrintObjectID(out, data, slen, lv+1, raw); - if (rv < 0) - return rv; - break; - case SEC_ASN1_BOOLEAN: /* could do nicer job */ - case SEC_ASN1_INTEGER: /* could do nicer job */ - case SEC_ASN1_BIT_STRING: /* could do nicer job */ - case SEC_ASN1_OCTET_STRING: - case SEC_ASN1_NULL: - case SEC_ASN1_ENUMERATED: /* could do nicer job, as INTEGER */ - case SEC_ASN1_UTF8_STRING: - case SEC_ASN1_T61_STRING: /* print as printable string? */ - case SEC_ASN1_UNIVERSAL_STRING: - case SEC_ASN1_BMP_STRING: - default: - rv = prettyPrintLeaf(out, data, slen, lv+1); - if (rv < 0) - return rv; - break; - } - data += slen; - } - } - - rv = prettyNewline(out); - if (rv < 0) - return rv; - - return data - orig; -} - -SECStatus -DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw) -{ - int rv; - - prettyColumn = -1; - - rv = prettyPrintItem(out, it->data, it->data + it->len, 0, raw); - if (rv < 0) - return SECFailure; - return SECSuccess; -} diff --git a/security/nss/cmd/lib/ffs.c b/security/nss/cmd/lib/ffs.c deleted file mode 100644 index d7fdd38729..0000000000 --- a/security/nss/cmd/lib/ffs.c +++ /dev/null @@ -1,51 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -#ifdef XP_PC - -int ffs( unsigned int i) -{ - int rv = 1; - - if (!i) return 0; - - while (!(i & 1)) { - i >>= 1; - ++rv; - } - - return rv; -} -#endif diff --git a/security/nss/cmd/lib/manifest.mn b/security/nss/cmd/lib/manifest.mn deleted file mode 100644 index 18086156b3..0000000000 --- a/security/nss/cmd/lib/manifest.mn +++ /dev/null @@ -1,64 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** -CORE_DEPTH = ../../.. - -LIBRARY_NAME = sectool - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -DEFINES = -DNSPR20 - -PRIVATE_EXPORTS = secutil.h \ - $(NULL) - -CSRCS = secutil.c \ - secpwd.c \ - derprint.c \ - moreoids.c \ - pppolicy.c \ - secerror.c \ - ffs.c \ - $(NULL) - -REQUIRES = dbm - -ifdef NSS_ENABLE_ECC -DEFINES += -DNSS_ENABLE_ECC -endif - -NO_MD_RELEASE = 1 diff --git a/security/nss/cmd/lib/moreoids.c b/security/nss/cmd/lib/moreoids.c deleted file mode 100644 index 27488c59e2..0000000000 --- a/security/nss/cmd/lib/moreoids.c +++ /dev/null @@ -1,180 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 2004 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include "secoid.h" -#include "secmodt.h" /* for CKM_INVALID_MECHANISM */ - -#define OI(x) { siDEROID, (unsigned char *)x, sizeof x } -#define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext } -#define ODN(oid,desc) \ - { OI(oid), 0, desc, CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION } - -#define OIDT static const unsigned char - -/* OIW Security Special Interest Group defined algorithms. */ -#define OIWSSIG 0x2B, 13, 3, 2 - -OIDT oiwMD5RSA[] = { OIWSSIG, 3 }; -OIDT oiwDESCBC[] = { OIWSSIG, 7 }; -OIDT oiwRSAsig[] = { OIWSSIG, 11 }; -OIDT oiwDSA [] = { OIWSSIG, 12 }; -OIDT oiwMD5RSAsig[] = { OIWSSIG, 25 }; -OIDT oiwSHA1 [] = { OIWSSIG, 26 }; -OIDT oiwDSASHA1[] = { OIWSSIG, 27 }; -OIDT oiwDSASHA1param[] = { OIWSSIG, 28 }; -OIDT oiwSHA1RSA[] = { OIWSSIG, 29 }; - - -/* Microsoft OIDs. (1 3 6 1 4 1 311 ... ) */ -#define MICROSOFT 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37 - -OIDT mCTL[] = { MICROSOFT, 10, 3, 1 }; /* Cert Trust List signing */ -OIDT mTSS[] = { MICROSOFT, 10, 3, 2 }; /* Time Stamp Signing */ -OIDT mSGC[] = { MICROSOFT, 10, 3, 3 }; /* Server gated cryptography */ -OIDT mEFS[] = { MICROSOFT, 10, 3, 4 }; /* Encrypted File System */ -OIDT mSMIME[] = { MICROSOFT, 16, 4 }; /* SMIME encryption key prefs */ - -OIDT mECRTT[] = { MICROSOFT, 20, 2 }; /* Enrollment cert type xtn */ -OIDT mEAGNT[] = { MICROSOFT, 20, 2, 1 }; /* Enrollment Agent */ -OIDT mKPSCL[] = { MICROSOFT, 20, 2, 2 }; /* KP SmartCard Logon */ -OIDT mNTPN [] = { MICROSOFT, 20, 2, 3 }; /* NT Principal Name */ -OIDT mCASRV[] = { MICROSOFT, 21, 1 }; /* CertServ CA version */ - -/* AOL OIDs (1 3 6 1 4 1 1066 ... ) */ -#define AOL 0x2B, 0x06, 0x01, 0x04, 0x01, 0x88, 0x2A - -/* PKIX IDs (1 3 6 1 5 5 7 ...) */ -#define ID_PKIX 0x2B, 6, 1, 5, 5, 7 -/* PKIX Access Descriptors (methods for Authority Info Access Extns) */ -#define ID_AD ID_PKIX, 48 - -OIDT padOCSP[] = { ID_AD, 1 }; /* OCSP method */ -OIDT padCAissuer[] = { ID_AD, 2 }; /* URI (for CRL ?) */ -OIDT padTimeStamp[] = { ID_AD, 3 }; /* time stamping */ - -/* ISO Cert Extension type OIDs (id-ce) (2 5 29 ...) */ -#define X500 0x55 -#define X520_ATTRIBUTE_TYPE X500, 0x04 -#define X500_ALG X500, 0x08 -#define X500_ALG_ENCRYPTION X500_ALG, 0x01 -#define ID_CE X500, 29 - -OIDT cePlcyObs[] = { ID_CE, 3 }; /* Cert policies, obsolete. */ -OIDT cePlcyCns[] = { ID_CE, 36 }; /* Cert policy constraints. */ - -/* US Company arc (2 16 840 1 ...) */ -#define USCOM 0x60, 0x86, 0x48, 0x01 -#define USGOV USCOM, 0x65 -#define USDOD USGOV, 2 -#define ID_INFOSEC USDOD, 1 - -/* Verisign PKI OIDs (2 16 840 1 113733 1 ...) */ -#define VERISIGN_PKI USCOM, 0x86, 0xf8, 0x45, 1 -#define VERISIGN_XTN VERISIGN_PKI, 6 -#define VERISIGN_POL VERISIGN_PKI, 7 /* Cert policies */ -#define VERISIGN_TNET VERISIGN_POL, 23 /* Verisign Trust Network */ - -OIDT vcx7[] = { VERISIGN_XTN, 7 }; /* Cert Extension 7 (?) */ -OIDT vcp1[] = { VERISIGN_TNET, 1 }; /* class 1 cert policy */ -OIDT vcp2[] = { VERISIGN_TNET, 2 }; /* class 2 cert policy */ -OIDT vcp3[] = { VERISIGN_TNET, 3 }; /* class 3 cert policy */ -OIDT vcp4[] = { VERISIGN_TNET, 4 }; /* class 4 cert policy */ - - -/* ------------------------------------------------------------------- */ -static const SECOidData oids[] = { -/* OIW Security Special Interest Group OIDs */ - ODN( oiwMD5RSA, "OIWSecSIG MD5 with RSA"), - ODN( oiwDESCBC, "OIWSecSIG DES CBC"), - ODN( oiwRSAsig, "OIWSecSIG RSA signature"), - ODN( oiwDSA , "OIWSecSIG DSA"), - ODN( oiwMD5RSAsig, "OIWSecSIG MD5 with RSA signature"), - ODN( oiwSHA1 , "OIWSecSIG SHA1"), - ODN( oiwDSASHA1, "OIWSecSIG DSA with SHA1"), - ODN( oiwDSASHA1param, "OIWSecSIG DSA with SHA1 with params"), - ODN( oiwSHA1RSA, "OIWSecSIG MD5 with RSA"), - -/* Microsoft OIDs */ - ODN( mCTL, "Microsoft Cert Trust List signing"), - ODN( mTSS, "Microsoft Time Stamp signing"), - ODN( mSGC, "Microsoft SGC SSL server"), - ODN( mEFS, "Microsoft Encrypted File System"), - ODN( mSMIME, "Microsoft SMIME preferences"), - ODN( mECRTT, "Microsoft Enrollment Cert Type Extension"), - ODN( mEAGNT, "Microsoft Enrollment Agent"), - ODN( mKPSCL, "Microsoft KP SmartCard Logon"), - ODN( mNTPN, "Microsoft NT Principal Name"), - ODN( mCASRV, "Microsoft CertServ CA version"), - -/* PKIX OIDs */ - ODN( padOCSP, "PKIX OCSP method"), - ODN( padCAissuer, "PKIX CA Issuer method"), - ODN( padTimeStamp, "PKIX Time Stamping method"), - -/* ID_CE OIDs. */ - ODN( cePlcyObs, "Certificate Policies (Obsolete)"), - ODN( cePlcyCns, "Certificate Policy Constraints"), - -/* Verisign OIDs. */ - ODN( vcx7, "Verisign Cert Extension 7 (?)"), - ODN( vcp1, "Verisign Class 1 Certificate Policy"), - ODN( vcp2, "Verisign Class 2 Certificate Policy"), - ODN( vcp3, "Verisign Class 3 Certificate Policy"), - ODN( vcp4, "Verisign Class 4 Certificate Policy"), - -}; - -static const unsigned int numOids = (sizeof oids) / (sizeof oids[0]); - -SECStatus -SECU_RegisterDynamicOids(void) -{ - unsigned int i; - SECStatus rv = SECSuccess; - - for (i = 0; i < numOids; ++i) { - SECOidTag tag = SECOID_AddEntry(&oids[i]); - if (tag == SEC_OID_UNKNOWN) { - rv = SECFailure; -#ifdef DEBUG_DYN_OIDS - fprintf(stderr, "Add OID[%d] failed\n", i); - } else { - fprintf(stderr, "Add OID[%d] returned tag %d\n", i, tag); -#endif - } - } - return rv; -} diff --git a/security/nss/cmd/lib/pppolicy.c b/security/nss/cmd/lib/pppolicy.c deleted file mode 100644 index c0094083c0..0000000000 --- a/security/nss/cmd/lib/pppolicy.c +++ /dev/null @@ -1,299 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 2004 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* - * Support for various policy related extensions - * - * $Id$ - */ - -#include "seccomon.h" -#include "secport.h" -#include "secder.h" -#include "cert.h" -#include "secoid.h" -#include "secasn1.h" -#include "secerr.h" -#include "nspr.h" -#include "secutil.h" - -/* This implementation is derived from the one in nss/lib/certdb/policyxtn.c . -** The chief difference is the addition of the OPTIONAL flag to many -** parts. The idea is to be able to parse and print as much of the -** policy extension as possible, even if some parts are invalid. -** -** If this approach still is unable to decode policy extensions that -** contain invalid parts, then the next approach will be to parse -** the PolicyInfos as a SEQUENCE of ANYs, and then parse each of them -** as PolicyInfos, with the PolicyQualifiers being ANYs, and finally -** parse each of the PolicyQualifiers. -*/ - -static const SEC_ASN1Template secu_PolicyQualifierTemplate[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(CERTPolicyQualifier) }, - { SEC_ASN1_OBJECT_ID, - offsetof(CERTPolicyQualifier, qualifierID) }, - { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL, - offsetof(CERTPolicyQualifier, qualifierValue) }, - { 0 } -}; - -static const SEC_ASN1Template secu_PolicyInfoTemplate[] = { - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(CERTPolicyInfo) }, - { SEC_ASN1_OBJECT_ID, - offsetof(CERTPolicyInfo, policyID) }, - { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_OPTIONAL, - offsetof(CERTPolicyInfo, policyQualifiers), - secu_PolicyQualifierTemplate }, - { 0 } -}; - -static const SEC_ASN1Template secu_CertificatePoliciesTemplate[] = { - { SEC_ASN1_SEQUENCE_OF, - offsetof(CERTCertificatePolicies, policyInfos), - secu_PolicyInfoTemplate, sizeof(CERTCertificatePolicies) } -}; - - -static CERTCertificatePolicies * -secu_DecodeCertificatePoliciesExtension(SECItem *extnValue) -{ - PRArenaPool *arena = NULL; - SECStatus rv; - CERTCertificatePolicies *policies; - CERTPolicyInfo **policyInfos, *policyInfo; - CERTPolicyQualifier **policyQualifiers, *policyQualifier; - SECItem newExtnValue; - - /* make a new arena */ - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if ( !arena ) { - goto loser; - } - - /* allocate the certifiate policies structure */ - policies = PORT_ArenaZNew(arena, CERTCertificatePolicies); - if ( policies == NULL ) { - goto loser; - } - - policies->arena = arena; - - /* copy the DER into the arena, since Quick DER returns data that points - into the DER input, which may get freed by the caller */ - rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue); - if ( rv != SECSuccess ) { - goto loser; - } - - /* decode the policy info */ - rv = SEC_QuickDERDecodeItem(arena, policies, - secu_CertificatePoliciesTemplate, - &newExtnValue); - - if ( rv != SECSuccess ) { - goto loser; - } - - /* initialize the oid tags */ - policyInfos = policies->policyInfos; - while (policyInfos != NULL && *policyInfos != NULL ) { - policyInfo = *policyInfos; - policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID); - policyQualifiers = policyInfo->policyQualifiers; - while ( policyQualifiers && *policyQualifiers != NULL ) { - policyQualifier = *policyQualifiers; - policyQualifier->oid = - SECOID_FindOIDTag(&policyQualifier->qualifierID); - policyQualifiers++; - } - policyInfos++; - } - - return(policies); - -loser: - if ( arena != NULL ) { - PORT_FreeArena(arena, PR_FALSE); - } - - return(NULL); -} - - -static char * -itemToString(SECItem *item) -{ - char *string; - - string = PORT_ZAlloc(item->len+1); - if (string == NULL) return NULL; - PORT_Memcpy(string,item->data,item->len); - string[item->len] = 0; - return string; -} - -static SECStatus -secu_PrintUserNoticeQualifier(FILE *out, SECItem * qualifierValue, - char *msg, int level) -{ - CERTUserNotice *userNotice = NULL; - if (qualifierValue) - userNotice = CERT_DecodeUserNotice(qualifierValue); - if (userNotice) { - if (userNotice->noticeReference.organization.len != 0) { - char *string = - itemToString(&userNotice->noticeReference.organization); - SECItem **itemList = userNotice->noticeReference.noticeNumbers; - - while (itemList && *itemList) { - SECU_PrintInteger(out,*itemList,string,level+1); - itemList++; - } - PORT_Free(string); - } - if (userNotice->displayText.len != 0) { - SECU_PrintString(out,&userNotice->displayText, - "Display Text", level+1); - } - CERT_DestroyUserNotice(userNotice); - return SECSuccess; - } - return SECFailure; /* caller will print this value */ -} - -static SECStatus -secu_PrintPolicyQualifier(FILE *out,CERTPolicyQualifier *policyQualifier, - char *msg,int level) -{ - SECStatus rv; - SECItem * qualifierValue = &policyQualifier->qualifierValue; - - SECU_PrintObjectID(out, &policyQualifier->qualifierID , - "Policy Qualifier Name", level); - if (!qualifierValue->data) { - SECU_Indent(out, level); - fprintf(out,"Error: missing qualifier\n"); - } else - switch (policyQualifier->oid) { - case SEC_OID_PKIX_USER_NOTICE_QUALIFIER: - rv = secu_PrintUserNoticeQualifier(out, qualifierValue, msg, level); - if (SECSuccess == rv) - break; - /* fall through on error */ - case SEC_OID_PKIX_CPS_POINTER_QUALIFIER: - default: - SECU_PrintAny(out, qualifierValue, "Policy Qualifier Data", level); - break; - } - return SECSuccess; -} - -static SECStatus -secu_PrintPolicyInfo(FILE *out,CERTPolicyInfo *policyInfo,char *msg,int level) -{ - CERTPolicyQualifier **policyQualifiers; - - policyQualifiers = policyInfo->policyQualifiers; - SECU_PrintObjectID(out, &policyInfo->policyID , "Policy Name", level); - - while (policyQualifiers && *policyQualifiers != NULL) { - secu_PrintPolicyQualifier(out,*policyQualifiers,"",level+1); - policyQualifiers++; - } - return SECSuccess; -} - -void -SECU_PrintPolicy(FILE *out, SECItem *value, char *msg, int level) -{ - CERTCertificatePolicies *policies = NULL; - CERTPolicyInfo **policyInfos; - - if (msg) { - SECU_Indent(out, level); - fprintf(out,"%s: \n",msg); - level++; - } - policies = secu_DecodeCertificatePoliciesExtension(value); - if (policies == NULL) { - SECU_PrintAny(out, value, "Invalid Policy Data", level); - return; - } - - policyInfos = policies->policyInfos; - while (policyInfos && *policyInfos != NULL) { - secu_PrintPolicyInfo(out,*policyInfos,"",level); - policyInfos++; - } - - CERT_DestroyCertificatePoliciesExtension(policies); -} - - -void -SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value, - char *msg, int level) -{ - CERTPrivKeyUsagePeriod * prd; - PLArenaPool * arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if ( !arena ) { - goto loser; - } - prd = CERT_DecodePrivKeyUsagePeriodExtension(arena, value); - if (!prd) { - goto loser; - } - if (prd->notBefore.data) { - SECU_PrintGeneralizedTime(out, &prd->notBefore, "Not Before", level); - } - if (prd->notAfter.data) { - SECU_PrintGeneralizedTime(out, &prd->notAfter, "Not After ", level); - } - if (!prd->notBefore.data && !prd->notAfter.data) { - SECU_Indent(out, level); - fprintf(out, "Error: notBefore or notAfter MUST be present.\n"); -loser: - SECU_PrintAny(out, value, msg, level); - } - if (arena) { - PORT_FreeArena(arena, PR_FALSE); - } -} diff --git a/security/nss/cmd/lib/secerror.c b/security/nss/cmd/lib/secerror.c deleted file mode 100644 index 651cf55201..0000000000 --- a/security/nss/cmd/lib/secerror.c +++ /dev/null @@ -1,110 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -#include "nspr.h" - -struct tuple_str { - PRErrorCode errNum; - const char * errString; -}; - -typedef struct tuple_str tuple_str; - -#define ER2(a,b) {a, b}, -#define ER3(a,b,c) {a, c}, - -#include "secerr.h" -#include "sslerr.h" - -const tuple_str errStrings[] = { - -/* keep this list in asceding order of error numbers */ -#include "SSLerrs.h" -#include "SECerrs.h" -#include "NSPRerrs.h" - -}; - -const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str); - -/* Returns a UTF-8 encoded constant error string for "errNum". - * Returns NULL of errNum is unknown. - */ -const char * -SECU_Strerror(PRErrorCode errNum) { - PRInt32 low = 0; - PRInt32 high = numStrings - 1; - PRInt32 i; - PRErrorCode num; - static int initDone; - - /* make sure table is in ascending order. - * binary search depends on it. - */ - if (!initDone) { - PRErrorCode lastNum = ((PRInt32)0x80000000); - for (i = low; i <= high; ++i) { - num = errStrings[i].errNum; - if (num <= lastNum) { - fprintf(stderr, -"sequence error in error strings at item %d\n" -"error %d (%s)\n" -"should come after \n" -"error %d (%s)\n", - i, lastNum, errStrings[i-1].errString, - num, errStrings[i].errString); - } - lastNum = num; - } - initDone = 1; - } - - /* Do binary search of table. */ - while (low + 1 < high) { - i = (low + high) / 2; - num = errStrings[i].errNum; - if (errNum == num) - return errStrings[i].errString; - if (errNum < num) - high = i; - else - low = i; - } - if (errNum == errStrings[low].errNum) - return errStrings[low].errString; - if (errNum == errStrings[high].errNum) - return errStrings[high].errString; - return NULL; -} diff --git a/security/nss/cmd/lib/secpwd.c b/security/nss/cmd/lib/secpwd.c deleted file mode 100644 index f1189e1c9c..0000000000 --- a/security/nss/cmd/lib/secpwd.c +++ /dev/null @@ -1,205 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -#include "secutil.h" - -/* - * NOTE: The contents of this file are NOT used by the client. - * (They are part of the security library as a whole, but they are - * NOT USED BY THE CLIENT.) Do not change things on behalf of the - * client (like localizing strings), or add things that are only - * for the client (put them elsewhere). - */ - - -#ifdef XP_UNIX -#include -#endif - -#if defined(XP_UNIX) || defined(XP_BEOS) -#include /* for isatty() */ -#endif - -#if( defined(_WINDOWS) && !defined(_WIN32_WCE)) || defined(XP_OS2_VACPP) -#include -#include -#define QUIET_FGETS quiet_fgets -static char * quiet_fgets (char *buf, int length, FILE *input); -#else -#define QUIET_FGETS fgets -#endif - -static void echoOff(int fd) -{ -#if defined(XP_UNIX) && !defined(VMS) - if (isatty(fd)) { - struct termios tio; - tcgetattr(fd, &tio); - tio.c_lflag &= ~ECHO; - tcsetattr(fd, TCSAFLUSH, &tio); - } -#endif -} - -static void echoOn(int fd) -{ -#if defined(XP_UNIX) && !defined(VMS) - if (isatty(fd)) { - struct termios tio; - tcgetattr(fd, &tio); - tio.c_lflag |= ECHO; - tcsetattr(fd, TCSAFLUSH, &tio); - } -#endif -} - -char *SEC_GetPassword(FILE *input, FILE *output, char *prompt, - PRBool (*ok)(char *)) -{ -#if defined(_WINDOWS) - int isTTY = (input == stdin); -#define echoOn(x) -#define echoOff(x) -#else - int infd = fileno(input); - int isTTY = isatty(infd); -#endif - char phrase[200]; - - for (;;) { - /* Prompt for password */ - if (isTTY) { - fprintf(output, "%s", prompt); - fflush (output); - echoOff(infd); - } - - QUIET_FGETS ( phrase, sizeof(phrase), input); - - if (isTTY) { - fprintf(output, "\n"); - echoOn(infd); - } - - /* stomp on newline */ - phrase[PORT_Strlen(phrase)-1] = 0; - - /* Validate password */ - if (!(*ok)(phrase)) { - /* Not weird enough */ - if (!isTTY) return 0; - fprintf(output, "Password must be at least 8 characters long with one or more\n"); - fprintf(output, "non-alphabetic characters\n"); - continue; - } - return (char*) PORT_Strdup(phrase); - } -} - - - -PRBool SEC_CheckPassword(char *cp) -{ - int len; - char *end; - - len = PORT_Strlen(cp); - if (len < 8) { - return PR_FALSE; - } - end = cp + len; - while (cp < end) { - unsigned char ch = *cp++; - if (!((ch >= 'A') && (ch <= 'Z')) && - !((ch >= 'a') && (ch <= 'z'))) { - /* pass phrase has at least one non alphabetic in it */ - return PR_TRUE; - } - } - return PR_FALSE; -} - -PRBool SEC_BlindCheckPassword(char *cp) -{ - if (cp != NULL) { - return PR_TRUE; - } - return PR_FALSE; -} - -/* Get a password from the input terminal, without echoing */ - -#if defined(_WINDOWS) || defined(XP_OS2_VACPP) -static char * quiet_fgets (char *buf, int length, FILE *input) - { - int c; - char *end = buf; - - /* fflush (input); */ - memset (buf, 0, length); - -#ifndef XP_OS2_VACPP - if (input != stdin) { - return fgets(buf,length,input); - } -#else - if (!isatty(fileno(input))) { - return fgets(buf,length,input); - } -#endif - - while (1) - { -#if defined (_WIN32_WCE) - c = getchar(); /* gets a character from stdin */ -#else - c = getch(); /* getch gets a character from the console */ -#endif - if (c == '\b') - { - if (end > buf) - end--; - } - - else if (--length > 0) - *end++ = c; - - if (!c || c == '\n' || c == '\r') - break; - } - - return buf; - } -#endif diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c deleted file mode 100644 index 1f41e938de..0000000000 --- a/security/nss/cmd/lib/secutil.c +++ /dev/null @@ -1,3685 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * Dr Vipul Gupta , Sun Microsystems Laboratories - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -/* -** secutil.c - various functions used by security stuff -** -*/ - -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" -#include "prerror.h" -#include "prprf.h" -#include "plgetopt.h" -#include "prenv.h" -#include "prnetdb.h" - -#include "cryptohi.h" -#include "secutil.h" -#include "secpkcs7.h" -#include -#if !defined(_WIN32_WCE) -#include -#include -#endif - -#ifdef XP_UNIX -#include -#endif - -/* for SEC_TraverseNames */ -#include "cert.h" -#include "certt.h" -#include "certdb.h" - -/* #include "secmod.h" */ -#include "pk11func.h" -#include "secoid.h" - -static char consoleName[] = { -#ifdef XP_UNIX -#ifdef VMS - "TT" -#else - "/dev/tty" -#endif -#else -#ifdef XP_OS2 - "\\DEV\\CON" -#else - "CON:" -#endif -#endif -}; - - -char * -SECU_GetString(int16 error_number) -{ - - static char errString[80]; - sprintf(errString, "Unknown error string (%d)", error_number); - return errString; -} - -void -SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...) -{ - va_list args; - PRErrorCode err = PORT_GetError(); - const char * errString = SECU_Strerror(err); - - va_start(args, msg); - - SECU_Indent(out, level); - fprintf(out, "%s: ", progName); - vfprintf(out, msg, args); - if (errString != NULL && PORT_Strlen(errString) > 0) - fprintf(out, ": %s\n", errString); - else - fprintf(out, ": error %d\n", (int)err); - - va_end(args); -} - -void -SECU_PrintError(char *progName, char *msg, ...) -{ - va_list args; - PRErrorCode err = PORT_GetError(); - const char * errString = SECU_Strerror(err); - - va_start(args, msg); - - fprintf(stderr, "%s: ", progName); - vfprintf(stderr, msg, args); - if (errString != NULL && PORT_Strlen(errString) > 0) - fprintf(stderr, ": %s\n", errString); - else - fprintf(stderr, ": error %d\n", (int)err); - - va_end(args); -} - -void -SECU_PrintSystemError(char *progName, char *msg, ...) -{ - va_list args; - - va_start(args, msg); - fprintf(stderr, "%s: ", progName); - vfprintf(stderr, msg, args); -#if defined(_WIN32_WCE) - fprintf(stderr, ": %d\n", PR_GetOSError()); -#else - fprintf(stderr, ": %s\n", strerror(errno)); -#endif - va_end(args); -} - -static void -secu_ClearPassword(char *p) -{ - if (p) { - PORT_Memset(p, 0, PORT_Strlen(p)); - PORT_Free(p); - } -} - -char * -SECU_GetPasswordString(void *arg, char *prompt) -{ -#ifndef _WINDOWS - char *p = NULL; - FILE *input, *output; - - /* open terminal */ - input = fopen(consoleName, "r"); - if (input == NULL) { - fprintf(stderr, "Error opening input terminal for read\n"); - return NULL; - } - - output = fopen(consoleName, "w"); - if (output == NULL) { - fprintf(stderr, "Error opening output terminal for write\n"); - return NULL; - } - - p = SEC_GetPassword (input, output, prompt, SEC_BlindCheckPassword); - - - fclose(input); - fclose(output); - - return p; - -#else - /* Win32 version of above. opening the console may fail - on windows95, and certainly isn't necessary.. */ - - char *p = NULL; - - p = SEC_GetPassword (stdin, stdout, prompt, SEC_BlindCheckPassword); - return p; - -#endif -} - - -/* - * p a s s w o r d _ h a r d c o d e - * - * A function to use the password passed in the -f(pwfile) argument - * of the command line. - * After use once, null it out otherwise PKCS11 calls us forever.? - * - */ -char * -SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg) -{ - unsigned char phrase[200]; - PRFileDesc *fd; - PRInt32 nb; - char *pwFile = arg; - int i; - - if (!pwFile) - return 0; - - if (retry) { - return 0; /* no good retrying - the files contents will be the same */ - } - - fd = PR_Open(pwFile, PR_RDONLY, 0); - if (!fd) { - fprintf(stderr, "No password file \"%s\" exists.\n", pwFile); - return NULL; - } - - nb = PR_Read(fd, phrase, sizeof(phrase)); - - PR_Close(fd); - /* handle the Windows EOL case */ - i = 0; - while (phrase[i] != '\r' && phrase[i] != '\n' && i < nb) i++; - phrase[i] = '\0'; - if (nb == 0) { - fprintf(stderr,"password file contains no data\n"); - return NULL; - } - return (char*) PORT_Strdup((char*)phrase); -} - -char * -SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg) -{ - char prompt[255]; - secuPWData *pwdata = (secuPWData *)arg; - secuPWData pwnull = { PW_NONE, 0 }; - secuPWData pwxtrn = { PW_EXTERNAL, "external" }; - char *pw; - - if (pwdata == NULL) - pwdata = &pwnull; - - if (PK11_ProtectedAuthenticationPath(slot)) { - pwdata = &pwxtrn; - } - if (retry && pwdata->source != PW_NONE) { - PR_fprintf(PR_STDERR, "Incorrect password/PIN entered.\n"); - return NULL; - } - - switch (pwdata->source) { - case PW_NONE: - sprintf(prompt, "Enter Password or Pin for \"%s\":", - PK11_GetTokenName(slot)); - return SECU_GetPasswordString(NULL, prompt); - case PW_FROMFILE: - /* Instead of opening and closing the file every time, get the pw - * once, then keep it in memory (duh). - */ - pw = SECU_FilePasswd(slot, retry, pwdata->data); - pwdata->source = PW_PLAINTEXT; - pwdata->data = PL_strdup(pw); - /* it's already been dup'ed */ - return pw; - case PW_EXTERNAL: - sprintf(prompt, - "Press Enter, then enter PIN for \"%s\" on external device.\n", - PK11_GetTokenName(slot)); - (void) SECU_GetPasswordString(NULL, prompt); - /* Fall Through */ - case PW_PLAINTEXT: - return PL_strdup(pwdata->data); - default: - break; - } - - PR_fprintf(PR_STDERR, "Password check failed: No password found.\n"); - return NULL; -} - -char * -secu_InitSlotPassword(PK11SlotInfo *slot, PRBool retry, void *arg) -{ - char *p0 = NULL; - char *p1 = NULL; - FILE *input, *output; - secuPWData *pwdata = arg; - - if (pwdata->source == PW_FROMFILE) { - return SECU_FilePasswd(slot, retry, pwdata->data); - } - if (pwdata->source == PW_PLAINTEXT) { - return PL_strdup(pwdata->data); - } - - /* PW_NONE - get it from tty */ - /* open terminal */ -#ifdef _WINDOWS - input = stdin; -#else - input = fopen(consoleName, "r"); -#endif - if (input == NULL) { - PR_fprintf(PR_STDERR, "Error opening input terminal for read\n"); - return NULL; - } - - /* we have no password, so initialize database with one */ - PR_fprintf(PR_STDERR, - "Enter a password which will be used to encrypt your keys.\n" - "The password should be at least 8 characters long,\n" - "and should contain at least one non-alphabetic character.\n\n"); - - output = fopen(consoleName, "w"); - if (output == NULL) { - PR_fprintf(PR_STDERR, "Error opening output terminal for write\n"); - return NULL; - } - - - for (;;) { - if (p0) - PORT_Free(p0); - p0 = SEC_GetPassword(input, output, "Enter new password: ", - SEC_BlindCheckPassword); - - if (p1) - PORT_Free(p1); - p1 = SEC_GetPassword(input, output, "Re-enter password: ", - SEC_BlindCheckPassword); - if (p0 && p1 && !PORT_Strcmp(p0, p1)) { - break; - } - PR_fprintf(PR_STDERR, "Passwords do not match. Try again.\n"); - } - - /* clear out the duplicate password string */ - secu_ClearPassword(p1); - - fclose(input); - fclose(output); - - return p0; -} - -SECStatus -SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile) -{ - SECStatus rv; - secuPWData pwdata, newpwdata; - char *oldpw = NULL, *newpw = NULL; - - if (passwd) { - pwdata.source = PW_PLAINTEXT; - pwdata.data = passwd; - } else if (pwFile) { - pwdata.source = PW_FROMFILE; - pwdata.data = pwFile; - } else { - pwdata.source = PW_NONE; - pwdata.data = NULL; - } - - if (PK11_NeedUserInit(slot)) { - newpw = secu_InitSlotPassword(slot, PR_FALSE, &pwdata); - rv = PK11_InitPin(slot, (char*)NULL, newpw); - goto done; - } - - for (;;) { - oldpw = SECU_GetModulePassword(slot, PR_FALSE, &pwdata); - - if (PK11_CheckUserPassword(slot, oldpw) != SECSuccess) { - if (pwdata.source == PW_NONE) { - PR_fprintf(PR_STDERR, "Invalid password. Try again.\n"); - } else { - PR_fprintf(PR_STDERR, "Invalid password.\n"); - PORT_Memset(oldpw, 0, PL_strlen(oldpw)); - PORT_Free(oldpw); - return SECFailure; - } - } else - break; - - PORT_Free(oldpw); - } - - newpwdata.source = PW_NONE; - newpwdata.data = NULL; - - newpw = secu_InitSlotPassword(slot, PR_FALSE, &newpwdata); - - if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) { - PR_fprintf(PR_STDERR, "Failed to change password.\n"); - return SECFailure; - } - - PORT_Memset(oldpw, 0, PL_strlen(oldpw)); - PORT_Free(oldpw); - - PR_fprintf(PR_STDOUT, "Password changed successfully.\n"); - -done: - PORT_Memset(newpw, 0, PL_strlen(newpw)); - PORT_Free(newpw); - return SECSuccess; -} - -struct matchobj { - SECItem index; - char *nname; - PRBool found; -}; - -char * -SECU_DefaultSSLDir(void) -{ - char *dir; - static char sslDir[1000]; - - dir = PR_GetEnv("SSL_DIR"); - if (!dir) - return NULL; - - sprintf(sslDir, "%s", dir); - - if (sslDir[strlen(sslDir)-1] == '/') - sslDir[strlen(sslDir)-1] = 0; - - return sslDir; -} - -char * -SECU_AppendFilenameToDir(char *dir, char *filename) -{ - static char path[1000]; - - if (dir[strlen(dir)-1] == '/') - sprintf(path, "%s%s", dir, filename); - else - sprintf(path, "%s/%s", dir, filename); - return path; -} - -char * -SECU_ConfigDirectory(const char* base) -{ - static PRBool initted = PR_FALSE; - const char *dir = ".netscape"; - char *home; - static char buf[1000]; - - if (initted) return buf; - - - if (base == NULL || *base == 0) { - home = PR_GetEnv("HOME"); - if (!home) home = ""; - - if (*home && home[strlen(home) - 1] == '/') - sprintf (buf, "%.900s%s", home, dir); - else - sprintf (buf, "%.900s/%s", home, dir); - } else { - sprintf(buf, "%.900s", base); - if (buf[strlen(buf) - 1] == '/') - buf[strlen(buf) - 1] = 0; - } - - - initted = PR_TRUE; - return buf; -} - -/*Turn off SSL for now */ -/* This gets called by SSL when server wants our cert & key */ -int -SECU_GetClientAuthData(void *arg, PRFileDesc *fd, - struct CERTDistNamesStr *caNames, - struct CERTCertificateStr **pRetCert, - struct SECKEYPrivateKeyStr **pRetKey) -{ - SECKEYPrivateKey *key; - CERTCertificate *cert; - int errsave; - - if (arg == NULL) { - fprintf(stderr, "no key/cert name specified for client auth\n"); - return -1; - } - cert = PK11_FindCertFromNickname(arg, NULL); - errsave = PORT_GetError(); - if (!cert) { - if (errsave == SEC_ERROR_BAD_PASSWORD) - fprintf(stderr, "Bad password\n"); - else if (errsave > 0) - fprintf(stderr, "Unable to read cert (error %d)\n", errsave); - else if (errsave == SEC_ERROR_BAD_DATABASE) - fprintf(stderr, "Unable to get cert from database (%d)\n", errsave); - else - fprintf(stderr, "SECKEY_FindKeyByName: internal error %d\n", errsave); - return -1; - } - - key = PK11_FindKeyByAnyCert(arg,NULL); - if (!key) { - fprintf(stderr, "Unable to get key (%d)\n", PORT_GetError()); - return -1; - } - - - *pRetCert = cert; - *pRetKey = key; - - return 0; -} - -SECStatus -secu_StdinToItem(SECItem *dst) -{ - unsigned char buf[1000]; - PRInt32 numBytes; - PRBool notDone = PR_TRUE; - - dst->len = 0; - dst->data = NULL; - - while (notDone) { - numBytes = PR_Read(PR_STDIN, buf, sizeof(buf)); - - if (numBytes < 0) { - return SECFailure; - } - - if (numBytes == 0) - break; - - if (dst->data) { - unsigned char * p = dst->data; - dst->data = (unsigned char*)PORT_Realloc(p, dst->len + numBytes); - if (!dst->data) { - PORT_Free(p); - } - } else { - dst->data = (unsigned char*)PORT_Alloc(numBytes); - } - if (!dst->data) { - return SECFailure; - } - PORT_Memcpy(dst->data + dst->len, buf, numBytes); - dst->len += numBytes; - } - - return SECSuccess; -} - -SECStatus -SECU_FileToItem(SECItem *dst, PRFileDesc *src) -{ - PRFileInfo info; - PRInt32 numBytes; - PRStatus prStatus; - - if (src == PR_STDIN) - return secu_StdinToItem(dst); - - prStatus = PR_GetOpenFileInfo(src, &info); - - if (prStatus != PR_SUCCESS) { - PORT_SetError(SEC_ERROR_IO); - return SECFailure; - } - - /* XXX workaround for 3.1, not all utils zero dst before sending */ - dst->data = 0; - if (!SECITEM_AllocItem(NULL, dst, info.size)) - goto loser; - - numBytes = PR_Read(src, dst->data, info.size); - if (numBytes != info.size) { - PORT_SetError(SEC_ERROR_IO); - goto loser; - } - - return SECSuccess; -loser: - SECITEM_FreeItem(dst, PR_FALSE); - return SECFailure; -} - -SECStatus -SECU_TextFileToItem(SECItem *dst, PRFileDesc *src) -{ - PRFileInfo info; - PRInt32 numBytes; - PRStatus prStatus; - unsigned char *buf; - - if (src == PR_STDIN) - return secu_StdinToItem(dst); - - prStatus = PR_GetOpenFileInfo(src, &info); - - if (prStatus != PR_SUCCESS) { - PORT_SetError(SEC_ERROR_IO); - return SECFailure; - } - - buf = (unsigned char*)PORT_Alloc(info.size); - if (!buf) - return SECFailure; - - numBytes = PR_Read(src, buf, info.size); - if (numBytes != info.size) { - PORT_SetError(SEC_ERROR_IO); - goto loser; - } - - if (buf[numBytes-1] == '\n') numBytes--; -#ifdef _WINDOWS - if (buf[numBytes-1] == '\r') numBytes--; -#endif - - /* XXX workaround for 3.1, not all utils zero dst before sending */ - dst->data = 0; - if (!SECITEM_AllocItem(NULL, dst, numBytes)) - goto loser; - - memcpy(dst->data, buf, numBytes); - - PORT_Free(buf); - return SECSuccess; -loser: - PORT_Free(buf); - return SECFailure; -} - -SECStatus -SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii) -{ - SECStatus rv; - if (ascii) { - /* First convert ascii to binary */ - SECItem filedata; - char *asc, *body; - - /* Read in ascii data */ - rv = SECU_FileToItem(&filedata, inFile); - asc = (char *)filedata.data; - if (!asc) { - fprintf(stderr, "unable to read data from input file\n"); - return SECFailure; - } - - /* check for headers and trailers and remove them */ - if ((body = strstr(asc, "-----BEGIN")) != NULL) { - char *trailer = NULL; - asc = body; - body = PORT_Strchr(body, '\n'); - if (!body) - body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */ - if (body) - trailer = strstr(++body, "-----END"); - if (trailer != NULL) { - *trailer = '\0'; - } else { - fprintf(stderr, "input has header but no trailer\n"); - PORT_Free(filedata.data); - return SECFailure; - } - } else { - body = asc; - } - - /* Convert to binary */ - rv = ATOB_ConvertAsciiToItem(der, body); - if (rv) { - fprintf(stderr, "error converting ascii to binary (%s)\n", - SECU_Strerror(PORT_GetError())); - PORT_Free(filedata.data); - return SECFailure; - } - - PORT_Free(filedata.data); - } else { - /* Read in binary der */ - rv = SECU_FileToItem(der, inFile); - if (rv) { - fprintf(stderr, "error converting der (%s)\n", - SECU_Strerror(PORT_GetError())); - return SECFailure; - } - } - return SECSuccess; -} - -#define INDENT_MULT 4 -void -SECU_Indent(FILE *out, int level) -{ - int i; - - for (i = 0; i < level; i++) { - fprintf(out, " "); - } -} - -static void secu_Newline(FILE *out) -{ - fprintf(out, "\n"); -} - -void -SECU_PrintAsHex(FILE *out, SECItem *data, const char *m, int level) -{ - unsigned i; - int column; - PRBool isString = PR_TRUE; - PRBool isWhiteSpace = PR_TRUE; - PRBool printedHex = PR_FALSE; - unsigned int limit = 15; - - if ( m ) { - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - level++; - } - - SECU_Indent(out, level); column = level*INDENT_MULT; - if (!data->len) { - fprintf(out, "(empty)\n"); - return; - } - /* take a pass to see if it's all printable. */ - for (i = 0; i < data->len; i++) { - unsigned char val = data->data[i]; - if (!val || !isprint(val)) { - isString = PR_FALSE; - break; - } - if (isWhiteSpace && !isspace(val)) { - isWhiteSpace = PR_FALSE; - } - } - - /* Short values, such as bit strings (which are printed with this - ** function) often look like strings, but we want to see the bits. - ** so this test assures that short values will be printed in hex, - ** perhaps in addition to being printed as strings. - ** The threshold size (4 bytes) is arbitrary. - */ - if (!isString || data->len <= 4) { - for (i = 0; i < data->len; i++) { - if (i != data->len - 1) { - fprintf(out, "%02x:", data->data[i]); - column += 3; - } else { - fprintf(out, "%02x", data->data[i]); - column += 2; - break; - } - if (column > 76 || (i % 16 == limit)) { - secu_Newline(out); - SECU_Indent(out, level); - column = level*INDENT_MULT; - limit = i % 16; - } - } - printedHex = PR_TRUE; - } - if (isString && !isWhiteSpace) { - if (printedHex != PR_FALSE) { - secu_Newline(out); - SECU_Indent(out, level); column = level*INDENT_MULT; - } - for (i = 0; i < data->len; i++) { - unsigned char val = data->data[i]; - - if (val) { - fprintf(out,"%c",val); - column++; - } else { - column = 77; - } - if (column > 76) { - secu_Newline(out); - SECU_Indent(out, level); column = level*INDENT_MULT; - } - } - } - - if (column != level*INDENT_MULT) { - secu_Newline(out); - } -} - -static const char *hex = "0123456789abcdef"; - -static const char printable[257] = { - "................" /* 0x */ - "................" /* 1x */ - " !\"#$%&'()*+,-./" /* 2x */ - "0123456789:;<=>?" /* 3x */ - "@ABCDEFGHIJKLMNO" /* 4x */ - "PQRSTUVWXYZ[\\]^_" /* 5x */ - "`abcdefghijklmno" /* 6x */ - "pqrstuvwxyz{|}~." /* 7x */ - "................" /* 8x */ - "................" /* 9x */ - "................" /* ax */ - "................" /* bx */ - "................" /* cx */ - "................" /* dx */ - "................" /* ex */ - "................" /* fx */ -}; - -void -SECU_PrintBuf(FILE *out, const char *msg, const void *vp, int len) -{ - const unsigned char *cp = (const unsigned char *)vp; - char buf[80]; - char *bp; - char *ap; - - fprintf(out, "%s [Len: %d]\n", msg, len); - memset(buf, ' ', sizeof buf); - bp = buf; - ap = buf + 50; - while (--len >= 0) { - unsigned char ch = *cp++; - *bp++ = hex[(ch >> 4) & 0xf]; - *bp++ = hex[ch & 0xf]; - *bp++ = ' '; - *ap++ = printable[ch]; - if (ap - buf >= 66) { - *ap = 0; - fprintf(out, " %s\n", buf); - memset(buf, ' ', sizeof buf); - bp = buf; - ap = buf + 50; - } - } - if (bp > buf) { - *ap = 0; - fprintf(out, " %s\n", buf); - } -} - -SECStatus -SECU_StripTagAndLength(SECItem *i) -{ - unsigned int start; - - if (!i || !i->data || i->len < 2) { /* must be at least tag and length */ - return SECFailure; - } - start = ((i->data[1] & 0x80) ? (i->data[1] & 0x7f) + 2 : 2); - if (i->len < start) { - return SECFailure; - } - i->data += start; - i->len -= start; - return SECSuccess; -} - - -/* This expents i->data[0] to be the MSB of the integer. -** if you want to print a DER-encoded integer (with the tag and length) -** call SECU_PrintEncodedInteger(); -*/ -void -SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level) -{ - int iv; - - if (!i || !i->len || !i->data) { - SECU_Indent(out, level); - if (m) { - fprintf(out, "%s: (null)\n", m); - } else { - fprintf(out, "(null)\n"); - } - } else if (i->len > 4) { - SECU_PrintAsHex(out, i, m, level); - } else { - iv = DER_GetInteger(i); - SECU_Indent(out, level); - if (m) { - fprintf(out, "%s: %d (0x%x)\n", m, iv, iv); - } else { - fprintf(out, "%d (0x%x)\n", iv, iv); - } - } -} - -static void -secu_PrintRawString(FILE *out, SECItem *si, char *m, int level) -{ - int column; - unsigned int i; - - if ( m ) { - SECU_Indent(out, level); fprintf(out, "%s: ", m); - column = (level * INDENT_MULT) + strlen(m) + 2; - level++; - } else { - SECU_Indent(out, level); - column = level*INDENT_MULT; - } - fprintf(out, "\""); column++; - - for (i = 0; i < si->len; i++) { - unsigned char val = si->data[i]; - if (column > 76) { - secu_Newline(out); - SECU_Indent(out, level); column = level*INDENT_MULT; - } - - fprintf(out,"%c", printable[val]); column++; - } - - fprintf(out, "\""); column++; - if (column != level*INDENT_MULT || column > 76) { - secu_Newline(out); - } -} - -void -SECU_PrintString(FILE *out, SECItem *si, char *m, int level) -{ - SECItem my = *si; - - if (SECSuccess != SECU_StripTagAndLength(&my) || !my.len) - return; - secu_PrintRawString(out, &my, m, level); -} - -/* print an unencoded boolean */ -static void -secu_PrintBoolean(FILE *out, SECItem *i, const char *m, int level) -{ - int val = 0; - - if ( i->data && i->len ) { - val = i->data[0]; - } - - if (!m) { - m = "Boolean"; - } - SECU_Indent(out, level); - fprintf(out, "%s: %s\n", m, (val ? "True" : "False")); -} - -/* - * Format and print "time". If the tag message "m" is not NULL, - * do indent formatting based on "level" and add a newline afterward; - * otherwise just print the formatted time string only. - */ -static void -secu_PrintTime(FILE *out, int64 time, char *m, int level) -{ - PRExplodedTime printableTime; - char *timeString; - - /* Convert to local time */ - PR_ExplodeTime(time, PR_GMTParameters, &printableTime); - - timeString = PORT_Alloc(100); - if (timeString == NULL) - return; - - if (m != NULL) { - SECU_Indent(out, level); - fprintf(out, "%s: ", m); - } - - PR_FormatTime(timeString, 100, "%a %b %d %H:%M:%S %Y", &printableTime); - fprintf(out, timeString); - - if (m != NULL) - fprintf(out, "\n"); - - PORT_Free(timeString); -} - -/* - * Format and print the UTC Time "t". If the tag message "m" is not NULL, - * do indent formatting based on "level" and add a newline afterward; - * otherwise just print the formatted time string only. - */ -void -SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level) -{ - int64 time; - SECStatus rv; - - rv = DER_UTCTimeToTime(&time, t); - if (rv != SECSuccess) - return; - - secu_PrintTime(out, time, m, level); -} - -/* - * Format and print the Generalized Time "t". If the tag message "m" - * is not NULL, * do indent formatting based on "level" and add a newline - * afterward; otherwise just print the formatted time string only. - */ -void -SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m, int level) -{ - int64 time; - SECStatus rv; - - - rv = DER_GeneralizedTimeToTime(&time, t); - if (rv != SECSuccess) - return; - - secu_PrintTime(out, time, m, level); -} - -/* - * Format and print the UTC or Generalized Time "t". If the tag message - * "m" is not NULL, do indent formatting based on "level" and add a newline - * afterward; otherwise just print the formatted time string only. - */ -void -SECU_PrintTimeChoice(FILE *out, SECItem *t, char *m, int level) -{ - switch (t->type) { - case siUTCTime: - SECU_PrintUTCTime(out, t, m, level); - break; - - case siGeneralizedTime: - SECU_PrintGeneralizedTime(out, t, m, level); - break; - - default: - PORT_Assert(0); - break; - } -} - - -/* This prints a SET or SEQUENCE */ -void -SECU_PrintSet(FILE *out, SECItem *t, char *m, int level) -{ - int type = t->data[0] & SEC_ASN1_TAGNUM_MASK; - int constructed = t->data[0] & SEC_ASN1_CONSTRUCTED; - const char * label; - SECItem my = *t; - - if (!constructed) { - SECU_PrintAsHex(out, t, m, level); - return; - } - if (SECSuccess != SECU_StripTagAndLength(&my)) - return; - - SECU_Indent(out, level); - if (m) { - fprintf(out, "%s: ", m); - } - - if (type == SEC_ASN1_SET) - label = "Set "; - else if (type == SEC_ASN1_SEQUENCE) - label = "Sequence "; - else - label = ""; - fprintf(out,"%s{\n", label); /* } */ - - while (my.len >= 2) { - SECItem tmp = my; - - if (tmp.data[1] & 0x80) { - unsigned int i; - unsigned int lenlen = tmp.data[1] & 0x7f; - if (lenlen > sizeof tmp.len) - break; - tmp.len = 0; - for (i=0; i < lenlen; i++) { - tmp.len = (tmp.len << 8) | tmp.data[2+i]; - } - tmp.len += lenlen + 2; - } else { - tmp.len = tmp.data[1] + 2; - } - if (tmp.len > my.len) { - tmp.len = my.len; - } - my.data += tmp.len; - my.len -= tmp.len; - SECU_PrintAny(out, &tmp, NULL, level + 1); - } - SECU_Indent(out, level); fprintf(out, /* { */ "}\n"); -} - -static void -secu_PrintContextSpecific(FILE *out, SECItem *i, char *m, int level) -{ - int type = i->data[0] & SEC_ASN1_TAGNUM_MASK; - int constructed = i->data[0] & SEC_ASN1_CONSTRUCTED; - SECItem tmp; - - if (constructed) { - char * m2; - if (!m) - m2 = PR_smprintf("[%d]", type); - else - m2 = PR_smprintf("%s: [%d]", m, type); - if (m2) { - SECU_PrintSet(out, i, m2, level); - PR_smprintf_free(m2); - } - return; - } - - SECU_Indent(out, level); - if (m) { - fprintf(out, "%s: ", m); - } - fprintf(out,"[%d]\n", type); - - tmp = *i; - if (SECSuccess == SECU_StripTagAndLength(&tmp)) - SECU_PrintAsHex(out, &tmp, m, level+1); -} - -static void -secu_PrintOctetString(FILE *out, SECItem *i, char *m, int level) -{ - SECItem tmp = *i; - if (SECSuccess == SECU_StripTagAndLength(&tmp)) - SECU_PrintAsHex(out, &tmp, m, level); -} - -static void -secu_PrintBitString(FILE *out, SECItem *i, char *m, int level) -{ - int unused_bits; - SECItem tmp = *i; - - if (SECSuccess != SECU_StripTagAndLength(&tmp) || tmp.len < 2) - return; - - unused_bits = *tmp.data++; - tmp.len--; - - SECU_PrintAsHex(out, &tmp, m, level); - if (unused_bits) { - SECU_Indent(out, level + 1); - fprintf(out, "(%d least significant bits unused)\n", unused_bits); - } -} - -/* in a decoded bit string, the len member is a bit length. */ -static void -secu_PrintDecodedBitString(FILE *out, SECItem *i, char *m, int level) -{ - int unused_bits; - SECItem tmp = *i; - - - unused_bits = (tmp.len & 0x7) ? 8 - (tmp.len & 7) : 0; - DER_ConvertBitString(&tmp); /* convert length to byte length */ - - SECU_PrintAsHex(out, &tmp, m, level); - if (unused_bits) { - SECU_Indent(out, level + 1); - fprintf(out, "(%d least significant bits unused)\n", unused_bits); - } -} - - -/* Print a DER encoded Boolean */ -void -SECU_PrintEncodedBoolean(FILE *out, SECItem *i, char *m, int level) -{ - SECItem my = *i; - if (SECSuccess == SECU_StripTagAndLength(&my)) - secu_PrintBoolean(out, &my, m, level); -} - -/* Print a DER encoded integer */ -void -SECU_PrintEncodedInteger(FILE *out, SECItem *i, char *m, int level) -{ - SECItem my = *i; - if (SECSuccess == SECU_StripTagAndLength(&my)) - SECU_PrintInteger(out, &my, m, level); -} - -/* Print a DER encoded OID */ -void -SECU_PrintEncodedObjectID(FILE *out, SECItem *i, char *m, int level) -{ - SECItem my = *i; - if (SECSuccess == SECU_StripTagAndLength(&my)) - SECU_PrintObjectID(out, &my, m, level); -} - -static void -secu_PrintBMPString(FILE *out, SECItem *i, char *m, int level) -{ - unsigned char * s; - unsigned char * d; - int len; - SECItem tmp = {0, 0, 0}; - SECItem my = *i; - - if (SECSuccess != SECU_StripTagAndLength(&my)) - goto loser; - if (my.len % 2) - goto loser; - len = (int)(my.len / 2); - tmp.data = (unsigned char *)PORT_Alloc(len); - if (!tmp.data) - goto loser; - tmp.len = len; - for (s = my.data, d = tmp.data ; len > 0; len--) { - PRUint32 bmpChar = (s[0] << 8) | s[1]; s += 2; - if (!isprint(bmpChar)) - goto loser; - *d++ = (unsigned char)bmpChar; - } - secu_PrintRawString(out, &tmp, m, level); - PORT_Free(tmp.data); - return; - -loser: - SECU_PrintAsHex(out, i, m, level); - if (tmp.data) - PORT_Free(tmp.data); -} - -static void -secu_PrintUniversalString(FILE *out, SECItem *i, char *m, int level) -{ - unsigned char * s; - unsigned char * d; - int len; - SECItem tmp = {0, 0, 0}; - SECItem my = *i; - - if (SECSuccess != SECU_StripTagAndLength(&my)) - goto loser; - if (my.len % 4) - goto loser; - len = (int)(my.len / 4); - tmp.data = (unsigned char *)PORT_Alloc(len); - if (!tmp.data) - goto loser; - tmp.len = len; - for (s = my.data, d = tmp.data ; len > 0; len--) { - PRUint32 bmpChar = (s[0] << 24) | (s[1] << 16) | (s[2] << 8) | s[3]; - s += 4; - if (!isprint(bmpChar)) - goto loser; - *d++ = (unsigned char)bmpChar; - } - secu_PrintRawString(out, &tmp, m, level); - PORT_Free(tmp.data); - return; - -loser: - SECU_PrintAsHex(out, i, m, level); - if (tmp.data) - PORT_Free(tmp.data); -} - -static void -secu_PrintUniversal(FILE *out, SECItem *i, char *m, int level) -{ - switch (i->data[0] & SEC_ASN1_TAGNUM_MASK) { - case SEC_ASN1_ENUMERATED: - case SEC_ASN1_INTEGER: - SECU_PrintEncodedInteger(out, i, m, level); - break; - case SEC_ASN1_OBJECT_ID: - SECU_PrintEncodedObjectID(out, i, m, level); - break; - case SEC_ASN1_BOOLEAN: - SECU_PrintEncodedBoolean(out, i, m, level); - break; - case SEC_ASN1_UTF8_STRING: - case SEC_ASN1_PRINTABLE_STRING: - case SEC_ASN1_VISIBLE_STRING: - case SEC_ASN1_IA5_STRING: - case SEC_ASN1_T61_STRING: - SECU_PrintString(out, i, m, level); - break; - case SEC_ASN1_GENERALIZED_TIME: - SECU_PrintGeneralizedTime(out, i, m, level); - break; - case SEC_ASN1_UTC_TIME: - SECU_PrintUTCTime(out, i, m, level); - break; - case SEC_ASN1_NULL: - SECU_Indent(out, level); - if (m && m[0]) - fprintf(out, "%s: NULL\n", m); - else - fprintf(out, "NULL\n"); - break; - case SEC_ASN1_SET: - case SEC_ASN1_SEQUENCE: - SECU_PrintSet(out, i, m, level); - break; - case SEC_ASN1_OCTET_STRING: - secu_PrintOctetString(out, i, m, level); - break; - case SEC_ASN1_BIT_STRING: - secu_PrintBitString(out, i, m, level); - break; - case SEC_ASN1_BMP_STRING: - secu_PrintBMPString(out, i, m, level); - break; - case SEC_ASN1_UNIVERSAL_STRING: - secu_PrintUniversalString(out, i, m, level); - break; - default: - SECU_PrintAsHex(out, i, m, level); - break; - } -} - -void -SECU_PrintAny(FILE *out, SECItem *i, char *m, int level) -{ - if ( i && i->len && i->data ) { - switch (i->data[0] & SEC_ASN1_CLASS_MASK) { - case SEC_ASN1_CONTEXT_SPECIFIC: - secu_PrintContextSpecific(out, i, m, level); - break; - case SEC_ASN1_UNIVERSAL: - secu_PrintUniversal(out, i, m, level); - break; - default: - SECU_PrintAsHex(out, i, m, level); - break; - } - } -} - -static int -secu_PrintValidity(FILE *out, CERTValidity *v, char *m, int level) -{ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintTimeChoice(out, &v->notBefore, "Not Before", level+1); - SECU_PrintTimeChoice(out, &v->notAfter, "Not After ", level+1); - return 0; -} - -/* This function does NOT expect a DER type and length. */ -SECOidTag -SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level) -{ - SECOidData *oiddata; - char * oidString = NULL; - - oiddata = SECOID_FindOID(oid); - if (oiddata != NULL) { - const char *name = oiddata->desc; - SECU_Indent(out, level); - if (m != NULL) - fprintf(out, "%s: ", m); - fprintf(out, "%s\n", name); - return oiddata->offset; - } - oidString = CERT_GetOidString(oid); - if (oidString) { - SECU_Indent(out, level); - if (m != NULL) - fprintf(out, "%s: ", m); - fprintf(out, "%s\n", oidString); - PR_smprintf_free(oidString); - return SEC_OID_UNKNOWN; - } - SECU_PrintAsHex(out, oid, m, level); - return SEC_OID_UNKNOWN; -} - - -/* This function does NOT expect a DER type and length. */ -void -SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, int level) -{ - SECU_PrintObjectID(out, &a->algorithm, m, level); - - if (a->parameters.len == 0 - || (a->parameters.len == 2 - && PORT_Memcmp(a->parameters.data, "\005\000", 2) == 0)) { - /* No arguments or NULL argument */ - } else { - /* Print args to algorithm */ - SECU_PrintAsHex(out, &a->parameters, "Args", level+1); - } -} - -static void -secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level) -{ - SECItem *value; - int i; - char om[100]; - - if (m) { - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - } - - /* - * Should make this smarter; look at the type field and then decode - * and print the value(s) appropriately! - */ - SECU_PrintObjectID(out, &(attr->type), "Type", level+1); - if (attr->values != NULL) { - i = 0; - while ((value = attr->values[i++]) != NULL) { - sprintf(om, "Value (%d)%s", i, attr->encoded ? " (encoded)" : ""); - if (attr->encoded || attr->typeTag == NULL) { - SECU_PrintAny(out, value, om, level+1); - } else { - switch (attr->typeTag->offset) { - default: - SECU_PrintAsHex(out, value, om, level+1); - break; - case SEC_OID_PKCS9_CONTENT_TYPE: - SECU_PrintObjectID(out, value, om, level+1); - break; - case SEC_OID_PKCS9_SIGNING_TIME: - SECU_PrintTimeChoice(out, value, om, level+1); - break; - } - } - } - } -} - -static void -secu_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level) -{ - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &pk->u.rsa.modulus, "Modulus", level+1); - SECU_PrintInteger(out, &pk->u.rsa.publicExponent, "Exponent", level+1); - if (pk->u.rsa.publicExponent.len == 1 && - pk->u.rsa.publicExponent.data[0] == 1) { - SECU_Indent(out, level +1); fprintf(out, "Error: INVALID RSA KEY!\n"); - } -} - -static void -secu_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level) -{ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &pk->u.dsa.params.prime, "Prime", level+1); - SECU_PrintInteger(out, &pk->u.dsa.params.subPrime, "Subprime", level+1); - SECU_PrintInteger(out, &pk->u.dsa.params.base, "Base", level+1); - SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level+1); -} - -#ifdef NSS_ENABLE_ECC -static void -secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level) -{ - SECItem curveOID = { siBuffer, NULL, 0}; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &pk->u.ec.publicValue, "PublicValue", level+1); - /* For named curves, the DEREncodedParams field contains an - * ASN Object ID (0x06 is SEC_ASN1_OBJECT_ID). - */ - if ((pk->u.ec.DEREncodedParams.len > 2) && - (pk->u.ec.DEREncodedParams.data[0] == 0x06)) { - curveOID.len = pk->u.ec.DEREncodedParams.data[1]; - curveOID.data = pk->u.ec.DEREncodedParams.data + 2; - SECU_PrintObjectID(out, &curveOID, "Curve", level +1); - } -} -#endif /* NSS_ENABLE_ECC */ - -static void -secu_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena, - CERTSubjectPublicKeyInfo *i, char *msg, int level) -{ - SECKEYPublicKey *pk; - - SECU_Indent(out, level); fprintf(out, "%s:\n", msg); - SECU_PrintAlgorithmID(out, &i->algorithm, "Public Key Algorithm", level+1); - - pk = SECKEY_ExtractPublicKey(i); - if (pk) { - switch (pk->keyType) { - case rsaKey: - secu_PrintRSAPublicKey(out, pk, "RSA Public Key", level +1); - break; - - case dsaKey: - secu_PrintDSAPublicKey(out, pk, "DSA Public Key", level +1); - break; - -#ifdef NSS_ENABLE_ECC - case ecKey: - secu_PrintECPublicKey(out, pk, "EC Public Key", level +1); - break; -#endif - - case dhKey: - case fortezzaKey: - case keaKey: - SECU_Indent(out, level); - fprintf(out, "unable to format this SPKI algorithm type\n"); - goto loser; - default: - SECU_Indent(out, level); - fprintf(out, "unknown SPKI algorithm type\n"); - goto loser; - } - PORT_FreeArena(pk->arena, PR_FALSE); - } else { - SECU_PrintErrMsg(out, level, "Error", "Parsing public key"); -loser: - if (i->subjectPublicKey.data) { - SECU_PrintAny(out, &i->subjectPublicKey, "Raw", level); - } - } -} - -static SECStatus -secu_PrintX509InvalidDate(FILE *out, SECItem *value, char *msg, int level) -{ - SECItem decodedValue; - SECStatus rv; - int64 invalidTime; - char *formattedTime = NULL; - - decodedValue.data = NULL; - rv = SEC_ASN1DecodeItem (NULL, &decodedValue, - SEC_ASN1_GET(SEC_GeneralizedTimeTemplate), - value); - if (rv == SECSuccess) { - rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue); - if (rv == SECSuccess) { - formattedTime = CERT_GenTime2FormattedAscii - (invalidTime, "%a %b %d %H:%M:%S %Y"); - SECU_Indent(out, level +1); - fprintf (out, "%s: %s\n", msg, formattedTime); - PORT_Free (formattedTime); - } - } - PORT_Free (decodedValue.data); - return (rv); -} - -static SECStatus -PrintExtKeyUsageExtension (FILE *out, SECItem *value, char *msg, int level) -{ - CERTOidSequence *os; - SECItem **op; - - os = CERT_DecodeOidSequence(value); - if( (CERTOidSequence *)NULL == os ) { - return SECFailure; - } - - for( op = os->oids; *op; op++ ) { - SECU_PrintObjectID(out, *op, msg, level + 1); - } - CERT_DestroyOidSequence(os); - return SECSuccess; -} - -static SECStatus -secu_PrintBasicConstraints(FILE *out, SECItem *value, char *msg, int level) { - CERTBasicConstraints constraints; - SECStatus rv; - - SECU_Indent(out, level); - if (msg) { - fprintf(out,"%s: ",msg); - } - rv = CERT_DecodeBasicConstraintValue(&constraints,value); - if (rv == SECSuccess && constraints.isCA) { - if (constraints.pathLenConstraint >= 0) { - fprintf(out,"Is a CA with a maximum path length of %d.\n", - constraints.pathLenConstraint); - } else { - fprintf(out,"Is a CA with no maximum path length.\n"); - } - } else { - fprintf(out,"Is not a CA.\n"); - } - return SECSuccess; -} - -static const char * const nsTypeBits[] = { - "SSL Client", - "SSL Server", - "S/MIME", - "Object Signing", - "Reserved", - "SSL CA", - "S/MIME CA", - "ObjectSigning CA" -}; - -/* NSCertType is merely a bit string whose bits are displayed symbolically */ -static SECStatus -secu_PrintNSCertType(FILE *out, SECItem *value, char *msg, int level) -{ - int unused; - int NS_Type; - int i; - int found = 0; - SECItem my = *value; - - if ((my.data[0] != SEC_ASN1_BIT_STRING) || - SECSuccess != SECU_StripTagAndLength(&my)) { - SECU_PrintAny(out, value, "Data", level); - return SECSuccess; - } - - unused = (my.len == 2) ? (my.data[0] & 0x0f) : 0; - NS_Type = my.data[1] & (0xff << unused); - - - SECU_Indent(out, level); - if (msg) { - fprintf(out,"%s: ",msg); - } else { - fprintf(out,"Netscape Certificate Type: "); - } - for (i=0; i < 8; i++) { - if ( (0x80 >> i) & NS_Type) { - fprintf(out, "%c%s", (found ? ',' : '<'), nsTypeBits[i]); - found = 1; - } - } - fprintf(out, (found ? ">\n" : "none\n")); - return SECSuccess; -} - -static const char * const usageBits[] = { - "Digital Signature", /* 0x80 */ - "Non-Repudiation", /* 0x40 */ - "Key Encipherment", /* 0x20 */ - "Data Encipherment", /* 0x10 */ - "Key Agreement", /* 0x08 */ - "Certificate Signing", /* 0x04 */ - "CRL Signing", /* 0x02 */ - "Encipher Only", /* 0x01 */ - "Decipher Only", /* 0x0080 */ - NULL -}; - -/* X509KeyUsage is merely a bit string whose bits are displayed symbolically */ -static void -secu_PrintX509KeyUsage(FILE *out, SECItem *value, char *msg, int level) -{ - int unused; - int usage; - int i; - int found = 0; - SECItem my = *value; - - if ((my.data[0] != SEC_ASN1_BIT_STRING) || - SECSuccess != SECU_StripTagAndLength(&my)) { - SECU_PrintAny(out, value, "Data", level); - return; - } - - unused = (my.len >= 2) ? (my.data[0] & 0x0f) : 0; - usage = (my.len == 2) ? (my.data[1] & (0xff << unused)) << 8 - : (my.data[1] << 8) | - (my.data[2] & (0xff << unused)); - - SECU_Indent(out, level); - fprintf(out, "Usages: "); - for (i=0; usageBits[i]; i++) { - if ( (0x8000 >> i) & usage) { - if (found) - SECU_Indent(out, level + 2); - fprintf(out, "%s\n", usageBits[i]); - found = 1; - } - } - if (!found) { - fprintf(out, "(none)\n"); - } -} - -static void -secu_PrintIPAddress(FILE *out, SECItem *value, char *msg, int level) -{ - PRStatus st; - PRNetAddr addr; - char addrBuf[80]; - - memset(&addr, 0, sizeof addr); - if (value->len == 4) { - addr.inet.family = PR_AF_INET; - memcpy(&addr.inet.ip, value->data, value->len); - } else if (value->len == 16) { - addr.ipv6.family = PR_AF_INET6; - memcpy(addr.ipv6.ip.pr_s6_addr, value->data, value->len); - if (PR_IsNetAddrType(&addr, PR_IpAddrV4Mapped)) { - /* convert to IPv4. */ - addr.inet.family = PR_AF_INET; - memcpy(&addr.inet.ip, &addr.ipv6.ip.pr_s6_addr[12], 4); - memset(&addr.inet.pad[0], 0, sizeof addr.inet.pad); - } - } else { - goto loser; - } - - st = PR_NetAddrToString(&addr, addrBuf, sizeof addrBuf); - if (st == PR_SUCCESS) { - SECU_Indent(out, level); - fprintf(out, "%s: %s\n", msg, addrBuf); - } else { -loser: - SECU_PrintAsHex(out, value, msg, level); - } -} - - -static void -secu_PrintGeneralName(FILE *out, CERTGeneralName *gname, char *msg, int level) -{ - char label[40]; - if (msg && msg[0]) { - SECU_Indent(out, level++); fprintf(out, "%s: \n", msg); - } - switch (gname->type) { - case certOtherName : - SECU_PrintAny( out, &gname->name.OthName.name, "Other Name", level); - SECU_PrintObjectID(out, &gname->name.OthName.oid, "OID", level+1); - break; - case certDirectoryName : - SECU_PrintName(out, &gname->name.directoryName, "Directory Name", level); - break; - case certRFC822Name : - secu_PrintRawString( out, &gname->name.other, "RFC822 Name", level); - break; - case certDNSName : - secu_PrintRawString( out, &gname->name.other, "DNS name", level); - break; - case certURI : - secu_PrintRawString( out, &gname->name.other, "URI", level); - break; - case certIPAddress : - secu_PrintIPAddress(out, &gname->name.other, "IP Address", level); - break; - case certRegisterID : - SECU_PrintObjectID( out, &gname->name.other, "Registered ID", level); - break; - case certX400Address : - SECU_PrintAny( out, &gname->name.other, "X400 Address", level); - break; - case certEDIPartyName : - SECU_PrintAny( out, &gname->name.other, "EDI Party", level); - break; - default: - PR_snprintf(label, sizeof label, "unknown type [%d]", - (int)gname->type - 1); - SECU_PrintAsHex(out, &gname->name.other, label, level); - break; - } -} - -static void -secu_PrintAuthKeyIDExtension(FILE *out, SECItem *value, char *msg, int level) -{ - CERTAuthKeyID *kid = NULL; - PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if (!pool) { - SECU_PrintError("Error", "Allocating new ArenaPool"); - return; - } - kid = CERT_DecodeAuthKeyID(pool, value); - if (!kid) { - SECU_PrintErrMsg(out, level, "Error", "Parsing extension"); - SECU_PrintAny(out, value, "Data", level); - } else { - int keyIDPresent = (kid->keyID.data && kid->keyID.len); - int issuerPresent = kid->authCertIssuer != NULL; - int snPresent = (kid->authCertSerialNumber.data && - kid->authCertSerialNumber.len); - - if ((keyIDPresent && !issuerPresent && !snPresent) || - (!keyIDPresent && issuerPresent && snPresent)) { - /* all is well */ - } else { - SECU_Indent(out, level); - fprintf(out, - "Error: KeyID OR (Issuer AND Serial) must be present, not both.\n"); - } - if (keyIDPresent) - SECU_PrintAsHex(out, &kid->keyID, "Key ID", level); - if (issuerPresent) - secu_PrintGeneralName(out, kid->authCertIssuer, "Issuer", level); - if (snPresent) - SECU_PrintInteger(out, &kid->authCertSerialNumber, - "Serial Number", level); - } - PORT_FreeArena(pool, PR_FALSE); -} - - -static void -secu_PrintAltNameExtension(FILE *out, SECItem *value, char *msg, int level) -{ - CERTGeneralName * nameList; - CERTGeneralName * current; - PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if (!pool) { - SECU_PrintError("Error", "Allocating new ArenaPool"); - return; - } - nameList = current = CERT_DecodeAltNameExtension(pool, value); - if (!current) { - if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) { - /* Decoder found empty sequence, which is invalid. */ - PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID); - } - SECU_PrintErrMsg(out, level, "Error", "Parsing extension"); - SECU_PrintAny(out, value, "Data", level); - } else { - do { - secu_PrintGeneralName(out, current, msg, level); - current = CERT_GetNextGeneralName(current); - } while (current != nameList); - } - PORT_FreeArena(pool, PR_FALSE); -} - -static void -secu_PrintCRLDistPtsExtension(FILE *out, SECItem *value, char *msg, int level) -{ - CERTCrlDistributionPoints * dPoints; - PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if (!pool) { - SECU_PrintError("Error", "Allocating new ArenaPool"); - return; - } - dPoints = CERT_DecodeCRLDistributionPoints(pool, value); - if (dPoints && dPoints->distPoints && dPoints->distPoints[0]) { - CRLDistributionPoint ** pPoints = dPoints->distPoints; - CRLDistributionPoint * pPoint; - while (NULL != (pPoint = *pPoints++)) { - if (pPoint->distPointType == generalName && - pPoint->distPoint.fullName != NULL) { - secu_PrintGeneralName(out, pPoint->distPoint.fullName, NULL, - level); -#if defined(LATER) - } else if (pPoint->distPointType == relativeDistinguishedName) { - /* print the relative name */ -#endif - } else if (pPoint->derDistPoint.data) { - SECU_PrintAny(out, &pPoint->derDistPoint, "Point", level); - } - if (pPoint->reasons.data) { - secu_PrintDecodedBitString(out, &pPoint->reasons, "Reasons", - level); - } - if (pPoint->crlIssuer) { - secu_PrintGeneralName(out, pPoint->crlIssuer, "Issuer", level); - } - } - } else { - SECU_PrintErrMsg(out, level, "Error", "Parsing extension"); - SECU_PrintAny(out, value, "Data", level); - } - PORT_FreeArena(pool, PR_FALSE); -} - - -static void -secu_PrintNameConstraintSubtree(FILE *out, CERTNameConstraint *value, - char *msg, int level) -{ - CERTNameConstraint *head = value; - SECU_Indent(out, level); fprintf(out, "%s Subtree:\n", msg); - level++; - do { - secu_PrintGeneralName(out, &value->name, NULL, level); - if (value->min.data) - SECU_PrintInteger(out, &value->min, "Minimum", level+1); - if (value->max.data) - SECU_PrintInteger(out, &value->max, "Maximum", level+1); - value = CERT_GetNextNameConstraint(value); - } while (value != head); -} - -static void -secu_PrintNameConstraintsExtension(FILE *out, SECItem *value, char *msg, int level) -{ - CERTNameConstraints * cnstrnts; - PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if (!pool) { - SECU_PrintError("Error", "Allocating new ArenaPool"); - return; - } - cnstrnts = CERT_DecodeNameConstraintsExtension(pool, value); - if (!cnstrnts) { - SECU_PrintErrMsg(out, level, "Error", "Parsing extension"); - SECU_PrintAny(out, value, "Raw", level); - } else { - if (cnstrnts->permited) - secu_PrintNameConstraintSubtree(out, cnstrnts->permited, - "Permitted", level); - if (cnstrnts->excluded) - secu_PrintNameConstraintSubtree(out, cnstrnts->excluded, - "Excluded", level); - } - PORT_FreeArena(pool, PR_FALSE); -} - - -static void -secu_PrintAuthorityInfoAcess(FILE *out, SECItem *value, char *msg, int level) -{ - CERTAuthInfoAccess **infos = NULL; - PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - - if (!pool) { - SECU_PrintError("Error", "Allocating new ArenaPool"); - return; - } - infos = CERT_DecodeAuthInfoAccessExtension(pool, value); - if (!infos) { - SECU_PrintErrMsg(out, level, "Error", "Parsing extension"); - SECU_PrintAny(out, value, "Raw", level); - } else { - CERTAuthInfoAccess *info; - while (NULL != (info = *infos++)) { - if (info->method.data) { - SECU_PrintObjectID(out, &info->method, "Method", level); - } else { - SECU_Indent(out,level); - fprintf(out, "Error: missing method\n"); - } - if (info->location) { - secu_PrintGeneralName(out, info->location, "Location", level); - } else { - SECU_PrintAny(out, &info->derLocation, "Location", level); - } - } - } - PORT_FreeArena(pool, PR_FALSE); -} - - -void -SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions, - char *msg, int level) -{ - SECOidTag oidTag; - - if ( extensions ) { - if (msg && *msg) { - SECU_Indent(out, level++); fprintf(out, "%s:\n", msg); - } - - while ( *extensions ) { - SECItem *tmpitem; - - tmpitem = &(*extensions)->id; - SECU_PrintObjectID(out, tmpitem, "Name", level); - - tmpitem = &(*extensions)->critical; - if ( tmpitem->len ) { - secu_PrintBoolean(out, tmpitem, "Critical", level); - } - - oidTag = SECOID_FindOIDTag (&((*extensions)->id)); - tmpitem = &((*extensions)->value); - - switch (oidTag) { - case SEC_OID_X509_INVALID_DATE: - case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME: - secu_PrintX509InvalidDate(out, tmpitem, "Date", level ); - break; - case SEC_OID_X509_CERTIFICATE_POLICIES: - SECU_PrintPolicy(out, tmpitem, "Data", level ); - break; - case SEC_OID_NS_CERT_EXT_BASE_URL: - case SEC_OID_NS_CERT_EXT_REVOCATION_URL: - case SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL: - case SEC_OID_NS_CERT_EXT_CA_CRL_URL: - case SEC_OID_NS_CERT_EXT_CA_CERT_URL: - case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL: - case SEC_OID_NS_CERT_EXT_CA_POLICY_URL: - case SEC_OID_NS_CERT_EXT_HOMEPAGE_URL: - case SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL: - case SEC_OID_OCSP_RESPONDER: - SECU_PrintString(out,tmpitem, "URL", level); - break; - case SEC_OID_NS_CERT_EXT_COMMENT: - SECU_PrintString(out,tmpitem, "Comment", level); - break; - case SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME: - SECU_PrintString(out,tmpitem, "ServerName", level); - break; - case SEC_OID_NS_CERT_EXT_CERT_TYPE: - secu_PrintNSCertType(out,tmpitem,"Data",level); - break; - case SEC_OID_X509_BASIC_CONSTRAINTS: - secu_PrintBasicConstraints(out,tmpitem,"Data",level); - break; - case SEC_OID_X509_EXT_KEY_USAGE: - PrintExtKeyUsageExtension(out, tmpitem, NULL, level); - break; - case SEC_OID_X509_KEY_USAGE: - secu_PrintX509KeyUsage(out, tmpitem, NULL, level ); - break; - case SEC_OID_X509_AUTH_KEY_ID: - secu_PrintAuthKeyIDExtension(out, tmpitem, NULL, level ); - break; - case SEC_OID_X509_SUBJECT_ALT_NAME: - case SEC_OID_X509_ISSUER_ALT_NAME: - secu_PrintAltNameExtension(out, tmpitem, NULL, level ); - break; - case SEC_OID_X509_CRL_DIST_POINTS: - secu_PrintCRLDistPtsExtension(out, tmpitem, NULL, level ); - break; - case SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD: - SECU_PrintPrivKeyUsagePeriodExtension(out, tmpitem, NULL, - level ); - break; - case SEC_OID_X509_NAME_CONSTRAINTS: - secu_PrintNameConstraintsExtension(out, tmpitem, NULL, level); - break; - case SEC_OID_X509_AUTH_INFO_ACCESS: - secu_PrintAuthorityInfoAcess(out, tmpitem, NULL, level); - break; - - case SEC_OID_X509_CRL_NUMBER: - case SEC_OID_X509_REASON_CODE: - - /* PKIX OIDs */ - case SEC_OID_PKIX_OCSP: - case SEC_OID_PKIX_OCSP_BASIC_RESPONSE: - case SEC_OID_PKIX_OCSP_NONCE: - case SEC_OID_PKIX_OCSP_CRL: - case SEC_OID_PKIX_OCSP_RESPONSE: - case SEC_OID_PKIX_OCSP_NO_CHECK: - case SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF: - case SEC_OID_PKIX_OCSP_SERVICE_LOCATOR: - case SEC_OID_PKIX_REGCTRL_REGTOKEN: - case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR: - case SEC_OID_PKIX_REGCTRL_PKIPUBINFO: - case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS: - case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID: - case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY: - case SEC_OID_PKIX_REGINFO_UTF8_PAIRS: - case SEC_OID_PKIX_REGINFO_CERT_REQUEST: - - /* Netscape extension OIDs. */ - case SEC_OID_NS_CERT_EXT_NETSCAPE_OK: - case SEC_OID_NS_CERT_EXT_ISSUER_LOGO: - case SEC_OID_NS_CERT_EXT_SUBJECT_LOGO: - case SEC_OID_NS_CERT_EXT_ENTITY_LOGO: - case SEC_OID_NS_CERT_EXT_USER_PICTURE: - - /* x.509 v3 Extensions */ - case SEC_OID_X509_SUBJECT_DIRECTORY_ATTR: - case SEC_OID_X509_SUBJECT_KEY_ID: - case SEC_OID_X509_POLICY_MAPPINGS: - case SEC_OID_X509_POLICY_CONSTRAINTS: - - - default: - SECU_PrintAny(out, tmpitem, "Data", level); - break; - } - - secu_Newline(out); - extensions++; - } - } -} - - -void -SECU_PrintName(FILE *out, CERTName *name, char *msg, int level) -{ - char *nameStr; - char *str; - SECItem my; - - str = nameStr = CERT_NameToAscii(name); - if (!str) { - str = "!Invalid AVA!"; - } - my.data = (unsigned char *)str; - my.len = PORT_Strlen(str); -#if 1 - secu_PrintRawString(out, &my, msg, level); -#else - SECU_Indent(out, level); fprintf(out, "%s: ", msg); - fprintf(out, str); - secu_Newline(out); -#endif - PORT_Free(nameStr); -} - -void -printflags(char *trusts, unsigned int flags) -{ - if (flags & CERTDB_VALID_CA) - if (!(flags & CERTDB_TRUSTED_CA) && - !(flags & CERTDB_TRUSTED_CLIENT_CA)) - PORT_Strcat(trusts, "c"); - if (flags & CERTDB_VALID_PEER) - if (!(flags & CERTDB_TRUSTED)) - PORT_Strcat(trusts, "p"); - if (flags & CERTDB_TRUSTED_CA) - PORT_Strcat(trusts, "C"); - if (flags & CERTDB_TRUSTED_CLIENT_CA) - PORT_Strcat(trusts, "T"); - if (flags & CERTDB_TRUSTED) - PORT_Strcat(trusts, "P"); - if (flags & CERTDB_USER) - PORT_Strcat(trusts, "u"); - if (flags & CERTDB_SEND_WARN) - PORT_Strcat(trusts, "w"); - if (flags & CERTDB_INVISIBLE_CA) - PORT_Strcat(trusts, "I"); - if (flags & CERTDB_GOVT_APPROVED_CA) - PORT_Strcat(trusts, "G"); - return; -} - -/* callback for listing certs through pkcs11 */ -SECStatus -SECU_PrintCertNickname(CERTCertListNode *node, void *data) -{ - CERTCertTrust *trust; - CERTCertificate* cert; - FILE *out; - char trusts[30]; - char *name; - - cert = node->cert; - - PORT_Memset (trusts, 0, sizeof (trusts)); - out = (FILE *)data; - - name = node->appData; - if (!name || !name[0]) { - name = cert->nickname; - } - if (!name || !name[0]) { - name = cert->emailAddr; - } - if (!name || !name[0]) { - name = "(NULL)"; - } - - trust = cert->trust; - if (trust) { - printflags(trusts, trust->sslFlags); - PORT_Strcat(trusts, ","); - printflags(trusts, trust->emailFlags); - PORT_Strcat(trusts, ","); - printflags(trusts, trust->objectSigningFlags); - } else { - PORT_Memcpy(trusts,",,",3); - } - fprintf(out, "%-60s %-5s\n", name, trusts); - - return (SECSuccess); -} - -int -SECU_DecodeAndPrintExtensions(FILE *out, SECItem *any, char *m, int level) -{ - CERTCertExtension **extensions = NULL; - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - int rv = 0; - - if (!arena) - return SEC_ERROR_NO_MEMORY; - - rv = SEC_QuickDERDecodeItem(arena, &extensions, - SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate), any); - if (!rv) - SECU_PrintExtensions(out, extensions, m, level); - else - SECU_PrintAny(out, any, m, level); - PORT_FreeArena(arena, PR_FALSE); - return rv; -} - -/* print a decoded SET OF or SEQUENCE OF Extensions */ -int -SECU_PrintSetOfExtensions(FILE *out, SECItem **any, char *m, int level) -{ - int rv = 0; - if (m && *m) { - SECU_Indent(out, level++); fprintf(out, "%s:\n", m); - } - while (any && any[0]) { - rv |= SECU_DecodeAndPrintExtensions(out, any[0], "", level); - any++; - } - return rv; -} - -/* print a decoded SET OF or SEQUENCE OF "ANY" */ -int -SECU_PrintSetOfAny(FILE *out, SECItem **any, char *m, int level) -{ - int rv = 0; - if (m && *m) { - SECU_Indent(out, level++); fprintf(out, "%s:\n", m); - } - while (any && any[0]) { - SECU_PrintAny(out, any[0], "", level); - any++; - } - return rv; -} - -int -SECU_PrintCertAttribute(FILE *out, CERTAttribute *attr, char *m, int level) -{ - int rv = 0; - SECOidTag tag; - tag = SECU_PrintObjectID(out, &attr->attrType, "Attribute Type", level); - if (tag == SEC_OID_PKCS9_EXTENSION_REQUEST) { - rv = SECU_PrintSetOfExtensions(out, attr->attrValue, "Extensions", level); - } else { - rv = SECU_PrintSetOfAny(out, attr->attrValue, "Attribute Values", level); - } - return rv; -} - -int -SECU_PrintCertAttributes(FILE *out, CERTAttribute **attrs, char *m, int level) -{ - int rv = 0; - while (attrs[0]) { - rv |= SECU_PrintCertAttribute(out, attrs[0], m, level+1); - attrs++; - } - return rv; -} - -int /* sometimes a PRErrorCode, other times a SECStatus. Sigh. */ -SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - CERTCertificateRequest *cr; - int rv = SEC_ERROR_NO_MEMORY; - - if (!arena) - return rv; - - /* Decode certificate request */ - cr = PORT_ArenaZNew(arena, CERTCertificateRequest); - if (!cr) - goto loser; - cr->arena = arena; - rv = SEC_QuickDERDecodeItem(arena, cr, - SEC_ASN1_GET(CERT_CertificateRequestTemplate), der); - if (rv) - goto loser; - - /* Pretty print it out */ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &cr->version, "Version", level+1); - SECU_PrintName(out, &cr->subject, "Subject", level+1); - secu_PrintSubjectPublicKeyInfo(out, arena, &cr->subjectPublicKeyInfo, - "Subject Public Key Info", level+1); - if (cr->attributes) - SECU_PrintCertAttributes(out, cr->attributes, "Attributes", level+1); - rv = 0; -loser: - PORT_FreeArena(arena, PR_FALSE); - return rv; -} - -int -SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - CERTCertificate *c; - int rv = SEC_ERROR_NO_MEMORY; - int iv; - - if (!arena) - return rv; - - /* Decode certificate */ - c = PORT_ArenaZNew(arena, CERTCertificate); - if (!c) - goto loser; - c->arena = arena; - rv = SEC_ASN1DecodeItem(arena, c, - SEC_ASN1_GET(CERT_CertificateTemplate), der); - if (rv) { - SECU_Indent(out, level); - SECU_PrintErrMsg(out, level, "Error", "Parsing extension"); - SECU_PrintAny(out, der, "Raw", level); - goto loser; - } - /* Pretty print it out */ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - iv = c->version.len ? DER_GetInteger(&c->version) : 0; /* version is optional */ - SECU_Indent(out, level+1); fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv); - - SECU_PrintInteger(out, &c->serialNumber, "Serial Number", level+1); - SECU_PrintAlgorithmID(out, &c->signature, "Signature Algorithm", level+1); - SECU_PrintName(out, &c->issuer, "Issuer", level+1); - secu_PrintValidity(out, &c->validity, "Validity", level+1); - SECU_PrintName(out, &c->subject, "Subject", level+1); - secu_PrintSubjectPublicKeyInfo(out, arena, &c->subjectPublicKeyInfo, - "Subject Public Key Info", level+1); - if (c->issuerID.data) - secu_PrintDecodedBitString(out, &c->issuerID, "Issuer Unique ID", level+1); - if (c->subjectID.data) - secu_PrintDecodedBitString(out, &c->subjectID, "Subject Unique ID", level+1); - SECU_PrintExtensions(out, c->extensions, "Signed Extensions", level+1); -loser: - PORT_FreeArena(arena, PR_FALSE); - return rv; -} - -int -SECU_PrintPublicKey(FILE *out, SECItem *der, char *m, int level) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - SECKEYPublicKey key; - int rv = SEC_ERROR_NO_MEMORY; - - if (!arena) - return rv; - - PORT_Memset(&key, 0, sizeof(key)); - rv = SEC_ASN1DecodeItem(arena, &key, - SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), der); - if (!rv) { - /* Pretty print it out */ - secu_PrintRSAPublicKey(out, &key, m, level); - } - - PORT_FreeArena(arena, PR_FALSE); - return rv; -} - -#ifdef HAVE_EPV_TEMPLATE -int -SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - SECKEYEncryptedPrivateKeyInfo key; - int rv = SEC_ERROR_NO_MEMORY; - - if (!arena) - return rv; - - PORT_Memset(&key, 0, sizeof(key)); - rv = SEC_ASN1DecodeItem(arena, &key, - SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate), der); - if (rv) - goto loser; - - /* Pretty print it out */ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintAlgorithmID(out, &key.algorithm, "Encryption Algorithm", - level+1); - SECU_PrintAsHex(out, &key.encryptedData, "Encrypted Data", level+1); -loser: - PORT_FreeArena(arena, PR_TRUE); - return rv; -} -#endif - -int -SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, int level) -{ - unsigned char fingerprint[20]; - char *fpStr = NULL; - int err = PORT_GetError(); - SECStatus rv; - SECItem fpItem; - - /* print MD5 fingerprint */ - memset(fingerprint, 0, sizeof fingerprint); - rv = PK11_HashBuf(SEC_OID_MD5,fingerprint, derCert->data, derCert->len); - fpItem.data = fingerprint; - fpItem.len = MD5_LENGTH; - fpStr = CERT_Hexify(&fpItem, 1); - SECU_Indent(out, level); fprintf(out, "%s (MD5):\n", m); - SECU_Indent(out, level+1); fprintf(out, "%s\n", fpStr); - PORT_Free(fpStr); - fpStr = NULL; - if (rv != SECSuccess && !err) - err = PORT_GetError(); - - /* print SHA1 fingerprint */ - memset(fingerprint, 0, sizeof fingerprint); - rv = PK11_HashBuf(SEC_OID_SHA1,fingerprint, derCert->data, derCert->len); - fpItem.data = fingerprint; - fpItem.len = SHA1_LENGTH; - fpStr = CERT_Hexify(&fpItem, 1); - SECU_Indent(out, level); fprintf(out, "%s (SHA1):\n", m); - SECU_Indent(out, level+1); fprintf(out, "%s\n", fpStr); - PORT_Free(fpStr); - fprintf(out, "\n"); - - if (err) - PORT_SetError(err); - if (err || rv != SECSuccess) - return SECFailure; - - return 0; -} - -/* -** PKCS7 Support -*/ - -/* forward declaration */ -static int -secu_PrintPKCS7ContentInfo(FILE *, SEC_PKCS7ContentInfo *, char *, int); - -/* -** secu_PrintPKCS7EncContent -** Prints a SEC_PKCS7EncryptedContentInfo (without decrypting it) -*/ -static void -secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src, - char *m, int level) -{ - if (src->contentTypeTag == NULL) - src->contentTypeTag = SECOID_FindOID(&(src->contentType)); - - SECU_Indent(out, level); - fprintf(out, "%s:\n", m); - SECU_Indent(out, level + 1); - fprintf(out, "Content Type: %s\n", - (src->contentTypeTag != NULL) ? src->contentTypeTag->desc - : "Unknown"); - SECU_PrintAlgorithmID(out, &(src->contentEncAlg), - "Content Encryption Algorithm", level+1); - SECU_PrintAsHex(out, &(src->encContent), - "Encrypted Content", level+1); -} - -/* -** secu_PrintRecipientInfo -** Prints a PKCS7RecipientInfo type -*/ -static void -secu_PrintRecipientInfo(FILE *out, SEC_PKCS7RecipientInfo *info, char *m, - int level) -{ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(info->version), "Version", level + 1); - - SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer", - level + 1); - SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber), - "Serial Number", level + 1); - - /* Parse and display encrypted key */ - SECU_PrintAlgorithmID(out, &(info->keyEncAlg), - "Key Encryption Algorithm", level + 1); - SECU_PrintAsHex(out, &(info->encKey), "Encrypted Key", level + 1); -} - -/* -** secu_PrintSignerInfo -** Prints a PKCS7SingerInfo type -*/ -static void -secu_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, char *m, int level) -{ - SEC_PKCS7Attribute *attr; - int iv; - char om[100]; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(info->version), "Version", level + 1); - - SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer", - level + 1); - SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber), - "Serial Number", level + 1); - - SECU_PrintAlgorithmID(out, &(info->digestAlg), "Digest Algorithm", - level + 1); - - if (info->authAttr != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Authenticated Attributes:\n"); - iv = 0; - while ((attr = info->authAttr[iv++]) != NULL) { - sprintf(om, "Attribute (%d)", iv); - secu_PrintAttribute(out, attr, om, level + 2); - } - } - - /* Parse and display signature */ - SECU_PrintAlgorithmID(out, &(info->digestEncAlg), - "Digest Encryption Algorithm", level + 1); - SECU_PrintAsHex(out, &(info->encDigest), "Encrypted Digest", level + 1); - - if (info->unAuthAttr != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Unauthenticated Attributes:\n"); - iv = 0; - while ((attr = info->unAuthAttr[iv++]) != NULL) { - sprintf(om, "Attribute (%x)", iv); - secu_PrintAttribute(out, attr, om, level + 2); - } - } -} - -/* callers of this function must make sure that the CERTSignedCrl - from which they are extracting the CERTCrl has been fully-decoded. - Otherwise it will not have the entries even though the CRL may have - some */ - -void -SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level) -{ - CERTCrlEntry *entry; - int iv; - char om[100]; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - /* version is optional */ - iv = crl->version.len ? DER_GetInteger(&crl->version) : 0; - SECU_Indent(out, level+1); - fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv); - SECU_PrintAlgorithmID(out, &(crl->signatureAlg), "Signature Algorithm", - level + 1); - SECU_PrintName(out, &(crl->name), "Issuer", level + 1); - SECU_PrintTimeChoice(out, &(crl->lastUpdate), "This Update", level + 1); - if (crl->nextUpdate.data && crl->nextUpdate.len) /* is optional */ - SECU_PrintTimeChoice(out, &(crl->nextUpdate), "Next Update", level + 1); - - if (crl->entries != NULL) { - iv = 0; - while ((entry = crl->entries[iv++]) != NULL) { - sprintf(om, "Entry (%x):\n", iv); - SECU_Indent(out, level + 1); fprintf(out, om); - SECU_PrintInteger(out, &(entry->serialNumber), "Serial Number", - level + 2); - SECU_PrintTimeChoice(out, &(entry->revocationDate), - "Revocation Date", level + 2); - SECU_PrintExtensions(out, entry->extensions, - "Entry Extensions", level + 2); - } - } - SECU_PrintExtensions(out, crl->extensions, "CRL Extensions", level + 1); -} - -/* -** secu_PrintPKCS7Signed -** Pretty print a PKCS7 signed data type (up to version 1). -*/ -static int -secu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src, - const char *m, int level) -{ - SECAlgorithmID *digAlg; /* digest algorithms */ - SECItem *aCert; /* certificate */ - CERTSignedCrl *aCrl; /* certificate revocation list */ - SEC_PKCS7SignerInfo *sigInfo; /* signer information */ - int rv, iv; - char om[100]; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(src->version), "Version", level + 1); - - /* Parse and list digest algorithms (if any) */ - if (src->digestAlgorithms != NULL) { - SECU_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n"); - iv = 0; - while ((digAlg = src->digestAlgorithms[iv++]) != NULL) { - sprintf(om, "Digest Algorithm (%x)", iv); - SECU_PrintAlgorithmID(out, digAlg, om, level + 2); - } - } - - /* Now for the content */ - rv = secu_PrintPKCS7ContentInfo(out, &(src->contentInfo), - "Content Information", level + 1); - if (rv != 0) - return rv; - - /* Parse and list certificates (if any) */ - if (src->rawCerts != NULL) { - SECU_Indent(out, level + 1); fprintf(out, "Certificate List:\n"); - iv = 0; - while ((aCert = src->rawCerts[iv++]) != NULL) { - sprintf(om, "Certificate (%x)", iv); - rv = SECU_PrintSignedData(out, aCert, om, level + 2, - SECU_PrintCertificate); - if (rv) - return rv; - } - } - - /* Parse and list CRL's (if any) */ - if (src->crls != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Signed Revocation Lists:\n"); - iv = 0; - while ((aCrl = src->crls[iv++]) != NULL) { - sprintf(om, "Signed Revocation List (%x)", iv); - SECU_Indent(out, level + 2); fprintf(out, "%s:\n", om); - SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm, - "Signature Algorithm", level+3); - DER_ConvertBitString(&aCrl->signatureWrap.signature); - SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature", - level+3); - SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List", - level + 3); - } - } - - /* Parse and list signatures (if any) */ - if (src->signerInfos != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Signer Information List:\n"); - iv = 0; - while ((sigInfo = src->signerInfos[iv++]) != NULL) { - sprintf(om, "Signer Information (%x)", iv); - secu_PrintSignerInfo(out, sigInfo, om, level + 2); - } - } - - return 0; -} - -/* -** secu_PrintPKCS7Enveloped -** Pretty print a PKCS7 enveloped data type (up to version 1). -*/ -static void -secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src, - const char *m, int level) -{ - SEC_PKCS7RecipientInfo *recInfo; /* pointer for signer information */ - int iv; - char om[100]; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(src->version), "Version", level + 1); - - /* Parse and list recipients (this is not optional) */ - if (src->recipientInfos != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Recipient Information List:\n"); - iv = 0; - while ((recInfo = src->recipientInfos[iv++]) != NULL) { - sprintf(om, "Recipient Information (%x)", iv); - secu_PrintRecipientInfo(out, recInfo, om, level + 2); - } - } - - secu_PrintPKCS7EncContent(out, &src->encContentInfo, - "Encrypted Content Information", level + 1); -} - -/* -** secu_PrintPKCS7SignedEnveloped -** Pretty print a PKCS7 singed and enveloped data type (up to version 1). -*/ -static int -secu_PrintPKCS7SignedAndEnveloped(FILE *out, - SEC_PKCS7SignedAndEnvelopedData *src, - const char *m, int level) -{ - SECAlgorithmID *digAlg; /* pointer for digest algorithms */ - SECItem *aCert; /* pointer for certificate */ - CERTSignedCrl *aCrl; /* pointer for certificate revocation list */ - SEC_PKCS7SignerInfo *sigInfo; /* pointer for signer information */ - SEC_PKCS7RecipientInfo *recInfo; /* pointer for recipient information */ - int rv, iv; - char om[100]; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(src->version), "Version", level + 1); - - /* Parse and list recipients (this is not optional) */ - if (src->recipientInfos != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Recipient Information List:\n"); - iv = 0; - while ((recInfo = src->recipientInfos[iv++]) != NULL) { - sprintf(om, "Recipient Information (%x)", iv); - secu_PrintRecipientInfo(out, recInfo, om, level + 2); - } - } - - /* Parse and list digest algorithms (if any) */ - if (src->digestAlgorithms != NULL) { - SECU_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n"); - iv = 0; - while ((digAlg = src->digestAlgorithms[iv++]) != NULL) { - sprintf(om, "Digest Algorithm (%x)", iv); - SECU_PrintAlgorithmID(out, digAlg, om, level + 2); - } - } - - secu_PrintPKCS7EncContent(out, &src->encContentInfo, - "Encrypted Content Information", level + 1); - - /* Parse and list certificates (if any) */ - if (src->rawCerts != NULL) { - SECU_Indent(out, level + 1); fprintf(out, "Certificate List:\n"); - iv = 0; - while ((aCert = src->rawCerts[iv++]) != NULL) { - sprintf(om, "Certificate (%x)", iv); - rv = SECU_PrintSignedData(out, aCert, om, level + 2, - SECU_PrintCertificate); - if (rv) - return rv; - } - } - - /* Parse and list CRL's (if any) */ - if (src->crls != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Signed Revocation Lists:\n"); - iv = 0; - while ((aCrl = src->crls[iv++]) != NULL) { - sprintf(om, "Signed Revocation List (%x)", iv); - SECU_Indent(out, level + 2); fprintf(out, "%s:\n", om); - SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm, - "Signature Algorithm", level+3); - DER_ConvertBitString(&aCrl->signatureWrap.signature); - SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature", - level+3); - SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List", - level + 3); - } - } - - /* Parse and list signatures (if any) */ - if (src->signerInfos != NULL) { - SECU_Indent(out, level + 1); - fprintf(out, "Signer Information List:\n"); - iv = 0; - while ((sigInfo = src->signerInfos[iv++]) != NULL) { - sprintf(om, "Signer Information (%x)", iv); - secu_PrintSignerInfo(out, sigInfo, om, level + 2); - } - } - - return 0; -} - -int -SECU_PrintCrl (FILE *out, SECItem *der, char *m, int level) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - CERTCrl *c = NULL; - int rv = SEC_ERROR_NO_MEMORY; - - if (!arena) - return rv; - do { - /* Decode CRL */ - c = PORT_ArenaZNew(arena, CERTCrl); - if (!c) - break; - - rv = SEC_QuickDERDecodeItem(arena, c, SEC_ASN1_GET(CERT_CrlTemplate), der); - if (rv != SECSuccess) - break; - SECU_PrintCRLInfo (out, c, m, level); - } while (0); - PORT_FreeArena (arena, PR_FALSE); - return rv; -} - - -/* -** secu_PrintPKCS7Encrypted -** Pretty print a PKCS7 encrypted data type (up to version 1). -*/ -static void -secu_PrintPKCS7Encrypted(FILE *out, SEC_PKCS7EncryptedData *src, - const char *m, int level) -{ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(src->version), "Version", level + 1); - - secu_PrintPKCS7EncContent(out, &src->encContentInfo, - "Encrypted Content Information", level + 1); -} - -/* -** secu_PrintPKCS7Digested -** Pretty print a PKCS7 digested data type (up to version 1). -*/ -static void -secu_PrintPKCS7Digested(FILE *out, SEC_PKCS7DigestedData *src, - const char *m, int level) -{ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_PrintInteger(out, &(src->version), "Version", level + 1); - - SECU_PrintAlgorithmID(out, &src->digestAlg, "Digest Algorithm", - level + 1); - secu_PrintPKCS7ContentInfo(out, &src->contentInfo, "Content Information", - level + 1); - SECU_PrintAsHex(out, &src->digest, "Digest", level + 1); -} - -/* -** secu_PrintPKCS7ContentInfo -** Takes a SEC_PKCS7ContentInfo type and sends the contents to the -** appropriate function -*/ -static int -secu_PrintPKCS7ContentInfo(FILE *out, SEC_PKCS7ContentInfo *src, - char *m, int level) -{ - const char *desc; - SECOidTag kind; - int rv; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - level++; - - if (src->contentTypeTag == NULL) - src->contentTypeTag = SECOID_FindOID(&(src->contentType)); - - if (src->contentTypeTag == NULL) { - desc = "Unknown"; - kind = SEC_OID_PKCS7_DATA; - } else { - desc = src->contentTypeTag->desc; - kind = src->contentTypeTag->offset; - } - - if (src->content.data == NULL) { - SECU_Indent(out, level); fprintf(out, "%s:\n", desc); - level++; - SECU_Indent(out, level); fprintf(out, "\n"); - return 0; - } - - rv = 0; - switch (kind) { - case SEC_OID_PKCS7_SIGNED_DATA: /* Signed Data */ - rv = secu_PrintPKCS7Signed(out, src->content.signedData, desc, level); - break; - - case SEC_OID_PKCS7_ENVELOPED_DATA: /* Enveloped Data */ - secu_PrintPKCS7Enveloped(out, src->content.envelopedData, desc, level); - break; - - case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: /* Signed and Enveloped */ - rv = secu_PrintPKCS7SignedAndEnveloped(out, - src->content.signedAndEnvelopedData, - desc, level); - break; - - case SEC_OID_PKCS7_DIGESTED_DATA: /* Digested Data */ - secu_PrintPKCS7Digested(out, src->content.digestedData, desc, level); - break; - - case SEC_OID_PKCS7_ENCRYPTED_DATA: /* Encrypted Data */ - secu_PrintPKCS7Encrypted(out, src->content.encryptedData, desc, level); - break; - - default: - SECU_PrintAsHex(out, src->content.data, desc, level); - break; - } - - return rv; -} - -/* -** SECU_PrintPKCS7ContentInfo -** Decode and print any major PKCS7 data type (up to version 1). -*/ -int -SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m, int level) -{ - SEC_PKCS7ContentInfo *cinfo; - int rv; - - cinfo = SEC_PKCS7DecodeItem(der, NULL, NULL, NULL, NULL, NULL, NULL, NULL); - if (cinfo != NULL) { - /* Send it to recursive parsing and printing module */ - rv = secu_PrintPKCS7ContentInfo(out, cinfo, m, level); - SEC_PKCS7DestroyContentInfo(cinfo); - } else { - rv = -1; - } - - return rv; -} - -/* -** End of PKCS7 functions -*/ - -void -printFlags(FILE *out, unsigned int flags, int level) -{ - if ( flags & CERTDB_VALID_PEER ) { - SECU_Indent(out, level); fprintf(out, "Valid Peer\n"); - } - if ( flags & CERTDB_TRUSTED ) { - SECU_Indent(out, level); fprintf(out, "Trusted\n"); - } - if ( flags & CERTDB_SEND_WARN ) { - SECU_Indent(out, level); fprintf(out, "Warn When Sending\n"); - } - if ( flags & CERTDB_VALID_CA ) { - SECU_Indent(out, level); fprintf(out, "Valid CA\n"); - } - if ( flags & CERTDB_TRUSTED_CA ) { - SECU_Indent(out, level); fprintf(out, "Trusted CA\n"); - } - if ( flags & CERTDB_NS_TRUSTED_CA ) { - SECU_Indent(out, level); fprintf(out, "Netscape Trusted CA\n"); - } - if ( flags & CERTDB_USER ) { - SECU_Indent(out, level); fprintf(out, "User\n"); - } - if ( flags & CERTDB_TRUSTED_CLIENT_CA ) { - SECU_Indent(out, level); fprintf(out, "Trusted Client CA\n"); - } - if ( flags & CERTDB_GOVT_APPROVED_CA ) { - SECU_Indent(out, level); fprintf(out, "Step-up\n"); - } -} - -void -SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m, int level) -{ - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - SECU_Indent(out, level+1); fprintf(out, "SSL Flags:\n"); - printFlags(out, trust->sslFlags, level+2); - SECU_Indent(out, level+1); fprintf(out, "Email Flags:\n"); - printFlags(out, trust->emailFlags, level+2); - SECU_Indent(out, level+1); fprintf(out, "Object Signing Flags:\n"); - printFlags(out, trust->objectSigningFlags, level+2); -} - -int SECU_PrintSignedData(FILE *out, SECItem *der, char *m, - int level, SECU_PPFunc inner) -{ - PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - CERTSignedData *sd; - int rv = SEC_ERROR_NO_MEMORY; - - if (!arena) - return rv; - - /* Strip off the signature */ - sd = PORT_ArenaZNew(arena, CERTSignedData); - if (!sd) - goto loser; - - rv = SEC_ASN1DecodeItem(arena, sd, SEC_ASN1_GET(CERT_SignedDataTemplate), - der); - if (rv) - goto loser; - - SECU_Indent(out, level); fprintf(out, "%s:\n", m); - rv = (*inner)(out, &sd->data, "Data", level+1); - - SECU_PrintAlgorithmID(out, &sd->signatureAlgorithm, "Signature Algorithm", - level+1); - DER_ConvertBitString(&sd->signature); - SECU_PrintAsHex(out, &sd->signature, "Signature", level+1); - SECU_PrintFingerprints(out, der, "Fingerprint", level+1); -loser: - PORT_FreeArena(arena, PR_FALSE); - return rv; - -} - - -SECItem * -SECU_GetPBEPassword(void *arg) -{ - char *p = NULL; - SECItem *pwitem = NULL; - - p = SECU_GetPasswordString(arg,"Password: "); - - /* NOTE: This function is obviously unfinished. */ - - if ( pwitem == NULL ) { - fprintf(stderr, "Error hashing password\n"); - return NULL; - } - - return pwitem; -} - -SECStatus -SECU_ParseCommandLine(int argc, char **argv, char *progName, secuCommand *cmd) -{ - PRBool found; - PLOptState *optstate; - PLOptStatus status; - char *optstring; - int i, j; - - optstring = (char *)malloc(cmd->numCommands + 2*cmd->numOptions); - j = 0; - - for (i=0; inumCommands; i++) { - optstring[j++] = cmd->commands[i].flag; - } - for (i=0; inumOptions; i++) { - optstring[j++] = cmd->options[i].flag; - if (cmd->options[i].needsArg) - optstring[j++] = ':'; - } - optstring[j] = '\0'; - optstate = PL_CreateOptState(argc, argv, optstring); - - /* Parse command line arguments */ - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - - /* Wasn't really an option, just standalone arg. */ - if (optstate->option == '\0') - continue; - - found = PR_FALSE; - - for (i=0; inumCommands; i++) { - if (cmd->commands[i].flag == optstate->option) { - cmd->commands[i].activated = PR_TRUE; - if (optstate->value) { - cmd->commands[i].arg = (char *)optstate->value; - } - found = PR_TRUE; - break; - } - } - - if (found) - continue; - - for (i=0; inumOptions; i++) { - if (cmd->options[i].flag == optstate->option) { - cmd->options[i].activated = PR_TRUE; - if (optstate->value) { - cmd->options[i].arg = (char *)optstate->value; - } else if (cmd->options[i].needsArg) { - return SECFailure; - } - found = PR_TRUE; - break; - } - } - - if (!found) - return SECFailure; - } - if (status == PL_OPT_BAD) - return SECFailure; - return SECSuccess; -} - -char * -SECU_GetOptionArg(secuCommand *cmd, int optionNum) -{ - if (optionNum < 0 || optionNum >= cmd->numOptions) - return NULL; - if (cmd->options[optionNum].activated) - return PL_strdup(cmd->options[optionNum].arg); - else - return NULL; -} - -static char SECUErrorBuf[64]; - -char * -SECU_ErrorStringRaw(int16 err) -{ - if (err == 0) - SECUErrorBuf[0] = '\0'; - else if (err == SEC_ERROR_BAD_DATA) - sprintf(SECUErrorBuf, "Bad data"); - else if (err == SEC_ERROR_BAD_DATABASE) - sprintf(SECUErrorBuf, "Problem with database"); - else if (err == SEC_ERROR_BAD_DER) - sprintf(SECUErrorBuf, "Problem with DER"); - else if (err == SEC_ERROR_BAD_KEY) - sprintf(SECUErrorBuf, "Problem with key"); - else if (err == SEC_ERROR_BAD_PASSWORD) - sprintf(SECUErrorBuf, "Incorrect password"); - else if (err == SEC_ERROR_BAD_SIGNATURE) - sprintf(SECUErrorBuf, "Bad signature"); - else if (err == SEC_ERROR_EXPIRED_CERTIFICATE) - sprintf(SECUErrorBuf, "Expired certificate"); - else if (err == SEC_ERROR_EXTENSION_VALUE_INVALID) - sprintf(SECUErrorBuf, "Invalid extension value"); - else if (err == SEC_ERROR_INPUT_LEN) - sprintf(SECUErrorBuf, "Problem with input length"); - else if (err == SEC_ERROR_INVALID_ALGORITHM) - sprintf(SECUErrorBuf, "Invalid algorithm"); - else if (err == SEC_ERROR_INVALID_ARGS) - sprintf(SECUErrorBuf, "Invalid arguments"); - else if (err == SEC_ERROR_INVALID_AVA) - sprintf(SECUErrorBuf, "Invalid AVA"); - else if (err == SEC_ERROR_INVALID_TIME) - sprintf(SECUErrorBuf, "Invalid time"); - else if (err == SEC_ERROR_IO) - sprintf(SECUErrorBuf, "Security I/O error"); - else if (err == SEC_ERROR_LIBRARY_FAILURE) - sprintf(SECUErrorBuf, "Library failure"); - else if (err == SEC_ERROR_NO_MEMORY) - sprintf(SECUErrorBuf, "Out of memory"); - else if (err == SEC_ERROR_OLD_CRL) - sprintf(SECUErrorBuf, "CRL is older than the current one"); - else if (err == SEC_ERROR_OUTPUT_LEN) - sprintf(SECUErrorBuf, "Problem with output length"); - else if (err == SEC_ERROR_UNKNOWN_ISSUER) - sprintf(SECUErrorBuf, "Unknown issuer"); - else if (err == SEC_ERROR_UNTRUSTED_CERT) - sprintf(SECUErrorBuf, "Untrusted certificate"); - else if (err == SEC_ERROR_UNTRUSTED_ISSUER) - sprintf(SECUErrorBuf, "Untrusted issuer"); - else if (err == SSL_ERROR_BAD_CERTIFICATE) - sprintf(SECUErrorBuf, "Bad certificate"); - else if (err == SSL_ERROR_BAD_CLIENT) - sprintf(SECUErrorBuf, "Bad client"); - else if (err == SSL_ERROR_BAD_SERVER) - sprintf(SECUErrorBuf, "Bad server"); - else if (err == SSL_ERROR_EXPORT_ONLY_SERVER) - sprintf(SECUErrorBuf, "Export only server"); - else if (err == SSL_ERROR_NO_CERTIFICATE) - sprintf(SECUErrorBuf, "No certificate"); - else if (err == SSL_ERROR_NO_CYPHER_OVERLAP) - sprintf(SECUErrorBuf, "No cypher overlap"); - else if (err == SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE) - sprintf(SECUErrorBuf, "Unsupported certificate type"); - else if (err == SSL_ERROR_UNSUPPORTED_VERSION) - sprintf(SECUErrorBuf, "Unsupported version"); - else if (err == SSL_ERROR_US_ONLY_SERVER) - sprintf(SECUErrorBuf, "U.S. only server"); - else if (err == PR_IO_ERROR) - sprintf(SECUErrorBuf, "I/O error"); - - else if (err == SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE) - sprintf (SECUErrorBuf, "Expired Issuer Certificate"); - else if (err == SEC_ERROR_REVOKED_CERTIFICATE) - sprintf (SECUErrorBuf, "Revoked certificate"); - else if (err == SEC_ERROR_NO_KEY) - sprintf (SECUErrorBuf, "No private key in database for this cert"); - else if (err == SEC_ERROR_CERT_NOT_VALID) - sprintf (SECUErrorBuf, "Certificate is not valid"); - else if (err == SEC_ERROR_EXTENSION_NOT_FOUND) - sprintf (SECUErrorBuf, "Certificate extension was not found"); - else if (err == SEC_ERROR_EXTENSION_VALUE_INVALID) - sprintf (SECUErrorBuf, "Certificate extension value invalid"); - else if (err == SEC_ERROR_CA_CERT_INVALID) - sprintf (SECUErrorBuf, "Issuer certificate is invalid"); - else if (err == SEC_ERROR_CERT_USAGES_INVALID) - sprintf (SECUErrorBuf, "Certificate usages is invalid"); - else if (err == SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION) - sprintf (SECUErrorBuf, "Certificate has unknown critical extension"); - else if (err == SEC_ERROR_PKCS7_BAD_SIGNATURE) - sprintf (SECUErrorBuf, "Bad PKCS7 signature"); - else if (err == SEC_ERROR_INADEQUATE_KEY_USAGE) - sprintf (SECUErrorBuf, "Certificate not approved for this operation"); - else if (err == SEC_ERROR_INADEQUATE_CERT_TYPE) - sprintf (SECUErrorBuf, "Certificate not approved for this operation"); - - return SECUErrorBuf; -} - -char * -SECU_ErrorString(int16 err) -{ - char *error_string; - - *SECUErrorBuf = 0; - SECU_ErrorStringRaw (err); - - if (*SECUErrorBuf == 0) { - error_string = SECU_GetString(err); - if (error_string == NULL || *error_string == '\0') - sprintf(SECUErrorBuf, "No error string found for %d.", err); - else - return error_string; - } - - return SECUErrorBuf; -} - - -void -SECU_PrintPRandOSError(char *progName) -{ - char buffer[513]; - PRInt32 errLen = PR_GetErrorTextLength(); - if (errLen > 0 && errLen < sizeof buffer) { - PR_GetErrorText(buffer); - } - SECU_PrintError(progName, "function failed"); - if (errLen > 0 && errLen < sizeof buffer) { - PR_fprintf(PR_STDERR, "\t%s\n", buffer); - } -} - - -static char * -bestCertName(CERTCertificate *cert) { - if (cert->nickname) { - return cert->nickname; - } - if (cert->emailAddr && cert->emailAddr[0]) { - return cert->emailAddr; - } - return cert->subjectName; -} - -void -SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle, - CERTCertificate *cert, PRBool checksig, - SECCertificateUsage certUsage, void *pinArg, PRBool verbose) -{ - CERTVerifyLog log; - CERTVerifyLogNode *node = NULL; - unsigned int depth = (unsigned int)-1; - unsigned int flags = 0; - char * errstr = NULL; - PRErrorCode err = PORT_GetError(); - - log.arena = PORT_NewArena(512); - log.head = log.tail = NULL; - log.count = 0; - CERT_VerifyCertificate(handle, cert, checksig, certUsage, PR_Now(), pinArg, &log, NULL); - - if (log.count > 0) { - fprintf(outfile,"PROBLEM WITH THE CERT CHAIN:\n"); - for (node = log.head; node; node = node->next) { - if (depth != node->depth) { - depth = node->depth; - fprintf(outfile,"CERT %d. %s %s:\n", depth, - bestCertName(node->cert), - depth ? "[Certificate Authority]": ""); - if (verbose) { - const char * emailAddr; - emailAddr = CERT_GetFirstEmailAddress(node->cert); - if (emailAddr) { - fprintf(outfile,"Email Address(es): "); - do { - fprintf(outfile, "%s\n", emailAddr); - emailAddr = CERT_GetNextEmailAddress(node->cert, - emailAddr); - } while (emailAddr); - } - } - } - fprintf(outfile," ERROR %ld: %s\n", node->error, - SECU_Strerror(node->error)); - errstr = NULL; - switch (node->error) { - case SEC_ERROR_INADEQUATE_KEY_USAGE: - flags = (unsigned int)node->arg; - switch (flags) { - case KU_DIGITAL_SIGNATURE: - errstr = "Cert cannot sign."; - break; - case KU_KEY_ENCIPHERMENT: - errstr = "Cert cannot encrypt."; - break; - case KU_KEY_CERT_SIGN: - errstr = "Cert cannot sign other certs."; - break; - default: - errstr = "[unknown usage]."; - break; - } - case SEC_ERROR_INADEQUATE_CERT_TYPE: - flags = (unsigned int)node->arg; - switch (flags) { - case NS_CERT_TYPE_SSL_CLIENT: - case NS_CERT_TYPE_SSL_SERVER: - errstr = "Cert cannot be used for SSL."; - break; - case NS_CERT_TYPE_SSL_CA: - errstr = "Cert cannot be used as an SSL CA."; - break; - case NS_CERT_TYPE_EMAIL: - errstr = "Cert cannot be used for SMIME."; - break; - case NS_CERT_TYPE_EMAIL_CA: - errstr = "Cert cannot be used as an SMIME CA."; - break; - case NS_CERT_TYPE_OBJECT_SIGNING: - errstr = "Cert cannot be used for object signing."; - break; - case NS_CERT_TYPE_OBJECT_SIGNING_CA: - errstr = "Cert cannot be used as an object signing CA."; - break; - default: - errstr = "[unknown usage]."; - break; - } - case SEC_ERROR_UNKNOWN_ISSUER: - case SEC_ERROR_UNTRUSTED_ISSUER: - case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: - errstr = node->cert->issuerName; - break; - default: - break; - } - if (errstr) { - fprintf(stderr," %s\n",errstr); - } - CERT_DestroyCertificate(node->cert); - } - } - PORT_SetError(err); /* restore original error code */ -} - -SECOidTag -SECU_StringToSignatureAlgTag(const char *alg) -{ - SECOidTag hashAlgTag = SEC_OID_UNKNOWN; - - if (alg) { - if (!PL_strcmp(alg, "MD2")) { - hashAlgTag = SEC_OID_MD2; - } else if (!PL_strcmp(alg, "MD4")) { - hashAlgTag = SEC_OID_MD4; - } else if (!PL_strcmp(alg, "MD5")) { - hashAlgTag = SEC_OID_MD5; - } else if (!PL_strcmp(alg, "SHA1")) { - hashAlgTag = SEC_OID_SHA1; - } else if (!PL_strcmp(alg, "SHA256")) { - hashAlgTag = SEC_OID_SHA256; - } else if (!PL_strcmp(alg, "SHA384")) { - hashAlgTag = SEC_OID_SHA384; - } else if (!PL_strcmp(alg, "SHA512")) { - hashAlgTag = SEC_OID_SHA512; - } - } - return hashAlgTag; -} - - -SECStatus -SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl, PRFileDesc *outFile, - const PRBool ascii, char *url) -{ - PORT_Assert(derCrl != NULL); - if (!derCrl) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - if (outFile != NULL) { - if (ascii) { - PR_fprintf(outFile, "%s\n%s\n%s\n", NS_CRL_HEADER, - BTOA_DataToAscii(derCrl->data, derCrl->len), - NS_CRL_TRAILER); - } else { - if (PR_Write(outFile, derCrl->data, derCrl->len) != derCrl->len) { - return SECFailure; - } - } - } - if (slot) { - CERTSignedCrl *newCrl = PK11_ImportCRL(slot, derCrl, url, - SEC_CRL_TYPE, NULL, 0, NULL, 0); - if (newCrl != NULL) { - SEC_DestroyCrl(newCrl); - return SECSuccess; - } - return SECFailure; - } - if (!outFile && !slot) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - return SECSuccess; -} - -SECStatus -SECU_SignAndEncodeCRL(CERTCertificate *issuer, CERTSignedCrl *signCrl, - SECOidTag hashAlgTag, SignAndEncodeFuncExitStat *resCode) -{ - SECItem der; - SECKEYPrivateKey *caPrivateKey = NULL; - SECStatus rv; - PRArenaPool *arena; - SECOidTag algID; - void *dummy; - - PORT_Assert(issuer != NULL && signCrl != NULL); - if (!issuer || !signCrl) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - arena = signCrl->arena; - - caPrivateKey = PK11_FindKeyByAnyCert(issuer, NULL); - if (caPrivateKey == NULL) { - *resCode = noKeyFound; - return SECFailure; - } - - algID = SEC_GetSignatureAlgorithmOidTag(caPrivateKey->keyType, hashAlgTag); - if (algID == SEC_OID_UNKNOWN) { - *resCode = noSignatureMatch; - rv = SECFailure; - goto done; - } - - if (!signCrl->crl.signatureAlg.parameters.data) { - rv = SECOID_SetAlgorithmID(arena, &signCrl->crl.signatureAlg, algID, 0); - if (rv != SECSuccess) { - *resCode = failToEncode; - goto done; - } - } - - der.len = 0; - der.data = NULL; - dummy = SEC_ASN1EncodeItem(arena, &der, &signCrl->crl, - SEC_ASN1_GET(CERT_CrlTemplate)); - if (!dummy) { - *resCode = failToEncode; - rv = SECFailure; - goto done; - } - - rv = SECU_DerSignDataCRL(arena, &signCrl->signatureWrap, - der.data, der.len, caPrivateKey, algID); - if (rv != SECSuccess) { - *resCode = failToSign; - goto done; - } - - signCrl->derCrl = PORT_ArenaZNew(arena, SECItem); - if (signCrl->derCrl == NULL) { - *resCode = noMem; - PORT_SetError(SEC_ERROR_NO_MEMORY); - rv = SECFailure; - goto done; - } - - signCrl->derCrl->len = 0; - signCrl->derCrl->data = NULL; - dummy = SEC_ASN1EncodeItem (arena, signCrl->derCrl, signCrl, - SEC_ASN1_GET(CERT_SignedCrlTemplate)); - if (!dummy) { - *resCode = failToEncode; - rv = SECFailure; - goto done; - } - -done: - if (caPrivateKey) { - SECKEY_DestroyPrivateKey(caPrivateKey); - } - return rv; -} - - - -SECStatus -SECU_CopyCRL(PRArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl) -{ - void *dummy; - SECStatus rv = SECSuccess; - SECItem der; - - PORT_Assert(destArena && srcCrl && destCrl); - if (!destArena || !srcCrl || !destCrl) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - der.len = 0; - der.data = NULL; - dummy = SEC_ASN1EncodeItem (destArena, &der, srcCrl, - SEC_ASN1_GET(CERT_CrlTemplate)); - if (!dummy) { - return SECFailure; - } - - rv = SEC_QuickDERDecodeItem(destArena, destCrl, - SEC_ASN1_GET(CERT_CrlTemplate), &der); - if (rv != SECSuccess) { - return SECFailure; - } - - destCrl->arena = destArena; - - return rv; -} - -SECStatus -SECU_DerSignDataCRL(PRArenaPool *arena, CERTSignedData *sd, - unsigned char *buf, int len, SECKEYPrivateKey *pk, - SECOidTag algID) -{ - SECItem it; - SECStatus rv; - - it.data = 0; - - /* XXX We should probably have some asserts here to make sure the key type - * and algID match - */ - - /* Sign input buffer */ - rv = SEC_SignData(&it, buf, len, pk, algID); - if (rv) goto loser; - - /* Fill out SignedData object */ - PORT_Memset(sd, 0, sizeof(sd)); - sd->data.data = buf; - sd->data.len = len; - sd->signature.data = it.data; - sd->signature.len = it.len << 3; /* convert to bit string */ - if (!sd->signatureAlgorithm.parameters.data) { - rv = SECOID_SetAlgorithmID(arena, &sd->signatureAlgorithm, algID, 0); - if (rv) goto loser; - } - - return rv; - - loser: - PORT_Free(it.data); - return rv; -} - -#if 0 - -/* we need access to the private function cert_FindExtension for this code to work */ - -CERTAuthKeyID * -SECU_FindCRLAuthKeyIDExten (PRArenaPool *arena, CERTSignedCrl *scrl) -{ - SECItem encodedExtenValue; - SECStatus rv; - CERTAuthKeyID *ret; - CERTCrl* crl; - - if (!scrl) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } - - crl = &scrl->crl; - - encodedExtenValue.data = NULL; - encodedExtenValue.len = 0; - - rv = cert_FindExtension(crl->extensions, SEC_OID_X509_AUTH_KEY_ID, - &encodedExtenValue); - if ( rv != SECSuccess ) { - return (NULL); - } - - ret = CERT_DecodeAuthKeyID (arena, &encodedExtenValue); - - PORT_Free(encodedExtenValue.data); - encodedExtenValue.data = NULL; - - return(ret); -} - -#endif - -/* - * Find the issuer of a Crl. Use the authorityKeyID if it exists. - */ -CERTCertificate * -SECU_FindCrlIssuer(CERTCertDBHandle *dbhandle, SECItem* subject, - CERTAuthKeyID* authorityKeyID, PRTime validTime) -{ - CERTCertListNode *node; - CERTCertificate * issuerCert = NULL, *cert = NULL; - CERTCertList *certList = NULL; - SECStatus rv = SECFailure; - - if (!subject) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return NULL; - } - - certList = - CERT_CreateSubjectCertList(NULL, dbhandle, subject, - validTime, PR_TRUE); - if (!certList) { - goto loser; - } - - node = CERT_LIST_HEAD(certList); - - /* XXX and authoritykeyid in the future */ - while ( ! CERT_LIST_END(node, certList) ) { - cert = node->cert; - if (CERT_CheckCertUsage(cert, KU_CRL_SIGN) != SECSuccess || - !cert->trust) { - continue; - } - /* select the first (newest) user cert */ - if (CERT_IsUserCert(cert)) { - rv = SECSuccess; - goto success; - } - } - - success: - if (rv == SECSuccess) { - issuerCert = CERT_DupCertificate(cert); - } - loser: - if (certList) { - CERT_DestroyCertList(certList); - } - return(issuerCert); -} - - -/* Encodes and adds extensions to the CRL or CRL entries. */ -SECStatus -SECU_EncodeAndAddExtensionValue(PRArenaPool *arena, void *extHandle, - void *value, PRBool criticality, int extenType, - EXTEN_EXT_VALUE_ENCODER EncodeValueFn) -{ - SECItem encodedValue; - SECStatus rv; - - encodedValue.data = NULL; - encodedValue.len = 0; - do { - rv = (*EncodeValueFn)(arena, value, &encodedValue); - if (rv != SECSuccess) - break; - - rv = CERT_AddExtension(extHandle, extenType, &encodedValue, - criticality, PR_TRUE); - if (rv != SECSuccess) - break; - } while (0); - - return (rv); -} diff --git a/security/nss/cmd/lib/secutil.h b/security/nss/cmd/lib/secutil.h deleted file mode 100644 index e8fc375505..0000000000 --- a/security/nss/cmd/lib/secutil.h +++ /dev/null @@ -1,424 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -#ifndef _SEC_UTIL_H_ -#define _SEC_UTIL_H_ - -#include "seccomon.h" -#include "secitem.h" -#include "prerror.h" -#include "base64.h" -#include "key.h" -#include "secpkcs7.h" -#include "secasn1.h" -#include "secder.h" -#include - -#define SEC_CT_PRIVATE_KEY "private-key" -#define SEC_CT_PUBLIC_KEY "public-key" -#define SEC_CT_CERTIFICATE "certificate" -#define SEC_CT_CERTIFICATE_REQUEST "certificate-request" -#define SEC_CT_PKCS7 "pkcs7" -#define SEC_CT_CRL "crl" - -#define NS_CERTREQ_HEADER "-----BEGIN NEW CERTIFICATE REQUEST-----" -#define NS_CERTREQ_TRAILER "-----END NEW CERTIFICATE REQUEST-----" - -#define NS_CERT_HEADER "-----BEGIN CERTIFICATE-----" -#define NS_CERT_TRAILER "-----END CERTIFICATE-----" - -#define NS_CRL_HEADER "-----BEGIN CRL-----" -#define NS_CRL_TRAILER "-----END CRL-----" - -/* From libsec/pcertdb.c --- it's not declared in sec.h */ -extern SECStatus SEC_AddPermCertificate(CERTCertDBHandle *handle, - SECItem *derCert, char *nickname, CERTCertTrust *trust); - - -#ifdef SECUTIL_NEW -typedef int (*SECU_PPFunc)(PRFileDesc *out, SECItem *item, - char *msg, int level); -#else -typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level); -#endif - -typedef struct { - enum { - PW_NONE = 0, - PW_FROMFILE = 1, - PW_PLAINTEXT = 2, - PW_EXTERNAL = 3 - } source; - char *data; -} secuPWData; - -/* -** Change a password on a token, or initialize a token with a password -** if it does not already have one. -** Use passwd to send the password in plaintext, pwFile to specify a -** file containing the password, or NULL for both to prompt the user. -*/ -SECStatus SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile); - -/* These were stolen from the old sec.h... */ -/* -** Check a password for legitimacy. Passwords must be at least 8 -** characters long and contain one non-alphabetic. Return DSTrue if the -** password is ok, DSFalse otherwise. -*/ -extern PRBool SEC_CheckPassword(char *password); - -/* -** Blind check of a password. Complement to SEC_CheckPassword which -** ignores length and content type, just retuning DSTrue is the password -** exists, DSFalse if NULL -*/ -extern PRBool SEC_BlindCheckPassword(char *password); - -/* -** Get a password. -** First prompt with "msg" on "out", then read the password from "in". -** The password is then checked using "chkpw". -*/ -extern char *SEC_GetPassword(FILE *in, FILE *out, char *msg, - PRBool (*chkpw)(char *)); - -char *SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg); - -char *SECU_GetPasswordString(void *arg, char *prompt); - -/* -** Write a dongle password. -** Uses MD5 to hash constant system data (hostname, etc.), and then -** creates RC4 key to encrypt a password "pw" into a file "fd". -*/ -extern SECStatus SEC_WriteDongleFile(int fd, char *pw); - -/* -** Get a dongle password. -** Uses MD5 to hash constant system data (hostname, etc.), and then -** creates RC4 key to decrypt and return a password from file "fd". -*/ -extern char *SEC_ReadDongleFile(int fd); - - -/* End stolen headers */ - -/* Just sticks the two strings together with a / if needed */ -char *SECU_AppendFilenameToDir(char *dir, char *filename); - -/* Returns result of getenv("SSL_DIR") or NULL */ -extern char *SECU_DefaultSSLDir(void); - -/* -** Should be called once during initialization to set the default -** directory for looking for cert.db, key.db, and cert-nameidx.db files -** Removes trailing '/' in 'base' -** If 'base' is NULL, defaults to set to .netscape in home directory. -*/ -extern char *SECU_ConfigDirectory(const char* base); - -/* -** Basic callback function for SSL_GetClientAuthDataHook -*/ -extern int -SECU_GetClientAuthData(void *arg, PRFileDesc *fd, - struct CERTDistNamesStr *caNames, - struct CERTCertificateStr **pRetCert, - struct SECKEYPrivateKeyStr **pRetKey); - -/* print out an error message */ -extern void SECU_PrintError(char *progName, char *msg, ...); - -/* print out a system error message */ -extern void SECU_PrintSystemError(char *progName, char *msg, ...); - -/* Return informative error string */ -extern const char * SECU_Strerror(PRErrorCode errNum); - -/* print information about cert verification failure */ -extern void -SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle, - CERTCertificate *cert, PRBool checksig, - SECCertificateUsage certUsage, void *pinArg, PRBool verbose); - -/* Read the contents of a file into a SECItem */ -extern SECStatus SECU_FileToItem(SECItem *dst, PRFileDesc *src); -extern SECStatus SECU_TextFileToItem(SECItem *dst, PRFileDesc *src); - -/* Read in a DER from a file, may be ascii */ -extern SECStatus -SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii); - -/* Indent based on "level" */ -extern void SECU_Indent(FILE *out, int level); - -/* Print integer value and hex */ -extern void SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level); - -/* Print ObjectIdentifier symbolically */ -extern SECOidTag SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level); - -/* Print AlgorithmIdentifier symbolically */ -extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, - int level); - -/* Print SECItem as hex */ -extern void SECU_PrintAsHex(FILE *out, SECItem *i, const char *m, int level); - -/* dump a buffer in hex and ASCII */ -extern void SECU_PrintBuf(FILE *out, const char *msg, const void *vp, int len); - -/* - * Format and print the UTC Time "t". If the tag message "m" is not NULL, - * do indent formatting based on "level" and add a newline afterward; - * otherwise just print the formatted time string only. - */ -extern void SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level); - -/* - * Format and print the Generalized Time "t". If the tag message "m" - * is not NULL, * do indent formatting based on "level" and add a newline - * afterward; otherwise just print the formatted time string only. - */ -extern void SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m, - int level); - -/* - * Format and print the UTC or Generalized Time "t". If the tag message - * "m" is not NULL, do indent formatting based on "level" and add a newline - * afterward; otherwise just print the formatted time string only. - */ -extern void SECU_PrintTimeChoice(FILE *out, SECItem *t, char *m, int level); - -/* callback for listing certs through pkcs11 */ -extern SECStatus SECU_PrintCertNickname(CERTCertListNode* cert, void *data); - -/* Dump all certificate nicknames in a database */ -extern SECStatus -SECU_PrintCertificateNames(CERTCertDBHandle *handle, PRFileDesc* out, - PRBool sortByName, PRBool sortByTrust); - -/* See if nickname already in database. Return 1 true, 0 false, -1 error */ -int SECU_CheckCertNameExists(CERTCertDBHandle *handle, char *nickname); - -/* Dump contents of cert req */ -extern int SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, - int level); - -/* Dump contents of certificate */ -extern int SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level); - -/* print trust flags on a cert */ -extern void SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m, int level); - -/* Dump contents of public key */ -extern int SECU_PrintPublicKey(FILE *out, SECItem *der, char *m, int level); - -#ifdef HAVE_EPV_TEMPLATE -/* Dump contents of private key */ -extern int SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level); -#endif - -/* Print the MD5 and SHA1 fingerprints of a cert */ -extern int SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, - int level); - -/* Pretty-print any PKCS7 thing */ -extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m, - int level); - -/* Init PKCS11 stuff */ -extern SECStatus SECU_PKCS11Init(PRBool readOnly); - -/* Dump contents of signed data */ -extern int SECU_PrintSignedData(FILE *out, SECItem *der, char *m, int level, - SECU_PPFunc inner); - -extern int SECU_PrintCrl(FILE *out, SECItem *der, char *m, int level); - -extern void -SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level); - -extern void SECU_PrintString(FILE *out, SECItem *si, char *m, int level); -extern void SECU_PrintAny(FILE *out, SECItem *i, char *m, int level); - -extern void SECU_PrintPolicy(FILE *out, SECItem *value, char *msg, int level); -extern void SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value, - char *msg, int level); - -extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions, - char *msg, int level); - -extern void SECU_PrintName(FILE *out, CERTName *name, char *msg, int level); - -#ifdef SECU_GetPassword -/* Convert a High public Key to a Low public Key */ -extern SECKEYLowPublicKey *SECU_ConvHighToLow(SECKEYPublicKey *pubHighKey); -#endif - -extern SECItem *SECU_GetPBEPassword(void *arg); - -extern char *SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg); - -extern SECStatus DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw); -extern void SEC_Init(void); - -extern char *SECU_SECModDBName(void); - -extern void SECU_PrintPRandOSError(char *progName); - -extern SECStatus SECU_RegisterDynamicOids(void); - -/* Identifies hash algorithm tag by its string representation. */ -extern SECOidTag SECU_StringToSignatureAlgTag(const char *alg); - -/* Store CRL in output file or pk11 db. Also - * encodes with base64 and exports to file if ascii flag is set - * and file is not NULL. */ -extern SECStatus SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl, - PRFileDesc *outFile, int ascii, char *url); - - -/* -** DER sign a single block of data using private key encryption and the -** MD5 hashing algorithm. This routine first computes a digital signature -** using SEC_SignData, then wraps it with an CERTSignedData and then der -** encodes the result. -** "arena" is the memory arena to use to allocate data from -** "sd" returned CERTSignedData -** "result" the final der encoded data (memory is allocated) -** "buf" the input data to sign -** "len" the amount of data to sign -** "pk" the private key to encrypt with -*/ -extern SECStatus SECU_DerSignDataCRL(PRArenaPool *arena, CERTSignedData *sd, - unsigned char *buf, int len, - SECKEYPrivateKey *pk, SECOidTag algID); - -typedef enum { - noKeyFound = 1, - noSignatureMatch = 2, - failToEncode = 3, - failToSign = 4, - noMem = 5 -} SignAndEncodeFuncExitStat; - -extern SECStatus -SECU_SignAndEncodeCRL(CERTCertificate *issuer, CERTSignedCrl *signCrl, - SECOidTag hashAlgTag, SignAndEncodeFuncExitStat *resCode); - -extern SECStatus -SECU_CopyCRL(PRArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl); - -/* -** Finds the crl Authority Key Id extension. Returns NULL if no such extension -** was found. -*/ -CERTAuthKeyID * -SECU_FindCRLAuthKeyIDExten (PRArenaPool *arena, CERTSignedCrl *crl); - -/* - * Find the issuer of a crl. Cert usage should be checked before signing a crl. - */ -CERTCertificate * -SECU_FindCrlIssuer(CERTCertDBHandle *dbHandle, SECItem* subject, - CERTAuthKeyID* id, PRTime validTime); - - -/* call back function used in encoding of an extension. Called from - * SECU_EncodeAndAddExtensionValue */ -typedef SECStatus (* EXTEN_EXT_VALUE_ENCODER) (PRArenaPool *extHandleArena, - void *value, SECItem *encodedValue); - -/* Encodes and adds extensions to the CRL or CRL entries. */ -SECStatus -SECU_EncodeAndAddExtensionValue(PRArenaPool *arena, void *extHandle, - void *value, PRBool criticality, int extenType, - EXTEN_EXT_VALUE_ENCODER EncodeValueFn); - - -/* - * - * Utilities for parsing security tools command lines - * - */ - -/* A single command flag */ -typedef struct { - char flag; - PRBool needsArg; - char *arg; - PRBool activated; -} secuCommandFlag; - -/* A full array of command/option flags */ -typedef struct -{ - int numCommands; - int numOptions; - - secuCommandFlag *commands; - secuCommandFlag *options; -} secuCommand; - -/* fill the "arg" and "activated" fields for each flag */ -SECStatus -SECU_ParseCommandLine(int argc, char **argv, char *progName, secuCommand *cmd); -char * -SECU_GetOptionArg(secuCommand *cmd, int optionNum); - -/* - * - * Error messaging - * - */ - -/* Return informative error string */ -char *SECU_ErrorString(int16 err); - -/* Return informative error string. Does not call XP_GetString */ -char *SECU_ErrorStringRaw(int16 err); - -void printflags(char *trusts, unsigned int flags); - -#ifndef XP_UNIX -extern int ffs(unsigned int i); -#endif - -#include "secerr.h" -#include "sslerr.h" - -#endif /* _SEC_UTIL_H_ */ diff --git a/security/nss/cmd/makepqg/Makefile b/security/nss/cmd/makepqg/Makefile deleted file mode 100644 index 835c858330..0000000000 --- a/security/nss/cmd/makepqg/Makefile +++ /dev/null @@ -1,81 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - - diff --git a/security/nss/cmd/makepqg/makepqg.c b/security/nss/cmd/makepqg/makepqg.c deleted file mode 100644 index 5a172d696b..0000000000 --- a/security/nss/cmd/makepqg/makepqg.c +++ /dev/null @@ -1,363 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" - -#include "nss.h" -#include "secutil.h" -#include "secitem.h" -#include "pk11func.h" -#include "pk11pqg.h" - -#if defined(XP_UNIX) -#include -#endif - -#include "plgetopt.h" - -#define BPB 8 /* bits per byte. */ - -char *progName; - - -const SEC_ASN1Template seckey_PQGParamsTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) }, - { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) }, - { 0, } -}; - - - -void -Usage(void) -{ - fprintf(stderr, "Usage: %s\n", progName); - fprintf(stderr, -"-a Output DER-encoded PQG params, BTOA encoded.\n" -" -l prime-length Length of prime in bits (1024 is default)\n" -" -o file Output to this file (default is stdout)\n" -"-b Output DER-encoded PQG params in binary\n" -" -l prime-length Length of prime in bits (1024 is default)\n" -" -o file Output to this file (default is stdout)\n" -"-r Output P, Q and G in ASCII hexadecimal. \n" -" -l prime-length Length of prime in bits (1024 is default)\n" -" -o file Output to this file (default is stdout)\n" -"-g bits Generate SEED this many bits long.\n" -); - exit(-1); - -} - -SECStatus -outputPQGParams(PQGParams * pqgParams, PRBool output_binary, PRBool output_raw, - FILE * outFile) -{ - PRArenaPool * arena = NULL; - char * PQG; - SECItem * pItem; - int cc; - SECStatus rv; - SECItem encodedParams; - - if (output_raw) { - SECItem item; - - rv = PK11_PQG_GetPrimeFromParams(pqgParams, &item); - if (rv) { - SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams"); - return rv; - } - SECU_PrintInteger(outFile, &item, "Prime", 1); - SECITEM_FreeItem(&item, PR_FALSE); - - rv = PK11_PQG_GetSubPrimeFromParams(pqgParams, &item); - if (rv) { - SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams"); - return rv; - } - SECU_PrintInteger(outFile, &item, "Subprime", 1); - SECITEM_FreeItem(&item, PR_FALSE); - - rv = PK11_PQG_GetBaseFromParams(pqgParams, &item); - if (rv) { - SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams"); - return rv; - } - SECU_PrintInteger(outFile, &item, "Base", 1); - SECITEM_FreeItem(&item, PR_FALSE); - - fprintf(outFile, "\n"); - return SECSuccess; - } - - encodedParams.data = NULL; - encodedParams.len = 0; - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (!arena) { - SECU_PrintError(progName, "PORT_NewArena"); - return SECFailure; - } - pItem = SEC_ASN1EncodeItem(arena, &encodedParams, pqgParams, - seckey_PQGParamsTemplate); - if (!pItem) { - SECU_PrintError(progName, "SEC_ASN1EncodeItem"); - PORT_FreeArena(arena, PR_FALSE); - return SECFailure; - } - if (output_binary) { - size_t len; - len = fwrite(encodedParams.data, 1, encodedParams.len, outFile); - PORT_FreeArena(arena, PR_FALSE); - if (len != encodedParams.len) { - fprintf(stderr, "%s: fwrite failed\n", progName); - return SECFailure; - } - return SECSuccess; - } - - /* must be output ASCII */ - PQG = BTOA_DataToAscii(encodedParams.data, encodedParams.len); - PORT_FreeArena(arena, PR_FALSE); - if (!PQG) { - SECU_PrintError(progName, "BTOA_DataToAscii"); - return SECFailure; - } - - cc = fprintf(outFile,"%s\n",PQG); - PORT_Free(PQG); - if (cc <= 0) { - fprintf(stderr, "%s: fprintf failed\n", progName); - return SECFailure; - } - return SECSuccess; -} - -SECStatus -outputPQGVerify(PQGVerify * pqgVerify, PRBool output_binary, PRBool output_raw, - FILE * outFile) -{ - SECStatus rv = SECSuccess; - if (output_raw) { - SECItem item; - unsigned int counter; - - rv = PK11_PQG_GetHFromVerify(pqgVerify, &item); - if (rv) { - SECU_PrintError(progName, "PK11_PQG_GetHFromVerify"); - return rv; - } - SECU_PrintInteger(outFile, &item, "h", 1); - SECITEM_FreeItem(&item, PR_FALSE); - - rv = PK11_PQG_GetSeedFromVerify(pqgVerify, &item); - if (rv) { - SECU_PrintError(progName, "PK11_PQG_GetSeedFromVerify"); - return rv; - } - SECU_PrintInteger(outFile, &item, "SEED", 1); - fprintf(outFile, " g: %d\n", item.len * BPB); - SECITEM_FreeItem(&item, PR_FALSE); - - counter = PK11_PQG_GetCounterFromVerify(pqgVerify); - fprintf(outFile, " counter: %d\n", counter); - fprintf(outFile, "\n"); - } - return rv; -} - -int -main(int argc, char **argv) -{ - FILE * outFile = NULL; - char * outFileName = NULL; - PQGParams * pqgParams = NULL; - PQGVerify * pqgVerify = NULL; - int keySizeInBits = 1024; - int j; - int g = 0; - SECStatus rv = 0; - SECStatus passed = 0; - PRBool output_ascii = PR_FALSE; - PRBool output_binary = PR_FALSE; - PRBool output_raw = PR_FALSE; - PLOptState *optstate; - PLOptStatus status; - - - progName = strrchr(argv[0], '/'); - if (!progName) - progName = strrchr(argv[0], '\\'); - progName = progName ? progName+1 : argv[0]; - - /* Parse command line arguments */ - optstate = PL_CreateOptState(argc, argv, "?abg:l:o:r" ); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch (optstate->option) { - - case 'l': - keySizeInBits = atoi(optstate->value); - break; - - case 'a': - output_ascii = PR_TRUE; - break; - - case 'b': - output_binary = PR_TRUE; - break; - - case 'r': - output_raw = PR_TRUE; - break; - - case 'o': - if (outFileName) { - PORT_Free(outFileName); - } - outFileName = PORT_Strdup(optstate->value); - if (!outFileName) { - rv = -1; - } - break; - - case 'g': - g = atoi(optstate->value); - break; - - default: - case '?': - Usage(); - break; - - } - } - PL_DestroyOptState(optstate); - - if (status == PL_OPT_BAD) { - Usage(); - } - - /* exactly 1 of these options must be set. */ - if (1 != ((output_ascii != PR_FALSE) + - (output_binary != PR_FALSE) + - (output_raw != PR_FALSE))) { - Usage(); - } - - j = PQG_PBITS_TO_INDEX(keySizeInBits); - if (j < 0) { - fprintf(stderr, "%s: Illegal prime length, \n" - "\tacceptable values are between 512 and 1024,\n" - "\tand divisible by 64\n", progName); - return 2; - } - if (g != 0 && (g < 160 || g >= 2048 || g % 8 != 0)) { - fprintf(stderr, "%s: Illegal g bits, \n" - "\tacceptable values are between 160 and 2040,\n" - "\tand divisible by 8\n", progName); - return 3; - } - - if (!rv && outFileName) { - outFile = fopen(outFileName, output_binary ? "wb" : "w"); - if (!outFile) { - fprintf(stderr, "%s: unable to open \"%s\" for writing\n", - progName, outFileName); - rv = -1; - } - } - if (outFileName) { - PORT_Free(outFileName); - } - if (rv != 0) { - return 1; - } - - if (outFile == NULL) { - outFile = stdout; - } - - - NSS_NoDB_Init(NULL); - - if (g) - rv = PK11_PQG_ParamGenSeedLen((unsigned)j, (unsigned)(g/8), - &pqgParams, &pqgVerify); - else - rv = PK11_PQG_ParamGen((unsigned)j, &pqgParams, &pqgVerify); - /* below here, must go to loser */ - - if (rv != SECSuccess || pqgParams == NULL || pqgVerify == NULL) { - SECU_PrintError(progName, "PQG parameter generation failed.\n"); - goto loser; - } - fprintf(stderr, "%s: PQG parameter generation completed.\n", progName); - - rv = outputPQGParams(pqgParams, output_binary, output_raw, outFile); - if (rv) { - fprintf(stderr, "%s: failed to output PQG params.\n", progName); - goto loser; - } - rv = outputPQGVerify(pqgVerify, output_binary, output_raw, outFile); - if (rv) { - fprintf(stderr, "%s: failed to output PQG Verify.\n", progName); - goto loser; - } - - rv = PK11_PQG_VerifyParams(pqgParams, pqgVerify, &passed); - if (rv != SECSuccess) { - fprintf(stderr, "%s: PQG parameter verification aborted.\n", progName); - goto loser; - } - if (passed != SECSuccess) { - fprintf(stderr, "%s: PQG parameters failed verification.\n", progName); - goto loser; - } - fprintf(stderr, "%s: PQG parameters passed verification.\n", progName); - - PK11_PQG_DestroyParams(pqgParams); - PK11_PQG_DestroyVerify(pqgVerify); - return 0; - -loser: - PK11_PQG_DestroyParams(pqgParams); - PK11_PQG_DestroyVerify(pqgVerify); - return 1; -} diff --git a/security/nss/cmd/makepqg/manifest.mn b/security/nss/cmd/makepqg/manifest.mn deleted file mode 100644 index 7d623f11bb..0000000000 --- a/security/nss/cmd/makepqg/manifest.mn +++ /dev/null @@ -1,51 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -MODULE = nss - -REQUIRES = dbm - -# DIRS = - -CSRCS = makepqg.c - -PROGRAM = makepqg - -#USE_STATIC_LIBS = 1 - diff --git a/security/nss/cmd/makepqg/testit.ksh b/security/nss/cmd/makepqg/testit.ksh deleted file mode 100644 index 31ac17ea1a..0000000000 --- a/security/nss/cmd/makepqg/testit.ksh +++ /dev/null @@ -1,45 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -COUNTER=75 -while [ $COUNTER -ge "1" ] -do - COUNTER=$(eval expr $COUNTER - 1) - echo $COUNTER - */makepqg.exe -r -l 640 -g 160 || exit 1 -done - diff --git a/security/nss/cmd/manifest.mn b/security/nss/cmd/manifest.mn deleted file mode 100644 index 0428314a42..0000000000 --- a/security/nss/cmd/manifest.mn +++ /dev/null @@ -1,97 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -DEPTH = ../.. -# MODULE = seccmd - -REQUIRES = nss nspr libdbm - -DIRS = lib \ - $(ZLIB_SRCDIR) \ - addbuiltin \ - atob \ - bltest \ - btoa \ - certcgi \ - certutil \ - checkcert \ - crlutil \ - crmftest \ - dbtest \ - derdump \ - digest \ - fipstest \ - makepqg \ - ocspclnt \ - oidcalc \ - p7content \ - p7env \ - p7sign \ - p7verify \ - pk12util \ - pp \ - rsaperf \ - sdrtest \ - selfserv \ - signtool \ - signver \ - shlibsign \ - smimetools \ - SSLsample \ - ssltap \ - strsclnt \ - symkeyutil \ - tstclnt \ - vfychain \ - vfyserv \ - modutil \ - $(NULL) - -TEMPORARILY_DONT_BUILD = \ - $(NULL) - -# rsaperf \ -# -# needs to look at what needs to happen to make jar build in -# the binary release environment. -# -# perror requires lib/strerror.c which requires the client code installed -# to build (requires allxpstr.h) -# -DONT_BULD = jar \ - perror \ -$(NULL) diff --git a/security/nss/cmd/modutil/Makefile b/security/nss/cmd/modutil/Makefile deleted file mode 100644 index 8bdb8658d6..0000000000 --- a/security/nss/cmd/modutil/Makefile +++ /dev/null @@ -1,84 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk - -# -# Cancel the built-in implicit yacc and lex rules. -# - -%.c: %.y -%.c: %.l diff --git a/security/nss/cmd/modutil/README b/security/nss/cmd/modutil/README deleted file mode 100644 index 12d192c9ff..0000000000 --- a/security/nss/cmd/modutil/README +++ /dev/null @@ -1,7 +0,0 @@ - CRYPTOGRAPHIC MODULE UTILITY (modutil) - VERSION 1.0 - =============================================== - -The file specification.html documentats the software. - -The file pk11jar.html documents the PKCS #11 JAR format. diff --git a/security/nss/cmd/modutil/error.h b/security/nss/cmd/modutil/error.h deleted file mode 100644 index 7b478223a4..0000000000 --- a/security/nss/cmd/modutil/error.h +++ /dev/null @@ -1,185 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#ifndef MODUTIL_ERROR_H -#define MODUTIL_ERROR_H - -typedef enum { - NO_ERR=0, - INVALID_USAGE_ERR, - UNEXPECTED_ARG_ERR, - UNKNOWN_OPTION_ERR, - MULTIPLE_COMMAND_ERR, - OPTION_NEEDS_ARG_ERR, - DUPLICATE_OPTION_ERR, - MISSING_PARAM_ERR, - INVALID_FIPS_ARG, - NO_COMMAND_ERR, - NO_DBDIR_ERR, - FIPS_SWITCH_FAILED_ERR, - FIPS_ALREADY_ON_ERR, - FIPS_ALREADY_OFF_ERR, - FILE_ALREADY_EXISTS_ERR, - FILE_DOESNT_EXIST_ERR, - FILE_NOT_READABLE_ERR, - FILE_NOT_WRITEABLE_ERR, - DIR_DOESNT_EXIST_ERR, - DIR_NOT_READABLE_ERR, - DIR_NOT_WRITEABLE_ERR, - INVALID_CONSTANT_ERR, - ADD_MODULE_FAILED_ERR, - ADD_MODULE_FAILED_STATUS_ERR, - OUT_OF_MEM_ERR, - DELETE_INTERNAL_ERR, - DELETE_FAILED_ERR, - NO_LIST_LOCK_ERR, - NO_MODULE_LIST_ERR, - NO_SUCH_MODULE_ERR, - MOD_INFO_ERR, - SLOT_INFO_ERR, - TOKEN_INFO_ERR, - NO_SUCH_TOKEN_ERR, - CHANGEPW_FAILED_ERR, - BAD_PW_ERR, - DB_ACCESS_ERR, - AUTHENTICATION_FAILED_ERR, - NO_SUCH_SLOT_ERR, - ENABLE_FAILED_ERR, - UPDATE_MOD_FAILED_ERR, - DEFAULT_FAILED_ERR, - UNDEFAULT_FAILED_ERR, - STDIN_READ_ERR, - UNSPECIFIED_ERR, - NOCERTDB_MISUSE_ERR, - NSS_INITIALIZE_FAILED_ERR, - - LAST_ERR /* must be last */ -} Error; -#define SUCCESS NO_ERR - -/* !!! Should move this into its own .c and un-static it. */ -static char *errStrings[] = { - "Operation completed successfully.\n", - "ERROR: Invalid command line.\n", - "ERROR: Not expecting argument \"%s\".\n", - "ERROR: Unknown option: %s.\n", - "ERROR: %s: multiple commands are not allowed on the command line.\n", - "ERROR: %s: option needs an argument.\n", - "ERROR: %s: option cannot be given more than once.\n", - "ERROR: Command \"%s\" requires parameter \"%s\".\n", - "ERROR: Argument to -fips must be \"true\" or \"false\".\n", - "ERROR: No command was specified.\n", - "ERROR: Cannot determine database directory: use the -dbdir option.\n", - "ERROR: Unable to switch FIPS modes.\n", - "FIPS mode already enabled.\n", - "FIPS mode already disabled.\n", - "ERROR: File \"%s\" already exists.\n", - "ERROR: File \"%s\" does not exist.\n", - "ERROR: File \"%s\" is not readable.\n", - "ERROR: File \"%s\" is not writeable.\n", - "ERROR: Directory \"%s\" does not exist.\n", - "ERROR: Directory \"%s\" is not readable.\n", - "ERROR: Directory \"%s\" is not writeable.\n", - "\"%s\" is not a recognized value.\n", - "ERROR: Failed to add module \"%s\".\n", - "ERROR: Failed to add module \"%s\". Probable cause : \"%s\".\n", - "ERROR: Out of memory.\n", - "ERROR: Cannot delete internal module.\n", - "ERROR: Failed to delete module \"%s\".\n", - "ERROR: Unable to obtain lock on module list.\n", - "ERROR: Unable to obtain module list.\n", - "ERROR: Module \"%s\" not found in database.\n", - "ERROR: Unable to get information about module \"%s\".\n", - "ERROR: Unable to get information about slot \"%s\".\n", - "ERROR: Unable to get information about token \"%s\".\n", - "ERROR: Token \"%s\" not found.\n", - "ERROR: Unable to change password on token \"%s\".\n", - "ERROR: Incorrect password.\n", - "ERROR: Unable to access database \"%s\".\n", - "ERROR: Unable to authenticate to token \"%s\".\n", - "ERROR: Slot \"%s\" not found.\n", - "ERROR: Failed to %s slot \"%s\".\n", - "ERROR: Failed to update module \"%s\".\n", - "ERROR: Failed to change defaults.\n", - "ERROR: Failed to change default.\n", - "ERROR: Unable to read from standard input.\n", - "ERROR: Unknown error occurred.\n", - "ERROR: -nocertdb option can only be used with the -jar command.\n" - "ERROR: NSS_Initialize() failed.\n" -}; - -typedef enum { - FIPS_ENABLED_MSG=0, - FIPS_DISABLED_MSG, - USING_DBDIR_MSG, - CREATING_DB_MSG, - ADD_MODULE_SUCCESS_MSG, - DELETE_SUCCESS_MSG, - CHANGEPW_SUCCESS_MSG, - BAD_PW_MSG, - PW_MATCH_MSG, - DONE_MSG, - ENABLE_SUCCESS_MSG, - DEFAULT_SUCCESS_MSG, - UNDEFAULT_SUCCESS_MSG, - BROWSER_RUNNING_MSG, - ABORTING_MSG, - - LAST_MSG /* must be last */ -} Message; - -static char *msgStrings[] = { - "FIPS mode enabled.\n", - "FIPS mode disabled.\n", - "Using database directory %s...\n", - "Creating \"%s\"...", - "Module \"%s\" added to database.\n", - "Module \"%s\" deleted from database.\n", - "Token \"%s\" password changed successfully.\n", - "Incorrect password, try again...\n", - "Passwords do not match, try again...\n", - "done.\n", - "Slot \"%s\" %s.\n", - "Successfully changed defaults.\n", - "Successfully changed defaults.\n", -"\nWARNING: Performing this operation while the browser is running could cause" -"\ncorruption of your security databases. If the browser is currently running," -"\nyou should exit browser before continuing this operation. Type " -"\n'q ' to abort, or to continue: ", - "\nAborting...\n" -}; - -#endif /* MODUTIL_ERROR_H */ diff --git a/security/nss/cmd/modutil/install-ds.c b/security/nss/cmd/modutil/install-ds.c deleted file mode 100644 index 2961dc3022..0000000000 --- a/security/nss/cmd/modutil/install-ds.c +++ /dev/null @@ -1,1544 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include "install-ds.h" -#include -#include -#include -#include - -#define PORT_Strcasecmp PL_strcasecmp - -#define MODULE_FILE_STRING "ModuleFile" -#define MODULE_NAME_STRING "ModuleName" -#define MECH_FLAGS_STRING "DefaultMechanismFlags" -#define CIPHER_FLAGS_STRING "DefaultCipherFlags" -#define FILES_STRING "Files" -#define FORWARD_COMPATIBLE_STRING "ForwardCompatible" -#define PLATFORMS_STRING "Platforms" -#define RELATIVE_DIR_STRING "RelativePath" -#define ABSOLUTE_DIR_STRING "AbsolutePath" -#define FILE_PERMISSIONS_STRING "FilePermissions" -#define EQUIVALENT_PLATFORM_STRING "EquivalentPlatform" -#define EXECUTABLE_STRING "Executable" - -#define DEFAULT_PERMISSIONS 0777 - -#define PLATFORM_SEPARATOR_CHAR ':' - -/* Error codes */ -enum { - BOGUS_RELATIVE_DIR=0, - BOGUS_ABSOLUTE_DIR, - BOGUS_FILE_PERMISSIONS, - NO_RELATIVE_DIR, - NO_ABSOLUTE_DIR, - EMPTY_PLATFORM_STRING, - BOGUS_PLATFORM_STRING, - REPEAT_MODULE_FILE, - REPEAT_MODULE_NAME, - BOGUS_MODULE_FILE, - BOGUS_MODULE_NAME, - REPEAT_MECH, - BOGUS_MECH_FLAGS, - REPEAT_CIPHER, - BOGUS_CIPHER_FLAGS, - REPEAT_FILES, - REPEAT_EQUIV, - BOGUS_EQUIV, - EQUIV_TOO_MUCH_INFO, - NO_FILES, - NO_MODULE_FILE, - NO_MODULE_NAME, - NO_PLATFORMS, - EQUIV_LOOP, - UNKNOWN_MODULE_FILE -}; - -/* Indexed by the above error codes */ -static const char *errString[] = { - "%s: Invalid relative directory", - "%s: Invalid absolute directory", - "%s: Invalid file permissions", - "%s: No relative directory specified", - "%s: No absolute directory specified", - "Empty string given for platform name", - "%s: invalid platform string", - "More than one ModuleFile entry given for platform %s", - "More than one ModuleName entry given for platform %s", - "Invalid ModuleFile specification for platform %s", - "Invalid ModuleName specification for platform %s", - "More than one DefaultMechanismFlags entry given for platform %s", - "Invalid DefaultMechanismFlags specification for platform %s", - "More than one DefaultCipherFlags entry given for platform %s", - "Invalid DefaultCipherFlags entry given for platform %s", - "More than one Files entry given for platform %s", - "More than one EquivalentPlatform entry given for platform %s", - "Invalid EquivalentPlatform specification for platform %s", - "Module %s uses an EquivalentPlatform but also specifies its own" - " information", - "No Files specification in module %s", - "No ModuleFile specification in module %s", - "No ModuleName specification in module %s", - "No Platforms specification in installer script", - "Platform %s has an equivalency loop", - "Module file \"%s\" in platform \"%s\" does not exist" -}; - -static char* PR_Strdup(const char* str); - -#define PAD(x) {int i; for(i=0;ijarPath=NULL; - _this->relativePath=NULL; - _this->absolutePath=NULL; - _this->executable=PR_FALSE; - _this->permissions=0; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: ~Pk11Install_File -// Class: Pk11Install_File -// Notes: Destructor. -*/ -void -Pk11Install_File_delete(Pk11Install_File* _this) -{ - Pk11Install_File_Cleanup(_this); -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Cleanup -// Class: Pk11Install_File -*/ -void -Pk11Install_File_Cleanup(Pk11Install_File* _this) -{ - if(_this->jarPath) { - PR_Free(_this->jarPath); - _this->jarPath = NULL; - } - if(_this->relativePath) { - PR_Free(_this->relativePath); - _this->relativePath = NULL; - } - if(_this->absolutePath) { - PR_Free(_this->absolutePath); - _this->absolutePath = NULL; - } - - _this->permissions = 0; - _this->executable = PR_FALSE; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Generate -// Class: Pk11Install_File -// Notes: Creates a file data structure from a syntax tree. -// Returns: NULL for success, otherwise an error message. -*/ -char* -Pk11Install_File_Generate(Pk11Install_File* _this, - const Pk11Install_Pair *pair) -{ - Pk11Install_ListIter *iter; - Pk11Install_Value *val; - Pk11Install_Pair *subpair; - Pk11Install_ListIter *subiter; - Pk11Install_Value *subval; - char* errStr; - char *endp; - PRBool gotPerms; - - iter=NULL; - subiter=NULL; - errStr=NULL; - gotPerms=PR_FALSE; - - /* Clear out old values */ - Pk11Install_File_Cleanup(_this); - - _this->jarPath = PR_Strdup(pair->key); - - /* Go through all the pairs under this file heading */ - iter = Pk11Install_ListIter_new(pair->list); - for( ; (val = iter->current); Pk11Install_ListIter_nextItem(iter)) { - if(val->type == PAIR_VALUE) { - subpair = val->pair; - - /* Relative directory */ - if(!PORT_Strcasecmp(subpair->key, RELATIVE_DIR_STRING)) { - subiter = Pk11Install_ListIter_new(subpair->list); - subval = subiter->current; - if(!subval || (subval->type != STRING_VALUE)){ - errStr = PR_smprintf(errString[BOGUS_RELATIVE_DIR], - _this->jarPath); - goto loser; - } - _this->relativePath = PR_Strdup(subval->string); - Pk11Install_ListIter_delete(subiter); - subiter = NULL; - - /* Absolute directory */ - } else if( !PORT_Strcasecmp(subpair->key, ABSOLUTE_DIR_STRING)) { - subiter = Pk11Install_ListIter_new(subpair->list); - subval = subiter->current; - if(!subval || (subval->type != STRING_VALUE)){ - errStr = PR_smprintf(errString[BOGUS_ABSOLUTE_DIR], - _this->jarPath); - goto loser; - } - _this->absolutePath = PR_Strdup(subval->string); - Pk11Install_ListIter_delete(subiter); - subiter = NULL; - - /* file permissions */ - } else if( !PORT_Strcasecmp(subpair->key, - FILE_PERMISSIONS_STRING)) { - subiter = Pk11Install_ListIter_new(subpair->list); - subval = subiter->current; - if(!subval || (subval->type != STRING_VALUE)){ - errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS], - _this->jarPath); - goto loser; - } - _this->permissions = (int) strtol(subval->string, &endp, 8); - if(*endp != '\0' || subval->string == "\0") { - errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS], - _this->jarPath); - goto loser; - } - gotPerms = PR_TRUE; - Pk11Install_ListIter_delete(subiter); - subiter = NULL; - } - } else { - if(!PORT_Strcasecmp(val->string, EXECUTABLE_STRING)) { - _this->executable = PR_TRUE; - } - } - } - - /* Default permission value */ - if(!gotPerms) { - _this->permissions = DEFAULT_PERMISSIONS; - } - - /* Make sure we got all the information */ - if(!_this->relativePath && !_this->absolutePath) { - errStr = PR_smprintf(errString[NO_ABSOLUTE_DIR], _this->jarPath); - goto loser; - } -#if 0 - if(!_this->relativePath ) { - errStr = PR_smprintf(errString[NO_RELATIVE_DIR], _this->jarPath); - goto loser; - } - if(!_this->absolutePath) { - errStr = PR_smprintf(errString[NO_ABSOLUTE_DIR], _this->jarPath); - goto loser; - } -#endif - -loser: - if(iter) { - Pk11Install_ListIter_delete(iter); - PR_Free(iter); - } - if(subiter) { - Pk11Install_ListIter_delete(subiter); - PR_Free(subiter); - } - return errStr; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Print -// Class: Pk11Install_File -*/ -void -Pk11Install_File_Print(Pk11Install_File* _this, int pad) -{ - PAD(pad); printf("jarPath: %s\n", - _this->jarPath ? _this->jarPath : ""); - PAD(pad); printf("relativePath: %s\n", - _this->relativePath ? _this->relativePath: ""); - PAD(pad); printf("absolutePath: %s\n", - _this->absolutePath ? _this->absolutePath: ""); - PAD(pad); printf("permissions: %o\n", _this->permissions); -} - -Pk11Install_PlatformName* -Pk11Install_PlatformName_new() -{ - Pk11Install_PlatformName* new_this; - new_this = (Pk11Install_PlatformName*) - PR_Malloc(sizeof(Pk11Install_PlatformName)); - Pk11Install_PlatformName_init(new_this); - return new_this; -} - -void -Pk11Install_PlatformName_init(Pk11Install_PlatformName* _this) -{ - _this->OS = NULL; - _this->verString = NULL; - _this->numDigits = 0; - _this->arch = NULL; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: ~Pk11Install_PlatformName -// Class: Pk11Install_PlatformName -*/ -void -Pk11Install_PlatformName_delete(Pk11Install_PlatformName* _this) -{ - Pk11Install_PlatformName_Cleanup(_this); -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Cleanup -// Class: Pk11Install_PlatformName -*/ -void -Pk11Install_PlatformName_Cleanup(Pk11Install_PlatformName* _this) -{ - if(_this->OS) { - PR_Free(_this->OS); - _this->OS = NULL; - } - if(_this->verString) { - int i; - for (i=0; i<_this->numDigits; i++) { - PR_Free(_this->verString[i]); - } - PR_Free(_this->verString); - _this->verString = NULL; - } - if(_this->arch) { - PR_Free(_this->arch); - _this->arch = NULL; - } - _this->numDigits = 0; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Generate -// Class: Pk11Install_PlatformName -// Notes: Extracts the information from a platform string. -*/ -char* -Pk11Install_PlatformName_Generate(Pk11Install_PlatformName* _this, - const char *str) -{ - char *errStr; - char *copy; - char *end, *start; /* start and end of a section (OS, version, arch)*/ - char *pend, *pstart; /* start and end of one portion of version*/ - char *endp; /* used by strtol*/ - int periods, i; - - errStr=NULL; - copy=NULL; - - if(!str) { - errStr = PR_smprintf(errString[EMPTY_PLATFORM_STRING]); - goto loser; - } - copy = PR_Strdup(str); - - /* - // Get the OS - */ - end = strchr(copy, PLATFORM_SEPARATOR_CHAR); - if(!end || end==copy) { - errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str); - goto loser; - } - *end = '\0'; - - _this->OS = PR_Strdup(copy); - - /* - // Get the digits of the version of form: x.x.x (arbitrary number of digits) - */ - - start = end+1; - end = strchr(start, PLATFORM_SEPARATOR_CHAR); - if(!end) { - errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str); - goto loser; - } - *end = '\0'; - - if(end!=start) { - /* Find out how many periods*/ - periods = 0; - pstart = start; - while( (pend=strchr(pstart, '.')) ) { - periods++; - pstart = pend+1; - } - _this->numDigits= 1+ periods; - _this->verString = (char**)PR_Malloc(sizeof(char*)*_this->numDigits); - - pstart = start; - i = 0; - /* Get the digits before each period*/ - while( (pend=strchr(pstart, '.')) ) { - if(pend == pstart) { - errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str); - goto loser; - } - *pend = '\0'; - _this->verString[i] = PR_Strdup(pstart); - endp = pend; - if(endp==pstart || (*endp != '\0')) { - errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str); - goto loser; - } - pstart = pend+1; - i++; - } - /* Last digit comes after the last period*/ - if(*pstart == '\0') { - errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str); - goto loser; - } - _this->verString[i] = PR_Strdup(pstart); - /* - if(endp==pstart || (*endp != '\0')) { - errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str); - goto loser; - } - */ - } else { - _this->verString = NULL; - _this->numDigits = 0; - } - - /* - // Get the architecture - */ - start = end+1; - if( strchr(start, PLATFORM_SEPARATOR_CHAR) ) { - errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str); - goto loser; - } - _this->arch = PR_Strdup(start); - - if(copy) { - PR_Free(copy); - } - return NULL; -loser: - if(_this->OS) { - PR_Free(_this->OS); - _this->OS = NULL; - } - if(_this->verString) { - for (i=0; i<_this->numDigits; i++) { - PR_Free(_this->verString[i]); - } - PR_Free(_this->verString); - _this->verString = NULL; - } - _this->numDigits = 0; - if(_this->arch) { - PR_Free(_this->arch); - _this->arch = NULL; - } - - return errStr; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: operator == -// Class: Pk11Install_PlatformName -// Returns: PR_TRUE if the platform have the same OS, arch, and version -*/ -PRBool -Pk11Install_PlatformName_equal(Pk11Install_PlatformName* _this, - Pk11Install_PlatformName* cmp) -{ - int i; - - if(!_this->OS || !_this->arch || !cmp->OS || !cmp->arch) { - return PR_FALSE; - } - - if( PORT_Strcasecmp(_this->OS, cmp->OS) || - PORT_Strcasecmp(_this->arch, cmp->arch) || - _this->numDigits != cmp->numDigits ) { - return PR_FALSE; - } - - for(i=0; i < _this->numDigits; i++) { - if(PORT_Strcasecmp(_this->verString[i], cmp->verString[i])) { - return PR_FALSE; - } - } - return PR_TRUE; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: operator <= -// Class: Pk11Install_PlatformName -// Returns: PR_TRUE if the platform have the same OS and arch and a lower -// or equal release. -*/ -PRBool -Pk11Install_PlatformName_lteq(Pk11Install_PlatformName* _this, - Pk11Install_PlatformName* cmp) -{ - return (Pk11Install_PlatformName_equal(_this,cmp) || - Pk11Install_PlatformName_lt(_this,cmp)) ? PR_TRUE : PR_FALSE; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: operator < -// Class: Pk11Install_PlatformName -// Returns: PR_TRUE if the platform have the same OS and arch and a greater -// release. -*/ -PRBool -Pk11Install_PlatformName_lt(Pk11Install_PlatformName* _this, - Pk11Install_PlatformName* cmp) -{ - int i, scmp; - - if(!_this->OS || !_this->arch || !cmp->OS || !cmp->arch) { - return PR_FALSE; - } - - if( PORT_Strcasecmp(_this->OS, cmp->OS) ) { - return PR_FALSE; - } - if( PORT_Strcasecmp(_this->arch, cmp->arch) ) { - return PR_FALSE; - } - - for(i=0; (i < _this->numDigits) && (i < cmp->numDigits); i++) { - scmp = PORT_Strcasecmp(_this->verString[i], cmp->verString[i]); - if (scmp > 0) { - return PR_FALSE; - } else if (scmp < 0) { - return PR_TRUE; - } - } - /* All the digits they have in common are the same. */ - if(_this->numDigits < cmp->numDigits) { - return PR_TRUE; - } - - return PR_FALSE; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: GetString -// Class: Pk11Install_PlatformName -// Returns: String composed of OS, release, and architecture separated -// by the separator char. Memory is allocated by this function -// but is the responsibility of the caller to de-allocate. -*/ -char* -Pk11Install_PlatformName_GetString(Pk11Install_PlatformName* _this) -{ - char *ret; - char *ver; - char *OS_; - char *arch_; - - OS_=NULL; - arch_=NULL; - - OS_ = _this->OS ? _this->OS : ""; - arch_ = _this->arch ? _this->arch : ""; - - ver = Pk11Install_PlatformName_GetVerString(_this); - ret = PR_smprintf("%s%c%s%c%s", OS_, PLATFORM_SEPARATOR_CHAR, ver, - PLATFORM_SEPARATOR_CHAR, arch_); - - PR_Free(ver); - - return ret; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: GetVerString -// Class: Pk11Install_PlatformName -// Returns: The version string for this platform, in the form x.x.x with an -// arbitrary number of digits. Memory allocated by function, -// must be de-allocated by caller. -*/ -char* -Pk11Install_PlatformName_GetVerString(Pk11Install_PlatformName* _this) -{ - char *tmp; - char *ret; - int i; - char buf[80]; - - tmp = (char*)PR_Malloc(80*_this->numDigits+1); - tmp[0] = '\0'; - - for(i=0; i < _this->numDigits-1; i++) { - sprintf(buf, "%s.", _this->verString[i]); - strcat(tmp, buf); - } - if(i < _this->numDigits) { - sprintf(buf, "%s", _this->verString[i]); - strcat(tmp, buf); - } - - ret = PR_Strdup(tmp); - free(tmp); - - return ret; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Print -// Class: Pk11Install_PlatformName -*/ -void -Pk11Install_PlatformName_Print(Pk11Install_PlatformName* _this, int pad) -{ - PAD(pad); printf("OS: %s\n", _this->OS ? _this->OS : ""); - PAD(pad); printf("Digits: "); - if(_this->numDigits == 0) { - printf("None\n"); - } else { - printf("%s\n", Pk11Install_PlatformName_GetVerString(_this)); - } - PAD(pad); printf("arch: %s\n", _this->arch ? _this->arch : ""); -} - -Pk11Install_Platform* -Pk11Install_Platform_new() -{ - Pk11Install_Platform* new_this; - new_this = (Pk11Install_Platform*)PR_Malloc(sizeof(Pk11Install_Platform)); - Pk11Install_Platform_init(new_this); - return new_this; -} - -void -Pk11Install_Platform_init(Pk11Install_Platform* _this) -{ - Pk11Install_PlatformName_init(&_this->name); - Pk11Install_PlatformName_init(&_this->equivName); - _this->equiv = NULL; - _this->usesEquiv = PR_FALSE; - _this->moduleFile = NULL; - _this->moduleName = NULL; - _this->modFile = -1; - _this->mechFlags = 0; - _this->cipherFlags = 0; - _this->files = NULL; - _this->numFiles = 0; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: ~Pk11Install_Platform -// Class: Pk11Install_Platform -*/ -void -Pk11Install_Platform_delete(Pk11Install_Platform* _this) -{ - Pk11Install_Platform_Cleanup(_this); -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Cleanup -// Class: Pk11Install_Platform -*/ -void -Pk11Install_Platform_Cleanup(Pk11Install_Platform* _this) -{ - int i; - if(_this->moduleFile) { - PR_Free(_this->moduleFile); - _this->moduleFile = NULL; - } - if(_this->moduleName) { - PR_Free(_this->moduleName); - _this->moduleName = NULL; - } - if(_this->files) { - for (i=0;i<_this->numFiles;i++) { - Pk11Install_File_delete(&_this->files[i]); - } - PR_Free(_this->files); - _this->files = NULL; - } - _this->equiv = NULL; - _this->usesEquiv = PR_FALSE; - _this->modFile = -1; - _this->numFiles = 0; - _this->mechFlags = _this->cipherFlags = 0; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Generate -// Class: Pk11Install_Platform -// Notes: Creates a platform data structure from a syntax tree. -// Returns: NULL for success, otherwise an error message. -*/ -char* -Pk11Install_Platform_Generate(Pk11Install_Platform* _this, - const Pk11Install_Pair *pair) -{ - char* errStr; - char* endptr; - char* tmp; - int i; - Pk11Install_ListIter *iter; - Pk11Install_Value *val; - Pk11Install_Value *subval; - Pk11Install_Pair *subpair; - Pk11Install_ListIter *subiter; - PRBool gotModuleFile, gotModuleName, gotMech, - gotCipher, gotFiles, gotEquiv; - - errStr=NULL; - iter=subiter=NULL; - val=subval=NULL; - subpair=NULL; - gotModuleFile=gotModuleName=gotMech=gotCipher=gotFiles=gotEquiv=PR_FALSE; - Pk11Install_Platform_Cleanup(_this); - - errStr = Pk11Install_PlatformName_Generate(&_this->name,pair->key); - if(errStr) { - tmp = PR_smprintf("%s: %s", pair->key, errStr); - PR_smprintf_free(errStr); - errStr = tmp; - goto loser; - } - - iter = Pk11Install_ListIter_new(pair->list); - for( ; (val=iter->current); Pk11Install_ListIter_nextItem(iter)) { - if(val->type==PAIR_VALUE) { - subpair = val->pair; - - if( !PORT_Strcasecmp(subpair->key, MODULE_FILE_STRING)) { - if(gotModuleFile) { - errStr = PR_smprintf(errString[REPEAT_MODULE_FILE], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - subiter = Pk11Install_ListIter_new(subpair->list); - subval = subiter->current; - if(!subval || (subval->type != STRING_VALUE)) { - errStr = PR_smprintf(errString[BOGUS_MODULE_FILE], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - _this->moduleFile = PR_Strdup(subval->string); - Pk11Install_ListIter_delete(subiter); - PR_Free(subiter); - subiter = NULL; - gotModuleFile = PR_TRUE; - } else if(!PORT_Strcasecmp(subpair->key, MODULE_NAME_STRING)){ - if(gotModuleName) { - errStr = PR_smprintf(errString[REPEAT_MODULE_NAME], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - subiter = Pk11Install_ListIter_new(subpair->list); - subval = subiter->current; - if(!subval || (subval->type != STRING_VALUE)) { - errStr = PR_smprintf(errString[BOGUS_MODULE_NAME], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - _this->moduleName = PR_Strdup(subval->string); - Pk11Install_ListIter_delete(subiter); - PR_Free(subiter); - subiter = NULL; - gotModuleName = PR_TRUE; - } else if(!PORT_Strcasecmp(subpair->key, MECH_FLAGS_STRING)) { - endptr=NULL; - - if(gotMech) { - errStr = PR_smprintf(errString[REPEAT_MECH], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - subiter = Pk11Install_ListIter_new(subpair->list); - subval = subiter->current; - if(!subval || (subval->type != STRING_VALUE)) { - errStr = PR_smprintf(errString[BOGUS_MECH_FLAGS], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - _this->mechFlags = strtol(subval->string, &endptr, 0); - if(*endptr!='\0' || (endptr==subval->string) ) { - errStr = PR_smprintf(errString[BOGUS_MECH_FLAGS], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - Pk11Install_ListIter_delete(subiter); - PR_Free(subiter); - subiter=NULL; - gotMech = PR_TRUE; - } else if(!PORT_Strcasecmp(subpair->key,CIPHER_FLAGS_STRING)) { - endptr=NULL; - - if(gotCipher) { - errStr = PR_smprintf(errString[REPEAT_CIPHER], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - subiter = Pk11Install_ListIter_new(subpair->list); - subval = subiter->current; - if(!subval || (subval->type != STRING_VALUE)) { - errStr = PR_smprintf(errString[BOGUS_CIPHER_FLAGS], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - _this->cipherFlags = strtol(subval->string, &endptr, 0); - if(*endptr!='\0' || (endptr==subval->string) ) { - errStr = PR_smprintf(errString[BOGUS_CIPHER_FLAGS], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - Pk11Install_ListIter_delete(subiter); - PR_Free(subiter); - subiter=NULL; - gotCipher = PR_TRUE; - } else if(!PORT_Strcasecmp(subpair->key, FILES_STRING)) { - if(gotFiles) { - errStr = PR_smprintf(errString[REPEAT_FILES], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - subiter = Pk11Install_ListIter_new(subpair->list); - _this->numFiles = subpair->list->numPairs; - _this->files = (Pk11Install_File*) - PR_Malloc(sizeof(Pk11Install_File)*_this->numFiles); - for(i=0; i < _this->numFiles; i++, - Pk11Install_ListIter_nextItem(subiter)) { - Pk11Install_File_init(&_this->files[i]); - val = subiter->current; - if(val && (val->type==PAIR_VALUE)) { - errStr = Pk11Install_File_Generate(&_this->files[i],val->pair); - if(errStr) { - tmp = PR_smprintf("%s: %s", - Pk11Install_PlatformName_GetString(&_this->name),errStr); - PR_smprintf_free(errStr); - errStr = tmp; - goto loser; - } - } - } - gotFiles = PR_TRUE; - } else if(!PORT_Strcasecmp(subpair->key, - EQUIVALENT_PLATFORM_STRING)) { - if(gotEquiv) { - errStr = PR_smprintf(errString[REPEAT_EQUIV], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - subiter = Pk11Install_ListIter_new(subpair->list); - subval = subiter->current; - if(!subval || (subval->type != STRING_VALUE) ) { - errStr = PR_smprintf(errString[BOGUS_EQUIV], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - errStr = Pk11Install_PlatformName_Generate(&_this->equivName, - subval->string); - if(errStr) { - tmp = PR_smprintf("%s: %s", - Pk11Install_PlatformName_GetString(&_this->name), errStr); - tmp = PR_smprintf("%s: %s", - Pk11Install_PlatformName_GetString(&_this->name), errStr); - PR_smprintf_free(errStr); - errStr = tmp; - goto loser; - } - _this->usesEquiv = PR_TRUE; - } - } - } - - /* Make sure we either have an EquivalentPlatform or all the other info */ - if(_this->usesEquiv && - (gotFiles || gotModuleFile || gotModuleName || gotMech || gotCipher)) { - errStr = PR_smprintf(errString[EQUIV_TOO_MUCH_INFO], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - if(!gotFiles && !_this->usesEquiv) { - errStr = PR_smprintf(errString[NO_FILES], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - if(!gotModuleFile && !_this->usesEquiv) { - errStr= PR_smprintf(errString[NO_MODULE_FILE], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - if(!gotModuleName && !_this->usesEquiv) { - errStr = PR_smprintf(errString[NO_MODULE_NAME], - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - - /* Point the modFile pointer to the correct file */ - if(gotModuleFile) { - for(i=0; i < _this->numFiles; i++) { - if(!PORT_Strcasecmp(_this->moduleFile, _this->files[i].jarPath) ) { - _this->modFile = i; - break; - } - } - if(_this->modFile==-1) { - errStr = PR_smprintf(errString[UNKNOWN_MODULE_FILE], - _this->moduleFile, - Pk11Install_PlatformName_GetString(&_this->name)); - goto loser; - } - } - -loser: - if(iter) { - PR_Free(iter); - } - if(subiter) { - PR_Free(subiter); - } - return errStr; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Print -// Class: Pk11Install_Platform -*/ -void -Pk11Install_Platform_Print(Pk11Install_Platform* _this, int pad) -{ - int i; - - PAD(pad); printf("Name:\n"); - Pk11Install_PlatformName_Print(&_this->name,pad+PADINC); - PAD(pad); printf("equivName:\n"); - Pk11Install_PlatformName_Print(&_this->equivName,pad+PADINC); - PAD(pad); - if(_this->usesEquiv) { - printf("Uses equiv, which points to:\n"); - Pk11Install_Platform_Print(_this->equiv,pad+PADINC); - } else { - printf("Doesn't use equiv\n"); - } - PAD(pad); - printf("Module File: %s\n", _this->moduleFile ? _this->moduleFile - : ""); - PAD(pad); printf("mechFlags: %lx\n", _this->mechFlags); - PAD(pad); printf("cipherFlags: %lx\n", _this->cipherFlags); - PAD(pad); printf("Files:\n"); - for(i=0; i < _this->numFiles; i++) { - Pk11Install_File_Print(&_this->files[i],pad+PADINC); - PAD(pad); printf("--------------------\n"); - } -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Pk11Install_Info -// Class: Pk11Install_Info -*/ -Pk11Install_Info* -Pk11Install_Info_new() -{ - Pk11Install_Info* new_this; - new_this = (Pk11Install_Info*)PR_Malloc(sizeof(Pk11Install_Info)); - Pk11Install_Info_init(new_this); - return new_this; -} - -void -Pk11Install_Info_init(Pk11Install_Info* _this) -{ - _this->platforms = NULL; - _this->numPlatforms = 0; - _this->forwardCompatible = NULL; - _this->numForwardCompatible = 0; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: ~Pk11Install_Info -// Class: Pk11Install_Info -*/ -void -Pk11Install_Info_delete(Pk11Install_Info* _this) -{ - Pk11Install_Info_Cleanup(_this); -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Cleanup -// Class: Pk11Install_Info -*/ -void -Pk11Install_Info_Cleanup(Pk11Install_Info* _this) -{ - int i; - if(_this->platforms) { - for (i=0;i<_this->numPlatforms;i++) { - Pk11Install_Platform_delete(&_this->platforms[i]); - } - PR_Free(&_this->platforms); - _this->platforms = NULL; - _this->numPlatforms = 0; - } - - if(_this->forwardCompatible) { - for (i=0;i<_this->numForwardCompatible;i++) { - Pk11Install_PlatformName_delete(&_this->forwardCompatible[i]); - } - PR_Free(&_this->forwardCompatible); - _this->numForwardCompatible = 0; - } -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Generate -// Class: Pk11Install_Info -// Takes: Pk11Install_ValueList *list, the top-level list -// resulting from parsing an installer file. -// Returns: char*, NULL if successful, otherwise an error string. -// Caller is responsible for freeing memory. -*/ -char* -Pk11Install_Info_Generate(Pk11Install_Info* _this, - const Pk11Install_ValueList *list) -{ - char *errStr; - Pk11Install_ListIter *iter; - Pk11Install_Value *val; - Pk11Install_Pair *pair; - Pk11Install_ListIter *subiter; - Pk11Install_Value *subval; - Pk11Install_Platform *first, *second; - int i, j; - - errStr=NULL; - iter=subiter=NULL; - Pk11Install_Info_Cleanup(_this); - - iter = Pk11Install_ListIter_new(list); - for( ; (val=iter->current); Pk11Install_ListIter_nextItem(iter)) { - if(val->type == PAIR_VALUE) { - pair = val->pair; - - if(!PORT_Strcasecmp(pair->key, FORWARD_COMPATIBLE_STRING)) { - subiter = Pk11Install_ListIter_new(pair->list); - _this->numForwardCompatible = pair->list->numStrings; - _this->forwardCompatible = (Pk11Install_PlatformName*) - PR_Malloc(sizeof(Pk11Install_PlatformName)* - _this->numForwardCompatible); - for(i=0; i < _this->numForwardCompatible; i++, - Pk11Install_ListIter_nextItem(subiter)) { - subval = subiter->current; - if(subval->type == STRING_VALUE) { - errStr = Pk11Install_PlatformName_Generate( - &_this->forwardCompatible[i], subval->string); - if(errStr) { - goto loser; - } - } - } - Pk11Install_ListIter_delete(subiter); - PR_Free(subiter); - subiter = NULL; - } else if(!PORT_Strcasecmp(pair->key, PLATFORMS_STRING)) { - subiter = Pk11Install_ListIter_new(pair->list); - _this->numPlatforms = pair->list->numPairs; - _this->platforms = (Pk11Install_Platform*) - PR_Malloc(sizeof(Pk11Install_Platform)* - _this->numPlatforms); - for(i=0; i < _this->numPlatforms; i++, - Pk11Install_ListIter_nextItem(subiter)) { - Pk11Install_Platform_init(&_this->platforms[i]); - subval = subiter->current; - if(subval->type == PAIR_VALUE) { - errStr = Pk11Install_Platform_Generate(&_this->platforms[i],subval->pair); - if(errStr) { - goto loser; - } - } - } - Pk11Install_ListIter_delete(subiter); - PR_Free(subiter); - subiter = NULL; - } - } - } - - if(_this->numPlatforms == 0) { - errStr = PR_smprintf(errString[NO_PLATFORMS]); - goto loser; - } - -/* - // - // Now process equivalent platforms - // - - // First the naive pass -*/ - for(i=0; i < _this->numPlatforms; i++) { - if(_this->platforms[i].usesEquiv) { - _this->platforms[i].equiv = NULL; - for(j=0; j < _this->numPlatforms; j++) { - if (Pk11Install_PlatformName_equal(&_this->platforms[i].equivName, - &_this->platforms[j].name)) { - if(i==j) { - errStr = PR_smprintf(errString[EQUIV_LOOP], - Pk11Install_PlatformName_GetString(&_this->platforms[i].name)); - goto loser; - } - _this->platforms[i].equiv = &_this->platforms[j]; - break; - } - } - if(_this->platforms[i].equiv == NULL) { - errStr = PR_smprintf(errString[BOGUS_EQUIV], - Pk11Install_PlatformName_GetString(&_this->platforms[i].name)); - goto loser; - } - } - } - -/* - // Now the intelligent pass, which will also detect loops. - // We will send two pointers through the linked list of equivalent - // platforms. Both start with the current node. "first" traverses - // two nodes for each iteration. "second" lags behind, only traversing - // one node per iteration. Eventually one of two things will happen: - // first will hit the end of the list (a platform that doesn't use - // an equivalency), or first will equal second if there is a loop. -*/ - for(i=0; i < _this->numPlatforms; i++) { - if(_this->platforms[i].usesEquiv) { - second = _this->platforms[i].equiv; - if(!second->usesEquiv) { - /* The first link is the terminal node */ - continue; - } - first = second->equiv; - while(first->usesEquiv) { - if(first == second) { - errStr = PR_smprintf(errString[EQUIV_LOOP], - Pk11Install_PlatformName_GetString(&_this->platforms[i].name)); - goto loser; - } - first = first->equiv; - if(!first->usesEquiv) { - break; - } - if(first == second) { - errStr = PR_smprintf(errString[EQUIV_LOOP], - Pk11Install_PlatformName_GetString(&_this->platforms[i].name)); - goto loser; - } - second = second->equiv; - first = first->equiv; - } - _this->platforms[i].equiv = first; - } - } - -loser: - if(iter) { - Pk11Install_ListIter_delete(iter); - PR_Free(iter); - iter = NULL; - } - if(subiter) { - Pk11Install_ListIter_delete(subiter); - PR_Free(subiter); - subiter = NULL; - } - return errStr; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: GetBestPlatform -// Class: Pk11Install_Info -// Takes: char *myPlatform, the platform we are currently running -// on. -*/ -Pk11Install_Platform* -Pk11Install_Info_GetBestPlatform(Pk11Install_Info* _this, char *myPlatform) -{ - Pk11Install_PlatformName plat; - char *errStr; - int i, j; - - errStr=NULL; - - Pk11Install_PlatformName_init(&plat); - if( (errStr=Pk11Install_PlatformName_Generate(&plat, myPlatform)) ) { - PR_smprintf_free(errStr); - return NULL; - } - - /* First try real platforms */ - for(i=0; i < _this->numPlatforms; i++) { - if(Pk11Install_PlatformName_equal(&_this->platforms[i].name,&plat)) { - if(_this->platforms[i].equiv) { - return _this->platforms[i].equiv; - } - else { - return &_this->platforms[i]; - } - } - } - - /* Now try forward compatible platforms */ - for(i=0; i < _this->numForwardCompatible; i++) { - if(Pk11Install_PlatformName_lteq(&_this->forwardCompatible[i],&plat)) { - break; - } - } - if(i == _this->numForwardCompatible) { - return NULL; - } - - /* Got a forward compatible name, find the actual platform. */ - for(j=0; j < _this->numPlatforms; j++) { - if(Pk11Install_PlatformName_equal(&_this->platforms[j].name, - &_this->forwardCompatible[i])) { - if(_this->platforms[j].equiv) { - return _this->platforms[j].equiv; - } else { - return &_this->platforms[j]; - } - } - } - - return NULL; -} - -/* -////////////////////////////////////////////////////////////////////////// -// Method: Print -// Class: Pk11Install_Info -*/ -void -Pk11Install_Info_Print(Pk11Install_Info* _this, int pad) -{ - int i; - - PAD(pad); printf("Forward Compatible:\n"); - for(i = 0; i < _this->numForwardCompatible; i++) { - Pk11Install_PlatformName_Print(&_this->forwardCompatible[i],pad+PADINC); - PAD(pad); printf("-------------------\n"); - } - PAD(pad); printf("Platforms:\n"); - for( i = 0; i < _this->numPlatforms; i++) { - Pk11Install_Platform_Print(&_this->platforms[i],pad+PADINC); - PAD(pad); printf("-------------------\n"); - } -} - -/* -////////////////////////////////////////////////////////////////////////// -*/ -static char* -PR_Strdup(const char* str) -{ - char *tmp; - tmp = (char*) PR_Malloc((unsigned int)(strlen(str)+1)); - strcpy(tmp, str); - return tmp; -} - -/* The global value list, the top of the tree */ -Pk11Install_ValueList* Pk11Install_valueList=NULL; - -/****************************************************************************/ -void -Pk11Install_ValueList_AddItem(Pk11Install_ValueList* _this, - Pk11Install_Value *item) -{ - _this->numItems++; - if (item->type == STRING_VALUE) { - _this->numStrings++; - } else { - _this->numPairs++; - } - item->next = _this->head; - _this->head = item; -} - -/****************************************************************************/ -Pk11Install_ListIter* -Pk11Install_ListIter_new_default() -{ - Pk11Install_ListIter* new_this; - new_this = (Pk11Install_ListIter*) - PR_Malloc(sizeof(Pk11Install_ListIter)); - Pk11Install_ListIter_init(new_this); - return new_this; -} - -/****************************************************************************/ -void -Pk11Install_ListIter_init(Pk11Install_ListIter* _this) -{ - _this->list = NULL; - _this->current = NULL; -} - -/****************************************************************************/ -Pk11Install_ListIter* -Pk11Install_ListIter_new(const Pk11Install_ValueList *_list) -{ - Pk11Install_ListIter* new_this; - new_this = (Pk11Install_ListIter*) - PR_Malloc(sizeof(Pk11Install_ListIter)); - new_this->list = _list; - new_this->current = _list->head; - return new_this; -} - -/****************************************************************************/ -void -Pk11Install_ListIter_delete(Pk11Install_ListIter* _this) -{ - _this->list=NULL; - _this->current=NULL; -} - -/****************************************************************************/ -void -Pk11Install_ListIter_reset(Pk11Install_ListIter* _this) -{ - if(_this->list) { - _this->current = _this->list->head; - } -} - -/*************************************************************************/ -Pk11Install_Value* -Pk11Install_ListIter_nextItem(Pk11Install_ListIter* _this) -{ - if(_this->current) { - _this->current = _this->current->next; - } - - return _this->current; -} - -/****************************************************************************/ -Pk11Install_ValueList* -Pk11Install_ValueList_new() -{ - Pk11Install_ValueList* new_this; - new_this = (Pk11Install_ValueList*) - PR_Malloc(sizeof(Pk11Install_ValueList)); - new_this->numItems = 0; - new_this->numPairs = 0; - new_this->numStrings = 0; - new_this->head = NULL; - return new_this; -} - -/****************************************************************************/ -void -Pk11Install_ValueList_delete(Pk11Install_ValueList* _this) -{ - - Pk11Install_Value *tmp; - Pk11Install_Value *list; - list = _this->head; - - while(list != NULL) { - tmp = list; - list = list->next; - PR_Free(tmp); - } - PR_Free(_this); -} - -/****************************************************************************/ -Pk11Install_Value* -Pk11Install_Value_new_default() -{ - Pk11Install_Value* new_this; - new_this = (Pk11Install_Value*)PR_Malloc(sizeof(Pk11Install_Value)); - new_this->type = STRING_VALUE; - new_this->string = NULL; - new_this->pair = NULL; - new_this->next = NULL; - return new_this; -} - -/****************************************************************************/ -Pk11Install_Value* -Pk11Install_Value_new(ValueType _type, Pk11Install_Pointer ptr) -{ - Pk11Install_Value* new_this; - new_this = Pk11Install_Value_new_default(); - new_this->type = _type; - if(_type == STRING_VALUE) { - new_this->pair = NULL; - new_this->string = ptr.string; - } else { - new_this->string = NULL; - new_this->pair = ptr.pair; - } - return new_this; -} - -/****************************************************************************/ -void -Pk11Install_Value_delete(Pk11Install_Value* _this) -{ - if(_this->type == STRING_VALUE) { - PR_Free(_this->string); - } else { - PR_Free(_this->pair); - } -} - -/****************************************************************************/ -Pk11Install_Pair* -Pk11Install_Pair_new_default() -{ - return Pk11Install_Pair_new(NULL,NULL); -} - -/****************************************************************************/ -Pk11Install_Pair* -Pk11Install_Pair_new(char *_key, Pk11Install_ValueList *_list) -{ - Pk11Install_Pair* new_this; - new_this = (Pk11Install_Pair*)PR_Malloc(sizeof(Pk11Install_Pair)); - new_this->key = _key; - new_this->list = _list; - return new_this; -} - -/****************************************************************************/ -void -Pk11Install_Pair_delete(Pk11Install_Pair* _this) -{ - PR_Free(_this->key); - Pk11Install_ValueList_delete(_this->list); - PR_Free(_this->list); -} - -/*************************************************************************/ -void -Pk11Install_Pair_Print(Pk11Install_Pair* _this, int pad) -{ - while (_this) { - /*PAD(pad); printf("**Pair\n"); - PAD(pad); printf("***Key====\n");*/ - PAD(pad); printf("%s {\n", _this->key); - /*PAD(pad); printf("====\n");*/ - /*PAD(pad); printf("***ValueList\n");*/ - Pk11Install_ValueList_Print(_this->list,pad+PADINC); - PAD(pad); printf("}\n"); - } -} - -/*************************************************************************/ -void -Pk11Install_ValueList_Print(Pk11Install_ValueList* _this, int pad) -{ - Pk11Install_Value *v; - - /*PAD(pad);printf("**Value List**\n");*/ - for(v = _this->head; v != NULL; v=v->next) { - Pk11Install_Value_Print(v,pad); - } -} - -/*************************************************************************/ -void -Pk11Install_Value_Print(Pk11Install_Value* _this, int pad) -{ - /*PAD(pad); printf("**Value, type=%s\n", - type==STRING_VALUE ? "string" : "pair");*/ - if(_this->type==STRING_VALUE) { - /*PAD(pad+PADINC); printf("====\n");*/ - PAD(pad); printf("%s\n", _this->string); - /*PAD(pad+PADINC); printf("====\n");*/ - } else { - Pk11Install_Pair_Print(_this->pair,pad+PADINC); - } -} diff --git a/security/nss/cmd/modutil/install-ds.h b/security/nss/cmd/modutil/install-ds.h deleted file mode 100644 index 9af6144377..0000000000 --- a/security/nss/cmd/modutil/install-ds.h +++ /dev/null @@ -1,293 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#ifndef INSTALL_DS_H -#define INSTALL_DS_H - -#include -#include -#include - -extern PRFileDesc *Pk11Install_FD; -extern int Pk11Install_yylex(); -extern int Pk11Install_yylinenum; -extern char *Pk11Install_yyerrstr; - -typedef enum { STRING_VALUE, PAIR_VALUE } ValueType; - -typedef struct Pk11Install_Pair_str Pk11Install_Pair; -typedef union Pk11Install_Pointer_str Pk11Install_Pointer; -typedef struct Pk11Install_Value_str Pk11Install_Value; -typedef struct Pk11Install_ValueList_str Pk11Install_ValueList; -typedef struct Pk11Install_ListIter_str Pk11Install_ListIter; -typedef struct Pk11Install_File_str Pk11Install_File; -typedef struct Pk11Install_PlatformName_str Pk11Install_PlatformName; -typedef struct Pk11Install_Platform_str Pk11Install_Platform; -typedef struct Pk11Install_Info_str Pk11Install_Info; - -extern Pk11Install_Pointer Pk11Install_yylval; -extern Pk11Install_ValueList* Pk11Install_valueList; - -/* -////////////////////////////////////////////////////////////////////////// -// Pk11Install_Pair -////////////////////////////////////////////////////////////////////////// -*/ - -struct Pk11Install_Pair_str { - char * key; - Pk11Install_ValueList *list; - -}; - -Pk11Install_Pair* -Pk11Install_Pair_new_default(); -Pk11Install_Pair* -Pk11Install_Pair_new( char* _key, Pk11Install_ValueList* _list); -void -Pk11Install_Pair_delete(Pk11Install_Pair* _this); -void -Pk11Install_Pair_Print(Pk11Install_Pair* _this, int pad); - -/* -////////////////////////////////////////////////////////////////////////// -// Pk11Install_Pointer -////////////////////////////////////////////////////////////////////////// -*/ -union Pk11Install_Pointer_str { - Pk11Install_ValueList *list; - Pk11Install_Value *value; - Pk11Install_Pair *pair; - char *string; -}; - -/* -////////////////////////////////////////////////////////////////////////// -// Pk11Install_Value -////////////////////////////////////////////////////////////////////////// -*/ -struct Pk11Install_Value_str { - - ValueType type; - char *string; - Pk11Install_Pair *pair; - struct Pk11Install_Value_str *next; -}; - -Pk11Install_Value* -Pk11Install_Value_new_default(); -Pk11Install_Value* -Pk11Install_Value_new(ValueType _type, Pk11Install_Pointer ptr); -void -Pk11Install_Value_delete(Pk11Install_Value* _this); -void -Pk11Install_Value_Print(Pk11Install_Value* _this, int pad); - -/* -////////////////////////////////////////////////////////////////////////// -// Pk11Install_ValueList -////////////////////////////////////////////////////////////////////////// -*/ -struct Pk11Install_ValueList_str { - int numItems; - int numPairs; - int numStrings; - Pk11Install_Value *head; -}; - -Pk11Install_ValueList* -Pk11Install_ValueList_new(); -void -Pk11Install_ValueList_delete(Pk11Install_ValueList* _this); -void -Pk11Install_ValueList_AddItem(Pk11Install_ValueList* _this, - Pk11Install_Value* item); -void -Pk11Install_ValueList_Print(Pk11Install_ValueList* _this, int pad); - - -/* -////////////////////////////////////////////////////////////////////////// -// Pk11Install_ListIter -////////////////////////////////////////////////////////////////////////// -*/ -struct Pk11Install_ListIter_str { - const Pk11Install_ValueList *list; - Pk11Install_Value *current; -}; - -Pk11Install_ListIter* -Pk11Install_ListIter_new_default(); -void -Pk11Install_ListIter_init(Pk11Install_ListIter* _this); -Pk11Install_ListIter* -Pk11Install_ListIter_new(const Pk11Install_ValueList* _list); -void -Pk11Install_ListIter_delete(Pk11Install_ListIter* _this); -void -Pk11Install_ListIter_reset(Pk11Install_ListIter* _this); -Pk11Install_Value* -Pk11Install_ListIter_nextItem(Pk11Install_ListIter* _this); - -/************************************************************************ - * - * Pk11Install_File - */ -struct Pk11Install_File_str { - char *jarPath; - char *relativePath; - char *absolutePath; - PRBool executable; - int permissions; -}; - -Pk11Install_File* -Pk11Install_File_new(); -void -Pk11Install_File_init(Pk11Install_File* _this); -void -Pk11Install_file_delete(Pk11Install_File* _this); -/*// Parses a syntax tree to obtain all attributes. -// Returns NULL for success, error message if parse error.*/ -char* -Pk11Install_File_Generate(Pk11Install_File* _this, - const Pk11Install_Pair* pair); -void -Pk11Install_File_Print(Pk11Install_File* _this, int pad); -void -Pk11Install_File_Cleanup(Pk11Install_File* _this); - -/************************************************************************ - * - * Pk11Install_PlatformName - */ -struct Pk11Install_PlatformName_str { - char *OS; - char **verString; - int numDigits; - char *arch; -}; - -Pk11Install_PlatformName* -Pk11Install_PlatformName_new(); -void -Pk11Install_PlatformName_init(Pk11Install_PlatformName* _this); -void -Pk11Install_PlatformName_delete(Pk11Install_PlatformName* _this); -char* -Pk11Install_PlatformName_Generate(Pk11Install_PlatformName* _this, - const char* str); -char* -Pk11Install_PlatformName_GetString(Pk11Install_PlatformName* _this); -char* -Pk11Install_PlatformName_GetVerString(Pk11Install_PlatformName* _this); -void -Pk11Install_PlatformName_Print(Pk11Install_PlatformName* _this, int pad); -void -Pk11Install_PlatformName_Cleanup(Pk11Install_PlatformName* _this); -PRBool -Pk11Install_PlatformName_equal(Pk11Install_PlatformName* _this, - Pk11Install_PlatformName* cmp); -PRBool -Pk11Install_PlatformName_lteq(Pk11Install_PlatformName* _this, - Pk11Install_PlatformName* cmp); -PRBool -Pk11Install_PlatformName_lt(Pk11Install_PlatformName* _this, - Pk11Install_PlatformName* cmp); - -/************************************************************************ - * - * Pk11Install_Platform - */ -struct Pk11Install_Platform_str { - Pk11Install_PlatformName name; - Pk11Install_PlatformName equivName; - struct Pk11Install_Platform_str *equiv; - PRBool usesEquiv; - char *moduleFile; - char *moduleName; - int modFile; - unsigned long mechFlags; - unsigned long cipherFlags; - Pk11Install_File *files; - int numFiles; -}; - -Pk11Install_Platform* -Pk11Install_Platform_new(); -void -Pk11Install_Platform_init(Pk11Install_Platform* _this); -void -Pk11Install_Platform_delete(Pk11Install_Platform* _this); -/*// Returns NULL for success, error message if parse error.*/ -char* -Pk11Install_Platform_Generate(Pk11Install_Platform* _this, - const Pk11Install_Pair *pair); -void -Pk11Install_Platform_Print(Pk11Install_Platform* _this, int pad); -void -Pk11Install_Platform_Cleanup(Pk11Install_Platform* _this); - -/************************************************************************ - * - * Pk11Install_Info - */ -struct Pk11Install_Info_str { - Pk11Install_Platform *platforms; - int numPlatforms; - Pk11Install_PlatformName *forwardCompatible; - int numForwardCompatible; -}; - -Pk11Install_Info* -Pk11Install_Info_new(); -void -Pk11Install_Info_init(); -void -Pk11Install_Info_delete(Pk11Install_Info* _this); -/*// Returns NULL for success, error message if parse error.*/ -char* -Pk11Install_Info_Generate(Pk11Install_Info* _this, - const Pk11Install_ValueList *list); - /*// Returns NULL if there is no matching platform*/ -Pk11Install_Platform* -Pk11Install_Info_GetBestPlatform(Pk11Install_Info* _this, char* myPlatform); -void -Pk11Install_Info_Print(Pk11Install_Info* _this, int pad); -void -Pk11Install_Info_Cleanup(Pk11Install_Info* _this); - -#endif /* INSTALL_DS_H */ diff --git a/security/nss/cmd/modutil/install.c b/security/nss/cmd/modutil/install.c deleted file mode 100644 index 10819190c4..0000000000 --- a/security/nss/cmd/modutil/install.c +++ /dev/null @@ -1,988 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include "install.h" -#include "install-ds.h" -#include -#include -#include -#include -#include -#include - -#ifdef XP_UNIX -/* for chmod */ -#include -#include -#endif - -/*extern "C" {*/ -#include -/*}*/ - -extern /*"C"*/ -int Pk11Install_AddNewModule(char* moduleName, char* dllPath, - unsigned long defaultMechanismFlags, - unsigned long cipherEnableFlags); -extern /*"C"*/ -short Pk11Install_UserVerifyJar(JAR *jar, PRFileDesc *out, - PRBool query); -extern /*"C"*/ -const char* mySECU_ErrorString(int16); -extern -int Pk11Install_yyparse(); - -#define INSTALL_METAINFO_TAG "Pkcs11_install_script" -#define SCRIPT_TEMP_FILE "pkcs11inst.tmp" -#define ROOT_MARKER "%root%" -#define TEMP_MARKER "%temp%" -#define PRINTF_ROOT_MARKER "%%root%%" -#define TEMPORARY_DIRECTORY_NAME "pk11inst.dir" -#define JAR_BASE_END (JAR_BASE+100) - -static PRLock* errorHandlerLock=NULL; -static Pk11Install_ErrorHandler errorHandler=NULL; -static char* PR_Strdup(const char* str); -static int rm_dash_r (char *path); -static int make_dirs(char *path, int file_perms); -static int dir_perms(int perms); - -static Pk11Install_Error DoInstall(JAR *jar, const char *installDir, - const char* tempDir, Pk11Install_Platform *platform, - PRFileDesc *feedback, PRBool noverify); - -static char *errorString[]= { - "Operation was successful", /* PK11_INSTALL_NO_ERROR */ - "Directory \"%s\" does not exist", /* PK11_INSTALL_DIR_DOESNT_EXIST */ - "File \"%s\" does not exist", /* PK11_INSTALL_FILE_DOESNT_EXIST */ - "File \"%s\" is not readable", /* PK11_INSTALL_FILE_NOT_READABLE */ - "%s", /* PK11_INSTALL_ERROR_STRING */ - "Error in JAR file %s: %s", /* PK11_INSTALL_JAR_ERROR */ - "No Pkcs11_install_script specified in JAR metainfo file", - /* PK11_INSTALL_NO_INSTALLER_SCRIPT */ - "Could not delete temporary file \"%s\"", - /*PK11_INSTALL_DELETE_TEMP_FILE */ - "Could not open temporary file \"%s\"", /*PK11_INSTALL_OPEN_SCRIPT_FILE*/ - "%s: %s", /* PK11_INSTALL_SCRIPT_PARSE */ - "Error in script: %s", - "Unable to obtain system platform information", - "Installer script has no information about the current platform (%s)", - "Relative directory \"%s\" does not contain "PRINTF_ROOT_MARKER, - "Module File \"%s\" not found", - "Error occurred installing module \"%s\" into database", - "Error extracting \"%s\" from JAR file: %s", - "Directory \"%s\" is not writeable", - "Could not create directory \"%s\"", - "Could not remove directory \"%s\"", - "Unable to execute \"%s\"", - "Unable to wait for process \"%s\"", - "\"%s\" returned error code %d", - "User aborted operation", - "Unspecified error" -}; - -enum { - INSTALLED_FILE_MSG=0, - INSTALLED_MODULE_MSG, - INSTALLER_SCRIPT_NAME, - MY_PLATFORM_IS, - USING_PLATFORM, - PARSED_INSTALL_SCRIPT, - EXEC_FILE_MSG, - EXEC_SUCCESS, - INSTALLATION_COMPLETE_MSG, - USER_ABORT -}; - -static char *msgStrings[] = { - "Installed file %s to %s\n", - "Installed module \"%s\" into module database\n", - "Using installer script \"%s\"\n", - "Current platform is %s\n", - "Using installation parameters for platform %s\n", - "Successfully parsed installation script\n", - "Executing \"%s\"...\n", - "\"%s\" executed successfully\n", - "\nInstallation completed successfully\n", - "\nAborting...\n" -}; - -/************************************************************************** - * S t r i n g N o d e - */ -typedef struct StringNode_str { - char *str; - struct StringNode_str* next; -} StringNode; - -StringNode* StringNode_new() -{ - StringNode* new_this; - new_this = (StringNode*)malloc(sizeof(StringNode)); - new_this->str=NULL; - new_this->next=NULL; - return new_this; -} - -void StringNode_delete(StringNode* s) -{ - if(s->str) { - PR_Free(s->str); - s->str=NULL; - } -} - -/************************************************************************* - * S t r i n g L i s t - */ -typedef struct StringList_str { - StringNode* head; - StringNode* tail; -} StringList; - -void StringList_new(StringList* list) -{ - list->head=NULL; - list->tail=NULL; -} - -void StringList_delete(StringList* list) -{ - StringNode *tmp; - while(list->head) { - tmp = list->head; - list->head = list->head->next; - StringNode_delete(tmp); - } -} - -void -StringList_Append(StringList* list, char* str) -{ - if(!str) { - return; - } - - if(!list->tail) { - /* This is the first element */ - list->head = list->tail = StringNode_new(); - } else { - list->tail->next = StringNode_new(); - list->tail = list->tail->next; - } - - list->tail->str = PR_Strdup(str); - list->tail->next = NULL; /* just to be sure */ -} - -/************************************************************************** - * - * P k 1 1 I n s t a l l _ S e t E r r o r H a n d l e r - * - * Sets the error handler to be used by the library. Returns the current - * error handler function. - */ -Pk11Install_ErrorHandler -Pk11Install_SetErrorHandler(Pk11Install_ErrorHandler handler) -{ - Pk11Install_ErrorHandler old; - - if(!errorHandlerLock) { - errorHandlerLock = PR_NewLock(); - } - - PR_Lock(errorHandlerLock); - - old = errorHandler; - errorHandler = handler; - - PR_Unlock(errorHandlerLock); - - return old; -} - -/************************************************************************** - * - * P k 1 1 I n s t a l l _ I n i t - * - * Does initialization that otherwise would be done on the fly. Only - * needs to be called by multithreaded apps, before they make any calls - * to this library. - */ -void -Pk11Install_Init() -{ - if(!errorHandlerLock) { - errorHandlerLock = PR_NewLock(); - } -} - -/************************************************************************** - * - * P k 1 1 I n s t a l l _ R e l e a s e - * - * Releases static data structures used by the library. Don't use the - * library after calling this, unless you call Pk11Install_Init() - * first. This function doesn't have to be called at all unless you're - * really anal about freeing memory before your program exits. - */ -void -Pk11Install_Release() -{ - if(errorHandlerLock) { - PR_Free(errorHandlerLock); - errorHandlerLock = NULL; - } -} - -/************************************************************************* - * - * e r r o r - * - * Takes an error code and its arguments, creates the error string, - * and sends the string to the handler function if it exists. - */ - -#ifdef OSF1 -/* stdarg has already been pulled in from NSPR */ -#undef va_start -#undef va_end -#undef va_arg -#include -#else -#include -#endif - -#ifdef OSF1 -static void -error(long va_alist, ...) -#else -static void -error(Pk11Install_Error errcode, ...) -#endif -{ - - va_list ap; - char *errstr; - Pk11Install_ErrorHandler handler; - - if(!errorHandlerLock) { - errorHandlerLock = PR_NewLock(); - } - - PR_Lock(errorHandlerLock); - - handler = errorHandler; - - PR_Unlock(errorHandlerLock); - - if(handler) { -#ifdef OSF1 - va_start(ap); - errstr = PR_vsmprintf(errorString[va_arg(ap, Pk11Install_Error)], ap); -#else - va_start(ap, errcode); - errstr = PR_vsmprintf(errorString[errcode], ap); -#endif - handler(errstr); - PR_smprintf_free(errstr); - va_end(ap); - } -} - -/************************************************************************* - * - * j a r _ c a l l b a c k - */ -static int -jar_callback(int status, JAR *foo, const char *bar, char *pathname, - char *errortext) { - char *string; - - string = PR_smprintf("JAR error %d: %s in file %s\n", status, errortext, - pathname); - error(PK11_INSTALL_ERROR_STRING, string); - PR_smprintf_free(string); - return 0; -} - -/************************************************************************* - * - * P k 1 1 I n s t a l l _ D o I n s t a l l - * - * jarFile is the path of a JAR in the PKCS #11 module JAR format. - * installDir is the directory relative to which files will be - * installed. - */ -Pk11Install_Error -Pk11Install_DoInstall(char *jarFile, const char *installDir, - const char *tempDir, PRFileDesc *feedback, short force, PRBool noverify) -{ - JAR *jar; - char *installer; - unsigned long installer_len; - int status; - Pk11Install_Error ret; - PRBool made_temp_file; - Pk11Install_Info installInfo; - Pk11Install_Platform *platform; - char* errMsg; - char sysname[SYS_INFO_BUFFER_LENGTH], release[SYS_INFO_BUFFER_LENGTH], - arch[SYS_INFO_BUFFER_LENGTH]; - char *myPlatform; - - jar=NULL; - ret = PK11_INSTALL_UNSPECIFIED; - made_temp_file=PR_FALSE; - errMsg=NULL; - Pk11Install_Info_init(&installInfo); - - /* - printf("Inside DoInstall, jarFile=%s, installDir=%s, tempDir=%s\n", - jarFile, installDir, tempDir); - */ - - /* - * Check out jarFile and installDir for validity - */ - if( PR_Access(installDir, PR_ACCESS_EXISTS) != PR_SUCCESS ) { - error(PK11_INSTALL_DIR_DOESNT_EXIST, installDir); - return PK11_INSTALL_DIR_DOESNT_EXIST; - } - if(!tempDir) { - tempDir = "."; - } - if( PR_Access(tempDir, PR_ACCESS_EXISTS) != PR_SUCCESS ) { - error(PK11_INSTALL_DIR_DOESNT_EXIST, tempDir); - return PK11_INSTALL_DIR_DOESNT_EXIST; - } - if( PR_Access(tempDir, PR_ACCESS_WRITE_OK) != PR_SUCCESS ) { - error(PK11_INSTALL_DIR_NOT_WRITEABLE, tempDir); - return PK11_INSTALL_DIR_NOT_WRITEABLE; - } - if( (PR_Access(jarFile, PR_ACCESS_EXISTS) != PR_SUCCESS) ) { - error(PK11_INSTALL_FILE_DOESNT_EXIST, jarFile); - return PK11_INSTALL_FILE_DOESNT_EXIST; - } - if( PR_Access(jarFile, PR_ACCESS_READ_OK) != PR_SUCCESS ) { - error(PK11_INSTALL_FILE_NOT_READABLE, jarFile); - return PK11_INSTALL_FILE_NOT_READABLE; - } - - /* - * Extract the JAR file - */ - jar = JAR_new(); - JAR_set_callback(JAR_CB_SIGNAL, jar, jar_callback); - - if(noverify) { - status = JAR_pass_archive_unverified(jar, jarArchGuess, jarFile, "url"); - } else { - status = JAR_pass_archive(jar, jarArchGuess, jarFile, "url"); - } - if( (status < 0) || (jar->valid < 0) ) { - if (status >= JAR_BASE && status <= JAR_BASE_END) { - error(PK11_INSTALL_JAR_ERROR, jarFile, JAR_get_error(status)); - } else { - error(PK11_INSTALL_JAR_ERROR, jarFile, - mySECU_ErrorString((int16) PORT_GetError()) ); - } - ret=PK11_INSTALL_JAR_ERROR; - goto loser; - } - /*printf("passed the archive\n");*/ - - /* - * Show the user security information, allow them to abort or continue - */ - if( Pk11Install_UserVerifyJar(jar, PR_STDOUT, - force?PR_FALSE:PR_TRUE) && !force) { - if(feedback) { - PR_fprintf(feedback, msgStrings[USER_ABORT]); - } - ret=PK11_INSTALL_USER_ABORT; - goto loser; - } - - /* - * Get the name of the installation file - */ - if( JAR_get_metainfo(jar, NULL, INSTALL_METAINFO_TAG, (void**)&installer, - (unsigned long*)&installer_len) ) { - error(PK11_INSTALL_NO_INSTALLER_SCRIPT); - ret=PK11_INSTALL_NO_INSTALLER_SCRIPT; - goto loser; - } - if(feedback) { - PR_fprintf(feedback, msgStrings[INSTALLER_SCRIPT_NAME], installer); - } - - /* - * Extract the installation file - */ - if( PR_Access(SCRIPT_TEMP_FILE, PR_ACCESS_EXISTS) == PR_SUCCESS) { - if( PR_Delete(SCRIPT_TEMP_FILE) != PR_SUCCESS) { - error(PK11_INSTALL_DELETE_TEMP_FILE, SCRIPT_TEMP_FILE); - ret=PK11_INSTALL_DELETE_TEMP_FILE; - goto loser; - } - } - if(noverify) { - status = JAR_extract(jar, installer, SCRIPT_TEMP_FILE); - } else { - status = JAR_verified_extract(jar, installer, SCRIPT_TEMP_FILE); - } - if(status) { - if (status >= JAR_BASE && status <= JAR_BASE_END) { - error(PK11_INSTALL_JAR_EXTRACT, installer, JAR_get_error(status)); - } else { - error(PK11_INSTALL_JAR_EXTRACT, installer, - mySECU_ErrorString((int16) PORT_GetError()) ); - } - ret = PK11_INSTALL_JAR_EXTRACT; - goto loser; - } else { - made_temp_file = PR_TRUE; - } - - /* - * Parse the installation file into a syntax tree - */ - Pk11Install_FD = PR_Open(SCRIPT_TEMP_FILE, PR_RDONLY, 0); - if(!Pk11Install_FD) { - error(PK11_INSTALL_OPEN_SCRIPT_FILE, SCRIPT_TEMP_FILE); - ret=PK11_INSTALL_OPEN_SCRIPT_FILE; - goto loser; - } - if(Pk11Install_yyparse()) { - error(PK11_INSTALL_SCRIPT_PARSE, installer, - Pk11Install_yyerrstr ? Pk11Install_yyerrstr : ""); - ret=PK11_INSTALL_SCRIPT_PARSE; - goto loser; - } - -#if 0 - /* for debugging */ - Pk11Install_valueList->Print(0); -#endif - - /* - * From the syntax tree, build a semantic structure - */ - errMsg = Pk11Install_Info_Generate(&installInfo,Pk11Install_valueList); - if(errMsg) { - error(PK11_INSTALL_SEMANTIC, errMsg); - ret=PK11_INSTALL_SEMANTIC; - goto loser; - } -#if 0 - installInfo.Print(0); -#endif - - if(feedback) { - PR_fprintf(feedback, msgStrings[PARSED_INSTALL_SCRIPT]); - } - - /* - * Figure out which platform to use - */ - { - sysname[0] = release[0] = arch[0] = '\0'; - - if( (PR_GetSystemInfo(PR_SI_SYSNAME, sysname, SYS_INFO_BUFFER_LENGTH) - != PR_SUCCESS) || - (PR_GetSystemInfo(PR_SI_RELEASE, release, SYS_INFO_BUFFER_LENGTH) - != PR_SUCCESS) || - (PR_GetSystemInfo(PR_SI_ARCHITECTURE, arch, SYS_INFO_BUFFER_LENGTH) - != PR_SUCCESS) ) { - error(PK11_INSTALL_SYSINFO); - ret=PK11_INSTALL_SYSINFO; - goto loser; - } - myPlatform = PR_smprintf("%s:%s:%s", sysname, release, arch); - platform = Pk11Install_Info_GetBestPlatform(&installInfo,myPlatform); - if(!platform) { - error(PK11_INSTALL_NO_PLATFORM, myPlatform); - PR_smprintf_free(myPlatform); - ret=PK11_INSTALL_NO_PLATFORM; - goto loser; - } - if(feedback) { - PR_fprintf(feedback, msgStrings[MY_PLATFORM_IS], myPlatform); - PR_fprintf(feedback, msgStrings[USING_PLATFORM], - Pk11Install_PlatformName_GetString(&platform->name)); - } - PR_smprintf_free(myPlatform); - } - - /* Run the install for that platform */ - ret = DoInstall(jar, installDir, tempDir, platform, feedback, noverify); - if(ret) { - goto loser; - } - - ret = PK11_INSTALL_SUCCESS; -loser: - if(Pk11Install_valueList) { - Pk11Install_ValueList_delete(Pk11Install_valueList); - PR_Free(Pk11Install_valueList); - Pk11Install_valueList = NULL; - } - if(jar) { - JAR_destroy(jar); - } - if(made_temp_file) { - PR_Delete(SCRIPT_TEMP_FILE); - } - if(errMsg) { - PR_smprintf_free(errMsg); - } - return ret; -} - -/* -///////////////////////////////////////////////////////////////////////// -// actually run the installation, copying files to and fro -*/ -static Pk11Install_Error -DoInstall(JAR *jar, const char *installDir, const char *tempDir, - Pk11Install_Platform *platform, PRFileDesc *feedback, PRBool noverify) -{ - Pk11Install_File *file; - Pk11Install_Error ret; - char *reldir; - char *dest; - char *modDest; - char *cp; - int i; - int status; - char *tempname, *temp; - StringList executables; - StringNode *execNode; - PRProcessAttr *attr; - PRProcess *proc; - char *argv[2]; - char *envp[1]; - int errcode; - - ret=PK11_INSTALL_UNSPECIFIED; - reldir=NULL; - dest=NULL; - modDest=NULL; - tempname=NULL; - - StringList_new(&executables); - /* - // Create Temporary directory - */ - tempname = PR_smprintf("%s/%s", tempDir, TEMPORARY_DIRECTORY_NAME); - if( PR_Access(tempname, PR_ACCESS_EXISTS)==PR_SUCCESS ) { - /* Left over from previous run? Delete it. */ - rm_dash_r(tempname); - } - if(PR_MkDir(tempname, 0700) != PR_SUCCESS) { - error(PK11_INSTALL_CREATE_DIR, tempname); - ret = PK11_INSTALL_CREATE_DIR; - goto loser; - } - - /* - // Install all the files - */ - for(i=0; i < platform->numFiles; i++) { - file = &platform->files[i]; - - if(file->relativePath) { - PRBool foundMarker = PR_FALSE; - reldir = PR_Strdup(file->relativePath); - - /* Replace all the markers with the directories for which they stand */ - while(1) { - if( (cp=PL_strcasestr(reldir, ROOT_MARKER)) ) { - /* Has a %root% marker */ - *cp = '\0'; - temp = PR_smprintf("%s%s%s", reldir, installDir, - cp+strlen(ROOT_MARKER)); - PR_Free(reldir); - reldir = temp; - foundMarker = PR_TRUE; - } else if( (cp = PL_strcasestr(reldir, TEMP_MARKER)) ) { - /* Has a %temp% marker */ - *cp = '\0'; - temp = PR_smprintf("%s%s%s", reldir, tempname, - cp+strlen(TEMP_MARKER)); - PR_Free(reldir); - reldir = temp; - foundMarker = PR_TRUE; - } else { - break; - } - } - if(!foundMarker) { - /* Has no markers...this isn't really a relative directory */ - error(PK11_INSTALL_BOGUS_REL_DIR, file->relativePath); - ret = PK11_INSTALL_BOGUS_REL_DIR; - goto loser; - } - dest = reldir; - reldir = NULL; - } else if(file->absolutePath) { - dest = PR_Strdup(file->absolutePath); - } - - /* Remember if this is the module file, we'll need to add it later */ - if(i == platform->modFile) { - modDest = PR_Strdup(dest); - } - - /* Remember is this is an executable, we'll need to run it later */ - if(file->executable) { - StringList_Append(&executables,dest); - /*executables.Append(dest);*/ - } - - /* Make sure the directory we are targetting exists */ - if( make_dirs(dest, file->permissions) ) { - ret=PK11_INSTALL_CREATE_DIR; - goto loser; - } - - /* Actually extract the file onto the filesystem */ - if(noverify) { - status = JAR_extract(jar, (char*)file->jarPath, dest); - } else { - status = JAR_verified_extract(jar, (char*)file->jarPath, dest); - } - if(status) { - if (status >= JAR_BASE && status <= JAR_BASE_END) { - error(PK11_INSTALL_JAR_EXTRACT, file->jarPath, - JAR_get_error(status)); - } else { - error(PK11_INSTALL_JAR_EXTRACT, file->jarPath, - mySECU_ErrorString((int16) PORT_GetError()) ); - } - ret=PK11_INSTALL_JAR_EXTRACT; - goto loser; - } - if(feedback) { - PR_fprintf(feedback, msgStrings[INSTALLED_FILE_MSG], - file->jarPath, dest); - } - - /* no NSPR command to change permissions? */ -#ifdef XP_UNIX - chmod(dest, file->permissions); -#endif - - /* Memory clean-up tasks */ - if(reldir) { - PR_Free(reldir); - reldir = NULL; - } - if(dest) { - PR_Free(dest); - dest = NULL; - } - } - /* Make sure we found the module file */ - if(!modDest) { - /* Internal problem here, since every platform is supposed to have - a module file */ - error(PK11_INSTALL_NO_MOD_FILE, platform->moduleName); - ret=PK11_INSTALL_NO_MOD_FILE; - goto loser; - } - - /* - // Execute any executable files - */ - { - argv[1] = NULL; - envp[0] = NULL; - for(execNode = executables.head; execNode; execNode = execNode->next) { - attr = PR_NewProcessAttr(); - argv[0] = PR_Strdup(execNode->str); - - /* Announce our intentions */ - if(feedback) { - PR_fprintf(feedback, msgStrings[EXEC_FILE_MSG], execNode->str); - } - - /* start the process */ - if( !(proc=PR_CreateProcess(execNode->str, argv, envp, attr)) ) { - PR_Free(argv[0]); - PR_DestroyProcessAttr(attr); - error(PK11_INSTALL_EXEC_FILE, execNode->str); - ret=PK11_INSTALL_EXEC_FILE; - goto loser; - } - - /* wait for it to finish */ - if( PR_WaitProcess(proc, &errcode) != PR_SUCCESS) { - PR_Free(argv[0]); - PR_DestroyProcessAttr(attr); - error(PK11_INSTALL_WAIT_PROCESS, execNode->str); - ret=PK11_INSTALL_WAIT_PROCESS; - goto loser; - } - - /* What happened? */ - if(errcode) { - /* process returned an error */ - error(PK11_INSTALL_PROC_ERROR, execNode->str, errcode); - } else if(feedback) { - /* process ran successfully */ - PR_fprintf(feedback, msgStrings[EXEC_SUCCESS], execNode->str); - } - - PR_Free(argv[0]); - PR_DestroyProcessAttr(attr); - } - } - - /* - // Add the module - */ - status = Pk11Install_AddNewModule((char*)platform->moduleName, - (char*)modDest, platform->mechFlags, platform->cipherFlags ); - - if(status != SECSuccess) { - error(PK11_INSTALL_ADD_MODULE, platform->moduleName); - ret=PK11_INSTALL_ADD_MODULE; - goto loser; - } - if(feedback) { - PR_fprintf(feedback, msgStrings[INSTALLED_MODULE_MSG], - platform->moduleName); - } - - if(feedback) { - PR_fprintf(feedback, msgStrings[INSTALLATION_COMPLETE_MSG]); - } - - ret = PK11_INSTALL_SUCCESS; - -loser: - if(reldir) { - PR_Free(reldir); - } - if(dest) { - PR_Free(dest); - } - if(modDest) { - PR_Free(modDest); - } - if(tempname) { - PRFileInfo info; - if(PR_GetFileInfo(tempname, &info) == PR_SUCCESS) { - if((info.type == PR_FILE_DIRECTORY)) { - /* Recursively remove temporary directory */ - if(rm_dash_r(tempname)) { - error(PK11_INSTALL_REMOVE_DIR, - tempname); - ret=PK11_INSTALL_REMOVE_DIR; - } - - } - } - PR_Free(tempname); - } - StringList_delete(&executables); - return ret; -} - -/* -////////////////////////////////////////////////////////////////////////// -*/ -static char* -PR_Strdup(const char* str) -{ - char *tmp = (char*) PR_Malloc(strlen(str)+1); - strcpy(tmp, str); - return tmp; -} - -/* - * r m _ d a s h _ r - * - * Remove a file, or a directory recursively. - * - */ -static int -rm_dash_r (char *path) -{ - PRDir *dir; - PRDirEntry *entry; - PRFileInfo fileinfo; - char filename[240]; - - if(PR_GetFileInfo(path, &fileinfo) != PR_SUCCESS) { - /*fprintf(stderr, "Error: Unable to access %s\n", filename);*/ - return -1; - } - if(fileinfo.type == PR_FILE_DIRECTORY) { - - dir = PR_OpenDir(path); - if(!dir) { - return -1; - } - - /* Recursively delete all entries in the directory */ - while((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) { - sprintf(filename, "%s/%s", path, entry->name); - if(rm_dash_r(filename)) return -1; - } - - if(PR_CloseDir(dir) != PR_SUCCESS) { - return -1; - } - - /* Delete the directory itself */ - if(PR_RmDir(path) != PR_SUCCESS) { - return -1; - } - } else { - if(PR_Delete(path) != PR_SUCCESS) { - return -1; - } - } - return 0; -} - -/*************************************************************************** - * - * m a k e _ d i r s - * - * Ensure that the directory portion of the path exists. This may require - * making the directory, and its parent, and its parent's parent, etc. - */ -static int -make_dirs(char *path, int file_perms) -{ - char *Path; - char *start; - char *sep; - int ret = 0; - PRFileInfo info; - - if(!path) { - return 0; - } - - Path = PR_Strdup(path); - start = strpbrk(Path, "/\\"); - if(!start) { - return 0; - } - start++; /* start right after first slash */ - - /* Each time through the loop add one more directory. */ - while( (sep=strpbrk(start, "/\\")) ) { - *sep = '\0'; - - if( PR_GetFileInfo(Path, &info) != PR_SUCCESS) { - /* No such dir, we have to create it */ - if( PR_MkDir(Path, dir_perms(file_perms)) != PR_SUCCESS) { - error(PK11_INSTALL_CREATE_DIR, Path); - ret = PK11_INSTALL_CREATE_DIR; - goto loser; - } - } else { - /* something exists by this name, make sure it's a directory */ - if( info.type != PR_FILE_DIRECTORY ) { - error(PK11_INSTALL_CREATE_DIR, Path); - ret = PK11_INSTALL_CREATE_DIR; - goto loser; - } - } - - /* If this is the lowest directory level, make sure it is writeable */ - if(!strpbrk(sep+1, "/\\")) { - if( PR_Access(Path, PR_ACCESS_WRITE_OK)!=PR_SUCCESS) { - error(PK11_INSTALL_DIR_NOT_WRITEABLE, Path); - ret = PK11_INSTALL_DIR_NOT_WRITEABLE; - goto loser; - } - } - - start = sep+1; /* start after the next slash */ - *sep = '/'; - } - -loser: - PR_Free(Path); - return ret; -} - -/************************************************************************* - * d i r _ p e r m s - * - * Guesses the desired permissions on a directory based on the permissions - * of a file that will be stored in it. Give read, write, and - * execute to the owner (so we can create the file), read and - * execute to anyone who has read permissions on the file, and write - * to anyone who has write permissions on the file. - */ -static int -dir_perms(int perms) -{ - int ret = 0; - - /* owner */ - ret |= 0700; - - /* group */ - if(perms & 0040) { - /* read on the file -> read and execute on the directory */ - ret |= 0050; - } - if(perms & 0020) { - /* write on the file -> write on the directory */ - ret |= 0020; - } - - /* others */ - if(perms & 0004) { - /* read on the file -> read and execute on the directory */ - ret |= 0005; - } - if(perms & 0002) { - /* write on the file -> write on the directory */ - ret |= 0002; - } - - return ret; -} diff --git a/security/nss/cmd/modutil/install.h b/security/nss/cmd/modutil/install.h deleted file mode 100644 index 00fae7aebc..0000000000 --- a/security/nss/cmd/modutil/install.h +++ /dev/null @@ -1,133 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#ifndef PK11INSTALL_H -#define PK11INSTALL_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef void (*Pk11Install_ErrorHandler)(char *); - -typedef enum { - PK11_INSTALL_NO_ERROR=0, - PK11_INSTALL_DIR_DOESNT_EXIST, - PK11_INSTALL_FILE_DOESNT_EXIST, - PK11_INSTALL_FILE_NOT_READABLE, - PK11_INSTALL_ERROR_STRING, - PK11_INSTALL_JAR_ERROR, - PK11_INSTALL_NO_INSTALLER_SCRIPT, - PK11_INSTALL_DELETE_TEMP_FILE, - PK11_INSTALL_OPEN_SCRIPT_FILE, - PK11_INSTALL_SCRIPT_PARSE, - PK11_INSTALL_SEMANTIC, - PK11_INSTALL_SYSINFO, - PK11_INSTALL_NO_PLATFORM, - PK11_INSTALL_BOGUS_REL_DIR, - PK11_INSTALL_NO_MOD_FILE, - PK11_INSTALL_ADD_MODULE, - PK11_INSTALL_JAR_EXTRACT, - PK11_INSTALL_DIR_NOT_WRITEABLE, - PK11_INSTALL_CREATE_DIR, - PK11_INSTALL_REMOVE_DIR, - PK11_INSTALL_EXEC_FILE, - PK11_INSTALL_WAIT_PROCESS, - PK11_INSTALL_PROC_ERROR, - PK11_INSTALL_USER_ABORT, - PK11_INSTALL_UNSPECIFIED -} Pk11Install_Error; -#define PK11_INSTALL_SUCCESS PK11_INSTALL_NO_ERROR - -/************************************************************************** - * - * P k 1 1 I n s t a l l _ I n i t - * - * Does initialization that otherwise would be done on the fly. Only - * needs to be called by multithreaded apps, before they make any calls - * to this library. - */ -void -Pk11Install_Init(); - -/************************************************************************** - * - * P k 1 1 I n s t a l l _ S e t E r r o r H a n d l e r - * - * Sets the error handler to be used by the library. Returns the current - * error handler function. - */ -Pk11Install_ErrorHandler -Pk11Install_SetErrorHandler(Pk11Install_ErrorHandler handler); - - -/************************************************************************** - * - * P k 1 1 I n s t a l l _ R e l e a s e - * - * Releases static data structures used by the library. Don't use the - * library after calling this, unless you call Pk11Install_Init() - * first. This function doesn't have to be called at all unless you're - * really anal about freeing memory before your program exits. - */ -void -Pk11Install_Release(); - -/************************************************************************* - * - * P k 1 1 I n s t a l l _ D o I n s t a l l - * - * jarFile is the path of a JAR in the PKCS #11 module JAR format. - * installDir is the directory relative to which files will be - * installed. - * feedback is a file descriptor to which to write informative (not error) - * status messages: what files are being installed, what modules are being - * installed. If feedback==NULL, no messages will be displayed. - * If force != 0, interactive prompts will be suppressed. - * If noverify == PR_TRUE, signatures won't be checked on the JAR file. - */ -Pk11Install_Error -Pk11Install_DoInstall(char *jarFile, const char *installDir, - const char *tempDir, PRFileDesc *feedback, short force, - PRBool noverify); - -#ifdef __cplusplus -} -#endif - -#endif /*PK11INSTALL_H*/ diff --git a/security/nss/cmd/modutil/installparse.c b/security/nss/cmd/modutil/installparse.c deleted file mode 100644 index 1d85d213ac..0000000000 --- a/security/nss/cmd/modutil/installparse.c +++ /dev/null @@ -1,429 +0,0 @@ -#ifndef lint -char yysccsid[] = "@(#)yaccpar 1.4 (Berkeley) 02/25/90"; -#endif -#line 37 "installparse.y" - -#define yyparse Pk11Install_yyparse -#define yylex Pk11Install_yylex -#define yyerror Pk11Install_yyerror -#define yychar Pk11Install_yychar -#define yyval Pk11Install_yyval -#define yylval Pk11Install_yylval -#define yydebug Pk11Install_yydebug -#define yynerrs Pk11Install_yynerrs -#define yyerrflag Pk11Install_yyerrflag -#define yyss Pk11Install_yyss -#define yyssp Pk11Install_yyssp -#define yyvs Pk11Install_yyvs -#define yyvsp Pk11Install_yyvsp -#define yylhs Pk11Install_yylhs -#define yylen Pk11Install_yylen -#define yydefred Pk11Install_yydefred -#define yydgoto Pk11Install_yydgoto -#define yysindex Pk11Install_yysindex -#define yyrindex Pk11Install_yyrindex -#define yygindex Pk11Install_yygindex -#define yytable Pk11Install_yytable -#define yycheck Pk11Install_yycheck -#define yyname Pk11Install_yyname -#define yyrule Pk11Install_yyrule - -/* C Stuff */ -#include "install-ds.h" -#include - -#define YYSTYPE Pk11Install_Pointer -extern char *Pk11Install_yytext; -char *Pk11Install_yyerrstr=NULL; - -#line 40 "ytab.c" -#define OPENBRACE 257 -#define CLOSEBRACE 258 -#define STRING 259 -#define YYERRCODE 256 -short yylhs[] = { -1, - 0, 1, 1, 2, 2, 3, 4, -}; -short yylen[] = { 2, - 1, 2, 0, 1, 1, 4, 1, -}; -short yydefred[] = { 0, - 0, 0, 1, 0, 4, 0, 2, 0, 0, 6, -}; -short yydgoto[] = { 2, - 3, 4, 5, 6, -}; -short yysindex[] = { -257, - 0, 0, 0, -257, 0, -252, 0, -257, -251, 0, -}; -short yyrindex[] = { 6, - 1, 0, 0, 3, 0, 0, 0, -250, 0, 0, -}; -short yygindex[] = { 0, - -4, 0, 0, 0, -}; -#define YYTABLESIZE 261 -short yytable[] = { 7, - 5, 1, 3, 9, 8, 3, 10, 3, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 7, 5, 5, - 3, -}; -short yycheck[] = { 4, - 0, 259, 0, 8, 257, 0, 258, 258, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 257, 258, 259, - 258, -}; -#define YYFINAL 2 -#ifndef YYDEBUG -#define YYDEBUG 0 -#endif -#define YYMAXTOKEN 259 -#if YYDEBUG -char *yyname[] = { -"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"OPENBRACE","CLOSEBRACE","STRING", -}; -char *yyrule[] = { -"$accept : toplist", -"toplist : valuelist", -"valuelist : value valuelist", -"valuelist :", -"value : key_value_pair", -"value : STRING", -"key_value_pair : key OPENBRACE valuelist CLOSEBRACE", -"key : STRING", -}; -#endif -#ifndef YYSTYPE -typedef int YYSTYPE; -#endif -#define yyclearin (yychar=(-1)) -#define yyerrok (yyerrflag=0) -#ifndef YYSTACKSIZE -#ifdef YYMAXDEPTH -#define YYSTACKSIZE YYMAXDEPTH -#else -#define YYSTACKSIZE 300 -#endif -#endif -int yydebug; -int yynerrs; -int yyerrflag; -int yychar; -short *yyssp; -YYSTYPE *yyvsp; -YYSTYPE yyval; -YYSTYPE yylval; -#define yystacksize YYSTACKSIZE -short yyss[YYSTACKSIZE]; -YYSTYPE yyvs[YYSTACKSIZE]; -#line 118 "installparse.y" -/*----------------------- Program Section --------------------------------*/ - -/*************************************************************************/ -void -Pk11Install_yyerror(char *message) -{ - char *tmp; - if(Pk11Install_yyerrstr) { - tmp=PR_smprintf("%sline %d: %s\n", Pk11Install_yyerrstr, - Pk11Install_yylinenum, message); - PR_smprintf_free(Pk11Install_yyerrstr); - } else { - tmp = PR_smprintf("line %d: %s\n", Pk11Install_yylinenum, message); - } - Pk11Install_yyerrstr=tmp; -} -#line 191 "ytab.c" -#define YYABORT goto yyabort -#define YYACCEPT goto yyaccept -#define YYERROR goto yyerrlab -int -yyparse() -{ - register int yym, yyn, yystate; -#if YYDEBUG - register char *yys; - extern char *getenv(); - - if (yys = getenv("YYDEBUG")) - { - yyn = *yys; - if (yyn >= '0' && yyn <= '9') - yydebug = yyn - '0'; - } -#endif - - yynerrs = 0; - yyerrflag = 0; - yychar = (-1); - - yyssp = yyss; - yyvsp = yyvs; - *yyssp = yystate = 0; - -yyloop: - if (yyn = yydefred[yystate]) goto yyreduce; - if (yychar < 0) - { - if ((yychar = yylex()) < 0) yychar = 0; -#if YYDEBUG - if (yydebug) - { - yys = 0; - if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; - if (!yys) yys = "illegal-symbol"; - printf("yydebug: state %d, reading %d (%s)\n", yystate, - yychar, yys); - } -#endif - } - if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == yychar) - { -#if YYDEBUG - if (yydebug) - printf("yydebug: state %d, shifting to state %d\n", - yystate, yytable[yyn]); -#endif - if (yyssp >= yyss + yystacksize - 1) - { - goto yyoverflow; - } - *++yyssp = yystate = yytable[yyn]; - *++yyvsp = yylval; - yychar = (-1); - if (yyerrflag > 0) --yyerrflag; - goto yyloop; - } - if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == yychar) - { - yyn = yytable[yyn]; - goto yyreduce; - } - if (yyerrflag) goto yyinrecovery; -#ifdef lint - goto yynewerror; -yynewerror: -#endif - yyerror("syntax error"); -#ifdef lint - goto yyerrlab; -yyerrlab: -#endif - ++yynerrs; -yyinrecovery: - if (yyerrflag < 3) - { - yyerrflag = 3; - for (;;) - { - if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE) - { -#if YYDEBUG - if (yydebug) - printf("yydebug: state %d, error recovery shifting\ - to state %d\n", *yyssp, yytable[yyn]); -#endif - if (yyssp >= yyss + yystacksize - 1) - { - goto yyoverflow; - } - *++yyssp = yystate = yytable[yyn]; - *++yyvsp = yylval; - goto yyloop; - } - else - { -#if YYDEBUG - if (yydebug) - printf("yydebug: error recovery discarding state %d\n", - *yyssp); -#endif - if (yyssp <= yyss) goto yyabort; - --yyssp; - --yyvsp; - } - } - } - else - { - if (yychar == 0) goto yyabort; -#if YYDEBUG - if (yydebug) - { - yys = 0; - if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; - if (!yys) yys = "illegal-symbol"; - printf("yydebug: state %d, error recovery discards token %d (%s)\n", - yystate, yychar, yys); - } -#endif - yychar = (-1); - goto yyloop; - } -yyreduce: -#if YYDEBUG - if (yydebug) - printf("yydebug: state %d, reducing by rule %d (%s)\n", - yystate, yyn, yyrule[yyn]); -#endif - yym = yylen[yyn]; - yyval = yyvsp[1-yym]; - switch (yyn) - { -case 1: -#line 84 "installparse.y" -{ - Pk11Install_valueList = yyvsp[0].list; -} -break; -case 2: -#line 89 "installparse.y" -{ - Pk11Install_ValueList_AddItem(yyvsp[0].list,yyvsp[-1].value); - yyval .list = yyvsp[0].list; -} -break; -case 3: -#line 94 "installparse.y" -{ - yyval .list = Pk11Install_ValueList_new(); -} -break; -case 4: -#line 99 "installparse.y" -{ - yyval .value= Pk11Install_Value_new(PAIR_VALUE,yyvsp[0]); -} -break; -case 5: -#line 103 "installparse.y" -{ - yyval .value= Pk11Install_Value_new(STRING_VALUE, yyvsp[0]); -} -break; -case 6: -#line 108 "installparse.y" -{ - yyval .pair = Pk11Install_Pair_new(yyvsp[-3].string,yyvsp[-1].list); -} -break; -case 7: -#line 113 "installparse.y" -{ - yyval .string = yyvsp[0].string; -} -break; -#line 374 "ytab.c" - } - yyssp -= yym; - yystate = *yyssp; - yyvsp -= yym; - yym = yylhs[yyn]; - if (yystate == 0 && yym == 0) - { -#ifdef YYDEBUG - if (yydebug) - printf("yydebug: after reduction, shifting from state 0 to\ - state %d\n", YYFINAL); -#endif - yystate = YYFINAL; - *++yyssp = YYFINAL; - *++yyvsp = yyval; - if (yychar < 0) - { - if ((yychar = yylex()) < 0) yychar = 0; -#if YYDEBUG - if (yydebug) - { - yys = 0; - if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; - if (!yys) yys = "illegal-symbol"; - printf("yydebug: state %d, reading %d (%s)\n", - YYFINAL, yychar, yys); - } -#endif - } - if (yychar == 0) goto yyaccept; - goto yyloop; - } - if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == yystate) - yystate = yytable[yyn]; - else - yystate = yydgoto[yym]; -#ifdef YYDEBUG - if (yydebug) - printf("yydebug: after reduction, shifting from state %d \ -to state %d\n", *yyssp, yystate); -#endif - if (yyssp >= yyss + yystacksize - 1) - { - goto yyoverflow; - } - *++yyssp = yystate; - *++yyvsp = yyval; - goto yyloop; -yyoverflow: - yyerror("yacc stack overflow"); -yyabort: - return (1); -yyaccept: - return (0); -} diff --git a/security/nss/cmd/modutil/installparse.h b/security/nss/cmd/modutil/installparse.h deleted file mode 100644 index 75686d4fdd..0000000000 --- a/security/nss/cmd/modutil/installparse.h +++ /dev/null @@ -1,3 +0,0 @@ -#define OPENBRACE 257 -#define CLOSEBRACE 258 -#define STRING 259 diff --git a/security/nss/cmd/modutil/installparse.l b/security/nss/cmd/modutil/installparse.l deleted file mode 100644 index 3881ea5301..0000000000 --- a/security/nss/cmd/modutil/installparse.l +++ /dev/null @@ -1,169 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - - -/* lex file for analyzing PKCS #11 Module installation instructions */ - -/*----------------------------- Definitions ---------------------------*/ -%{ -#include - -#include "install-ds.h" /* defines tokens and data structures */ -#include "installparse.h" /* produced by yacc -d */ -#include -static char *putSimpleString(char*); /* return copy of string */ -static char *putComplexString(char*); /* strip out quotes, deal with */ - /* escaped characters */ - -void Pk11Install_yyerror(char *); - -/* Overrides to use NSPR */ -#define malloc PR_Malloc -#define realloc PR_Realloc -#define free PR_Free - -int Pk11Install_yylinenum=1; -static char *err; - -#define YY_NEVER_INTERACTIVE 1 -#define yyunput Pkcs11Install_yyunput - -/* This is the default YY_INPUT modified for NSPR */ -#define YY_INPUT(buf,result,max_size) \ - if ( yy_current_buffer->yy_is_interactive ) { \ - char c; \ - int n; \ - for ( n = 0; n < max_size && \ - PR_Read(Pk11Install_FD, &c, 1)==1 && c != '\n'; ++n ) { \ - buf[n] = c; \ - } \ - if ( c == '\n' ) { \ - buf[n++] = c; \ - } \ - result = n; \ - } else { \ - result = PR_Read(Pk11Install_FD, buf, max_size); \ - } - -%} - -/*** Regular expression definitions ***/ -/* simple_string has no whitespace, quotes, or braces */ -simple_string [^ \t\r\n\""{""}"]+ - -/* complex_string is enclosed in quotes. Inside the quotes, quotes and - backslashes must be backslash-escaped. No newlines or carriage returns - are allowed inside the quotes. Otherwise, anything goes. */ -complex_string \"([^\"\\\r\n]|(\\\")|(\\\\))+\" - -/* Standard whitespace */ -whitespace [ \t\r]+ - -other . - -/*---------------------------- Actions --------------------------------*/ -%% - -"{" return OPENBRACE; -"}" return CLOSEBRACE; -{simple_string} {Pk11Install_yylval.string = - putSimpleString(Pk11Install_yytext); - return STRING;} -{complex_string} {Pk11Install_yylval.string = - putComplexString(Pk11Install_yytext); - return STRING;} - -"\n" Pk11Install_yylinenum++; - -{whitespace} ; - -{other} {err = PR_smprintf("Invalid lexeme: %s",Pk11Install_yytext); - Pk11Install_yyerror(err); - PR_smprintf_free(err); - return 1; - } - -%% -/*------------------------ Program Section ----------------------------*/ - -PRFileDesc *Pk11Install_FD=NULL; - -/*************************************************************************/ -/* dummy function required by lex */ -int Pk11Install_yywrap(void) { return 1;} - -/*************************************************************************/ -/* Return a copy of the given string */ -static char* -putSimpleString(char *str) -{ - char *tmp = (char*) PR_Malloc(strlen(str)+1); - strcpy(tmp, str); - return tmp; -} - -/*************************************************************************/ -/* Strip out quotes, replace escaped characters with what they stand for. - This function assumes that what is passed in is actually a complex - string, so error checking is lax. */ -static char* -putComplexString(char *str) -{ - int size, i,j; - char *tmp; - - if(!str) { - return NULL; - } - size = strlen(str); - - /* Allocate the new space. This string will actually be too big, - since quotes and backslashes will be stripped out. But that's ok. */ - tmp = (char*) PR_Malloc(size+1); - - /* Copy it over */ - for(i=0, j=0; i < size; i++) { - if(str[i]=='\"') { - continue; /* skip un-escaped quotes */ - } else if(str[i]=='\\') { - ++i; /* escaped character. skip the backslash */ - } - tmp[j++] = str[i]; - } - tmp[j] = '\0'; - - return tmp; -} diff --git a/security/nss/cmd/modutil/installparse.y b/security/nss/cmd/modutil/installparse.y deleted file mode 100644 index 003f046288..0000000000 --- a/security/nss/cmd/modutil/installparse.y +++ /dev/null @@ -1,136 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* yacc file for parsing PKCS #11 module installation instructions */ -/*------------------------ Definition Section ---------------------------*/ - -%{ -#define yyparse Pk11Install_yyparse -#define yylex Pk11Install_yylex -#define yyerror Pk11Install_yyerror -#define yychar Pk11Install_yychar -#define yyval Pk11Install_yyval -#define yylval Pk11Install_yylval -#define yydebug Pk11Install_yydebug -#define yynerrs Pk11Install_yynerrs -#define yyerrflag Pk11Install_yyerrflag -#define yyss Pk11Install_yyss -#define yyssp Pk11Install_yyssp -#define yyvs Pk11Install_yyvs -#define yyvsp Pk11Install_yyvsp -#define yylhs Pk11Install_yylhs -#define yylen Pk11Install_yylen -#define yydefred Pk11Install_yydefred -#define yydgoto Pk11Install_yydgoto -#define yysindex Pk11Install_yysindex -#define yyrindex Pk11Install_yyrindex -#define yygindex Pk11Install_yygindex -#define yytable Pk11Install_yytable -#define yycheck Pk11Install_yycheck -#define yyname Pk11Install_yyname -#define yyrule Pk11Install_yyrule - -/* C Stuff */ -#include "install-ds.h" -#include - -#define YYSTYPE Pk11Install_Pointer -extern char *Pk11Install_yytext; -char *Pk11Install_yyerrstr=NULL; - -%} - -/* Tokens */ -%token OPENBRACE -%token CLOSEBRACE -%token STRING -%start toplist - -%% - -/*--------------------------- Productions -------------------------------*/ - -toplist : valuelist -{ - Pk11Install_valueList = $1.list; -} - -valuelist : value valuelist -{ - Pk11Install_ValueList_AddItem($2.list,$1.value); - $$.list = $2.list; -} -| -{ - $$.list = Pk11Install_ValueList_new(); -}; - -value : key_value_pair -{ - $$.value= Pk11Install_Value_new(PAIR_VALUE,$1); -} -| STRING -{ - $$.value= Pk11Install_Value_new(STRING_VALUE, $1); -}; - -key_value_pair : key OPENBRACE valuelist CLOSEBRACE -{ - $$.pair = Pk11Install_Pair_new($1.string,$3.list); -}; - -key : STRING -{ - $$.string = $1.string; -}; - -%% -/*----------------------- Program Section --------------------------------*/ - -/*************************************************************************/ -void -Pk11Install_yyerror(char *message) -{ - char *tmp; - if(Pk11Install_yyerrstr) { - tmp=PR_smprintf("%sline %d: %s\n", Pk11Install_yyerrstr, - Pk11Install_yylinenum, message); - PR_smprintf_free(Pk11Install_yyerrstr); - } else { - tmp = PR_smprintf("line %d: %s\n", Pk11Install_yylinenum, message); - } - Pk11Install_yyerrstr=tmp; -} diff --git a/security/nss/cmd/modutil/instsec.c b/security/nss/cmd/modutil/instsec.c deleted file mode 100644 index cfc0082342..0000000000 --- a/security/nss/cmd/modutil/instsec.c +++ /dev/null @@ -1,181 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include -#include -#include -#include -#include -#include -#include - -/* These are installation functions that make calls to the security library. - * We don't want to include security include files in the C++ code too much. - */ - -static char* PR_fgets(char *buf, int size, PRFileDesc *file); - -/*************************************************************************** - * - * P k 1 1 I n s t a l l _ A d d N e w M o d u l e - */ -int -Pk11Install_AddNewModule(char* moduleName, char* dllPath, - unsigned long defaultMechanismFlags, - unsigned long cipherEnableFlags) -{ - return (SECMOD_AddNewModule(moduleName, dllPath, - SECMOD_PubMechFlagstoInternal(defaultMechanismFlags), - SECMOD_PubCipherFlagstoInternal(cipherEnableFlags)) - == SECSuccess) ? 0 : -1; -} - -/************************************************************************* - * - * P k 1 1 I n s t a l l _ U s e r V e r i f y J a r - * - * Gives the user feedback on the signatures of a JAR files, asks them - * whether they actually want to continue. - * Assumes the jar structure has already been created and is valid. - * Returns 0 if the user wants to continue the installation, nonzero - * if the user wishes to abort. - */ -short -Pk11Install_UserVerifyJar(JAR *jar, PRFileDesc *out, PRBool query) -{ - JAR_Context *ctx; - JAR_Cert *fing; - JAR_Item *item; - char stdinbuf[80]; - int count=0; - - CERTCertificate *cert, *prev=NULL; - - PR_fprintf(out, "\nThis installation JAR file was signed by:\n"); - - ctx = JAR_find(jar, NULL, jarTypeSign); - - while(JAR_find_next(ctx, &item) >= 0 ) { - fing = (JAR_Cert*) item->data; - cert = fing->cert; - if(cert==prev) { - continue; - } - - count++; - PR_fprintf(out, "----------------------------------------------\n"); - if(cert) { - if(cert->nickname) { - PR_fprintf(out, "**NICKNAME**\n%s\n", cert->nickname); - } - if(cert->subjectName) { - PR_fprintf(out, "**SUBJECT NAME**\n%s\n", cert->subjectName); } - if(cert->issuerName) { - PR_fprintf(out, "**ISSUER NAME**\n%s\n", cert->issuerName); - } - } else { - PR_fprintf(out, "No matching certificate could be found.\n"); - } - PR_fprintf(out, "----------------------------------------------\n\n"); - - prev=cert; - } - - JAR_find_end(ctx); - - if(count==0) { - PR_fprintf(out, "No signatures found: JAR FILE IS UNSIGNED.\n"); - } - - if(query) { - PR_fprintf(out, -"Do you wish to continue this installation? (y/n) "); - - if(PR_fgets(stdinbuf, 80, PR_STDIN) != NULL) { - char *response; - - if( (response=strtok(stdinbuf, " \t\n\r")) ) { - if( !PL_strcasecmp(response, "y") || - !PL_strcasecmp(response, "yes") ) { - return 0; - } - } - } - } - - return 1; -} - -/************************************************************************** - * - * P R _ f g e t s - * - * fgets implemented with NSPR. - */ -static char* -PR_fgets(char *buf, int size, PRFileDesc *file) -{ - int i; - int status; - char c; - - i=0; - while(i < size-1) { - status = PR_Read(file, (void*) &c, 1); - if(status==-1) { - return NULL; - } else if(status==0) { - break; - } - buf[i++] = c; - if(c=='\n') { - break; - } - } - buf[i]='\0'; - - return buf; -} - -/************************************************************************** - * - * m y S E C U _ E r r o r S t r i n g - * - */ -const char* mySECU_ErrorString(int16 errnum) -{ - return SECU_Strerror(errnum); -} diff --git a/security/nss/cmd/modutil/lex.Pk11Install_yy.c b/security/nss/cmd/modutil/lex.Pk11Install_yy.c deleted file mode 100644 index 1c123e5783..0000000000 --- a/security/nss/cmd/modutil/lex.Pk11Install_yy.c +++ /dev/null @@ -1,1694 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#define yy_create_buffer Pk11Install_yy_create_buffer -#define yy_delete_buffer Pk11Install_yy_delete_buffer -#define yy_scan_buffer Pk11Install_yy_scan_buffer -#define yy_scan_string Pk11Install_yy_scan_string -#define yy_scan_bytes Pk11Install_yy_scan_bytes -#define yy_flex_debug Pk11Install_yy_flex_debug -#define yy_init_buffer Pk11Install_yy_init_buffer -#define yy_flush_buffer Pk11Install_yy_flush_buffer -#define yy_load_buffer_state Pk11Install_yy_load_buffer_state -#define yy_switch_to_buffer Pk11Install_yy_switch_to_buffer -#define yyin Pk11Install_yyin -#define yyleng Pk11Install_yyleng -#define yylex Pk11Install_yylex -#define yyout Pk11Install_yyout -#define yyrestart Pk11Install_yyrestart -#define yytext Pk11Install_yytext -#define yywrap Pk11Install_yywrap - -#line 20 "lex.Pk11Install_yy.c" -/* A lexical scanner generated by flex */ - -/* Scanner skeleton version: - * $Header$ - */ - -#define FLEX_SCANNER -#define YY_FLEX_MAJOR_VERSION 2 -#define YY_FLEX_MINOR_VERSION 5 - -#include - - -/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ -#ifdef c_plusplus -#ifndef __cplusplus -#define __cplusplus -#endif -#endif - - -#ifdef __cplusplus - -#include -//#include - -/* Use prototypes in function declarations. */ -#define YY_USE_PROTOS - -/* The "const" storage-class-modifier is valid. */ -#define YY_USE_CONST - -#else /* ! __cplusplus */ - -#if __STDC__ - -#define YY_USE_PROTOS -#define YY_USE_CONST - -#endif /* __STDC__ */ -#endif /* ! __cplusplus */ - -#ifdef __TURBOC__ - #pragma warn -rch - #pragma warn -use -#include -#include -#define YY_USE_CONST -#define YY_USE_PROTOS -#endif - -#ifdef YY_USE_CONST -#define yyconst const -#else -#define yyconst -#endif - - -#ifdef YY_USE_PROTOS -#define YY_PROTO(proto) proto -#else -#define YY_PROTO(proto) () -#endif - -/* Returned upon end-of-file. */ -#define YY_NULL 0 - -/* Promotes a possibly negative, possibly signed char to an unsigned - * integer for use as an array index. If the signed char is negative, - * we want to instead treat it as an 8-bit unsigned char, hence the - * double cast. - */ -#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) - -/* Enter a start condition. This macro really ought to take a parameter, - * but we do it the disgusting crufty way forced on us by the ()-less - * definition of BEGIN. - */ -#define BEGIN yy_start = 1 + 2 * - -/* Translate the current start state into a value that can be later handed - * to BEGIN to return to the state. The YYSTATE alias is for lex - * compatibility. - */ -#define YY_START ((yy_start - 1) / 2) -#define YYSTATE YY_START - -/* Action number for EOF rule of a given start state. */ -#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) - -/* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart( yyin ) - -#define YY_END_OF_BUFFER_CHAR 0 - -/* Size of default input buffer. */ -#define YY_BUF_SIZE 16384 - -typedef struct yy_buffer_state *YY_BUFFER_STATE; - -extern int yyleng; -extern FILE *yyin, *yyout; - -#define EOB_ACT_CONTINUE_SCAN 0 -#define EOB_ACT_END_OF_FILE 1 -#define EOB_ACT_LAST_MATCH 2 - -/* The funky do-while in the following #define is used to turn the definition - * int a single C statement (which needs a semi-colon terminator). This - * avoids problems with code like: - * - * if ( condition_holds ) - * yyless( 5 ); - * else - * do_something_else(); - * - * Prior to using the do-while the compiler would get upset at the - * "else" because it interpreted the "if" statement as being all - * done when it reached the ';' after the yyless() call. - */ - -/* Return all but the first 'n' matched characters back to the input stream. */ - -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - *yy_cp = yy_hold_char; \ - YY_RESTORE_YY_MORE_OFFSET \ - yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ - YY_DO_BEFORE_ACTION; /* set up yytext again */ \ - } \ - while ( 0 ) - -#define unput(c) yyunput( c, yytext_ptr ) - -/* The following is because we cannot portably get our hands on size_t - * (without autoconf's help, which isn't available because we want - * flex-generated scanners to compile on their own). - */ -typedef unsigned int yy_size_t; - - -struct yy_buffer_state - { - FILE *yy_input_file; - - char *yy_ch_buf; /* input buffer */ - char *yy_buf_pos; /* current position in input buffer */ - - /* Size of input buffer in bytes, not including room for EOB - * characters. - */ - yy_size_t yy_buf_size; - - /* Number of characters read into yy_ch_buf, not including EOB - * characters. - */ - int yy_n_chars; - - /* Whether we "own" the buffer - i.e., we know we created it, - * and can realloc() it to grow it, and should free() it to - * delete it. - */ - int yy_is_our_buffer; - - /* Whether this is an "interactive" input source; if so, and - * if we're using stdio for input, then we want to use getc() - * instead of fread(), to make sure we stop fetching input after - * each newline. - */ - int yy_is_interactive; - - /* Whether we're considered to be at the beginning of a line. - * If so, '^' rules will be active on the next match, otherwise - * not. - */ - int yy_at_bol; - - /* Whether to try to fill the input buffer when we reach the - * end of it. - */ - int yy_fill_buffer; - - int yy_buffer_status; -#define YY_BUFFER_NEW 0 -#define YY_BUFFER_NORMAL 1 - /* When an EOF's been seen but there's still some text to process - * then we mark the buffer as YY_EOF_PENDING, to indicate that we - * shouldn't try reading from the input source any more. We might - * still have a bunch of tokens to match, though, because of - * possible backing-up. - * - * When we actually see the EOF, we change the status to "new" - * (via yyrestart()), so that the user can continue scanning by - * just pointing yyin at a new input file. - */ -#define YY_BUFFER_EOF_PENDING 2 - }; - -static YY_BUFFER_STATE yy_current_buffer = 0; - -/* We provide macros for accessing buffer states in case in the - * future we want to put the buffer states in a more general - * "scanner state". - */ -#define YY_CURRENT_BUFFER yy_current_buffer - - -/* yy_hold_char holds the character lost when yytext is formed. */ -static char yy_hold_char; - -static int yy_n_chars; /* number of characters read into yy_ch_buf */ - - -int yyleng; - -/* Points to current character in buffer. */ -static char *yy_c_buf_p = (char *) 0; -static int yy_init = 1; /* whether we need to initialize */ -static int yy_start = 0; /* start state number */ - -/* Flag which is used to allow yywrap()'s to do buffer switches - * instead of setting up a fresh yyin. A bit of a hack ... - */ -static int yy_did_buffer_switch_on_eof; - -void yyrestart YY_PROTO(( FILE *input_file )); - -void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); -void yy_load_buffer_state YY_PROTO(( void )); -YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); -void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); -void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); -void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); -#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) - -YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); -YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); -YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); - -static void *yy_flex_alloc YY_PROTO(( yy_size_t )); -static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); -static void yy_flex_free YY_PROTO(( void * )); - -#define yy_new_buffer yy_create_buffer - -#define yy_set_interactive(is_interactive) \ - { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_is_interactive = is_interactive; \ - } - -#define yy_set_bol(at_bol) \ - { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_at_bol = at_bol; \ - } - -#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) - -typedef unsigned char YY_CHAR; -FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; -typedef int yy_state_type; -extern char *yytext; -#define yytext_ptr yytext - -static yy_state_type yy_get_previous_state YY_PROTO(( void )); -static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); -static int yy_get_next_buffer YY_PROTO(( void )); -static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); - -/* Done after the current pattern has been matched and before the - * corresponding action - sets up yytext. - */ -#define YY_DO_BEFORE_ACTION \ - yytext_ptr = yy_bp; \ - yyleng = (int) (yy_cp - yy_bp); \ - yy_hold_char = *yy_cp; \ - *yy_cp = '\0'; \ - yy_c_buf_p = yy_cp; - -#define YY_NUM_RULES 8 -#define YY_END_OF_BUFFER 9 -static yyconst short int yy_accept[16] = - { 0, - 0, 0, 9, 3, 6, 5, 7, 1, 2, 3, - 6, 0, 0, 4, 0 - } ; - -static yyconst int yy_ec[256] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, - 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 1, 5, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 6, 1, 1, 1, 1, 1, 1, 1, 1, - - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 7, 1, 8, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1 - } ; - -static yyconst int yy_meta[9] = - { 0, - 1, 2, 3, 4, 3, 1, 5, 5 - } ; - -static yyconst short int yy_base[19] = - { 0, - 0, 0, 19, 0, 0, 21, 12, 21, 21, 0, - 0, 4, 6, 21, 21, 13, 11, 15 - } ; - -static yyconst short int yy_def[19] = - { 0, - 15, 1, 15, 16, 17, 15, 18, 15, 15, 16, - 17, 18, 15, 15, 0, 15, 15, 15 - } ; - -static yyconst short int yy_nxt[30] = - { 0, - 4, 5, 6, 5, 7, 4, 8, 9, 14, 13, - 12, 12, 11, 10, 11, 12, 12, 13, 15, 12, - 3, 15, 15, 15, 15, 15, 15, 15, 15 - } ; - -static yyconst short int yy_chk[30] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 12, 12, - 13, 13, 17, 16, 17, 18, 18, 7, 3, 18, - 15, 15, 15, 15, 15, 15, 15, 15, 15 - } ; - -static yy_state_type yy_last_accepting_state; -static char *yy_last_accepting_cpos; - -/* The intent behind this definition is that it'll catch - * any uses of REJECT which flex missed. - */ -#define REJECT reject_used_but_not_detected -#define yymore() yymore_used_but_not_detected -#define YY_MORE_ADJ 0 -#define YY_RESTORE_YY_MORE_OFFSET -char *yytext; -#line 1 "installparse.l" -#define INITIAL 0 -/* lex file for analyzing PKCS #11 Module installation instructions */ -/*----------------------------- Definitions ---------------------------*/ -#line 5 "installparse.l" -#include - -#include "install-ds.h" /* defines tokens and data structures */ -#include "installparse.h" /* produced by yacc -d */ -#include -static char *putSimpleString(char*); /* return copy of string */ -static char *putComplexString(char*); /* strip out quotes, deal with */ - /* escaped characters */ - -void Pk11Install_yyerror(char *); - -/* Overrides to use NSPR */ -#define malloc PR_Malloc -#define realloc PR_Realloc -#define free PR_Free - -int Pk11Install_yylinenum=1; -static char *err; - -#define YY_NEVER_INTERACTIVE 1 -#define yyunput Pkcs11Install_yyunput - -/* This is the default YY_INPUT modified for NSPR */ -#define YY_INPUT(buf,result,max_size) \ - if ( yy_current_buffer->yy_is_interactive ) { \ - char c; \ - int n; \ - for ( n = 0; n < max_size && \ - PR_Read(Pk11Install_FD, &c, 1)==1 && c != '\n'; ++n ) { \ - buf[n] = c; \ - } \ - if ( c == '\n' ) { \ - buf[n++] = c; \ - } \ - result = n; \ - } else { \ - result = PR_Read(Pk11Install_FD, buf, max_size); \ - } - -/*** Regular expression definitions ***/ -/* simple_string has no whitespace, quotes, or braces */ -/* complex_string is enclosed in quotes. Inside the quotes, quotes and - backslashes must be backslash-escaped. Otherwise, anything goes. */ -/* Standard whitespace */ -/*---------------------------- Actions --------------------------------*/ -#line 437 "lex.Pk11Install_yy.cpp" - -/* Macros after this point can all be overridden by user definitions in - * section 1. - */ - -#ifndef YY_SKIP_YYWRAP -#ifdef __cplusplus -extern "C" int yywrap YY_PROTO(( void )); -#else -extern int yywrap YY_PROTO(( void )); -#endif -#endif - -#ifndef YY_NO_UNPUT -static void yyunput YY_PROTO(( int c, char *buf_ptr )); -#endif - -#ifndef yytext_ptr -static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); -#endif - -#ifdef YY_NEED_STRLEN -static int yy_flex_strlen YY_PROTO(( yyconst char * )); -#endif - -#ifndef YY_NO_INPUT -#ifdef __cplusplus -static int yyinput YY_PROTO(( void )); -#else -static int input YY_PROTO(( void )); -#endif -#endif - -#if YY_STACK_USED -static int yy_start_stack_ptr = 0; -static int yy_start_stack_depth = 0; -static int *yy_start_stack = 0; -#ifndef YY_NO_PUSH_STATE -static void yy_push_state YY_PROTO(( int new_state )); -#endif -#ifndef YY_NO_POP_STATE -static void yy_pop_state YY_PROTO(( void )); -#endif -#ifndef YY_NO_TOP_STATE -static int yy_top_state YY_PROTO(( void )); -#endif - -#else -#define YY_NO_PUSH_STATE 1 -#define YY_NO_POP_STATE 1 -#define YY_NO_TOP_STATE 1 -#endif - -#ifdef YY_MALLOC_DECL -YY_MALLOC_DECL -#else -#if __STDC__ -#ifndef __cplusplus -#include -#endif -#else -/* Just try to get by without declaring the routines. This will fail - * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) - * or sizeof(void*) != sizeof(int). - */ -#endif -#endif - -/* Amount of stuff to slurp up with each read. */ -#ifndef YY_READ_BUF_SIZE -#define YY_READ_BUF_SIZE 8192 -#endif - -/* Copy whatever the last rule matched to the standard output. */ - -#ifndef ECHO -/* This used to be an fputs(), but since the string might contain NUL's, - * we now use fwrite(). - */ -#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) -#endif - -/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, - * is returned in "result". - */ -#ifndef YY_INPUT -#define YY_INPUT(buf,result,max_size) \ - if ( yy_current_buffer->yy_is_interactive ) \ - { \ - int c = '*', n; \ - for ( n = 0; n < max_size && \ - (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ - buf[n] = (char) c; \ - if ( c == '\n' ) \ - buf[n++] = (char) c; \ - if ( c == EOF && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - result = n; \ - } \ - else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ - && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); -#endif - -/* No semi-colon after return; correct usage is to write "yyterminate();" - - * we don't want an extra ';' after the "return" because that will cause - * some compilers to complain about unreachable statements. - */ -#ifndef yyterminate -#define yyterminate() return YY_NULL -#endif - -/* Number of entries by which start-condition stack grows. */ -#ifndef YY_START_STACK_INCR -#define YY_START_STACK_INCR 25 -#endif - -/* Report a fatal error. */ -#ifndef YY_FATAL_ERROR -#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) -#endif - -/* Default declaration of generated scanner - a define so the user can - * easily add parameters. - */ -#ifndef YY_DECL -#define YY_DECL int yylex YY_PROTO(( void )) -#endif - -/* Code executed at the beginning of each rule, after yytext and yyleng - * have been set up. - */ -#ifndef YY_USER_ACTION -#define YY_USER_ACTION -#endif - -/* Code executed at the end of each rule. */ -#ifndef YY_BREAK -#define YY_BREAK break; -#endif - -#define YY_RULE_SETUP \ - YY_USER_ACTION - -YY_DECL - { - register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; - register int yy_act; - -#line 60 "installparse.l" - - -#line 591 "lex.Pk11Install_yy.cpp" - - if ( yy_init ) - { - yy_init = 0; - -#ifdef YY_USER_INIT - YY_USER_INIT; -#endif - - if ( ! yy_start ) - yy_start = 1; /* first start state */ - - if ( ! yyin ) - yyin = stdin; - - if ( ! yyout ) - yyout = stdout; - - if ( ! yy_current_buffer ) - yy_current_buffer = - yy_create_buffer( yyin, YY_BUF_SIZE ); - - yy_load_buffer_state(); - } - - while ( 1 ) /* loops until end-of-file is reached */ - { - yy_cp = yy_c_buf_p; - - /* Support of yytext. */ - *yy_cp = yy_hold_char; - - /* yy_bp points to the position in yy_ch_buf of the start of - * the current run. - */ - yy_bp = yy_cp; - - yy_current_state = yy_start; -yy_match: - do - { - register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 16 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - ++yy_cp; - } - while ( yy_base[yy_current_state] != 21 ); - -yy_find_action: - yy_act = yy_accept[yy_current_state]; - if ( yy_act == 0 ) - { /* have to back up */ - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; - yy_act = yy_accept[yy_current_state]; - } - - YY_DO_BEFORE_ACTION; - - -do_action: /* This label is used only to access EOF actions. */ - - - switch ( yy_act ) - { /* beginning of action switch */ - case 0: /* must back up */ - /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = yy_hold_char; - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; - goto yy_find_action; - -case 1: -YY_RULE_SETUP -#line 62 "installparse.l" -return OPENBRACE; - YY_BREAK -case 2: -YY_RULE_SETUP -#line 63 "installparse.l" -return CLOSEBRACE; - YY_BREAK -case 3: -YY_RULE_SETUP -#line 64 "installparse.l" -{Pk11Install_yylval.string = - putSimpleString(Pk11Install_yytext); - return STRING;} - YY_BREAK -case 4: -YY_RULE_SETUP -#line 67 "installparse.l" -{Pk11Install_yylval.string = - putComplexString(Pk11Install_yytext); - return STRING;} - YY_BREAK -case 5: -YY_RULE_SETUP -#line 71 "installparse.l" -Pk11Install_yylinenum++; - YY_BREAK -case 6: -YY_RULE_SETUP -#line 73 "installparse.l" -; - YY_BREAK -case 7: -YY_RULE_SETUP -#line 75 "installparse.l" -{err = PR_smprintf("Invalid lexeme: %s",Pk11Install_yytext); - Pk11Install_yyerror(err); - PR_smprintf_free(err); - return 1; - } - YY_BREAK -case 8: -YY_RULE_SETUP -#line 81 "installparse.l" -ECHO; - YY_BREAK -#line 722 "lex.Pk11Install_yy.cpp" -case YY_STATE_EOF(INITIAL): - yyterminate(); - - case YY_END_OF_BUFFER: - { - /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; - - /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = yy_hold_char; - YY_RESTORE_YY_MORE_OFFSET - - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) - { - /* We're scanning a new file or input source. It's - * possible that this happened because the user - * just pointed yyin at a new source and called - * yylex(). If so, then we have to assure - * consistency between yy_current_buffer and our - * globals. Here is the right place to do so, because - * this is the first action (other than possibly a - * back-up) that will match for the new input source. - */ - yy_n_chars = yy_current_buffer->yy_n_chars; - yy_current_buffer->yy_input_file = yyin; - yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; - } - - /* Note that here we test for yy_c_buf_p "<=" to the position - * of the first EOB in the buffer, since yy_c_buf_p will - * already have been incremented past the NUL character - * (since all states make transitions on EOB to the - * end-of-buffer state). Contrast this with the test - * in input(). - */ - if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) - { /* This was really a NUL. */ - yy_state_type yy_next_state; - - yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state(); - - /* Okay, we're now positioned to make the NUL - * transition. We couldn't have - * yy_get_previous_state() go ahead and do it - * for us because it doesn't know how to deal - * with the possibility of jamming (and we don't - * want to build jamming into it because then it - * will run more slowly). - */ - - yy_next_state = yy_try_NUL_trans( yy_current_state ); - - yy_bp = yytext_ptr + YY_MORE_ADJ; - - if ( yy_next_state ) - { - /* Consume the NUL. */ - yy_cp = ++yy_c_buf_p; - yy_current_state = yy_next_state; - goto yy_match; - } - - else - { - yy_cp = yy_c_buf_p; - goto yy_find_action; - } - } - - else switch ( yy_get_next_buffer() ) - { - case EOB_ACT_END_OF_FILE: - { - yy_did_buffer_switch_on_eof = 0; - - if ( yywrap() ) - { - /* Note: because we've taken care in - * yy_get_next_buffer() to have set up - * yytext, we can now set up - * yy_c_buf_p so that if some total - * hoser (like flex itself) wants to - * call the scanner after we return the - * YY_NULL, it'll still work - another - * YY_NULL will get returned. - */ - yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; - - yy_act = YY_STATE_EOF(YY_START); - goto do_action; - } - - else - { - if ( ! yy_did_buffer_switch_on_eof ) - YY_NEW_FILE; - } - break; - } - - case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = - yytext_ptr + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state(); - - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; - goto yy_match; - - case EOB_ACT_LAST_MATCH: - yy_c_buf_p = - &yy_current_buffer->yy_ch_buf[yy_n_chars]; - - yy_current_state = yy_get_previous_state(); - - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; - goto yy_find_action; - } - break; - } - - default: - YY_FATAL_ERROR( - "fatal flex scanner internal error--no action found" ); - } /* end of action switch */ - } /* end of scanning one token */ - } /* end of yylex */ - - -/* yy_get_next_buffer - try to read in a new buffer - * - * Returns a code representing an action: - * EOB_ACT_LAST_MATCH - - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position - * EOB_ACT_END_OF_FILE - end of file - */ - -static int yy_get_next_buffer() - { - register char *dest = yy_current_buffer->yy_ch_buf; - register char *source = yytext_ptr; - register int number_to_move, i; - int ret_val; - - if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) - YY_FATAL_ERROR( - "fatal flex scanner internal error--end of buffer missed" ); - - if ( yy_current_buffer->yy_fill_buffer == 0 ) - { /* Don't try to fill the buffer, so this is an EOF. */ - if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) - { - /* We matched a single character, the EOB, so - * treat this as a final EOF. - */ - return EOB_ACT_END_OF_FILE; - } - - else - { - /* We matched some text prior to the EOB, first - * process it. - */ - return EOB_ACT_LAST_MATCH; - } - } - - /* Try to read more data. */ - - /* First move last chars to start of buffer. */ - number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; - - for ( i = 0; i < number_to_move; ++i ) - *(dest++) = *(source++); - - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) - /* don't do the read, it's not guaranteed to return an EOF, - * just force an EOF - */ - yy_current_buffer->yy_n_chars = yy_n_chars = 0; - - else - { - int num_to_read = - yy_current_buffer->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) - { /* Not enough room in the buffer - grow it. */ -#ifdef YY_USES_REJECT - YY_FATAL_ERROR( -"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); -#else - - /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = yy_current_buffer; - - int yy_c_buf_p_offset = - (int) (yy_c_buf_p - b->yy_ch_buf); - - if ( b->yy_is_our_buffer ) - { - int new_size = b->yy_buf_size * 2; - - if ( new_size <= 0 ) - b->yy_buf_size += b->yy_buf_size / 8; - else - b->yy_buf_size *= 2; - - b->yy_ch_buf = (char *) - /* Include room in for 2 EOB chars. */ - yy_flex_realloc( (void *) b->yy_ch_buf, - b->yy_buf_size + 2 ); - } - else - /* Can't grow it, we don't own it. */ - b->yy_ch_buf = 0; - - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( - "fatal error - scanner input buffer overflow" ); - - yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; - - num_to_read = yy_current_buffer->yy_buf_size - - number_to_move - 1; -#endif - } - - if ( num_to_read > YY_READ_BUF_SIZE ) - num_to_read = YY_READ_BUF_SIZE; - - /* Read in more data. */ - YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), - yy_n_chars, num_to_read ); - - yy_current_buffer->yy_n_chars = yy_n_chars; - } - - if ( yy_n_chars == 0 ) - { - if ( number_to_move == YY_MORE_ADJ ) - { - ret_val = EOB_ACT_END_OF_FILE; - yyrestart( yyin ); - } - - else - { - ret_val = EOB_ACT_LAST_MATCH; - yy_current_buffer->yy_buffer_status = - YY_BUFFER_EOF_PENDING; - } - } - - else - ret_val = EOB_ACT_CONTINUE_SCAN; - - yy_n_chars += number_to_move; - yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; - yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; - - yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; - - return ret_val; - } - - -/* yy_get_previous_state - get the state just before the EOB char was reached */ - -static yy_state_type yy_get_previous_state() - { - register yy_state_type yy_current_state; - register char *yy_cp; - - yy_current_state = yy_start; - - for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) - { - register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 16 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - } - - return yy_current_state; - } - - -/* yy_try_NUL_trans - try to make a transition on the NUL character - * - * synopsis - * next_state = yy_try_NUL_trans( current_state ); - */ - -#ifdef YY_USE_PROTOS -static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) -#else -static yy_state_type yy_try_NUL_trans( yy_current_state ) -yy_state_type yy_current_state; -#endif - { - register int yy_is_jam; - register char *yy_cp = yy_c_buf_p; - - register YY_CHAR yy_c = 1; - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 16 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 15); - - return yy_is_jam ? 0 : yy_current_state; - } - - -#ifndef YY_NO_UNPUT -#ifdef YY_USE_PROTOS -static void yyunput( int c, register char *yy_bp ) -#else -static void yyunput( c, yy_bp ) -int c; -register char *yy_bp; -#endif - { - register char *yy_cp = yy_c_buf_p; - - /* undo effects of setting up yytext */ - *yy_cp = yy_hold_char; - - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) - { /* need to shift things up to make room */ - /* +2 for EOB chars. */ - register int number_to_move = yy_n_chars + 2; - register char *dest = &yy_current_buffer->yy_ch_buf[ - yy_current_buffer->yy_buf_size + 2]; - register char *source = - &yy_current_buffer->yy_ch_buf[number_to_move]; - - while ( source > yy_current_buffer->yy_ch_buf ) - *--dest = *--source; - - yy_cp += (int) (dest - source); - yy_bp += (int) (dest - source); - yy_current_buffer->yy_n_chars = - yy_n_chars = yy_current_buffer->yy_buf_size; - - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) - YY_FATAL_ERROR( "flex scanner push-back overflow" ); - } - - *--yy_cp = (char) c; - - - yytext_ptr = yy_bp; - yy_hold_char = *yy_cp; - yy_c_buf_p = yy_cp; - } -#endif /* ifndef YY_NO_UNPUT */ - - -#ifdef __cplusplus -static int yyinput() -#else -static int input() -#endif - { - int c; - - *yy_c_buf_p = yy_hold_char; - - if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) - { - /* yy_c_buf_p now points to the character we want to return. - * If this occurs *before* the EOB characters, then it's a - * valid NUL; if not, then we've hit the end of the buffer. - */ - if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) - /* This was really a NUL. */ - *yy_c_buf_p = '\0'; - - else - { /* need more input */ - int offset = yy_c_buf_p - yytext_ptr; - ++yy_c_buf_p; - - switch ( yy_get_next_buffer() ) - { - case EOB_ACT_LAST_MATCH: - /* This happens because yy_g_n_b() - * sees that we've accumulated a - * token and flags that we need to - * try matching the token before - * proceeding. But for input(), - * there's no matching to consider. - * So convert the EOB_ACT_LAST_MATCH - * to EOB_ACT_END_OF_FILE. - */ - - /* Reset buffer status. */ - yyrestart( yyin ); - - /* fall through */ - - case EOB_ACT_END_OF_FILE: - { - if ( yywrap() ) - return EOF; - - if ( ! yy_did_buffer_switch_on_eof ) - YY_NEW_FILE; -#ifdef __cplusplus - return yyinput(); -#else - return input(); -#endif - } - - case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = yytext_ptr + offset; - break; - } - } - } - - c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ - *yy_c_buf_p = '\0'; /* preserve yytext */ - yy_hold_char = *++yy_c_buf_p; - - - return c; - } - - -#ifdef YY_USE_PROTOS -void yyrestart( FILE *input_file ) -#else -void yyrestart( input_file ) -FILE *input_file; -#endif - { - if ( ! yy_current_buffer ) - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); - - yy_init_buffer( yy_current_buffer, input_file ); - yy_load_buffer_state(); - } - - -#ifdef YY_USE_PROTOS -void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) -#else -void yy_switch_to_buffer( new_buffer ) -YY_BUFFER_STATE new_buffer; -#endif - { - if ( yy_current_buffer == new_buffer ) - return; - - if ( yy_current_buffer ) - { - /* Flush out information for old buffer. */ - *yy_c_buf_p = yy_hold_char; - yy_current_buffer->yy_buf_pos = yy_c_buf_p; - yy_current_buffer->yy_n_chars = yy_n_chars; - } - - yy_current_buffer = new_buffer; - yy_load_buffer_state(); - - /* We don't actually know whether we did this switch during - * EOF (yywrap()) processing, but the only time this flag - * is looked at is after yywrap() is called, so it's safe - * to go ahead and always set it. - */ - yy_did_buffer_switch_on_eof = 1; - } - - -#ifdef YY_USE_PROTOS -void yy_load_buffer_state( void ) -#else -void yy_load_buffer_state() -#endif - { - yy_n_chars = yy_current_buffer->yy_n_chars; - yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; - yyin = yy_current_buffer->yy_input_file; - yy_hold_char = *yy_c_buf_p; - } - - -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) -#else -YY_BUFFER_STATE yy_create_buffer( file, size ) -FILE *file; -int size; -#endif - { - YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_buf_size = size; - - /* yy_ch_buf has to be 2 characters longer than the size given because - * we need to put in 2 end-of-buffer characters. - */ - b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_is_our_buffer = 1; - - yy_init_buffer( b, file ); - - return b; - } - - -#ifdef YY_USE_PROTOS -void yy_delete_buffer( YY_BUFFER_STATE b ) -#else -void yy_delete_buffer( b ) -YY_BUFFER_STATE b; -#endif - { - if ( ! b ) - return; - - if ( b == yy_current_buffer ) - yy_current_buffer = (YY_BUFFER_STATE) 0; - - if ( b->yy_is_our_buffer ) - yy_flex_free( (void *) b->yy_ch_buf ); - - yy_flex_free( (void *) b ); - } - - -#ifndef YY_ALWAYS_INTERACTIVE -#ifndef YY_NEVER_INTERACTIVE -extern int isatty YY_PROTO(( int )); -#endif -#endif - -#ifdef YY_USE_PROTOS -void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) -#else -void yy_init_buffer( b, file ) -YY_BUFFER_STATE b; -FILE *file; -#endif - - - { - yy_flush_buffer( b ); - - b->yy_input_file = file; - b->yy_fill_buffer = 1; - -#if YY_ALWAYS_INTERACTIVE - b->yy_is_interactive = 1; -#else -#if YY_NEVER_INTERACTIVE - b->yy_is_interactive = 0; -#else - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; -#endif -#endif - } - - -#ifdef YY_USE_PROTOS -void yy_flush_buffer( YY_BUFFER_STATE b ) -#else -void yy_flush_buffer( b ) -YY_BUFFER_STATE b; -#endif - - { - if ( ! b ) - return; - - b->yy_n_chars = 0; - - /* We always need two end-of-buffer characters. The first causes - * a transition to the end-of-buffer state. The second causes - * a jam in that state. - */ - b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; - b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; - - b->yy_buf_pos = &b->yy_ch_buf[0]; - - b->yy_at_bol = 1; - b->yy_buffer_status = YY_BUFFER_NEW; - - if ( b == yy_current_buffer ) - yy_load_buffer_state(); - } - - -#ifndef YY_NO_SCAN_BUFFER -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) -#else -YY_BUFFER_STATE yy_scan_buffer( base, size ) -char *base; -yy_size_t size; -#endif - { - YY_BUFFER_STATE b; - - if ( size < 2 || - base[size-2] != YY_END_OF_BUFFER_CHAR || - base[size-1] != YY_END_OF_BUFFER_CHAR ) - /* They forgot to leave room for the EOB's. */ - return 0; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); - - b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ - b->yy_buf_pos = b->yy_ch_buf = base; - b->yy_is_our_buffer = 0; - b->yy_input_file = 0; - b->yy_n_chars = b->yy_buf_size; - b->yy_is_interactive = 0; - b->yy_at_bol = 1; - b->yy_fill_buffer = 0; - b->yy_buffer_status = YY_BUFFER_NEW; - - yy_switch_to_buffer( b ); - - return b; - } -#endif - - -#ifndef YY_NO_SCAN_STRING -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) -#else -YY_BUFFER_STATE yy_scan_string( yy_str ) -yyconst char *yy_str; -#endif - { - int len; - for ( len = 0; yy_str[len]; ++len ) - ; - - return yy_scan_bytes( yy_str, len ); - } -#endif - - -#ifndef YY_NO_SCAN_BYTES -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) -#else -YY_BUFFER_STATE yy_scan_bytes( bytes, len ) -yyconst char *bytes; -int len; -#endif - { - YY_BUFFER_STATE b; - char *buf; - yy_size_t n; - int i; - - /* Get memory for full buffer, including space for trailing EOB's. */ - n = len + 2; - buf = (char *) yy_flex_alloc( n ); - if ( ! buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); - - for ( i = 0; i < len; ++i ) - buf[i] = bytes[i]; - - buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; - - b = yy_scan_buffer( buf, n ); - if ( ! b ) - YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); - - /* It's okay to grow etc. this buffer, and we should throw it - * away when we're done. - */ - b->yy_is_our_buffer = 1; - - return b; - } -#endif - - -#ifndef YY_NO_PUSH_STATE -#ifdef YY_USE_PROTOS -static void yy_push_state( int new_state ) -#else -static void yy_push_state( new_state ) -int new_state; -#endif - { - if ( yy_start_stack_ptr >= yy_start_stack_depth ) - { - yy_size_t new_size; - - yy_start_stack_depth += YY_START_STACK_INCR; - new_size = yy_start_stack_depth * sizeof( int ); - - if ( ! yy_start_stack ) - yy_start_stack = (int *) yy_flex_alloc( new_size ); - - else - yy_start_stack = (int *) yy_flex_realloc( - (void *) yy_start_stack, new_size ); - - if ( ! yy_start_stack ) - YY_FATAL_ERROR( - "out of memory expanding start-condition stack" ); - } - - yy_start_stack[yy_start_stack_ptr++] = YY_START; - - BEGIN(new_state); - } -#endif - - -#ifndef YY_NO_POP_STATE -static void yy_pop_state() - { - if ( --yy_start_stack_ptr < 0 ) - YY_FATAL_ERROR( "start-condition stack underflow" ); - - BEGIN(yy_start_stack[yy_start_stack_ptr]); - } -#endif - - -#ifndef YY_NO_TOP_STATE -static int yy_top_state() - { - return yy_start_stack[yy_start_stack_ptr - 1]; - } -#endif - -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 -#endif - -#ifdef YY_USE_PROTOS -static void yy_fatal_error( yyconst char msg[] ) -#else -static void yy_fatal_error( msg ) -char msg[]; -#endif - { - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); - } - - - -/* Redefine yyless() so it works in section 3 code. */ - -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - yytext[yyleng] = yy_hold_char; \ - yy_c_buf_p = yytext + n; \ - yy_hold_char = *yy_c_buf_p; \ - *yy_c_buf_p = '\0'; \ - yyleng = n; \ - } \ - while ( 0 ) - - -/* Internal utility routines. */ - -#ifndef yytext_ptr -#ifdef YY_USE_PROTOS -static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) -#else -static void yy_flex_strncpy( s1, s2, n ) -char *s1; -yyconst char *s2; -int n; -#endif - { - register int i; - for ( i = 0; i < n; ++i ) - s1[i] = s2[i]; - } -#endif - -#ifdef YY_NEED_STRLEN -#ifdef YY_USE_PROTOS -static int yy_flex_strlen( yyconst char *s ) -#else -static int yy_flex_strlen( s ) -yyconst char *s; -#endif - { - register int n; - for ( n = 0; s[n]; ++n ) - ; - - return n; - } -#endif - - -#ifdef YY_USE_PROTOS -static void *yy_flex_alloc( yy_size_t size ) -#else -static void *yy_flex_alloc( size ) -yy_size_t size; -#endif - { - return (void *) malloc( size ); - } - -#ifdef YY_USE_PROTOS -static void *yy_flex_realloc( void *ptr, yy_size_t size ) -#else -static void *yy_flex_realloc( ptr, size ) -void *ptr; -yy_size_t size; -#endif - { - /* The cast to (char *) in the following accommodates both - * implementations that use char* generic pointers, and those - * that use void* generic pointers. It works with the latter - * because both ANSI C and C++ allow castless assignment from - * any pointer type to void*, and deal with argument conversions - * as though doing an assignment. - */ - return (void *) realloc( (char *) ptr, size ); - } - -#ifdef YY_USE_PROTOS -static void yy_flex_free( void *ptr ) -#else -static void yy_flex_free( ptr ) -void *ptr; -#endif - { - free( ptr ); - } - -#if YY_MAIN -int main() - { - yylex(); - return 0; - } -#endif -#line 81 "installparse.l" - -/*------------------------ Program Section ----------------------------*/ - -PRFileDesc *Pk11Install_FD=NULL; - -/*************************************************************************/ -/* dummy function required by lex */ -int Pk11Install_yywrap(void) { return 1;} - -/*************************************************************************/ -/* Return a copy of the given string */ -static char* -putSimpleString(char *str) -{ - char *tmp = (char*) PR_Malloc(strlen(str)+1); - strcpy(tmp, str); - return tmp; -} - -/*************************************************************************/ -/* Strip out quotes, replace escaped characters with what they stand for. - This function assumes that what is passed in is actually a complex - string, so error checking is lax. */ -static char* -putComplexString(char *str) -{ - int size, i,j; - char *tmp; - - if(!str) { - return NULL; - } - size = strlen(str); - - /* Allocate the new space. This string will actually be too big, - since quotes and backslashes will be stripped out. But that's ok. */ - tmp = (char*) PR_Malloc(size+1); - - /* Copy it over */ - for(i=0, j=0; i < size; i++) { - if(str[i]=='\"') { - continue; /* skip un-escaped quotes */ - } else if(str[i]=='\\') { - ++i; /* escaped character. skip the backslash */ - } - tmp[j++] = str[i]; - } - tmp[j] = '\0'; - - return tmp; -} diff --git a/security/nss/cmd/modutil/manifest.mn b/security/nss/cmd/modutil/manifest.mn deleted file mode 100644 index 31ebcf68cd..0000000000 --- a/security/nss/cmd/modutil/manifest.mn +++ /dev/null @@ -1,66 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -MODULE = sectools - -EXPORTS = - -CSRCS = modutil.c \ - pk11.c \ - instsec.c \ - install.c \ - installparse.c \ - install-ds.c \ - lex.Pk11Install_yy.c \ - $(NULL) - -CPPSRCS = - -PROGRAM = modutil - -REQUIRES = seccmd nss dbm - -DEFINES = -DNSPR20 - -# sigh -#INCLUDES += -I$(CORE_DEPTH)/nss/lib/pk11wrap - -# USE_STATIC_LIBS = 1 - -EXTRA_LIBS = $(JAR_LIBS) diff --git a/security/nss/cmd/modutil/modutil.c b/security/nss/cmd/modutil/modutil.c deleted file mode 100644 index d277fea05f..0000000000 --- a/security/nss/cmd/modutil/modutil.c +++ /dev/null @@ -1,973 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* To edit this file, set TABSTOPS to 4 spaces. - * This is not the normal NSS convention. - */ - -#include "modutil.h" -#include "install.h" -#include -#include "certdb.h" /* for CERT_DB_FILE_VERSION */ -#include "nss.h" - -static void install_error(char *message); -static char* PR_fgets(char *buf, int size, PRFileDesc *file); -static char *progName; - - -/* This enum must be kept in sync with the commandNames list */ -typedef enum { - NO_COMMAND, - ADD_COMMAND, - CHANGEPW_COMMAND, - CREATE_COMMAND, - DEFAULT_COMMAND, - DELETE_COMMAND, - DISABLE_COMMAND, - ENABLE_COMMAND, - FIPS_COMMAND, - JAR_COMMAND, - LIST_COMMAND, - RAW_LIST_COMMAND, - RAW_ADD_COMMAND, - CHKFIPS_COMMAND, - UNDEFAULT_COMMAND -} Command; - -/* This list must be kept in sync with the Command enum */ -static char *commandNames[] = { - "(no command)", - "-add", - "-changepw", - "-create", - "-default", - "-delete", - "-disable", - "-enable", - "-fips", - "-jar", - "-list", - "-rawlist", - "-rawadd", - "-chkfips", - "-undefault" -}; - - -/* this enum must be kept in sync with the optionStrings list */ -typedef enum { - ADD_ARG=0, - RAW_ADD_ARG, - CHANGEPW_ARG, - CIPHERS_ARG, - CREATE_ARG, - DBDIR_ARG, - DBPREFIX_ARG, - DEFAULT_ARG, - DELETE_ARG, - DISABLE_ARG, - ENABLE_ARG, - FIPS_ARG, - FORCE_ARG, - JAR_ARG, - LIBFILE_ARG, - LIST_ARG, - RAW_LIST_ARG, - MECHANISMS_ARG, - NEWPWFILE_ARG, - PWFILE_ARG, - SLOT_ARG, - UNDEFAULT_ARG, - INSTALLDIR_ARG, - TEMPDIR_ARG, - SECMOD_ARG, - NOCERTDB_ARG, - STRING_ARG, - CHKFIPS_ARG, - - NUM_ARGS /* must be last */ -} Arg; - -/* This list must be kept in sync with the Arg enum */ -static char *optionStrings[] = { - "-add", - "-rawadd", - "-changepw", - "-ciphers", - "-create", - "-dbdir", - "-dbprefix", - "-default", - "-delete", - "-disable", - "-enable", - "-fips", - "-force", - "-jar", - "-libfile", - "-list", - "-rawlist", - "-mechanisms", - "-newpwfile", - "-pwfile", - "-slot", - "-undefault", - "-installdir", - "-tempdir", - "-secmod", - "-nocertdb", - "-string", - "-chkfips", -}; - -/* Increment i if doing so would have i still be less than j. If you - are able to do this, return 0. Otherwise return 1. */ -#define TRY_INC(i,j) ( ((i+1) -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include "error.h" - -Error FipsMode(char *arg); -Error ChkFipsMode(char *arg); -Error AddModule(char *moduleName, char *libFile, char *ciphers, - char *mechanisms, char* modparms); -Error DeleteModule(char *moduleName); -Error ListModule(char *moduleName); -Error ListModules(); -Error ChangePW(char *tokenName, char *pwFile, char *newpwFile); -Error EnableModule(char *moduleName, char *slotName, PRBool enable); -Error RawAddModule(char *dbmodulespec, char *modulespec); -Error RawListModule(char *modulespec); -Error SetDefaultModule(char *moduleName, char *slotName, char *mechanisms); -Error UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms); -void out_of_memory(void); - -#endif /*MODUTIL_H*/ diff --git a/security/nss/cmd/modutil/pk11.c b/security/nss/cmd/modutil/pk11.c deleted file mode 100644 index 365301440a..0000000000 --- a/security/nss/cmd/modutil/pk11.c +++ /dev/null @@ -1,949 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* To edit this file, set TABSTOPS to 4 spaces. - * This is not the normal NSS convention. - */ - -#include "modutil.h" -/* #include "secmodti.h" */ -#include "pk11func.h" - -static PK11DefaultArrayEntry *pk11_DefaultArray = NULL; -static int pk11_DefaultArraySize = 0; - -/************************************************************************* - * - * F i p s M o d e - * If arg=="true", enable FIPS mode on the internal module. If arg=="false", - * disable FIPS mode on the internal module. - */ -Error -FipsMode(char *arg) -{ - char *internal_name; - - if(!PORT_Strcasecmp(arg, "true")) { - if(!PK11_IsFIPS()) { - internal_name = PR_smprintf("%s", - SECMOD_GetInternalModule()->commonName); - if(SECMOD_DeleteInternalModule(internal_name) != SECSuccess) { - PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError())); - PR_smprintf_free(internal_name); - PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); - return FIPS_SWITCH_FAILED_ERR; - } - PR_smprintf_free(internal_name); - if (!PK11_IsFIPS()) { - PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); - return FIPS_SWITCH_FAILED_ERR; - } - PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); - } else { - PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]); - return FIPS_ALREADY_ON_ERR; - } - } else if(!PORT_Strcasecmp(arg, "false")) { - if(PK11_IsFIPS()) { - internal_name = PR_smprintf("%s", - SECMOD_GetInternalModule()->commonName); - if(SECMOD_DeleteInternalModule(internal_name) != SECSuccess) { - PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError())); - PR_smprintf_free(internal_name); - PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); - return FIPS_SWITCH_FAILED_ERR; - } - PR_smprintf_free(internal_name); - if (PK11_IsFIPS()) { - PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); - return FIPS_SWITCH_FAILED_ERR; - } - PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]); - } else { - PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_OFF_ERR]); - return FIPS_ALREADY_OFF_ERR; - } - } else { - PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]); - return INVALID_FIPS_ARG; - } - - return SUCCESS; -} - -/************************************************************************* - * - * C h k F i p s M o d e - * If arg=="true", verify FIPS mode is enabled on the internal module. - * If arg=="false", verify FIPS mode is disabled on the internal module. - */ -Error -ChkFipsMode(char *arg) -{ - if(!PORT_Strcasecmp(arg, "true")) { - if (PK11_IsFIPS()) { - PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); - } else { - PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]); - return FIPS_SWITCH_FAILED_ERR; - } - - } else if(!PORT_Strcasecmp(arg, "false")) { - if(!PK11_IsFIPS()) { - PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]); - } else { - PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); - return FIPS_SWITCH_FAILED_ERR; - } - } else { - PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]); - return INVALID_FIPS_ARG; - } - - return SUCCESS; -} - -/************************************************************************ - * Cipher and Mechanism name-bitmask translation tables - */ - -typedef struct { - char *name; - unsigned long mask; -} MaskString; - -static MaskString mechanismStrings[] = { - {"RSA", PUBLIC_MECH_RSA_FLAG}, - {"DSA", PUBLIC_MECH_DSA_FLAG}, - {"RC2", PUBLIC_MECH_RC2_FLAG}, - {"RC4", PUBLIC_MECH_RC4_FLAG}, - {"RC5", PUBLIC_MECH_RC5_FLAG}, - {"DES", PUBLIC_MECH_DES_FLAG}, - {"DH", PUBLIC_MECH_DH_FLAG}, - {"FORTEZZA", PUBLIC_MECH_FORTEZZA_FLAG}, - {"SHA1", PUBLIC_MECH_SHA1_FLAG}, - {"MD5", PUBLIC_MECH_MD5_FLAG}, - {"MD2", PUBLIC_MECH_MD2_FLAG}, - {"SSL", PUBLIC_MECH_SSL_FLAG}, - {"TLS", PUBLIC_MECH_TLS_FLAG}, - {"RANDOM", PUBLIC_MECH_RANDOM_FLAG}, - {"FRIENDLY", PUBLIC_MECH_FRIENDLY_FLAG} -}; -static int numMechanismStrings = - sizeof(mechanismStrings) / sizeof(mechanismStrings[0]); - -static MaskString cipherStrings[] = { - {"FORTEZZA", PUBLIC_CIPHER_FORTEZZA_FLAG} -}; -static int numCipherStrings = - sizeof(cipherStrings) / sizeof(cipherStrings[0]); - -/* Maximum length of a colon-separated list of all the strings in an - * array. */ -#define MAX_STRING_LIST_LEN 240 /* or less */ - -/************************************************************************ - * - * g e t F l a g s F r o m S t r i n g - * - * Parses a mechanism list passed on the command line and converts it - * to an unsigned long bitmask. - * string is a colon-separated string of constants - * array is an array of MaskStrings. - * elements is the number of elements in array. - */ -static unsigned long -getFlagsFromString(char *string, MaskString array[], int elements) -{ - unsigned long ret = 0; - short i = 0; - char *cp; - char *buf; - char *end; - - if(!string || !string[0]) { - return ret; - } - - /* Make a temporary copy of the string */ - buf = PR_Malloc(strlen(string)+1); - if(!buf) { - out_of_memory(); - } - strcpy(buf, string); - - /* Look at each element of the list passed in */ - for(cp=buf; cp && *cp; cp = (end ? end+1 : NULL) ) { - /* Look at the string up to the next colon */ - end = strchr(cp, ':'); - if(end) { - *end = '\0'; - } - - /* Find which element this is */ - for(i=0; i < elements; i++) { - if( !PORT_Strcasecmp(cp, array[i].name) ) { - break; - } - } - if(i == elements) { - /* Skip a bogus string, but print a warning message */ - PR_fprintf(PR_STDERR, errStrings[INVALID_CONSTANT_ERR], cp); - continue; - } - ret |= array[i].mask; - } - - PR_Free(buf); - return ret; -} - -/********************************************************************** - * - * g e t S t r i n g F r o m F l a g s - * - * The return string's memory is owned by this function. Copy it - * if you need it permanently or you want to change it. - */ -static char * -getStringFromFlags(unsigned long flags, MaskString array[], int elements) -{ - static char buf[MAX_STRING_LIST_LEN]; - int i; - int count=0; - - buf[0] = '\0'; - for(i=0; iloaded ? module->slotCount : 0; - int i; - - if ((*count)++) { - PR_fprintf(PR_STDOUT,"\n"); - } - PR_fprintf(PR_STDOUT, "%3d. %s\n", *count, module->commonName); - - if (module->dllName) { - PR_fprintf(PR_STDOUT, "\tlibrary name: %s\n", module->dllName); - } - - if (slotCount == 0) { - PR_fprintf(PR_STDOUT, - "\t slots: There are no slots attached to this module\n"); - } else { - PR_fprintf(PR_STDOUT, "\t slots: %d slot%s attached\n", - slotCount, (slotCount==1 ? "" : "s") ); - } - - if (module->loaded == 0) { - PR_fprintf(PR_STDOUT, "\tstatus: Not loaded\n"); - } else { - PR_fprintf(PR_STDOUT, "\tstatus: loaded\n"); - } - - /* Print slot and token names */ - for (i = 0; i < slotCount; i++) { - PK11SlotInfo *slot = module->slots[i]; - - PR_fprintf(PR_STDOUT, "\n"); - PR_fprintf(PR_STDOUT, "\t slot: %s\n", PK11_GetSlotName(slot)); - PR_fprintf(PR_STDOUT, "\ttoken: %s\n", PK11_GetTokenName(slot)); - } - return; -} - -/************************************************************************ - * - * L i s t M o d u l e s - * - * Lists all the modules in the database, along with their slots and tokens. - */ -Error -ListModules() -{ - SECMODListLock *lock; - SECMODModuleList *list; - SECMODModuleList *deadlist; - SECMODModuleList *mlp; - Error ret=UNSPECIFIED_ERR; - int count = 0; - - lock = SECMOD_GetDefaultModuleListLock(); - if(!lock) { - PR_fprintf(PR_STDERR, errStrings[NO_LIST_LOCK_ERR]); - return NO_LIST_LOCK_ERR; - } - - SECMOD_GetReadLock(lock); - - list = SECMOD_GetDefaultModuleList(); - deadlist = SECMOD_GetDeadModuleList(); - if (!list && !deadlist) { - PR_fprintf(PR_STDERR, errStrings[NO_MODULE_LIST_ERR]); - ret = NO_MODULE_LIST_ERR; - goto loser; - } - - PR_fprintf(PR_STDOUT, - "\nListing of PKCS #11 Modules\n" - "-----------------------------------------------------------\n"); - - for(mlp=list; mlp != NULL; mlp = mlp->next) { - printModule(mlp->module, &count); - } - for (mlp=deadlist; mlp != NULL; mlp = mlp->next) { - printModule(mlp->module, &count); - } - - - PR_fprintf(PR_STDOUT, - "-----------------------------------------------------------\n"); - - ret = SUCCESS; - -loser: - SECMOD_ReleaseReadLock(lock); - return ret; -} - -/* Strings describing PK11DisableReasons */ -static char *disableReasonStr[] = { - "no reason", - "user disabled", - "could not initialize token", - "could not verify token", - "token not present" -}; -static int numDisableReasonStr = - sizeof(disableReasonStr) / sizeof(disableReasonStr[0]); - -/*********************************************************************** - * - * L i s t M o d u l e - * - * Lists detailed information about the named module. - */ -Error -ListModule(char *moduleName) -{ - SECMODModule *module; - PK11SlotInfo *slot; - int slotnum; - CK_INFO modinfo; - CK_SLOT_INFO slotinfo; - CK_TOKEN_INFO tokeninfo; - char *ciphers, *mechanisms; - PK11DisableReasons reason; - Error rv = SUCCESS; - - if(!moduleName) { - return SUCCESS; - } - - module = SECMOD_FindModule(moduleName); - if(!module) { - PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); - return NO_SUCH_MODULE_ERR; - } - - if ((module->loaded) && - (PK11_GetModInfo(module, &modinfo) != SECSuccess)) { - PR_fprintf(PR_STDERR, errStrings[MOD_INFO_ERR], moduleName); - return MOD_INFO_ERR; - } - - /* Module info */ - PR_fprintf(PR_STDOUT, - "\n-----------------------------------------------------------\n"); - PR_fprintf(PR_STDOUT, "Name: %s\n", module->commonName); - if(module->internal || !module->dllName) { - PR_fprintf(PR_STDOUT, "Library file: **Internal ONLY module**\n"); - } else { - PR_fprintf(PR_STDOUT, "Library file: %s\n", module->dllName); - } - - if (module->loaded) { - PR_fprintf(PR_STDOUT, "Manufacturer: %.32s\n", modinfo.manufacturerID); - PR_fprintf(PR_STDOUT, "Description: %.32s\n", modinfo.libraryDescription); - PR_fprintf(PR_STDOUT, "PKCS #11 Version %d.%d\n", - modinfo.cryptokiVersion.major, modinfo.cryptokiVersion.minor); - PR_fprintf(PR_STDOUT, "Library Version: %d.%d\n", - modinfo.libraryVersion.major, modinfo.libraryVersion.minor); - } else { - PR_fprintf(PR_STDOUT, "* Module not loaded\n"); - } - /* Get cipher and mechanism flags */ - ciphers = getStringFromFlags(module->ssl[0], cipherStrings, - numCipherStrings); - if(ciphers[0] == '\0') { - ciphers = "None"; - } - PR_fprintf(PR_STDOUT, "Cipher Enable Flags: %s\n", ciphers); - mechanisms = NULL; - if (module->slotCount > 0) { - mechanisms = getStringFromFlags( - PK11_GetDefaultFlags(module->slots[0]), - mechanismStrings, numMechanismStrings); - } - if ((mechanisms==NULL) || (mechanisms[0] =='\0')) { - mechanisms = "None"; - } - PR_fprintf(PR_STDOUT, "Default Mechanism Flags: %s\n", mechanisms); - -#define PAD " " - - /* Loop over each slot */ - for (slotnum=0; slotnum < module->slotCount; slotnum++) { - slot = module->slots[slotnum]; - if (PK11_GetSlotInfo(slot, &slotinfo) != SECSuccess) { - PR_fprintf(PR_STDERR, errStrings[SLOT_INFO_ERR], - PK11_GetSlotName(slot)); - rv = SLOT_INFO_ERR; - continue; - } - - /* Slot Info */ - PR_fprintf(PR_STDOUT, "\n"PAD"Slot: %s\n", PK11_GetSlotName(slot)); - mechanisms = getStringFromFlags(PK11_GetDefaultFlags(slot), - mechanismStrings, numMechanismStrings); - if(mechanisms[0] =='\0') { - mechanisms = "None"; - } - PR_fprintf(PR_STDOUT, PAD"Slot Mechanism Flags: %s\n", mechanisms); - PR_fprintf(PR_STDOUT, PAD"Manufacturer: %.32s\n", - slotinfo.manufacturerID); - if (PK11_IsHW(slot)) { - PR_fprintf(PR_STDOUT, PAD"Type: Hardware\n"); - } else { - PR_fprintf(PR_STDOUT, PAD"Type: Software\n"); - } - PR_fprintf(PR_STDOUT, PAD"Version Number: %d.%d\n", - slotinfo.hardwareVersion.major, slotinfo.hardwareVersion.minor); - PR_fprintf(PR_STDOUT, PAD"Firmware Version: %d.%d\n", - slotinfo.firmwareVersion.major, slotinfo.firmwareVersion.minor); - if (PK11_IsDisabled(slot)) { - reason = PK11_GetDisabledReason(slot); - if(reason < numDisableReasonStr) { - PR_fprintf(PR_STDOUT, PAD"Status: DISABLED (%s)\n", - disableReasonStr[reason]); - } else { - PR_fprintf(PR_STDOUT, PAD"Status: DISABLED\n"); - } - } else { - PR_fprintf(PR_STDOUT, PAD"Status: Enabled\n"); - } - - if(PK11_GetTokenInfo(slot, &tokeninfo) != SECSuccess) { - PR_fprintf(PR_STDERR, errStrings[TOKEN_INFO_ERR], - PK11_GetTokenName(slot)); - rv = TOKEN_INFO_ERR; - continue; - } - - /* Token Info */ - PR_fprintf(PR_STDOUT, PAD"Token Name: %.32s\n", - tokeninfo.label); - PR_fprintf(PR_STDOUT, PAD"Token Manufacturer: %.32s\n", - tokeninfo.manufacturerID); - PR_fprintf(PR_STDOUT, PAD"Token Model: %.16s\n", tokeninfo.model); - PR_fprintf(PR_STDOUT, PAD"Token Serial Number: %.16s\n", - tokeninfo.serialNumber); - PR_fprintf(PR_STDOUT, PAD"Token Version: %d.%d\n", - tokeninfo.hardwareVersion.major, tokeninfo.hardwareVersion.minor); - PR_fprintf(PR_STDOUT, PAD"Token Firmware Version: %d.%d\n", - tokeninfo.firmwareVersion.major, tokeninfo.firmwareVersion.minor); - if(tokeninfo.flags & CKF_WRITE_PROTECTED) { - PR_fprintf(PR_STDOUT, PAD"Access: Write Protected\n"); - } else { - PR_fprintf(PR_STDOUT, PAD"Access: NOT Write Protected\n"); - } - if(tokeninfo.flags & CKF_LOGIN_REQUIRED) { - PR_fprintf(PR_STDOUT, PAD"Login Type: Login required\n"); - } else { - PR_fprintf(PR_STDOUT, PAD - "Login Type: Public (no login required)\n"); - } - if(tokeninfo.flags & CKF_USER_PIN_INITIALIZED) { - PR_fprintf(PR_STDOUT, PAD"User Pin: Initialized\n"); - } else { - PR_fprintf(PR_STDOUT, PAD"User Pin: NOT Initialized\n"); - } - } - PR_fprintf(PR_STDOUT, - "\n-----------------------------------------------------------\n"); - return rv; -} - -/************************************************************************ - * - * C h a n g e P W - */ -Error -ChangePW(char *tokenName, char *pwFile, char *newpwFile) -{ - char *oldpw=NULL, *newpw=NULL, *newpw2=NULL; - PK11SlotInfo *slot; - Error ret=UNSPECIFIED_ERR; - PRBool matching; - - slot = PK11_FindSlotByName(tokenName); - if(!slot) { - PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], tokenName); - return NO_SUCH_TOKEN_ERR; - } - - PK11_SetPasswordFunc(SECU_GetModulePassword); - - /* Get old password */ - if(! PK11_NeedUserInit(slot)) { - if(pwFile) { - oldpw = SECU_FilePasswd(NULL, PR_FALSE, pwFile); - if(PK11_CheckUserPassword(slot, oldpw) != SECSuccess) { - PR_fprintf(PR_STDERR, errStrings[BAD_PW_ERR]); - ret=BAD_PW_ERR; - goto loser; - } - } else { - for(matching=PR_FALSE; !matching; ) { - oldpw = SECU_GetPasswordString(NULL, "Enter old password: "); - if(PK11_CheckUserPassword(slot, oldpw) == SECSuccess) { - matching = PR_TRUE; - } else { - PR_fprintf(PR_STDOUT, msgStrings[BAD_PW_MSG]); - } - } - } - } - - /* Get new password */ - if(newpwFile) { - newpw = SECU_FilePasswd(NULL, PR_FALSE, newpwFile); - } else { - for(matching=PR_FALSE; !matching; ) { - newpw = SECU_GetPasswordString(NULL, "Enter new password: "); - newpw2 = SECU_GetPasswordString(NULL, "Re-enter new password: "); - if(strcmp(newpw, newpw2)) { - PR_fprintf(PR_STDOUT, msgStrings[PW_MATCH_MSG]); - } else { - matching = PR_TRUE; - } - } - } - - /* Change the password */ - if(PK11_NeedUserInit(slot)) { - if(PK11_InitPin(slot, NULL /*ssopw*/, newpw) != SECSuccess) { - PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName); - ret = CHANGEPW_FAILED_ERR; - goto loser; - } - } else { - if(PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) { - PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName); - ret = CHANGEPW_FAILED_ERR; - goto loser; - } - } - - PR_fprintf(PR_STDOUT, msgStrings[CHANGEPW_SUCCESS_MSG], tokenName); - ret = SUCCESS; - -loser: - if(oldpw) { - memset(oldpw, 0, strlen(oldpw)); - PORT_Free(oldpw); - } - if(newpw) { - memset(newpw, 0, strlen(newpw)); - PORT_Free(newpw); - } - if(newpw2) { - memset(newpw2, 0, strlen(newpw)); - PORT_Free(newpw2); - } - return ret; -} - -/*********************************************************************** - * - * E n a b l e M o d u l e - * - * If enable==PR_TRUE, enables the module or slot. - * If enable==PR_FALSE, disables the module or slot. - * moduleName is the name of the module. - * slotName is the name of the slot. It is optional. - */ -Error -EnableModule(char *moduleName, char *slotName, PRBool enable) -{ - int i; - SECMODModule *module; - PK11SlotInfo *slot = NULL; - PRBool found = PR_FALSE; - - module = SECMOD_FindModule(moduleName); - if(!module) { - PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); - return NO_SUCH_MODULE_ERR; - } - - for(i=0; i < module->slotCount; i++) { - slot = module->slots[i]; - if(slotName && strcmp(PK11_GetSlotName(slot), slotName)) { - /* Not the right slot */ - continue; - } - if(enable) { - if(! PK11_UserEnableSlot(slot)) { - PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR], - "enable", PK11_GetSlotName(slot)); - return ENABLE_FAILED_ERR; - } else { - found = PR_TRUE; - PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG], - PK11_GetSlotName(slot), "enabled"); - } - } else { - if(! PK11_UserDisableSlot(slot)) { - PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR], - "disable", PK11_GetSlotName(slot)); - return ENABLE_FAILED_ERR; - } else { - found = PR_TRUE; - PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG], - PK11_GetSlotName(slot), "disabled"); - } - } - } - - if(slotName && !found) { - PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName); - return NO_SUCH_SLOT_ERR; - } - - /* Delete and re-add module to save changes */ - if( SECMOD_UpdateModule(module) != SECSuccess ) { - PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], moduleName); - return UPDATE_MOD_FAILED_ERR; - } - - return SUCCESS; -} - -/************************************************************************* - * - * S e t D e f a u l t M o d u l e - * - */ -Error -SetDefaultModule(char *moduleName, char *slotName, char *mechanisms) -{ - SECMODModule *module; - PK11SlotInfo *slot; - int s, i; - unsigned long mechFlags = getFlagsFromString(mechanisms, mechanismStrings, - numMechanismStrings); - PRBool found = PR_FALSE; - Error errcode = UNSPECIFIED_ERR; - - if (pk11_DefaultArray == NULL) { - pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize); - if (pk11_DefaultArray == NULL) { - /* should assert. This shouldn't happen */ - goto loser; - } - } - - mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags); - - module = SECMOD_FindModule(moduleName); - if(!module) { - PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); - errcode = NO_SUCH_MODULE_ERR; - goto loser; - } - - /* Go through each slot */ - for(s=0; s < module->slotCount; s++) { - slot = module->slots[s]; - - if ((slotName != NULL) && - !((strcmp(PK11_GetSlotName(slot),slotName) == 0) || - (strcmp(PK11_GetTokenName(slot),slotName) == 0)) ) { - /* we are only interested in changing the one slot */ - continue; - } - - found = PR_TRUE; - - /* Go through each mechanism */ - for(i=0; i < pk11_DefaultArraySize; i++) { - if(pk11_DefaultArray[i].flag & mechFlags) { - /* Enable this default mechanism */ - PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]), - PR_TRUE); - } - } - } - if (slotName && !found) { - PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName); - errcode = NO_SUCH_SLOT_ERR; - goto loser; - } - - /* Delete and re-add module to save changes */ - if( SECMOD_UpdateModule(module) != SECSuccess ) { - PR_fprintf(PR_STDERR, errStrings[DEFAULT_FAILED_ERR], - moduleName); - errcode = DEFAULT_FAILED_ERR; - goto loser; - } - - PR_fprintf(PR_STDOUT, msgStrings[DEFAULT_SUCCESS_MSG]); - - errcode = SUCCESS; -loser: - return errcode; -} - -/************************************************************************ - * - * U n s e t D e f a u l t M o d u l e - */ -Error -UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms) -{ - SECMODModule * module; - PK11SlotInfo *slot; - int s, i; - unsigned long mechFlags = getFlagsFromString(mechanisms, - mechanismStrings, numMechanismStrings); - PRBool found = PR_FALSE; - - if (pk11_DefaultArray == NULL) { - pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize); - if (pk11_DefaultArray == NULL) { - /* should assert. This shouldn't happen */ - return UNSPECIFIED_ERR; - } - } - - mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags); - - module = SECMOD_FindModule(moduleName); - if(!module) { - PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); - return NO_SUCH_MODULE_ERR; - } - - for(s=0; s < module->slotCount; s++) { - slot = module->slots[s]; - if ((slotName != NULL) && - !((strcmp(PK11_GetSlotName(slot),slotName) == 0) || - (strcmp(PK11_GetTokenName(slot),slotName) == 0)) ) { - /* we are only interested in changing the one slot */ - continue; - } - for(i=0; i < pk11_DefaultArraySize ; i++) { - if(pk11_DefaultArray[i].flag & mechFlags) { - PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]), - PR_FALSE); - } - } - } - if (slotName && !found) { - PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName); - return NO_SUCH_SLOT_ERR; - } - - /* Delete and re-add module to save changes */ - if( SECMOD_UpdateModule(module) != SECSuccess ) { - PR_fprintf(PR_STDERR, errStrings[UNDEFAULT_FAILED_ERR], - moduleName); - return UNDEFAULT_FAILED_ERR; - } - - PR_fprintf(PR_STDOUT, msgStrings[UNDEFAULT_SUCCESS_MSG]); - return SUCCESS; -} diff --git a/security/nss/cmd/modutil/pk11jar.html b/security/nss/cmd/modutil/pk11jar.html deleted file mode 100644 index ddc6c6e132..0000000000 --- a/security/nss/cmd/modutil/pk11jar.html +++ /dev/null @@ -1,312 +0,0 @@ - - - -PKCS #11 JAR Format - - -

PKCS #11 JAR Format

- -

PKCS #11 modules can be packaged into JAR files that support automatic -installation onto the filesystem and into the security module database. -The JAR file should contain: -

    -
  • All files that will be installed onto the target machine. This will -include at least the PKCS #11 module library file (.DLL or .so), and -may also include any other file that should be installed (such as -documentation). -
  • A script to perform the installation. -
-The script can be in one of two forms. If the JAR file is to be -run by Communicator (or any program that interprets Javascript), the -instructions will be in the form of a SmartUpdate script. -Documentation - on creating this script can be found on DevEdge. - -

If the -JAR file is to be run by a server, modutil, or any other program that -doesn't interpret Javascript, a special information file must be included -in the format described in this document. - -

Declaring the Script in the Manifest File

-The script can have any name, but it must be declared in the manifest file -of the JAR archive. The metainfo tag for this is -Pkcs11_install_script. Meta-information is put in the manifest -file by putting it in a file which is passed to -Signtool. For example, -suppose the PKCS #11 installer script is in the file pk11install. -In Signtool's metainfo file, you would have a line like this: -
-+ Pkcs11_install_script: pk11install
-
- -

Sample Script File

-
-ForwardCompatible { IRIX:6.2:mips Solaris:5.5.1:sparc }
-Platforms {
-	WINNT::x86 {
-		ModuleName { "Fortezza Module" }
-		ModuleFile { win32/fort32.dll }
-		DefaultMechanismFlags{0x0001}
-		DefaultCipherFlags{0x0001}
-		Files {
-			win32/setup.exe {
-				Executable
-				RelativePath { %temp%/setup.exe }
-			}
-			win32/setup.hlp {
-				RelativePath { %temp%/setup.hlp }
-			}
-			win32/setup.cab {
-				RelativePath { %temp%/setup.cab }
-			}
-		}
-	}
-	WIN95::x86 {
-		EquivalentPlatform {WINNT::x86}
-	}
-	Solaris:5.5.1:sparc {
-		ModuleName { "Fortezza UNIX Module" }
-		ModuleFile { unix/fort.so }
-		DefaultMechanismFlags{0x0001}
-		CipherEnableFlags{0x0001}
-		Files {
-			unix/fort.so {
-				RelativePath{%root%/lib/fort.so}
-				AbsolutePath{/usr/local/netscape/lib/fort.so}
-				FilePermissions{555}
-			}
-			xplat/instr.html {
-				RelativePath{%root%/docs/inst.html}
-				AbsolutePath{/usr/local/netscape/docs/inst.html}
-				FilePermissions{555}
-			}
-		}
-	}
-	IRIX:6.2:mips {
-		EquivalentPlatform { Solaris:5.5.1:sparc }
-	}
-}
-
- -
- -

Script File Grammar

-
---> valuelist
-
-valuelist --> value valuelist
-              <null>
-
-value --> key_value_pair
-          string
-
-key_value_pair --> key { valuelist }
-
-key --> string
-
-string --> simple_string
-           "complex_string"
-
-simple_string --> [^ \t\n\""{""}"]+ (no whitespace, quotes, or braces)
-
-complex_string --> ([^\"\\\r\n]|(\\\")|(\\\\))+ (quotes and backslashes must be escaped with a backslash, no newlines or carriage returns are allowed in the string)
-
-Outside of complex strings, all whitespace (space, tab, newline) is considered -equal and is used only to delimit tokens. - -
- -

Keys

-Keys are case-insensitive. -

Global Keys

-
-
ForwardCompatible -
Gives a list of platforms that are forward compatible. If the current -platform cannot be found in the list of supported platforms, then the -ForwardCompatible list will be checked for any platforms that have the same -OS and architecture and an earlier version. If one is found, its -attributes will be used for the current platform. -
Platforms (required) -
Gives a list of platforms. Each entry in the list is itself a key-value -pair: -the key is the name of the platform, and the valuelist contains various -attributes of the platform. The ModuleName, ModuleFile, and Files attributes -must be specified, unless an EquivalentPlatform attribute is specified. -The platform string is in the following -format: system name:os release:architecture. The installer -will obtain these values from NSPR. os release is an empty -string on non-UNIX operating systems. The following system names and platforms -are currently defined by NSPR: -
    -
  • AIX (rs6000) -
  • BSDI (x86) -
  • FREEBSD (x86) -
  • HPUX (hppa1.1) -
  • IRIX (mips) -
  • LINUX (ppc, alpha, x86) -
  • MacOS (PowerPC) (Note: NSPR actually defines the OS as -"Mac OS". The -space makes the name unsuitable for being embedded in identifiers. Until -NSPR changes, you will have to add some special code to deal with this case. -) -
  • NCR (x86) -
  • NEC (mips) -
  • OS2 (x86) -
  • OSF (alpha) -
  • ReliantUNIX (mips) -
  • SCO (x86) -
  • SOLARIS (sparc) -
  • SONY (mips) -
  • SUNOS (sparc) -
  • UnixWare (x86) -
  • WIN16 (x86) -
  • WIN95 (x86) -
  • WINNT (x86) -
- -Examples of valid platform strings: IRIX:6.2:mips, Solaris:5.5.1:sparc, -Linux:2.0.32:x86, WIN95::x86. -
- -

Per-Platform Keys

-These keys only have meaning within the value list of an entry in -the Platforms list. -
-
ModuleName (required) -
Gives the common name for the module. This name will be used to -reference the module from Communicator, modutil, servers, or any other -program that uses the Netscape security module database. -
ModuleFile (required) -
Names the PKCS #11 module file (DLL or .so) for this platform. The name -is given as the relative path of the file within the JAR archive. -
Files (required) -
Lists the files that should be installed for this module. Each entry -in the file list is a key-value pair: the key is the path of the file in -the JAR archive, and -the valuelist contains attributes of the file. At least RelativePath and -AbsoluteDir must be specified in this valuelist. -
DefaultMechanismFlags -
This key-value pair specifies -of which mechanisms this module will be a default provider. It is a bitstring -specified in hexadecimal (0x) format. It is constructed as a bitwise OR -of the following constants. If the DefaultMechanismFlags -entry is omitted, the value will default to 0x0. -
-RSA:			0x0000 0001
-DSA:			0x0000 0002
-RC2:			0x0000 0004
-RC4:			0x0000 0008
-DES:			0x0000 0010
-DH:			0x0000 0020
-FORTEZZA:		0x0000 0040
-RC5:			0x0000 0080
-SHA1:			0x0000 0100
-MD5:			0x0000 0200
-MD2:			0x0000 0400
-RANDOM:			0x0800 0000
-FRIENDLY:		0x1000 0000
-OWN_PW_DEFAULTS:	0x2000 0000
-DISABLE:		0x4000 0000
-
-
CipherEnableFlags -
This key-value pair specifies -which SSL ciphers will be enabled. It is a bitstring specified in -hexadecimal (0x) format. It is constructed as a bitwise OR of the following -constants. If the CipherEnableFlags entry is omitted, the -value will default to 0x0. -
-FORTEZZA:		0x0000 0001
-
-
EquivalentPlatform -
Specifies that the attributes of the named platform should also be used -for the current platform. Saves typing when there is more than one platform -that uses the same settings. -
- -

Per-File Keys

-These keys only have meaning within the valuelist of an entry in a -Files list. At least one of RelativePath and -AbsolutePath must be specified. If both are specified, the -relative path will be tried first and the absolute path used only if no -relative root directory is provided by the installer program. -
-
RelativePath -
Specifies the destination directory of the file, relative to some directory -decided at install-time. Two variables can be used in the relative -path, "%root%" and "%temp%". "%root%" will be replaced at run-time with -the directory relative to which files should be installed; for -example, it may be the server's root directory or Communicator's root -directory. "%temp%" is a directory that will be created at the beginning -of the installation and destroyed at the end of the installation. Its purpose -is to hold executable files (such as setup programs), or files that are -used by these programs. For example, a Windows installation might consist -of a setup.exe installation program, a help file, and a .cab file -containing compressed information. All these files could be installed into the -temporary directory. Files destined for the temporary directory are guaranteed -to be in place before any executable file is run, and will not be deleted -until all executable files have finished. -
AbsoluteDir -
Specifies the destination directory of the file as an absolute path. -This will only be used if the installer is unable to determine a -relative directory. -
Executable -
This string specifies that the file is to be executed during the -course of the -installation. Typically this would be used for a setup program provided -by a module vendor, such as a self-extracting setup.exe. -More than one file can be specified as executable, in which case they will -be run in the order they are specified in the script file. -
FilePermissions -
This string is interpreted as a string of octal digits, according to the -standard UNIX format. It is a bitwise OR of the following constants: -
-user read:         400
-user write:        200
-user execute:      100
-group read:        040
-group write:       020
-group execute:     010
-other read:        004
-other write:       002
-other execute:     001
-
-Some platforms may not understand these permissions. They will only be -applied insofar as makes sense for the current platform. If this attribute -is omitted, a default of 777 is assumed. - - - diff --git a/security/nss/cmd/modutil/rules.mk b/security/nss/cmd/modutil/rules.mk deleted file mode 100644 index 75eab4c9e7..0000000000 --- a/security/nss/cmd/modutil/rules.mk +++ /dev/null @@ -1,58 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -# -# Some versions of yacc generate files that include platform-specific -# system headers. For example, the yacc in Solaris 2.6 inserts -# #include -# which does not exist on NT. For portability, always use Berkeley -# yacc (such as the yacc in Linux) to generate files. -# - -generate: installparse.c installparse.l - -installparse.c: - yacc -p Pk11Install_yy -d installparse.y - mv y.tab.c installparse.c - mv y.tab.h installparse.h - -installparse.l: - lex -olex.Pk11Install_yy.c -PPk11Install_yy installparse.l - @echo - @echo "**YOU MUST COMMENT OUT UNISTD.H FROM lex.Pk11Install_yy.cpp**" - -install.c: install-ds.h install.h diff --git a/security/nss/cmd/modutil/specification.html b/security/nss/cmd/modutil/specification.html deleted file mode 100644 index 9ab09627df..0000000000 --- a/security/nss/cmd/modutil/specification.html +++ /dev/null @@ -1,354 +0,0 @@ - - - -Modutil Specification - - -

PKCS #11 Module Management Utility -
Specification

- - - - -

Capabilities

-
    -
  • Add a PKCS #11 module, specifying a name and library file. -(-add) -
  • Add a PKCS #11 module from a server-formatted JAR file. -(-jar) -
  • Change the password on or initialize a token. -(-changepw) -
  • Create databases (secmod[ule].db, key3.db, cert7.db) from scratch. -(-create) -
  • Switch to and from FIPS-140-1 compliant mode. -(-fips) -
  • Delete a PKCS #11 module. (-delete) -
  • List installed PKCS #11 modules. (-list) -
  • List detailed info on a particular module and its tokens, including -whether needs login, is hardware, needs user init -(-list) -
  • Specify which modules should be the default provider of various -cryptographic operations.(-default, --undefault) -
  • Disable and enable slots, find out whether and why they are disabled. -(-disable, -enable, --list) -
- -
- - - - -

Usage

-modutil [command] [options] -

At most one command can be specified. With no arguments, -modutil prints a usage message. -

Commands:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
CommandDescription
--add module name -libfile library file - [-ciphers cipher enable list] - [-mechanisms default mechanism list] -Adds a new module to the database with the given name. - -

library file is the path of the DLL or other library file -containing the module's implementation of the PKCS #11 interface. - -

cipher enable flags is a colon-separated list of ciphers -that will be enabled on this module. The list should be enclosed within quotes -if necessary to prevent shell interpretation. The following ciphers are -currently available: -

    -
  • FORTEZZA -
- -

default mechanism flags is a colon-separated list of -mechanisms for which this module should be the default provider. The -list should be enclosed within quotes if necessary to prevent shell -interpretation. This -list does not enable the mechanisms; it only specifies that this module -will be a default provider for the listed mechanisms. If more than -one module claims to be a default provider for a given mechanism, it is -undefined which will actually be chosen to provide that mechanism. The -following mechanisms are currently available: -

    -
  • RSA -
  • DSA -
  • RC2 -
  • RC4 -
  • RC5 -
  • DES -
  • DH -
  • FORTEZZA -
  • SHA1 -
  • MD5 -
  • MD2 -
  • RANDOM (random number generation) -
  • FRIENDLY (certificates are publicly-readable) -
-
-changepw token name -[-pwfile old password file] -[-newpwfile new password file]Changes the password on the named token. If the token has not been -initialized, this command will initialize the PIN. -If a password file is given, the password will be read from that file; -otherwise, the password will be obtained interactively. -Storing passwords in a file is much less secure than supplying them -interactively. -

The password on the Netscape internal module cannot be changed if -the -nocertdb option is specified. -

-createCreates a new secmod[ule].db, key3.db, and cert7.db in the directory -specified with the --dbdir option, if one is specified. If no directory is -specified, UNIX systems will use the user's .netscape directory, while other -systems will return with an error message. If any of these databases already -exist in the chosen directory, an error message is returned. -

If used with -nocertdb, only secmod[ule].db will be created; -cert7.db and key3.db will not be created. -

-default module name --mechanisms mechanism list -Specifies that the given module will be a default provider of the -listed mechanisms. The mechanism list is the same as in the -add -command. -
-delete module nameDeletes the named module from the database
-disable module name -[-slot slot name]Disables the named slot. If no slot is specified, all slots on -the module are disabled.
-enable module name -[-slot slot name]Enables the named slot. If no slot is specified, all slots on -the module are enabled.
-fips [true | false]Enables or disables FIPS mode on the internal module. Passing -true enables FIPS mode, passing false disables -FIPS mode.
-forceDisables interactive prompts, so modutil can be run in a script. -Should only be used by experts, since the prompts may relate to security -or database integrity. Before using this option, test the command -interactively once to see the warnings that are produced.
-jar JAR file --installdir root installation directory -[-tempdir temporary directory]Adds a new module from the given JAR file. The JAR file uses the -server PKCS #11 JAR format to describe the names of -any files that need to be installed, the name of the module, mechanism flags, -and cipher flags. The root installation directory -is the directory relative to which files will be installed. This should be a - directory -under which it would be natural to store dynamic library files, such as -a server's root directory, or Communicator's root directory. -The temporary directory is where temporary modutil files -will be created in the course of the installation. If no temporary directory -is specified, the current directory will be used. -

If used with the -nocertdb option, the signatures on the JAR -file will not be checked.

-list [module name]Without an argument, lists the PKCS #11 modules present in the module -database. -
-
-% modutil -list
-Using database directory /u/nicolson/.netscape...
-
-Listing of PKCS #11 Modules
------------------------------------------------------------
-  1. Netscape Internal PKCS #11 Module
-         slots: 2 slots attached
-        status: loaded
-
-         slot: Communicator Internal Cryptographic Services Version 4.0
-        token: Communicator Generic Crypto Svcs
-
-         slot: Communicator User Private Key and Certificate Services
-        token: Communicator Certificate DB
------------------------------------------------------------
-
-
-

With an argument, provides a detailed description of the named module -and its slots and tokens. -

-
-% modutil -list "Netscape Internal PKCS #11 Module"
-Using database directory /u/nicolson/.netscape...
-
------------------------------------------------------------
-Name: Netscape Internal PKCS #11 Module
-Library file: **Internal ONLY module**
-Manufacturer: Netscape Communications Corp    
-Description: Communicator Internal Crypto Svc
-PKCS #11 Version 2.0
-Library Version: 4.0
-Cipher Enable Flags: None
-Default Mechanism Flags: RSA:DSA:RC2:RC4:DES:SHA1:MD5:MD2
-
-  Slot: Communicator Internal Cryptographic Services Version 4.0
-  Manufacturer: Netscape Communications Corp    
-  Type: Software
-  Version Number: 4.1
-  Firmware Version: 0.0
-  Status: Enabled
-  Token Name: Communicator Generic Crypto Svcs
-  Token Manufacturer: Netscape Communications Corp    
-  Token Model: Libsec 4.0      
-  Token Serial Number: 0000000000000000
-  Token Version: 4.0
-  Token Firmware Version: 0.0
-  Access: Write Protected
-  Login Type: Public (no login required)
-  User Pin: NOT Initialized
-
-  Slot: Communicator User Private Key and Certificate Services
-  Manufacturer: Netscape Communications Corp    
-  Type: Software
-  Version Number: 3.0
-  Firmware Version: 0.0
-  Status: Enabled
-  Token Name: Communicator Certificate DB     
-  Token Manufacturer: Netscape Communications Corp    
-  Token Model: Libsec 4.0      
-  Token Serial Number: 0000000000000000
-  Token Version: 7.0
-  Token Firmware Version: 0.0
-  Access: NOT Write Protected
-  Login Type: Login required
-  User Pin: Initialized
-
------------------------------------------------------------
-
-
-
-undefault module name --mechanisms mechanism listSpecifies that the given module will NOT be a default provider of -the listed mechanisms. This command clears the default mechanism flags -for the given module.
- - - - -

Options:

- - - - - - - - - - - - - - - -
OptionDescription
-dbdir directorySpecifies which directory holds the module database. On UNIX systems, -the user's netscape directory is the default. On other systems, there is -no default, and this option must be used.
-nocertdbDo not open the certificate or key databases. This has several effects. -With the -create command, this means that only a secmod.db file -will be created; cert7.db and key3.db will not be created. With the --jar command, signatures on the JAR file will not be checked. -With the -changepw command, the password on the Netscape internal -module cannot be set or changed, since this password is stored in key3.db. -
- - - diff --git a/security/nss/cmd/ocspclnt/Makefile b/security/nss/cmd/ocspclnt/Makefile deleted file mode 100644 index 4d209348e1..0000000000 --- a/security/nss/cmd/ocspclnt/Makefile +++ /dev/null @@ -1,77 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk diff --git a/security/nss/cmd/ocspclnt/manifest.mn b/security/nss/cmd/ocspclnt/manifest.mn deleted file mode 100644 index 158d0a5e80..0000000000 --- a/security/nss/cmd/ocspclnt/manifest.mn +++ /dev/null @@ -1,58 +0,0 @@ -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = nss - -CSRCS = \ - ocspclnt.c \ - $(NULL) - -# headers for the MODULE (defined above) are implicitly required. -REQUIRES = dbm seccmd - -# WINNT uses EXTRA_LIBS as the list of libs to link in. -# Unix uses OS_LIBS for that purpose. -# We can solve this via conditional makefile code, but -# can't do this in manifest.mn because OS_ARCH isn't defined there. -# So, look in the local Makefile for the defines for the list of libs. - -PROGRAM = ocspclnt - -USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/ocspclnt/ocspclnt.c b/security/nss/cmd/ocspclnt/ocspclnt.c deleted file mode 100644 index 0b0ccaccc9..0000000000 --- a/security/nss/cmd/ocspclnt/ocspclnt.c +++ /dev/null @@ -1,1225 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/* - * Test program for client-side OCSP. - * - * $Id$ - */ - -#include "secutil.h" -#include "nspr.h" -#include "plgetopt.h" -#include "nss.h" -#include "cert.h" -#include "ocsp.h" -#include "xconst.h" /* - * XXX internal header file; needed to get at - * cert_DecodeAuthInfoAccessExtension -- would be - * nice to not need this, but that would require - * better/different APIs. - */ - -#ifndef NO_PP /* - * Compile with this every once in a while to be - * sure that no dependencies on it get added - * outside of the pretty-printing routines. - */ -#include "ocspti.h" /* internals for pretty-printing routines *only* */ -#endif /* NO_PP */ - -#define DEFAULT_DB_DIR "~/.netscape" - - -static void -synopsis (char *program_name) -{ - PRFileDesc *pr_stderr; - - pr_stderr = PR_STDERR; - PR_fprintf (pr_stderr, "Usage:"); - PR_fprintf (pr_stderr, - "\t%s -p [-d ]\n", - program_name); - PR_fprintf (pr_stderr, - "\t%s -P [-d ]\n", - program_name); - PR_fprintf (pr_stderr, - "\t%s -r [-L] [-s ] [-d ]\n", - program_name); - PR_fprintf (pr_stderr, - "\t%s -R [-l ] [-s ] [-d ]\n", - program_name); - PR_fprintf (pr_stderr, - "\t%s -S [-l -t ]\n", - program_name); - PR_fprintf (pr_stderr, - "\t\t [-s ] [-w