mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 19:04:45 +00:00
Bug 461082, Deliver NSS 3.12.2 and NSPR 4.7.2 to Mozilla
r=wtc
This commit is contained in:
parent
ca2234d47a
commit
77debeca59
@ -156,7 +156,7 @@
|
||||
#define LITTLE_ENDIAN 1234
|
||||
#endif
|
||||
|
||||
#ifdef _WINDOWS
|
||||
#if defined(_WINDOWS) || defined(XP_OS2_VACPP)
|
||||
#ifdef BYTE_ORDER
|
||||
#undef BYTE_ORDER
|
||||
#endif
|
||||
@ -188,6 +188,14 @@
|
||||
#define MAXPATHLEN 1024
|
||||
#endif
|
||||
|
||||
#ifdef XP_OS2_VACPP
|
||||
#include <os2.h>
|
||||
#define MAXPATHLEN CCHMAXPATH
|
||||
#define EPERM EINVAL
|
||||
#define ENOTDIR EBADPOS
|
||||
#define S_ISDIR(s) ((s) & S_IFDIR)
|
||||
#endif
|
||||
|
||||
#define EFTYPE EINVAL /* POSIX 1003.1 format errno. */
|
||||
|
||||
#ifndef STDERR_FILENO
|
||||
|
@ -56,7 +56,7 @@ static char sccsid[] = "@(#)hash_bigkey.c 8.3 (Berkeley) 5/31/94";
|
||||
* collect_data
|
||||
*/
|
||||
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
|
||||
#include <sys/param.h>
|
||||
#endif
|
||||
|
||||
|
@ -78,7 +78,7 @@ static char sccsid[] = "@(#)hash_page.c 8.7 (Berkeley) 8/16/94";
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
|
||||
|
@ -38,12 +38,12 @@ static char sccsid[] = "@(#)hash.c 8.9 (Berkeley) 6/16/94";
|
||||
|
||||
#include "watcomfx.h"
|
||||
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
|
||||
#include <sys/param.h>
|
||||
#endif
|
||||
|
||||
#if !defined(macintosh)
|
||||
#ifdef XP_OS2
|
||||
#ifdef XP_OS2_EMX
|
||||
#include <sys/types.h>
|
||||
#endif
|
||||
#include <sys/stat.h>
|
||||
@ -60,7 +60,7 @@ static char sccsid[] = "@(#)hash.c 8.9 (Berkeley) 6/16/94";
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
#if defined(_WIN32) || defined(_WINDOWS)
|
||||
|
@ -53,7 +53,7 @@ static char sccsid[] = "@(#)hash_buf.c 8.5 (Berkeley) 7/15/94";
|
||||
* Internal
|
||||
* newbuf
|
||||
*/
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
|
||||
#include <sys/param.h>
|
||||
#endif
|
||||
|
||||
|
@ -47,10 +47,14 @@ static char sccsid[] = "@(#)mktemp.c 8.1 (Berkeley) 6/4/93";
|
||||
#include <ctype.h>
|
||||
#include "mcom_db.h"
|
||||
|
||||
#ifndef _WINDOWS
|
||||
#if !defined(_WINDOWS) && !defined(XP_OS2_VACPP)
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
|
||||
#ifdef XP_OS2_VACPP
|
||||
#include <process.h>
|
||||
#endif
|
||||
|
||||
#ifdef _WINDOWS
|
||||
#include <process.h>
|
||||
#include "winfile.h"
|
||||
|
@ -16,14 +16,14 @@
|
||||
#include <ncompat.h>
|
||||
|
||||
/* The OS/2 VAC compiler doesn't appear to define __STDC__ and won't let us define it either */
|
||||
#ifdef __STDC__
|
||||
#if defined(__STDC__) || defined(XP_OS2_VACPP)
|
||||
#include <stdarg.h>
|
||||
#else
|
||||
#include <varargs.h>
|
||||
#endif
|
||||
|
||||
int
|
||||
#ifdef __STDC__
|
||||
#if defined(__STDC__) || defined(XP_OS2_VACPP)
|
||||
snprintf(char *str, size_t n, const char *fmt, ...)
|
||||
#else
|
||||
snprintf(str, n, fmt, va_alist)
|
||||
@ -39,7 +39,7 @@ snprintf(str, n, fmt, va_alist)
|
||||
#else
|
||||
int rval;
|
||||
#endif
|
||||
#ifdef __STDC__
|
||||
#if defined(__STDC__) || defined(XP_OS2_VACPP)
|
||||
va_start(ap, fmt);
|
||||
#else
|
||||
va_start(ap);
|
||||
|
@ -38,7 +38,7 @@
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
#
|
||||
#ident "$Id: Makefile.in,v 1.10 2005/11/18 21:50:20 christophe.ravel.bugs%sun.com Exp $"
|
||||
#ident "$Id: Makefile.in,v 1.11 2008/10/20 22:38:45 christophe.ravel.bugs%sun.com Exp $"
|
||||
#
|
||||
|
||||
MOD_DEPTH = ../..
|
||||
@ -74,7 +74,7 @@ publish:
|
||||
(cd $(dist_includedir) && tar cphf - .) \
|
||||
| (mkdir -p opt/sun/private/include/nspr && cd opt/sun/private/include/nspr && tar xvfBp -)
|
||||
(cd opt/sun/private/include/nspr && \
|
||||
rm -rf md private obsolete/pralarm.h obsolete/probslet.h obsolete/prsem.h)
|
||||
rm -rf md)
|
||||
tar czvf SOURCES/$(NAME)-$(VERSION).tar.gz opt
|
||||
echo "%define name $(NAME)" >$(SPECFILE)
|
||||
echo "%define version $(VERSION)" >>$(SPECFILE)
|
||||
@ -100,6 +100,7 @@ publish:
|
||||
echo "%dir /opt/sun/private/include" >>$(SPECFILE)
|
||||
echo "%dir /opt/sun/private/include/nspr" >>$(SPECFILE)
|
||||
echo "%dir /opt/sun/private/include/nspr/obsolete" >>$(SPECFILE)
|
||||
echo "%dir /opt/sun/private/include/nspr/private" >>$(SPECFILE)
|
||||
find opt -type f \( -name "*.h" \) \
|
||||
| sed -e "s-^-/-" >>$(SPECFILE)
|
||||
rpmbuild $(RPMTARGET) -bb $(SPECFILE)
|
||||
|
@ -38,7 +38,7 @@
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
#
|
||||
#ident "$Id: prototype,v 1.4 2006/04/05 20:57:09 wtchang%redhat.com Exp $"
|
||||
#ident "$Id: prototype,v 1.5 2008/10/20 22:38:46 christophe.ravel.bugs%sun.com Exp $"
|
||||
#
|
||||
# This required package information file contains a list of package contents.
|
||||
# The 'pkgmk' command uses this file to identify the contents of a package
|
||||
@ -63,7 +63,11 @@ d none usr 0755 root sys
|
||||
d none usr/include 0755 root bin
|
||||
d none usr/include/mps 0755 root bin
|
||||
d none usr/include/mps/obsolete 0755 root bin
|
||||
d none usr/include/mps/private 0755 root bin
|
||||
f none usr/include/mps/obsolete/pralarm.h 0644 root bin
|
||||
f none usr/include/mps/obsolete/probslet.h 0644 root bin
|
||||
f none usr/include/mps/obsolete/protypes.h 0644 root bin
|
||||
f none usr/include/mps/obsolete/prsem.h 0644 root bin
|
||||
f none usr/include/mps/prcpucfg.h 0644 root bin
|
||||
f none usr/include/mps/nspr.h 0644 root bin
|
||||
f none usr/include/mps/pratom.h 0644 root bin
|
||||
@ -81,6 +85,9 @@ f none usr/include/mps/prinit.h 0644 root bin
|
||||
f none usr/include/mps/prinrval.h 0644 root bin
|
||||
f none usr/include/mps/prio.h 0644 root bin
|
||||
f none usr/include/mps/pripcsem.h 0644 root bin
|
||||
f none usr/include/mps/private/pprio.h 0644 root bin
|
||||
f none usr/include/mps/private/pprthred.h 0644 root bin
|
||||
f none usr/include/mps/private/prpriv.h 0644 root bin
|
||||
f none usr/include/mps/prlink.h 0644 root bin
|
||||
f none usr/include/mps/prlock.h 0644 root bin
|
||||
f none usr/include/mps/prlog.h 0644 root bin
|
||||
|
@ -63,11 +63,11 @@ PR_BEGIN_EXTERN_C
|
||||
** The format of the version string is
|
||||
** "<major version>.<minor version>[.<patch level>] [<Beta>]"
|
||||
*/
|
||||
#define PR_VERSION "4.7.2 Beta 4"
|
||||
#define PR_VERSION "4.7.2"
|
||||
#define PR_VMAJOR 4
|
||||
#define PR_VMINOR 7
|
||||
#define PR_VPATCH 2
|
||||
#define PR_BETA PR_TRUE
|
||||
#define PR_BETA PR_FALSE
|
||||
|
||||
/*
|
||||
** PRVersionCheck
|
||||
|
@ -1698,29 +1698,37 @@ PR_FormatTime(char *buf, int buflen, const char *fmt, const PRExplodedTime *tm)
|
||||
{
|
||||
size_t rv;
|
||||
struct tm a;
|
||||
a.tm_sec = tm->tm_sec;
|
||||
a.tm_min = tm->tm_min;
|
||||
a.tm_hour = tm->tm_hour;
|
||||
a.tm_mday = tm->tm_mday;
|
||||
a.tm_mon = tm->tm_month;
|
||||
a.tm_wday = tm->tm_wday;
|
||||
a.tm_year = tm->tm_year - 1900;
|
||||
a.tm_yday = tm->tm_yday;
|
||||
a.tm_isdst = tm->tm_params.tp_dst_offset ? 1 : 0;
|
||||
struct tm *ap;
|
||||
|
||||
/*
|
||||
* On some platforms, for example SunOS 4, struct tm has two additional
|
||||
* fields: tm_zone and tm_gmtoff.
|
||||
*/
|
||||
if (tm) {
|
||||
ap = &a;
|
||||
a.tm_sec = tm->tm_sec;
|
||||
a.tm_min = tm->tm_min;
|
||||
a.tm_hour = tm->tm_hour;
|
||||
a.tm_mday = tm->tm_mday;
|
||||
a.tm_mon = tm->tm_month;
|
||||
a.tm_wday = tm->tm_wday;
|
||||
a.tm_year = tm->tm_year - 1900;
|
||||
a.tm_yday = tm->tm_yday;
|
||||
a.tm_isdst = tm->tm_params.tp_dst_offset ? 1 : 0;
|
||||
|
||||
/*
|
||||
* On some platforms, for example SunOS 4, struct tm has two
|
||||
* additional fields: tm_zone and tm_gmtoff.
|
||||
*/
|
||||
|
||||
#if defined(SUNOS4) || (__GLIBC__ >= 2) || defined(XP_BEOS) \
|
||||
|| defined(NETBSD) || defined(OPENBSD) || defined(FREEBSD) \
|
||||
|| defined(DARWIN) || defined(SYMBIAN)
|
||||
a.tm_zone = NULL;
|
||||
a.tm_gmtoff = tm->tm_params.tp_gmt_offset + tm->tm_params.tp_dst_offset;
|
||||
a.tm_zone = NULL;
|
||||
a.tm_gmtoff = tm->tm_params.tp_gmt_offset +
|
||||
tm->tm_params.tp_dst_offset;
|
||||
#endif
|
||||
} else {
|
||||
ap = NULL;
|
||||
}
|
||||
|
||||
rv = strftime(buf, buflen, fmt, &a);
|
||||
rv = strftime(buf, buflen, fmt, ap);
|
||||
if (!rv && buf && buflen > 0) {
|
||||
/*
|
||||
* When strftime fails, the contents of buf are indeterminate.
|
||||
|
@ -44,16 +44,39 @@
|
||||
int main()
|
||||
{
|
||||
char buffer[256];
|
||||
char small_buffer[8];
|
||||
PRTime now;
|
||||
PRExplodedTime tod;
|
||||
|
||||
now = PR_Now();
|
||||
PR_ExplodeTime(now, PR_LocalTimeParameters, &tod);
|
||||
(void)PR_FormatTime(buffer, sizeof(buffer),
|
||||
"%a %b %d %H:%M:%S %Z %Y", &tod);
|
||||
printf("%s\n", buffer);
|
||||
|
||||
if (PR_FormatTime(buffer, sizeof(buffer),
|
||||
"%a %b %d %H:%M:%S %Z %Y", &tod) != 0) {
|
||||
printf("%s\n", buffer);
|
||||
} else {
|
||||
fprintf(stderr, "PR_FormatTime(buffer) failed\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
small_buffer[0] = '?';
|
||||
if (PR_FormatTime(small_buffer, sizeof(small_buffer),
|
||||
"%a %b %d %H:%M:%S %Z %Y", &tod) == 0) {
|
||||
if (small_buffer[0] != '\0') {
|
||||
fprintf(stderr, "PR_FormatTime(small_buffer) did not output "
|
||||
"an empty string on failure\n");
|
||||
return 1;
|
||||
}
|
||||
printf("%s\n", small_buffer);
|
||||
} else {
|
||||
fprintf(stderr, "PR_FormatTime(small_buffer) succeeded "
|
||||
"unexpectedly\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
(void)PR_FormatTimeUSEnglish(buffer, sizeof(buffer),
|
||||
"%a %b %d %H:%M:%S %Z %Y", &tod);
|
||||
printf("%s\n", buffer);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
0
nsprpub/pr/tests/runtests.pl
Normal file → Executable file
0
nsprpub/pr/tests/runtests.pl
Normal file → Executable file
@ -185,3 +185,6 @@ G++INCLUDES = -I/usr/include/g++
|
||||
# Always set CPU_TAG on Linux, OpenVMS, WINCE.
|
||||
#
|
||||
CPU_TAG = _$(CPU_ARCH)
|
||||
|
||||
USE_SYSTEM_ZLIB = 1
|
||||
ZLIB_LIBS = -lz
|
||||
|
@ -46,7 +46,9 @@ ifdef BUILD_OPT
|
||||
DEFINES += -UDEBUG -DNDEBUG
|
||||
else
|
||||
OPTIMIZER += -g
|
||||
DEFINES += -DDEBUG -UNDEBUG -DDEBUG_$(shell whoami)
|
||||
USERNAME := $(shell whoami)
|
||||
USERNAME := $(subst -,_,$(USERNAME))
|
||||
DEFINES += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME)
|
||||
endif
|
||||
|
||||
ifdef BUILD_TREE
|
||||
|
@ -76,77 +76,3 @@ OS_CFLAGS += -GT
|
||||
DEFINES += -DWINNT
|
||||
|
||||
NSPR31_LIB_PREFIX = lib
|
||||
#
|
||||
# ***** BEGIN LICENSE BLOCK *****
|
||||
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
#
|
||||
# The contents of this file are subject to the Mozilla Public License Version
|
||||
# 1.1 (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
# http://www.mozilla.org/MPL/
|
||||
#
|
||||
# Software distributed under the License is distributed on an "AS IS" basis,
|
||||
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
# for the specific language governing rights and limitations under the
|
||||
# License.
|
||||
#
|
||||
# The Original Code is the Netscape security libraries.
|
||||
#
|
||||
# The Initial Developer of the Original Code is
|
||||
# Netscape Communications Corporation.
|
||||
# Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
# the Initial Developer. All Rights Reserved.
|
||||
#
|
||||
# Contributor(s):
|
||||
# Robert Longson <longsonr@gmail.com>
|
||||
#
|
||||
# Alternatively, the contents of this file may be used under the terms of
|
||||
# either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
# of those above. If you wish to allow use of your version of this file only
|
||||
# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
# use your version of this file under the terms of the MPL, indicate your
|
||||
# decision by deleting the provisions above and replace them with the notice
|
||||
# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
# the provisions above, a recipient may use your version of this file under
|
||||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
|
||||
#
|
||||
# Config stuff for WINNT 6.0 (Windows Vista)
|
||||
#
|
||||
# This makefile defines the following variables:
|
||||
# OS_CFLAGS and OS_DLLFLAGS.
|
||||
|
||||
include $(CORE_DEPTH)/coreconf/WIN32.mk
|
||||
|
||||
ifeq ($(CPU_ARCH), x386)
|
||||
OS_CFLAGS += -W3 -nologo
|
||||
DEFINES += -D_X86_
|
||||
else
|
||||
ifeq ($(CPU_ARCH), MIPS)
|
||||
#OS_CFLAGS += -W3 -nologo
|
||||
#DEFINES += -D_MIPS_
|
||||
OS_CFLAGS += -W3 -nologo
|
||||
else
|
||||
ifeq ($(CPU_ARCH), ALPHA)
|
||||
OS_CFLAGS += -W3 -nologo
|
||||
DEFINES += -D_ALPHA_=1
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
|
||||
OS_DLLFLAGS += -nologo -DLL -SUBSYSTEM:WINDOWS
|
||||
ifndef MOZ_DEBUG_SYMBOLS
|
||||
OS_DLLFLAGS += -PDB:NONE
|
||||
endif
|
||||
|
||||
#
|
||||
# Win NT needs -GT so that fibers can work
|
||||
#
|
||||
OS_CFLAGS += -GT
|
||||
DEFINES += -DWINNT
|
||||
|
||||
NSPR31_LIB_PREFIX = lib
|
||||
|
@ -359,6 +359,8 @@ retry:
|
||||
if (!exists && symlink(name, toname) < 0) {
|
||||
if (errno == EEXIST) {
|
||||
fprintf(stderr, "symlink creation race: %s\n", toname);
|
||||
fail("symlink was attempted in working directory %s "
|
||||
"from %s to %s.\n", cwd, name, toname);
|
||||
goto retry;
|
||||
}
|
||||
diagnosePath(toname);
|
||||
|
@ -1,48 +0,0 @@
|
||||
#! gmake
|
||||
#
|
||||
# ***** BEGIN LICENSE BLOCK *****
|
||||
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
#
|
||||
# The contents of this file are subject to the Mozilla Public License Version
|
||||
# 1.1 (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
# http://www.mozilla.org/MPL/
|
||||
#
|
||||
# Software distributed under the License is distributed on an "AS IS" basis,
|
||||
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
# for the specific language governing rights and limitations under the
|
||||
# License.
|
||||
#
|
||||
# The Original Code is the Netscape security libraries.
|
||||
#
|
||||
# The Initial Developer of the Original Code is
|
||||
# Netscape Communications Corporation.
|
||||
# Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
# the Initial Developer. All Rights Reserved.
|
||||
#
|
||||
# Contributor(s):
|
||||
#
|
||||
# Alternatively, the contents of this file may be used under the terms of
|
||||
# either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
# of those above. If you wish to allow use of your version of this file only
|
||||
# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
# use your version of this file under the terms of the MPL, indicate your
|
||||
# decision by deleting the provisions above and replace them with the notice
|
||||
# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
# the provisions above, a recipient may use your version of this file under
|
||||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
|
||||
# do these once for each target program
|
||||
all default export libs program install release_export::
|
||||
$(MAKE) -f make.client $@
|
||||
$(MAKE) -f make.server $@
|
||||
|
||||
# only do these things once for the whole directory
|
||||
depend dependclean clean clobber realclean clobber_all release_classes release_clean release_cpdistdir release_export release_jars release_md release_policy show::
|
||||
$(MAKE) -f make.client $@
|
||||
|
||||
|
@ -1,35 +0,0 @@
|
||||
These sample programs can be built in either of two ways:
|
||||
1) is the NSS source tree, using the coreconf build system, and
|
||||
2) stand alone (as part of the NSS distribution).
|
||||
|
||||
The following makefiles are used only when building in the NSS source tree
|
||||
using coreconf. These are NOT part of the distribution.
|
||||
|
||||
Makefile
|
||||
client.mn
|
||||
server.mn
|
||||
config.mk
|
||||
make.client
|
||||
make.server
|
||||
|
||||
The following source files are common to both build environments and are
|
||||
part of the distribution.
|
||||
|
||||
NSPRerrs.h
|
||||
SECerrs.h
|
||||
SSLerrs.h
|
||||
client.c
|
||||
getopt.c
|
||||
server.c
|
||||
sslerror.h
|
||||
|
||||
In the NSS 2.0 distribution, the sample code and makefiles are in a
|
||||
directory named "samples". The directories relevant to building
|
||||
in the distributed tree are:
|
||||
|
||||
./samples
|
||||
./include/dbm
|
||||
./include/nspr
|
||||
./include/security
|
||||
./lib
|
||||
|
@ -1,456 +0,0 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
/****************************************************************************
|
||||
* SSL client program that sets up a connection to SSL server, transmits *
|
||||
* some data and then reads the reply *
|
||||
****************************************************************************/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#if defined(XP_UNIX)
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
|
||||
#include "prerror.h"
|
||||
|
||||
#include "pk11func.h"
|
||||
#include "secitem.h"
|
||||
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "nspr.h"
|
||||
#include "plgetopt.h"
|
||||
#include "prio.h"
|
||||
#include "prnetdb.h"
|
||||
#include "nss.h"
|
||||
|
||||
#include "sslsample.h"
|
||||
|
||||
#define RD_BUF_SIZE (60 * 1024)
|
||||
|
||||
extern int ssl2CipherSuites[];
|
||||
extern int ssl3CipherSuites[];
|
||||
|
||||
GlobalThreadMgr threadMGR;
|
||||
char *certNickname = NULL;
|
||||
char *hostName = NULL;
|
||||
char *password = NULL;
|
||||
unsigned short port = 0;
|
||||
|
||||
static void
|
||||
Usage(const char *progName)
|
||||
{
|
||||
fprintf(stderr,
|
||||
"Usage: %s [-n rsa_nickname] [-p port] [-d dbdir] [-c connections]\n"
|
||||
" [-w dbpasswd] [-C cipher(s)] hostname\n",
|
||||
progName);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
PRFileDesc *
|
||||
setupSSLSocket(PRNetAddr *addr)
|
||||
{
|
||||
PRFileDesc *tcpSocket;
|
||||
PRFileDesc *sslSocket;
|
||||
PRSocketOptionData socketOption;
|
||||
PRStatus prStatus;
|
||||
SECStatus secStatus;
|
||||
|
||||
#if 0
|
||||
retry:
|
||||
#endif
|
||||
|
||||
tcpSocket = PR_NewTCPSocket();
|
||||
if (tcpSocket == NULL) {
|
||||
errWarn("PR_NewTCPSocket");
|
||||
}
|
||||
|
||||
/* Make the socket blocking. */
|
||||
socketOption.option = PR_SockOpt_Nonblocking;
|
||||
socketOption.value.non_blocking = PR_FALSE;
|
||||
|
||||
prStatus = PR_SetSocketOption(tcpSocket, &socketOption);
|
||||
if (prStatus != PR_SUCCESS) {
|
||||
errWarn("PR_SetSocketOption");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
#if 0
|
||||
/* Verify that a connection can be made to the socket. */
|
||||
prStatus = PR_Connect(tcpSocket, addr, PR_INTERVAL_NO_TIMEOUT);
|
||||
if (prStatus != PR_SUCCESS) {
|
||||
PRErrorCode err = PR_GetError();
|
||||
if (err == PR_CONNECT_REFUSED_ERROR) {
|
||||
PR_Close(tcpSocket);
|
||||
PR_Sleep(PR_MillisecondsToInterval(10));
|
||||
fprintf(stderr, "Connection to port refused, retrying.\n");
|
||||
goto retry;
|
||||
}
|
||||
errWarn("PR_Connect");
|
||||
goto loser;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Import the socket into the SSL layer. */
|
||||
sslSocket = SSL_ImportFD(NULL, tcpSocket);
|
||||
if (!sslSocket) {
|
||||
errWarn("SSL_ImportFD");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
/* Set configuration options. */
|
||||
secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_OptionSet:SSL_SECURITY");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_CLIENT");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
/* Set SSL callback routines. */
|
||||
secStatus = SSL_GetClientAuthDataHook(sslSocket,
|
||||
(SSLGetClientAuthData)myGetClientAuthData,
|
||||
(void *)certNickname);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_GetClientAuthDataHook");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
secStatus = SSL_AuthCertificateHook(sslSocket,
|
||||
(SSLAuthCertificate)myAuthCertificate,
|
||||
(void *)CERT_GetDefaultCertDB());
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_AuthCertificateHook");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
secStatus = SSL_BadCertHook(sslSocket,
|
||||
(SSLBadCertHandler)myBadCertHandler, NULL);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_BadCertHook");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
secStatus = SSL_HandshakeCallback(sslSocket,
|
||||
myHandshakeCallback,
|
||||
NULL);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_HandshakeCallback");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
return sslSocket;
|
||||
|
||||
loser:
|
||||
|
||||
PR_Close(tcpSocket);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
const char requestString[] = {"GET /testfile HTTP/1.0\r\n\r\n" };
|
||||
|
||||
SECStatus
|
||||
handle_connection(PRFileDesc *sslSocket, int connection)
|
||||
{
|
||||
int countRead = 0;
|
||||
PRInt32 numBytes;
|
||||
char *readBuffer;
|
||||
|
||||
readBuffer = PORT_Alloc(RD_BUF_SIZE);
|
||||
if (!readBuffer) {
|
||||
exitErr("PORT_Alloc");
|
||||
}
|
||||
|
||||
/* compose the http request here. */
|
||||
|
||||
numBytes = PR_Write(sslSocket, requestString, strlen(requestString));
|
||||
if (numBytes <= 0) {
|
||||
errWarn("PR_Write");
|
||||
PR_Free(readBuffer);
|
||||
readBuffer = NULL;
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/* read until EOF */
|
||||
while (PR_TRUE) {
|
||||
numBytes = PR_Read(sslSocket, readBuffer, RD_BUF_SIZE);
|
||||
if (numBytes == 0) {
|
||||
break; /* EOF */
|
||||
}
|
||||
if (numBytes < 0) {
|
||||
errWarn("PR_Read");
|
||||
break;
|
||||
}
|
||||
countRead += numBytes;
|
||||
fprintf(stderr, "***** Connection %d read %d bytes (%d total).\n",
|
||||
connection, numBytes, countRead );
|
||||
readBuffer[numBytes] = '\0';
|
||||
fprintf(stderr, "************\n%s\n************\n", readBuffer);
|
||||
}
|
||||
|
||||
printSecurityInfo(sslSocket);
|
||||
|
||||
PR_Free(readBuffer);
|
||||
readBuffer = NULL;
|
||||
|
||||
/* Caller closes the socket. */
|
||||
|
||||
fprintf(stderr,
|
||||
"***** Connection %d read %d bytes total.\n",
|
||||
connection, countRead);
|
||||
|
||||
return SECSuccess; /* success */
|
||||
}
|
||||
|
||||
/* one copy of this function is launched in a separate thread for each
|
||||
** connection to be made.
|
||||
*/
|
||||
SECStatus
|
||||
do_connects(void *a, int connection)
|
||||
{
|
||||
PRNetAddr *addr = (PRNetAddr *)a;
|
||||
PRFileDesc *sslSocket;
|
||||
PRHostEnt hostEntry;
|
||||
char buffer[PR_NETDB_BUF_SIZE];
|
||||
PRStatus prStatus;
|
||||
PRIntn hostenum;
|
||||
SECStatus secStatus;
|
||||
|
||||
/* Set up SSL secure socket. */
|
||||
sslSocket = setupSSLSocket(addr);
|
||||
if (sslSocket == NULL) {
|
||||
errWarn("setupSSLSocket");
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
secStatus = SSL_SetPKCS11PinArg(sslSocket, password);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_SetPKCS11PinArg");
|
||||
return secStatus;
|
||||
}
|
||||
|
||||
secStatus = SSL_SetURL(sslSocket, hostName);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_SetURL");
|
||||
return secStatus;
|
||||
}
|
||||
|
||||
/* Prepare and setup network connection. */
|
||||
prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry);
|
||||
if (prStatus != PR_SUCCESS) {
|
||||
errWarn("PR_GetHostByName");
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
hostenum = PR_EnumerateHostEnt(0, &hostEntry, port, addr);
|
||||
if (hostenum == -1) {
|
||||
errWarn("PR_EnumerateHostEnt");
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
prStatus = PR_Connect(sslSocket, addr, PR_INTERVAL_NO_TIMEOUT);
|
||||
if (prStatus != PR_SUCCESS) {
|
||||
errWarn("PR_Connect");
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/* Established SSL connection, ready to send data. */
|
||||
#if 0
|
||||
secStatus = SSL_ForceHandshake(sslSocket);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_ForceHandshake");
|
||||
return secStatus;
|
||||
}
|
||||
#endif
|
||||
|
||||
secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_FALSE);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_ResetHandshake");
|
||||
prStatus = PR_Close(sslSocket);
|
||||
if (prStatus != PR_SUCCESS) {
|
||||
errWarn("PR_Close");
|
||||
}
|
||||
return secStatus;
|
||||
}
|
||||
|
||||
secStatus = handle_connection(sslSocket, connection);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("handle_connection");
|
||||
return secStatus;
|
||||
}
|
||||
|
||||
PR_Close(sslSocket);
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
void
|
||||
client_main(unsigned short port,
|
||||
int connections,
|
||||
const char * hostName)
|
||||
{
|
||||
int i;
|
||||
SECStatus secStatus;
|
||||
PRStatus prStatus;
|
||||
PRInt32 rv;
|
||||
PRNetAddr addr;
|
||||
PRHostEnt hostEntry;
|
||||
char buffer[256];
|
||||
|
||||
/* Setup network connection. */
|
||||
prStatus = PR_GetHostByName(hostName, buffer, 256, &hostEntry);
|
||||
if (prStatus != PR_SUCCESS) {
|
||||
exitErr("PR_GetHostByName");
|
||||
}
|
||||
|
||||
rv = PR_EnumerateHostEnt(0, &hostEntry, port, &addr);
|
||||
if (rv < 0) {
|
||||
exitErr("PR_EnumerateHostEnt");
|
||||
}
|
||||
|
||||
secStatus = launch_thread(&threadMGR, do_connects, &addr, 1);
|
||||
if (secStatus != SECSuccess) {
|
||||
exitErr("launch_thread");
|
||||
}
|
||||
|
||||
if (connections > 1) {
|
||||
/* wait for the first connection to terminate, then launch the rest. */
|
||||
reap_threads(&threadMGR);
|
||||
/* Start up the connections */
|
||||
for (i = 2; i <= connections; ++i) {
|
||||
secStatus = launch_thread(&threadMGR, do_connects, &addr, i);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("launch_thread");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
reap_threads(&threadMGR);
|
||||
destroy_thread_data(&threadMGR);
|
||||
}
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
char * certDir = ".";
|
||||
char * progName = NULL;
|
||||
int connections = 1;
|
||||
char * cipherString = NULL;
|
||||
SECStatus secStatus;
|
||||
PLOptState * optstate;
|
||||
PLOptStatus status;
|
||||
|
||||
/* Call the NSPR initialization routines */
|
||||
PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
|
||||
|
||||
progName = PL_strdup(argv[0]);
|
||||
|
||||
hostName = NULL;
|
||||
optstate = PL_CreateOptState(argc, argv, "C:c:d:n:p:w:");
|
||||
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
|
||||
switch(optstate->option) {
|
||||
case 'C' : cipherString = PL_strdup(optstate->value); break;
|
||||
case 'c' : connections = PORT_Atoi(optstate->value); break;
|
||||
case 'd' : certDir = PL_strdup(optstate->value); break;
|
||||
case 'n' : certNickname = PL_strdup(optstate->value); break;
|
||||
case 'p' : port = PORT_Atoi(optstate->value); break;
|
||||
case 'w' : password = PL_strdup(optstate->value); break;
|
||||
case '\0': hostName = PL_strdup(optstate->value); break;
|
||||
default : Usage(progName);
|
||||
}
|
||||
}
|
||||
|
||||
if (port == 0 || hostName == NULL)
|
||||
Usage(progName);
|
||||
|
||||
if (certDir == NULL) {
|
||||
certDir = PR_smprintf("%s/.netscape", getenv("HOME"));
|
||||
}
|
||||
|
||||
/* Set our password function callback. */
|
||||
PK11_SetPasswordFunc(myPasswd);
|
||||
|
||||
/* Initialize the NSS libraries. */
|
||||
secStatus = NSS_Init(certDir);
|
||||
if (secStatus != SECSuccess) {
|
||||
exitErr("NSS_Init");
|
||||
}
|
||||
|
||||
/* All cipher suites except RSA_NULL_MD5 are enabled by Domestic Policy. */
|
||||
NSS_SetDomesticPolicy();
|
||||
SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE);
|
||||
|
||||
/* all the SSL2 and SSL3 cipher suites are enabled by default. */
|
||||
if (cipherString) {
|
||||
int ndx;
|
||||
|
||||
/* disable all the ciphers, then enable the ones we want. */
|
||||
disableAllSSLCiphers();
|
||||
|
||||
while (0 != (ndx = *cipherString++)) {
|
||||
int *cptr;
|
||||
int cipher;
|
||||
|
||||
if (! isalpha(ndx))
|
||||
Usage(progName);
|
||||
cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
|
||||
for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
|
||||
/* do nothing */;
|
||||
if (cipher) {
|
||||
SSL_CipherPrefSetDefault(cipher, PR_TRUE);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
client_main(port, connections, hostName);
|
||||
|
||||
if (NSS_Shutdown() != SECSuccess) {
|
||||
exit(1);
|
||||
}
|
||||
PR_Cleanup();
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,50 +0,0 @@
|
||||
# ***** BEGIN LICENSE BLOCK *****
|
||||
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
#
|
||||
# The contents of this file are subject to the Mozilla Public License Version
|
||||
# 1.1 (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
# http://www.mozilla.org/MPL/
|
||||
#
|
||||
# Software distributed under the License is distributed on an "AS IS" basis,
|
||||
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
# for the specific language governing rights and limitations under the
|
||||
# License.
|
||||
#
|
||||
# The Original Code is the Netscape security libraries.
|
||||
#
|
||||
# The Initial Developer of the Original Code is
|
||||
# Netscape Communications Corporation.
|
||||
# Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
# the Initial Developer. All Rights Reserved.
|
||||
#
|
||||
# Contributor(s):
|
||||
#
|
||||
# Alternatively, the contents of this file may be used under the terms of
|
||||
# either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
# of those above. If you wish to allow use of your version of this file only
|
||||
# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
# use your version of this file under the terms of the MPL, indicate your
|
||||
# decision by deleting the provisions above and replace them with the notice
|
||||
# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
# the provisions above, a recipient may use your version of this file under
|
||||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
|
||||
CORE_DEPTH = ../../..
|
||||
|
||||
MODULE = nss
|
||||
|
||||
EXPORTS =
|
||||
|
||||
CSRCS = client.c \
|
||||
sslsample.c \
|
||||
$(NULL)
|
||||
|
||||
PROGRAM = client
|
||||
|
||||
IMPORTS = nss/lib/nss
|
||||
|
@ -1,81 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# ***** BEGIN LICENSE BLOCK *****
|
||||
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
#
|
||||
# The contents of this file are subject to the Mozilla Public License Version
|
||||
# 1.1 (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
# http://www.mozilla.org/MPL/
|
||||
#
|
||||
# Software distributed under the License is distributed on an "AS IS" basis,
|
||||
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
# for the specific language governing rights and limitations under the
|
||||
# License.
|
||||
#
|
||||
# The Original Code is the Netscape security libraries.
|
||||
#
|
||||
# The Initial Developer of the Original Code is
|
||||
# Netscape Communications Corporation.
|
||||
# Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
# the Initial Developer. All Rights Reserved.
|
||||
#
|
||||
# Contributor(s):
|
||||
#
|
||||
# Alternatively, the contents of this file may be used under the terms of
|
||||
# either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
# of those above. If you wish to allow use of your version of this file only
|
||||
# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
# use your version of this file under the terms of the MPL, indicate your
|
||||
# decision by deleting the provisions above and replace them with the notice
|
||||
# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
# the provisions above, a recipient may use your version of this file under
|
||||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
|
||||
# Directory for db's, use in all subsequent -d flags.
|
||||
rm -rf SampleCertDBs
|
||||
mkdir SampleCertDBs
|
||||
|
||||
# Password to use.
|
||||
echo sample > passfile
|
||||
|
||||
# Generate the db files, using the above password.
|
||||
certutil -N -d SampleCertDBs -f passfile
|
||||
|
||||
# Generate the CA cert. This cert is self-signed and only useful for
|
||||
# test purposes. Set the trust bits to allow it to sign SSL client/server
|
||||
# certs.
|
||||
certutil -S -n SampleRootCA -x -t "CTu,CTu,CTu" \
|
||||
-s "CN=My Sample Root CA, O=My Organization" \
|
||||
-m 25000 -o ./SampleCertDBs/SampleRootCA.crt \
|
||||
-d SampleCertDBs -f passfile
|
||||
|
||||
# Generate the server cert. This cert is signed by the CA cert generated
|
||||
# above. The CN must be hostname.domain.[com|org|net|...].
|
||||
certutil -S -n SampleSSLServerCert -c SampleRootCA -t "u,u,u" \
|
||||
-s "CN=$HOSTNAME.$MYDOMAIN, O=$HOSTNAME Corp." \
|
||||
-m 25001 -o ./SampleCertDBs/SampleSSLServer.crt \
|
||||
-d SampleCertDBs -f passfile
|
||||
|
||||
# Generate the client cert. This cert is signed by the CA cert generated
|
||||
# above.
|
||||
certutil -S -n SampleSSLClientCert -c SampleRootCA -t "u,u,u" \
|
||||
-s "CN=My Client Cert, O=Client Organization" \
|
||||
-m 25002 -o ./SampleCertDBs/SampleSSLClient.crt \
|
||||
-d SampleCertDBs -f passfile
|
||||
|
||||
# Verify the certificates.
|
||||
certutil -V -u V -n SampleSSLServerCert -d SampleCertDBs
|
||||
certutil -V -u C -n SampleSSLClientCert -d SampleCertDBs
|
||||
|
||||
# Remove unneccessary files.
|
||||
rm -f passfile
|
||||
rm -f tempcert*
|
||||
|
||||
# You are now ready to run your client/server! Example command lines:
|
||||
# server -n SampleSSLServerCert -p 8080 -d SampleCertDBs -w sample -c e -R
|
||||
# client -n SampleSSLClientCert -p 8080 -d SampleCertDBs -w sample -c 2 trane.mcom.com
|
@ -1,81 +0,0 @@
|
||||
#! gmake
|
||||
#
|
||||
# ***** BEGIN LICENSE BLOCK *****
|
||||
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
#
|
||||
# The contents of this file are subject to the Mozilla Public License Version
|
||||
# 1.1 (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
# http://www.mozilla.org/MPL/
|
||||
#
|
||||
# Software distributed under the License is distributed on an "AS IS" basis,
|
||||
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
# for the specific language governing rights and limitations under the
|
||||
# License.
|
||||
#
|
||||
# The Original Code is the Netscape security libraries.
|
||||
#
|
||||
# The Initial Developer of the Original Code is
|
||||
# Netscape Communications Corporation.
|
||||
# Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
# the Initial Developer. All Rights Reserved.
|
||||
#
|
||||
# Contributor(s):
|
||||
#
|
||||
# Alternatively, the contents of this file may be used under the terms of
|
||||
# either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
# of those above. If you wish to allow use of your version of this file only
|
||||
# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
# use your version of this file under the terms of the MPL, indicate your
|
||||
# decision by deleting the provisions above and replace them with the notice
|
||||
# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
# the provisions above, a recipient may use your version of this file under
|
||||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
|
||||
#######################################################################
|
||||
# (1) Include initial platform-independent assignments (MANDATORY). #
|
||||
#######################################################################
|
||||
|
||||
include client.mn
|
||||
|
||||
#######################################################################
|
||||
# (2) Include "global" configuration information. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
include $(CORE_DEPTH)/coreconf/config.mk
|
||||
|
||||
#######################################################################
|
||||
# (3) Include "component" configuration information. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
#include $(CORE_DEPTH)/$(MODULE)/config/config.mk
|
||||
|
||||
#######################################################################
|
||||
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
|
||||
#######################################################################
|
||||
|
||||
include ../platlibs.mk
|
||||
|
||||
#######################################################################
|
||||
# (5) Execute "global" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
|
||||
#######################################################################
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
#######################################################################
|
||||
|
||||
#CC = cc
|
||||
|
||||
|
@ -1,80 +0,0 @@
|
||||
#! gmake
|
||||
#
|
||||
# ***** BEGIN LICENSE BLOCK *****
|
||||
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
#
|
||||
# The contents of this file are subject to the Mozilla Public License Version
|
||||
# 1.1 (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
# http://www.mozilla.org/MPL/
|
||||
#
|
||||
# Software distributed under the License is distributed on an "AS IS" basis,
|
||||
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
# for the specific language governing rights and limitations under the
|
||||
# License.
|
||||
#
|
||||
# The Original Code is the Netscape security libraries.
|
||||
#
|
||||
# The Initial Developer of the Original Code is
|
||||
# Netscape Communications Corporation.
|
||||
# Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
# the Initial Developer. All Rights Reserved.
|
||||
#
|
||||
# Contributor(s):
|
||||
#
|
||||
# Alternatively, the contents of this file may be used under the terms of
|
||||
# either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
# of those above. If you wish to allow use of your version of this file only
|
||||
# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
# use your version of this file under the terms of the MPL, indicate your
|
||||
# decision by deleting the provisions above and replace them with the notice
|
||||
# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
# the provisions above, a recipient may use your version of this file under
|
||||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
|
||||
#######################################################################
|
||||
# (1) Include initial platform-independent assignments (MANDATORY). #
|
||||
#######################################################################
|
||||
|
||||
include server.mn
|
||||
|
||||
#######################################################################
|
||||
# (2) Include "global" configuration information. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
include $(CORE_DEPTH)/coreconf/config.mk
|
||||
|
||||
#######################################################################
|
||||
# (3) Include "component" configuration information. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
#include $(CORE_DEPTH)/$(MODULE)/config/config.mk
|
||||
|
||||
#######################################################################
|
||||
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
|
||||
#######################################################################
|
||||
|
||||
include ../platlibs.mk
|
||||
|
||||
#######################################################################
|
||||
# (5) Execute "global" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
include $(CORE_DEPTH)/coreconf/rules.mk
|
||||
|
||||
#######################################################################
|
||||
# (6) Execute "component" rules. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
||||
|
||||
|
||||
#######################################################################
|
||||
# (7) Execute "local" rules. (OPTIONAL). #
|
||||
#######################################################################
|
||||
|
||||
|
||||
|
@ -1,821 +0,0 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
/****************************************************************************
|
||||
* SSL server program listens on a port, accepts client connection, reads *
|
||||
* request and responds to it *
|
||||
****************************************************************************/
|
||||
|
||||
/* Generic header files */
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
/* NSPR header files */
|
||||
|
||||
#include "nspr.h"
|
||||
#include "plgetopt.h"
|
||||
#include "prerror.h"
|
||||
#include "prnetdb.h"
|
||||
|
||||
/* NSS header files */
|
||||
|
||||
#include "pk11func.h"
|
||||
#include "secitem.h"
|
||||
#include "ssl.h"
|
||||
#include "certt.h"
|
||||
#include "nss.h"
|
||||
#include "secder.h"
|
||||
#include "key.h"
|
||||
#include "sslproto.h"
|
||||
|
||||
/* Custom header files */
|
||||
|
||||
#include "sslsample.h"
|
||||
|
||||
#ifndef PORT_Sprintf
|
||||
#define PORT_Sprintf sprintf
|
||||
#endif
|
||||
|
||||
#define REQUEST_CERT_ONCE 1
|
||||
#define REQUIRE_CERT_ONCE 2
|
||||
#define REQUEST_CERT_ALL 3
|
||||
#define REQUIRE_CERT_ALL 4
|
||||
|
||||
/* Global variables */
|
||||
GlobalThreadMgr threadMGR;
|
||||
char *password = NULL;
|
||||
CERTCertificate *cert = NULL;
|
||||
SECKEYPrivateKey *privKey = NULL;
|
||||
int stopping;
|
||||
|
||||
static void
|
||||
Usage(const char *progName)
|
||||
{
|
||||
fprintf(stderr,
|
||||
|
||||
"Usage: %s -n rsa_nickname -p port [-3RFrf] [-w password]\n"
|
||||
" [-c ciphers] [-d dbdir] \n"
|
||||
"-3 means disable SSL v3\n"
|
||||
"-r means request certificate on first handshake.\n"
|
||||
"-f means require certificate on first handshake.\n"
|
||||
"-R means request certificate on all handshakes.\n"
|
||||
"-F means require certificate on all handshakes.\n"
|
||||
"-c ciphers Letter(s) chosen from the following list\n"
|
||||
"A SSL2 RC4 128 WITH MD5\n"
|
||||
"B SSL2 RC4 128 EXPORT40 WITH MD5\n"
|
||||
"C SSL2 RC2 128 CBC WITH MD5\n"
|
||||
"D SSL2 RC2 128 CBC EXPORT40 WITH MD5\n"
|
||||
"E SSL2 DES 64 CBC WITH MD5\n"
|
||||
"F SSL2 DES 192 EDE3 CBC WITH MD5\n"
|
||||
"\n"
|
||||
"c SSL3 RSA WITH RC4 128 MD5\n"
|
||||
"d SSL3 RSA WITH 3DES EDE CBC SHA\n"
|
||||
"e SSL3 RSA WITH DES CBC SHA\n"
|
||||
"f SSL3 RSA EXPORT WITH RC4 40 MD5\n"
|
||||
"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
|
||||
"i SSL3 RSA WITH NULL MD5\n"
|
||||
"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
|
||||
"k SSL3 RSA FIPS WITH DES CBC SHA\n"
|
||||
"l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n"
|
||||
"m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n",
|
||||
progName);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/* Function: readDataFromSocket()
|
||||
*
|
||||
* Purpose: Parse an HTTP request by reading data from a GET or POST.
|
||||
*
|
||||
*/
|
||||
SECStatus
|
||||
readDataFromSocket(PRFileDesc *sslSocket, DataBuffer *buffer, char **fileName)
|
||||
{
|
||||
char *post;
|
||||
int numBytes = 0;
|
||||
int newln = 0; /* # of consecutive newlns */
|
||||
|
||||
/* Read data while it comes in from the socket. */
|
||||
while (PR_TRUE) {
|
||||
buffer->index = 0;
|
||||
newln = 0;
|
||||
|
||||
/* Read the buffer. */
|
||||
numBytes = PR_Read(sslSocket, &buffer->data[buffer->index],
|
||||
buffer->remaining);
|
||||
if (numBytes <= 0) {
|
||||
errWarn("PR_Read");
|
||||
return SECFailure;
|
||||
}
|
||||
buffer->dataEnd = buffer->dataStart + numBytes;
|
||||
|
||||
/* Parse the input, starting at the beginning of the buffer.
|
||||
* Stop when we detect two consecutive \n's (or \r\n's)
|
||||
* as this signifies the end of the GET or POST portion.
|
||||
* The posted data follows.
|
||||
*/
|
||||
while (buffer->index < buffer->dataEnd && newln < 2) {
|
||||
int octet = buffer->data[buffer->index++];
|
||||
if (octet == '\n') {
|
||||
newln++;
|
||||
} else if (octet != '\r') {
|
||||
newln = 0;
|
||||
}
|
||||
}
|
||||
|
||||
/* Came to the end of the buffer, or second newline.
|
||||
* If we didn't get an empty line ("\r\n\r\n"), then keep on reading.
|
||||
*/
|
||||
if (newln < 2)
|
||||
continue;
|
||||
|
||||
/* we're at the end of the HTTP request.
|
||||
* If the request is a POST, then there will be one more
|
||||
* line of data.
|
||||
* This parsing is a hack, but ok for SSL test purposes.
|
||||
*/
|
||||
post = PORT_Strstr(buffer->data, "POST ");
|
||||
if (!post || *post != 'P')
|
||||
break;
|
||||
|
||||
/* It's a post, so look for the next and final CR/LF. */
|
||||
/* We should parse content length here, but ... */
|
||||
while (buffer->index < buffer->dataEnd && newln < 3) {
|
||||
int octet = buffer->data[buffer->index++];
|
||||
if (octet == '\n') {
|
||||
newln++;
|
||||
}
|
||||
}
|
||||
|
||||
if (newln == 3)
|
||||
break;
|
||||
}
|
||||
|
||||
/* Have either (a) a complete get, (b) a complete post, (c) EOF */
|
||||
|
||||
/* Execute a "GET " operation. */
|
||||
if (buffer->index > 0 && PORT_Strncmp(buffer->data, "GET ", 4) == 0) {
|
||||
int fnLength;
|
||||
|
||||
/* File name is the part after "GET ". */
|
||||
fnLength = strcspn(buffer->data + 5, " \r\n");
|
||||
*fileName = (char *)PORT_Alloc(fnLength + 1);
|
||||
PORT_Strncpy(*fileName, buffer->data + 5, fnLength);
|
||||
(*fileName)[fnLength] = '\0';
|
||||
}
|
||||
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
/* Function: authenticateSocket()
|
||||
*
|
||||
* Purpose: Configure a socket for SSL.
|
||||
*
|
||||
*
|
||||
*/
|
||||
PRFileDesc *
|
||||
setupSSLSocket(PRFileDesc *tcpSocket, int requestCert)
|
||||
{
|
||||
PRFileDesc *sslSocket;
|
||||
SSLKEAType certKEA;
|
||||
int certErr = 0;
|
||||
SECStatus secStatus;
|
||||
|
||||
/* Set the appropriate flags. */
|
||||
|
||||
sslSocket = SSL_ImportFD(NULL, tcpSocket);
|
||||
if (sslSocket == NULL) {
|
||||
errWarn("SSL_ImportFD");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_OptionSet SSL_SECURITY");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_SERVER, PR_TRUE);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_SERVER");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
secStatus = SSL_OptionSet(sslSocket, SSL_REQUEST_CERTIFICATE,
|
||||
(requestCert >= REQUEST_CERT_ONCE));
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_OptionSet:SSL_REQUEST_CERTIFICATE");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
secStatus = SSL_OptionSet(sslSocket, SSL_REQUIRE_CERTIFICATE,
|
||||
(requestCert == REQUIRE_CERT_ONCE));
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_OptionSet:SSL_REQUIRE_CERTIFICATE");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
/* Set the appropriate callback routines. */
|
||||
|
||||
secStatus = SSL_AuthCertificateHook(sslSocket, myAuthCertificate,
|
||||
CERT_GetDefaultCertDB());
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_AuthCertificateHook");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
secStatus = SSL_BadCertHook(sslSocket,
|
||||
(SSLBadCertHandler)myBadCertHandler, &certErr);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_BadCertHook");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
secStatus = SSL_HandshakeCallback(sslSocket,
|
||||
myHandshakeCallback,
|
||||
NULL);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_HandshakeCallback");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
secStatus = SSL_SetPKCS11PinArg(sslSocket, password);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_HandshakeCallback");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
certKEA = NSS_FindCertKEAType(cert);
|
||||
|
||||
secStatus = SSL_ConfigSecureServer(sslSocket, cert, privKey, certKEA);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_ConfigSecureServer");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
return sslSocket;
|
||||
|
||||
loser:
|
||||
|
||||
PR_Close(tcpSocket);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* Function: authenticateSocket()
|
||||
*
|
||||
* Purpose: Perform client authentication on the socket.
|
||||
*
|
||||
*/
|
||||
SECStatus
|
||||
authenticateSocket(PRFileDesc *sslSocket, PRBool requireCert)
|
||||
{
|
||||
CERTCertificate *cert;
|
||||
SECStatus secStatus;
|
||||
|
||||
/* Returns NULL if client authentication is not enabled or if the
|
||||
* client had no certificate. */
|
||||
cert = SSL_PeerCertificate(sslSocket);
|
||||
if (cert) {
|
||||
/* Client had a certificate, so authentication is through. */
|
||||
CERT_DestroyCertificate(cert);
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
/* Request client to authenticate itself. */
|
||||
secStatus = SSL_OptionSet(sslSocket, SSL_REQUEST_CERTIFICATE, PR_TRUE);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_OptionSet:SSL_REQUEST_CERTIFICATE");
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/* If desired, require client to authenticate itself. Note
|
||||
* SSL_REQUEST_CERTIFICATE must also be on, as above. */
|
||||
secStatus = SSL_OptionSet(sslSocket, SSL_REQUIRE_CERTIFICATE, requireCert);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_OptionSet:SSL_REQUIRE_CERTIFICATE");
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/* Having changed socket configuration parameters, redo handshake. */
|
||||
secStatus = SSL_ReHandshake(sslSocket, PR_TRUE);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_ReHandshake");
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/* Force the handshake to complete before moving on. */
|
||||
secStatus = SSL_ForceHandshake(sslSocket);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_ForceHandshake");
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
/* Function: writeDataToSocket
|
||||
*
|
||||
* Purpose: Write the client's request back to the socket. If the client
|
||||
* requested a file, dump it to the socket.
|
||||
*
|
||||
*/
|
||||
SECStatus
|
||||
writeDataToSocket(PRFileDesc *sslSocket, DataBuffer *buffer, char *fileName)
|
||||
{
|
||||
int headerLength;
|
||||
int numBytes;
|
||||
char messageBuffer[120];
|
||||
PRFileDesc *local_file_fd = NULL;
|
||||
char header[] = "<html><body><h1>Sample SSL server</h1><br><br>";
|
||||
char filehd[] = "<h2>The file you requested:</h2><br>";
|
||||
char reqhd[] = "<h2>This is your request:</h2><br>";
|
||||
char link[] = "Try getting a <a HREF=\"../testfile\">file</a><br>";
|
||||
char footer[] = "<br><h2>End of request.</h2><br></body></html>";
|
||||
|
||||
headerLength = PORT_Strlen(defaultHeader);
|
||||
|
||||
/* Write a header to the socket. */
|
||||
numBytes = PR_Write(sslSocket, header, PORT_Strlen(header));
|
||||
if (numBytes < 0) {
|
||||
errWarn("PR_Write");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
if (fileName) {
|
||||
PRFileInfo info;
|
||||
PRStatus prStatus;
|
||||
|
||||
/* Try to open the local file named.
|
||||
* If successful, then write it to the client.
|
||||
*/
|
||||
prStatus = PR_GetFileInfo(fileName, &info);
|
||||
if (prStatus != PR_SUCCESS ||
|
||||
info.type != PR_FILE_FILE ||
|
||||
info.size < 0) {
|
||||
PORT_Free(fileName);
|
||||
/* Maybe a GET not sent from client.c? */
|
||||
goto writerequest;
|
||||
}
|
||||
|
||||
local_file_fd = PR_Open(fileName, PR_RDONLY, 0);
|
||||
if (local_file_fd == NULL) {
|
||||
PORT_Free(fileName);
|
||||
goto writerequest;
|
||||
}
|
||||
|
||||
/* Write a header to the socket. */
|
||||
numBytes = PR_Write(sslSocket, filehd, PORT_Strlen(filehd));
|
||||
if (numBytes < 0) {
|
||||
errWarn("PR_Write");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
/* Transmit the local file prepended by the default header
|
||||
* across the socket.
|
||||
*/
|
||||
numBytes = PR_TransmitFile(sslSocket, local_file_fd,
|
||||
defaultHeader, headerLength,
|
||||
PR_TRANSMITFILE_KEEP_OPEN,
|
||||
PR_INTERVAL_NO_TIMEOUT);
|
||||
|
||||
/* Error in transmission. */
|
||||
if (numBytes < 0) {
|
||||
errWarn("PR_TransmitFile");
|
||||
/*
|
||||
i = PORT_Strlen(errString);
|
||||
PORT_Memcpy(buf, errString, i);
|
||||
*/
|
||||
/* Transmitted bytes successfully. */
|
||||
} else {
|
||||
numBytes -= headerLength;
|
||||
fprintf(stderr, "PR_TransmitFile wrote %d bytes from %s\n",
|
||||
numBytes, fileName);
|
||||
}
|
||||
|
||||
PORT_Free(fileName);
|
||||
PR_Close(local_file_fd);
|
||||
}
|
||||
|
||||
writerequest:
|
||||
|
||||
/* Write a header to the socket. */
|
||||
numBytes = PR_Write(sslSocket, reqhd, PORT_Strlen(reqhd));
|
||||
if (numBytes < 0) {
|
||||
errWarn("PR_Write");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
/* Write the buffer data to the socket. */
|
||||
if (buffer->index <= 0) {
|
||||
/* Reached the EOF. Report incomplete transaction to socket. */
|
||||
PORT_Sprintf(messageBuffer,
|
||||
"GET or POST incomplete after %d bytes.\r\n",
|
||||
buffer->dataEnd);
|
||||
numBytes = PR_Write(sslSocket, messageBuffer,
|
||||
PORT_Strlen(messageBuffer));
|
||||
if (numBytes < 0) {
|
||||
errWarn("PR_Write");
|
||||
goto loser;
|
||||
}
|
||||
} else {
|
||||
/* Display the buffer data. */
|
||||
fwrite(buffer->data, 1, buffer->index, stdout);
|
||||
/* Write the buffer data to the socket. */
|
||||
numBytes = PR_Write(sslSocket, buffer->data, buffer->index);
|
||||
if (numBytes < 0) {
|
||||
errWarn("PR_Write");
|
||||
goto loser;
|
||||
}
|
||||
/* Display security information for the socket. */
|
||||
printSecurityInfo(sslSocket);
|
||||
/* Write any discarded data out to the socket. */
|
||||
if (buffer->index < buffer->dataEnd) {
|
||||
PORT_Sprintf(buffer->data, "Discarded %d characters.\r\n",
|
||||
buffer->dataEnd - buffer->index);
|
||||
numBytes = PR_Write(sslSocket, buffer->data,
|
||||
PORT_Strlen(buffer->data));
|
||||
if (numBytes < 0) {
|
||||
errWarn("PR_Write");
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Write a footer to the socket. */
|
||||
numBytes = PR_Write(sslSocket, footer, PORT_Strlen(footer));
|
||||
if (numBytes < 0) {
|
||||
errWarn("PR_Write");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
/* Write a link to the socket. */
|
||||
numBytes = PR_Write(sslSocket, link, PORT_Strlen(link));
|
||||
if (numBytes < 0) {
|
||||
errWarn("PR_Write");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
/* Complete the HTTP transaction. */
|
||||
numBytes = PR_Write(sslSocket, "EOF\r\n\r\n\r\n", 9);
|
||||
if (numBytes < 0) {
|
||||
errWarn("PR_Write");
|
||||
goto loser;
|
||||
}
|
||||
|
||||
/* Do a nice shutdown if asked. */
|
||||
if (!strncmp(buffer->data, stopCmd, strlen(stopCmd))) {
|
||||
stopping = 1;
|
||||
}
|
||||
return SECSuccess;
|
||||
|
||||
loser:
|
||||
|
||||
/* Do a nice shutdown if asked. */
|
||||
if (!strncmp(buffer->data, stopCmd, strlen(stopCmd))) {
|
||||
stopping = 1;
|
||||
}
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/* Function: int handle_connection()
|
||||
*
|
||||
* Purpose: Thread to handle a connection to a socket.
|
||||
*
|
||||
*/
|
||||
SECStatus
|
||||
handle_connection(void *tcp_sock, int requestCert)
|
||||
{
|
||||
PRFileDesc * tcpSocket = (PRFileDesc *)tcp_sock;
|
||||
PRFileDesc * sslSocket = NULL;
|
||||
SECStatus secStatus = SECFailure;
|
||||
PRStatus prStatus;
|
||||
PRSocketOptionData socketOption;
|
||||
DataBuffer buffer;
|
||||
char * fileName = NULL;
|
||||
|
||||
/* Initialize the data buffer. */
|
||||
memset(buffer.data, 0, BUFFER_SIZE);
|
||||
buffer.remaining = BUFFER_SIZE;
|
||||
buffer.index = 0;
|
||||
buffer.dataStart = 0;
|
||||
buffer.dataEnd = 0;
|
||||
|
||||
/* Make sure the socket is blocking. */
|
||||
socketOption.option = PR_SockOpt_Nonblocking;
|
||||
socketOption.value.non_blocking = PR_FALSE;
|
||||
PR_SetSocketOption(tcpSocket, &socketOption);
|
||||
|
||||
sslSocket = setupSSLSocket(tcpSocket, requestCert);
|
||||
if (sslSocket == NULL) {
|
||||
errWarn("setupSSLSocket");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_TRUE);
|
||||
if (secStatus != SECSuccess) {
|
||||
errWarn("SSL_ResetHandshake");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* Read data from the socket, parse it for HTTP content.
|
||||
* If the user is requesting/requiring authentication, authenticate
|
||||
* the socket. Then write the result back to the socket. */
|
||||
fprintf(stdout, "\nReading data from socket...\n\n");
|
||||
secStatus = readDataFromSocket(sslSocket, &buffer, &fileName);
|
||||
if (secStatus != SECSuccess) {
|
||||
goto cleanup;
|
||||
}
|
||||
if (requestCert >= REQUEST_CERT_ALL) {
|
||||
fprintf(stdout, "\nAuthentication requested.\n\n");
|
||||
secStatus = authenticateSocket(sslSocket,
|
||||
(requestCert == REQUIRE_CERT_ALL));
|
||||
if (secStatus != SECSuccess) {
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
fprintf(stdout, "\nWriting data to socket...\n\n");
|
||||
secStatus = writeDataToSocket(sslSocket, &buffer, fileName);
|
||||
|
||||
cleanup:
|
||||
|
||||
/* Close down the socket. */
|
||||
prStatus = PR_Close(tcpSocket);
|
||||
if (prStatus != PR_SUCCESS) {
|
||||
errWarn("PR_Close");
|
||||
}
|
||||
|
||||
return secStatus;
|
||||
}
|
||||
|
||||
/* Function: int accept_connection()
|
||||
*
|
||||
* Purpose: Thread to accept a connection to the socket.
|
||||
*
|
||||
*/
|
||||
SECStatus
|
||||
accept_connection(void *listener, int requestCert)
|
||||
{
|
||||
PRFileDesc *listenSocket = (PRFileDesc*)listener;
|
||||
PRNetAddr addr;
|
||||
PRStatus prStatus;
|
||||
|
||||
/* XXX need an SSL socket here? */
|
||||
while (!stopping) {
|
||||
PRFileDesc *tcpSocket;
|
||||
SECStatus result;
|
||||
|
||||
fprintf(stderr, "\n\n\nAbout to call accept.\n");
|
||||
|
||||
/* Accept a connection to the socket. */
|
||||
tcpSocket = PR_Accept(listenSocket, &addr, PR_INTERVAL_NO_TIMEOUT);
|
||||
if (tcpSocket == NULL) {
|
||||
errWarn("PR_Accept");
|
||||
break;
|
||||
}
|
||||
|
||||
/* Accepted the connection, now handle it. */
|
||||
result = launch_thread(&threadMGR, handle_connection,
|
||||
tcpSocket, requestCert);
|
||||
|
||||
if (result != SECSuccess) {
|
||||
prStatus = PR_Close(tcpSocket);
|
||||
if (prStatus != PR_SUCCESS) {
|
||||
exitErr("PR_Close");
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
fprintf(stderr, "Closing listen socket.\n");
|
||||
|
||||
prStatus = PR_Close(listenSocket);
|
||||
if (prStatus != PR_SUCCESS) {
|
||||
exitErr("PR_Close");
|
||||
}
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
/* Function: void server_main()
|
||||
*
|
||||
* Purpose: This is the server's main function. It configures a socket
|
||||
* and listens to it.
|
||||
*
|
||||
*/
|
||||
void
|
||||
server_main(
|
||||
unsigned short port,
|
||||
int requestCert,
|
||||
SECKEYPrivateKey * privKey,
|
||||
CERTCertificate * cert,
|
||||
PRBool disableSSL3)
|
||||
{
|
||||
SECStatus secStatus;
|
||||
PRStatus prStatus;
|
||||
PRFileDesc * listenSocket;
|
||||
PRNetAddr addr;
|
||||
PRSocketOptionData socketOption;
|
||||
|
||||
/* Create a new socket. */
|
||||
listenSocket = PR_NewTCPSocket();
|
||||
if (listenSocket == NULL) {
|
||||
exitErr("PR_NewTCPSocket");
|
||||
}
|
||||
|
||||
/* Set socket to be blocking -
|
||||
* on some platforms the default is nonblocking.
|
||||
*/
|
||||
socketOption.option = PR_SockOpt_Nonblocking;
|
||||
socketOption.value.non_blocking = PR_FALSE;
|
||||
|
||||
prStatus = PR_SetSocketOption(listenSocket, &socketOption);
|
||||
if (prStatus != PR_SUCCESS) {
|
||||
exitErr("PR_SetSocketOption");
|
||||
}
|
||||
|
||||
/* This cipher is not on by default. The Acceptance test
|
||||
* would like it to be. Turn this cipher on.
|
||||
*/
|
||||
secStatus = SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE);
|
||||
if (secStatus != SECSuccess) {
|
||||
exitErr("SSL_CipherPrefSetDefault:SSL_RSA_WITH_NULL_MD5");
|
||||
}
|
||||
|
||||
/* Configure the network connection. */
|
||||
addr.inet.family = PR_AF_INET;
|
||||
addr.inet.ip = PR_INADDR_ANY;
|
||||
addr.inet.port = PR_htons(port);
|
||||
|
||||
/* Bind the address to the listener socket. */
|
||||
prStatus = PR_Bind(listenSocket, &addr);
|
||||
if (prStatus != PR_SUCCESS) {
|
||||
exitErr("PR_Bind");
|
||||
}
|
||||
|
||||
/* Listen for connection on the socket. The second argument is
|
||||
* the maximum size of the queue for pending connections.
|
||||
*/
|
||||
prStatus = PR_Listen(listenSocket, 5);
|
||||
if (prStatus != PR_SUCCESS) {
|
||||
exitErr("PR_Listen");
|
||||
}
|
||||
|
||||
/* Launch thread to handle connections to the socket. */
|
||||
secStatus = launch_thread(&threadMGR, accept_connection,
|
||||
listenSocket, requestCert);
|
||||
if (secStatus != SECSuccess) {
|
||||
PR_Close(listenSocket);
|
||||
} else {
|
||||
reap_threads(&threadMGR);
|
||||
destroy_thread_data(&threadMGR);
|
||||
}
|
||||
}
|
||||
|
||||
/* Function: int main()
|
||||
*
|
||||
* Purpose: Parses command arguments and configures SSL server.
|
||||
*
|
||||
*/
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
char * progName = NULL;
|
||||
char * nickName = NULL;
|
||||
char * cipherString = NULL;
|
||||
char * dir = ".";
|
||||
int requestCert = 0;
|
||||
unsigned short port = 0;
|
||||
SECStatus secStatus;
|
||||
PRBool disableSSL3 = PR_FALSE;
|
||||
PLOptState * optstate;
|
||||
PLOptStatus status;
|
||||
|
||||
/* Zero out the thread manager. */
|
||||
PORT_Memset(&threadMGR, 0, sizeof(threadMGR));
|
||||
|
||||
progName = PL_strdup(argv[0]);
|
||||
|
||||
optstate = PL_CreateOptState(argc, argv, "3FRc:d:fp:n:rw:");
|
||||
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
|
||||
switch(optstate->option) {
|
||||
case '3': disableSSL3 = PR_TRUE; break;
|
||||
case 'F': requestCert = REQUIRE_CERT_ALL; break;
|
||||
case 'R': requestCert = REQUEST_CERT_ALL; break;
|
||||
case 'c': cipherString = PL_strdup(optstate->value); break;
|
||||
case 'd': dir = PL_strdup(optstate->value); break;
|
||||
case 'f': requestCert = REQUIRE_CERT_ONCE; break;
|
||||
case 'n': nickName = PL_strdup(optstate->value); break;
|
||||
case 'p': port = PORT_Atoi(optstate->value); break;
|
||||
case 'r': requestCert = REQUEST_CERT_ONCE; break;
|
||||
case 'w': password = PL_strdup(optstate->value); break;
|
||||
default:
|
||||
case '?': Usage(progName);
|
||||
}
|
||||
}
|
||||
|
||||
if (nickName == NULL || port == 0)
|
||||
Usage(progName);
|
||||
|
||||
/* Call the NSPR initialization routines. */
|
||||
PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
|
||||
|
||||
/* Set the cert database password callback. */
|
||||
PK11_SetPasswordFunc(myPasswd);
|
||||
|
||||
/* Initialize NSS. */
|
||||
secStatus = NSS_Init(dir);
|
||||
if (secStatus != SECSuccess) {
|
||||
exitErr("NSS_Init");
|
||||
}
|
||||
|
||||
/* Set the policy for this server (REQUIRED - no default). */
|
||||
secStatus = NSS_SetDomesticPolicy();
|
||||
if (secStatus != SECSuccess) {
|
||||
exitErr("NSS_SetDomesticPolicy");
|
||||
}
|
||||
|
||||
/* XXX keep this? */
|
||||
/* all the SSL2 and SSL3 cipher suites are enabled by default. */
|
||||
if (cipherString) {
|
||||
int ndx;
|
||||
|
||||
/* disable all the ciphers, then enable the ones we want. */
|
||||
disableAllSSLCiphers();
|
||||
|
||||
while (0 != (ndx = *cipherString++)) {
|
||||
int *cptr;
|
||||
int cipher;
|
||||
|
||||
if (! isalpha(ndx))
|
||||
Usage(progName);
|
||||
cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
|
||||
for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
|
||||
/* do nothing */;
|
||||
if (cipher) {
|
||||
SECStatus status;
|
||||
status = SSL_CipherPrefSetDefault(cipher, PR_TRUE);
|
||||
if (status != SECSuccess)
|
||||
errWarn("SSL_CipherPrefSetDefault()");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Get own certificate and private key. */
|
||||
cert = PK11_FindCertFromNickname(nickName, password);
|
||||
if (cert == NULL) {
|
||||
exitErr("PK11_FindCertFromNickname");
|
||||
}
|
||||
|
||||
privKey = PK11_FindKeyByAnyCert(cert, password);
|
||||
if (privKey == NULL) {
|
||||
exitErr("PK11_FindKeyByAnyCert");
|
||||
}
|
||||
|
||||
/* Configure the server's cache for a multi-process application
|
||||
* using default timeout values (24 hrs) and directory location (/tmp).
|
||||
*/
|
||||
SSL_ConfigMPServerSIDCache(256, 0, 0, NULL);
|
||||
|
||||
/* Launch server. */
|
||||
server_main(port, requestCert, privKey, cert, disableSSL3);
|
||||
|
||||
/* Shutdown NSS and exit NSPR gracefully. */
|
||||
if (NSS_Shutdown() != SECSuccess) {
|
||||
exit(1);
|
||||
}
|
||||
PR_Cleanup();
|
||||
return 0;
|
||||
}
|
@ -1,48 +0,0 @@
|
||||
# ***** BEGIN LICENSE BLOCK *****
|
||||
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
#
|
||||
# The contents of this file are subject to the Mozilla Public License Version
|
||||
# 1.1 (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
# http://www.mozilla.org/MPL/
|
||||
#
|
||||
# Software distributed under the License is distributed on an "AS IS" basis,
|
||||
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
# for the specific language governing rights and limitations under the
|
||||
# License.
|
||||
#
|
||||
# The Original Code is the Netscape security libraries.
|
||||
#
|
||||
# The Initial Developer of the Original Code is
|
||||
# Netscape Communications Corporation.
|
||||
# Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
# the Initial Developer. All Rights Reserved.
|
||||
#
|
||||
# Contributor(s):
|
||||
#
|
||||
# Alternatively, the contents of this file may be used under the terms of
|
||||
# either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
# of those above. If you wish to allow use of your version of this file only
|
||||
# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
# use your version of this file under the terms of the MPL, indicate your
|
||||
# decision by deleting the provisions above and replace them with the notice
|
||||
# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
# the provisions above, a recipient may use your version of this file under
|
||||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
|
||||
CORE_DEPTH = ../../..
|
||||
|
||||
MODULE = nss
|
||||
|
||||
EXPORTS =
|
||||
|
||||
CSRCS = server.c \
|
||||
sslsample.c \
|
||||
$(NULL)
|
||||
|
||||
PROGRAM = server
|
||||
|
@ -1,113 +0,0 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include "nspr.h"
|
||||
|
||||
struct tuple_str {
|
||||
PRErrorCode errNum;
|
||||
const char * errString;
|
||||
};
|
||||
|
||||
typedef struct tuple_str tuple_str;
|
||||
|
||||
#define ER2(a,b) {a, b},
|
||||
#define ER3(a,b,c) {a, c},
|
||||
|
||||
#include "secerr.h"
|
||||
#include "sslerr.h"
|
||||
|
||||
const tuple_str errStrings[] = {
|
||||
|
||||
/* keep this list in asceding order of error numbers */
|
||||
#include "SSLerrs.h"
|
||||
#include "SECerrs.h"
|
||||
#include "NSPRerrs.h"
|
||||
|
||||
};
|
||||
|
||||
const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str);
|
||||
|
||||
/* Returns a UTF-8 encoded constant error string for "errNum".
|
||||
* Returns NULL of errNum is unknown.
|
||||
*/
|
||||
const char *
|
||||
SSL_Strerror(PRErrorCode errNum) {
|
||||
PRInt32 low = 0;
|
||||
PRInt32 high = numStrings - 1;
|
||||
PRInt32 i;
|
||||
PRErrorCode num;
|
||||
static int initDone;
|
||||
|
||||
/* make sure table is in ascending order.
|
||||
* binary search depends on it.
|
||||
*/
|
||||
if (!initDone) {
|
||||
PRErrorCode lastNum = (PRInt32)0x80000000;
|
||||
for (i = low; i <= high; ++i) {
|
||||
num = errStrings[i].errNum;
|
||||
if (num <= lastNum) {
|
||||
fprintf(stderr,
|
||||
"sequence error in error strings at item %d\n"
|
||||
"error %d (%s)\n"
|
||||
"should come after \n"
|
||||
"error %d (%s)\n",
|
||||
i, lastNum, errStrings[i-1].errString,
|
||||
num, errStrings[i].errString);
|
||||
}
|
||||
lastNum = num;
|
||||
}
|
||||
initDone = 1;
|
||||
}
|
||||
|
||||
/* Do binary search of table. */
|
||||
while (low + 1 < high) {
|
||||
i = (low + high) / 2;
|
||||
num = errStrings[i].errNum;
|
||||
if (errNum == num)
|
||||
return errStrings[i].errString;
|
||||
if (errNum < num)
|
||||
high = i;
|
||||
else
|
||||
low = i;
|
||||
}
|
||||
if (errNum == errStrings[low].errNum)
|
||||
return errStrings[low].errString;
|
||||
if (errNum == errStrings[high].errNum)
|
||||
return errStrings[high].errString;
|
||||
return NULL;
|
||||
}
|
@ -1,593 +0,0 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#include "sslsample.h"
|
||||
#include "sslerror.h"
|
||||
|
||||
/* Declare SSL cipher suites. */
|
||||
|
||||
int ssl2CipherSuites[] = {
|
||||
SSL_EN_RC4_128_WITH_MD5, /* A */
|
||||
SSL_EN_RC4_128_EXPORT40_WITH_MD5, /* B */
|
||||
SSL_EN_RC2_128_CBC_WITH_MD5, /* C */
|
||||
SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */
|
||||
SSL_EN_DES_64_CBC_WITH_MD5, /* E */
|
||||
SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* F */
|
||||
0
|
||||
};
|
||||
|
||||
int ssl3CipherSuites[] = {
|
||||
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA a */
|
||||
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */
|
||||
SSL_RSA_WITH_RC4_128_MD5, /* c */
|
||||
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
|
||||
SSL_RSA_WITH_DES_CBC_SHA, /* e */
|
||||
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
|
||||
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
|
||||
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
|
||||
SSL_RSA_WITH_NULL_MD5, /* i */
|
||||
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
|
||||
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
|
||||
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
|
||||
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
|
||||
0
|
||||
};
|
||||
|
||||
/**************************************************************************
|
||||
**
|
||||
** SSL callback routines.
|
||||
**
|
||||
**************************************************************************/
|
||||
|
||||
/* Function: char * myPasswd()
|
||||
*
|
||||
* Purpose: This function is our custom password handler that is called by
|
||||
* SSL when retreiving private certs and keys from the database. Returns a
|
||||
* pointer to a string that with a password for the database. Password pointer
|
||||
* should point to dynamically allocated memory that will be freed later.
|
||||
*/
|
||||
char *
|
||||
myPasswd(PK11SlotInfo *info, PRBool retry, void *arg)
|
||||
{
|
||||
char * passwd = NULL;
|
||||
|
||||
if ( (!retry) && arg ) {
|
||||
passwd = PORT_Strdup((char *)arg);
|
||||
}
|
||||
|
||||
return passwd;
|
||||
}
|
||||
|
||||
/* Function: SECStatus myAuthCertificate()
|
||||
*
|
||||
* Purpose: This function is our custom certificate authentication handler.
|
||||
*
|
||||
* Note: This implementation is essentially the same as the default
|
||||
* SSL_AuthCertificate().
|
||||
*/
|
||||
SECStatus
|
||||
myAuthCertificate(void *arg, PRFileDesc *socket,
|
||||
PRBool checksig, PRBool isServer)
|
||||
{
|
||||
|
||||
SECCertUsage certUsage;
|
||||
CERTCertificate * cert;
|
||||
void * pinArg;
|
||||
char * hostName;
|
||||
SECStatus secStatus;
|
||||
|
||||
if (!arg || !socket) {
|
||||
errWarn("myAuthCertificate");
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/* Define how the cert is being used based upon the isServer flag. */
|
||||
|
||||
certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
|
||||
|
||||
cert = SSL_PeerCertificate(socket);
|
||||
|
||||
pinArg = SSL_RevealPinArg(socket);
|
||||
|
||||
secStatus = CERT_VerifyCertNow((CERTCertDBHandle *)arg,
|
||||
cert,
|
||||
checksig,
|
||||
certUsage,
|
||||
pinArg);
|
||||
|
||||
/* If this is a server, we're finished. */
|
||||
if (isServer || secStatus != SECSuccess) {
|
||||
CERT_DestroyCertificate(cert);
|
||||
return secStatus;
|
||||
}
|
||||
|
||||
/* Certificate is OK. Since this is the client side of an SSL
|
||||
* connection, we need to verify that the name field in the cert
|
||||
* matches the desired hostname. This is our defense against
|
||||
* man-in-the-middle attacks.
|
||||
*/
|
||||
|
||||
/* SSL_RevealURL returns a hostName, not an URL. */
|
||||
hostName = SSL_RevealURL(socket);
|
||||
|
||||
if (hostName && hostName[0]) {
|
||||
secStatus = CERT_VerifyCertName(cert, hostName);
|
||||
} else {
|
||||
PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0);
|
||||
secStatus = SECFailure;
|
||||
}
|
||||
|
||||
if (hostName)
|
||||
PR_Free(hostName);
|
||||
|
||||
CERT_DestroyCertificate(cert);
|
||||
return secStatus;
|
||||
}
|
||||
|
||||
/* Function: SECStatus myBadCertHandler()
|
||||
*
|
||||
* Purpose: This callback is called when the incoming certificate is not
|
||||
* valid. We define a certain set of parameters that still cause the
|
||||
* certificate to be "valid" for this session, and return SECSuccess to cause
|
||||
* the server to continue processing the request when any of these conditions
|
||||
* are met. Otherwise, SECFailure is return and the server rejects the
|
||||
* request.
|
||||
*/
|
||||
SECStatus
|
||||
myBadCertHandler(void *arg, PRFileDesc *socket)
|
||||
{
|
||||
|
||||
SECStatus secStatus = SECFailure;
|
||||
PRErrorCode err;
|
||||
|
||||
/* log invalid cert here */
|
||||
|
||||
if (!arg) {
|
||||
return secStatus;
|
||||
}
|
||||
|
||||
*(PRErrorCode *)arg = err = PORT_GetError();
|
||||
|
||||
/* If any of the cases in the switch are met, then we will proceed */
|
||||
/* with the processing of the request anyway. Otherwise, the default */
|
||||
/* case will be reached and we will reject the request. */
|
||||
|
||||
switch (err) {
|
||||
case SEC_ERROR_INVALID_AVA:
|
||||
case SEC_ERROR_INVALID_TIME:
|
||||
case SEC_ERROR_BAD_SIGNATURE:
|
||||
case SEC_ERROR_EXPIRED_CERTIFICATE:
|
||||
case SEC_ERROR_UNKNOWN_ISSUER:
|
||||
case SEC_ERROR_UNTRUSTED_CERT:
|
||||
case SEC_ERROR_CERT_VALID:
|
||||
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
|
||||
case SEC_ERROR_CRL_EXPIRED:
|
||||
case SEC_ERROR_CRL_BAD_SIGNATURE:
|
||||
case SEC_ERROR_EXTENSION_VALUE_INVALID:
|
||||
case SEC_ERROR_CA_CERT_INVALID:
|
||||
case SEC_ERROR_CERT_USAGES_INVALID:
|
||||
case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
|
||||
secStatus = SECSuccess;
|
||||
break;
|
||||
default:
|
||||
secStatus = SECFailure;
|
||||
break;
|
||||
}
|
||||
|
||||
printf("Bad certificate: %d, %s\n", err, SSL_Strerror(err));
|
||||
|
||||
return secStatus;
|
||||
}
|
||||
|
||||
/* Function: SECStatus ownGetClientAuthData()
|
||||
*
|
||||
* Purpose: This callback is used by SSL to pull client certificate
|
||||
* information upon server request.
|
||||
*/
|
||||
SECStatus
|
||||
myGetClientAuthData(void *arg,
|
||||
PRFileDesc *socket,
|
||||
struct CERTDistNamesStr *caNames,
|
||||
struct CERTCertificateStr **pRetCert,
|
||||
struct SECKEYPrivateKeyStr **pRetKey)
|
||||
{
|
||||
|
||||
CERTCertificate * cert;
|
||||
SECKEYPrivateKey * privKey;
|
||||
char * chosenNickName = (char *)arg;
|
||||
void * proto_win = NULL;
|
||||
SECStatus secStatus = SECFailure;
|
||||
|
||||
proto_win = SSL_RevealPinArg(socket);
|
||||
|
||||
if (chosenNickName) {
|
||||
cert = PK11_FindCertFromNickname(chosenNickName, proto_win);
|
||||
if (cert) {
|
||||
privKey = PK11_FindKeyByAnyCert(cert, proto_win);
|
||||
if (privKey) {
|
||||
secStatus = SECSuccess;
|
||||
} else {
|
||||
CERT_DestroyCertificate(cert);
|
||||
}
|
||||
}
|
||||
} else { /* no nickname given, automatically find the right cert */
|
||||
CERTCertNicknames *names;
|
||||
int i;
|
||||
|
||||
names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
|
||||
SEC_CERT_NICKNAMES_USER, proto_win);
|
||||
|
||||
if (names != NULL) {
|
||||
for(i = 0; i < names->numnicknames; i++ ) {
|
||||
|
||||
cert = PK11_FindCertFromNickname(names->nicknames[i],
|
||||
proto_win);
|
||||
if (!cert) {
|
||||
continue;
|
||||
}
|
||||
|
||||
/* Only check unexpired certs */
|
||||
if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE)
|
||||
!= secCertTimeValid ) {
|
||||
CERT_DestroyCertificate(cert);
|
||||
continue;
|
||||
}
|
||||
|
||||
secStatus = NSS_CmpCertChainWCANames(cert, caNames);
|
||||
if (secStatus == SECSuccess) {
|
||||
privKey = PK11_FindKeyByAnyCert(cert, proto_win);
|
||||
if (privKey) {
|
||||
break;
|
||||
}
|
||||
secStatus = SECFailure;
|
||||
break;
|
||||
}
|
||||
} /* for loop */
|
||||
CERT_FreeNicknames(names);
|
||||
}
|
||||
}
|
||||
|
||||
if (secStatus == SECSuccess) {
|
||||
*pRetCert = cert;
|
||||
*pRetKey = privKey;
|
||||
}
|
||||
|
||||
return secStatus;
|
||||
}
|
||||
|
||||
/* Function: SECStatus myHandshakeCallback()
|
||||
*
|
||||
* Purpose: Called by SSL to inform application that the handshake is
|
||||
* complete. This function is mostly used on the server side of an SSL
|
||||
* connection, although it is provided for a client as well.
|
||||
* Useful when a non-blocking SSL_ReHandshake or SSL_ResetHandshake
|
||||
* is used to initiate a handshake.
|
||||
*
|
||||
* A typical scenario would be:
|
||||
*
|
||||
* 1. Server accepts an SSL connection from the client without client auth.
|
||||
* 2. Client sends a request.
|
||||
* 3. Server determines that to service request it needs to authenticate the
|
||||
* client and initiates another handshake requesting client auth.
|
||||
* 4. While handshake is in progress, server can do other work or spin waiting
|
||||
* for the handshake to complete.
|
||||
* 5. Server is notified that handshake has been successfully completed by
|
||||
* the custom handshake callback function and it can service the client's
|
||||
* request.
|
||||
*
|
||||
* Note: This function is not implemented in this sample, as we are using
|
||||
* blocking sockets.
|
||||
*/
|
||||
void
|
||||
myHandshakeCallback(PRFileDesc *socket, void *arg)
|
||||
{
|
||||
printf("Handshake has completed, ready to send data securely.\n");
|
||||
}
|
||||
|
||||
|
||||
/**************************************************************************
|
||||
**
|
||||
** Routines for disabling SSL ciphers.
|
||||
**
|
||||
**************************************************************************/
|
||||
|
||||
void
|
||||
disableAllSSLCiphers(void)
|
||||
{
|
||||
const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
|
||||
int i = SSL_NumImplementedCiphers;
|
||||
SECStatus rv;
|
||||
|
||||
/* disable all the SSL3 cipher suites */
|
||||
while (--i >= 0) {
|
||||
PRUint16 suite = cipherSuites[i];
|
||||
rv = SSL_CipherPrefSetDefault(suite, PR_FALSE);
|
||||
if (rv != SECSuccess) {
|
||||
printf("SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n",
|
||||
suite, i);
|
||||
errWarn("SSL_CipherPrefSetDefault");
|
||||
exit(2);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**************************************************************************
|
||||
**
|
||||
** Error and information routines.
|
||||
**
|
||||
**************************************************************************/
|
||||
|
||||
void
|
||||
errWarn(char *function)
|
||||
{
|
||||
PRErrorCode errorNumber = PR_GetError();
|
||||
const char * errorString = SSL_Strerror(errorNumber);
|
||||
|
||||
printf("Error in function %s: %d\n - %s\n",
|
||||
function, errorNumber, errorString);
|
||||
}
|
||||
|
||||
void
|
||||
exitErr(char *function)
|
||||
{
|
||||
errWarn(function);
|
||||
/* Exit gracefully. */
|
||||
/* ignoring return value of NSS_Shutdown as code exits with 1*/
|
||||
(void) NSS_Shutdown();
|
||||
PR_Cleanup();
|
||||
exit(1);
|
||||
}
|
||||
|
||||
void
|
||||
printSecurityInfo(PRFileDesc *fd)
|
||||
{
|
||||
char * cp; /* bulk cipher name */
|
||||
char * ip; /* cert issuer DN */
|
||||
char * sp; /* cert subject DN */
|
||||
int op; /* High, Low, Off */
|
||||
int kp0; /* total key bits */
|
||||
int kp1; /* secret key bits */
|
||||
int result;
|
||||
SSL3Statistics * ssl3stats = SSL_GetStatistics();
|
||||
|
||||
result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp);
|
||||
if (result != SECSuccess)
|
||||
return;
|
||||
printf("bulk cipher %s, %d secret key bits, %d key bits, status: %d\n"
|
||||
"subject DN: %s\n"
|
||||
"issuer DN: %s\n", cp, kp1, kp0, op, sp, ip);
|
||||
PR_Free(cp);
|
||||
PR_Free(ip);
|
||||
PR_Free(sp);
|
||||
|
||||
printf("%ld cache hits; %ld cache misses, %ld cache not reusable\n",
|
||||
ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses,
|
||||
ssl3stats->hch_sid_cache_not_ok);
|
||||
|
||||
}
|
||||
|
||||
|
||||
/**************************************************************************
|
||||
** Begin thread management routines and data.
|
||||
**************************************************************************/
|
||||
|
||||
void
|
||||
thread_wrapper(void * arg)
|
||||
{
|
||||
GlobalThreadMgr *threadMGR = (GlobalThreadMgr *)arg;
|
||||
perThread *slot = &threadMGR->threads[threadMGR->index];
|
||||
|
||||
/* wait for parent to finish launching us before proceeding. */
|
||||
PR_Lock(threadMGR->threadLock);
|
||||
PR_Unlock(threadMGR->threadLock);
|
||||
|
||||
slot->rv = (* slot->startFunc)(slot->a, slot->b);
|
||||
|
||||
PR_Lock(threadMGR->threadLock);
|
||||
slot->running = rs_zombie;
|
||||
|
||||
/* notify the thread exit handler. */
|
||||
PR_NotifyCondVar(threadMGR->threadEndQ);
|
||||
|
||||
PR_Unlock(threadMGR->threadLock);
|
||||
}
|
||||
|
||||
SECStatus
|
||||
launch_thread(GlobalThreadMgr *threadMGR,
|
||||
startFn *startFunc,
|
||||
void *a,
|
||||
int b)
|
||||
{
|
||||
perThread *slot;
|
||||
int i;
|
||||
|
||||
if (!threadMGR->threadStartQ) {
|
||||
threadMGR->threadLock = PR_NewLock();
|
||||
threadMGR->threadStartQ = PR_NewCondVar(threadMGR->threadLock);
|
||||
threadMGR->threadEndQ = PR_NewCondVar(threadMGR->threadLock);
|
||||
}
|
||||
PR_Lock(threadMGR->threadLock);
|
||||
while (threadMGR->numRunning >= MAX_THREADS) {
|
||||
PR_WaitCondVar(threadMGR->threadStartQ, PR_INTERVAL_NO_TIMEOUT);
|
||||
}
|
||||
for (i = 0; i < threadMGR->numUsed; ++i) {
|
||||
slot = &threadMGR->threads[i];
|
||||
if (slot->running == rs_idle)
|
||||
break;
|
||||
}
|
||||
if (i >= threadMGR->numUsed) {
|
||||
if (i >= MAX_THREADS) {
|
||||
/* something's really wrong here. */
|
||||
PORT_Assert(i < MAX_THREADS);
|
||||
PR_Unlock(threadMGR->threadLock);
|
||||
return SECFailure;
|
||||
}
|
||||
++(threadMGR->numUsed);
|
||||
PORT_Assert(threadMGR->numUsed == i + 1);
|
||||
slot = &threadMGR->threads[i];
|
||||
}
|
||||
|
||||
slot->a = a;
|
||||
slot->b = b;
|
||||
slot->startFunc = startFunc;
|
||||
|
||||
threadMGR->index = i;
|
||||
|
||||
slot->prThread = PR_CreateThread(PR_USER_THREAD,
|
||||
thread_wrapper, threadMGR,
|
||||
PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
|
||||
PR_JOINABLE_THREAD, 0);
|
||||
|
||||
if (slot->prThread == NULL) {
|
||||
PR_Unlock(threadMGR->threadLock);
|
||||
printf("Failed to launch thread!\n");
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
slot->inUse = 1;
|
||||
slot->running = 1;
|
||||
++(threadMGR->numRunning);
|
||||
PR_Unlock(threadMGR->threadLock);
|
||||
printf("Launched thread in slot %d \n", threadMGR->index);
|
||||
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
SECStatus
|
||||
reap_threads(GlobalThreadMgr *threadMGR)
|
||||
{
|
||||
perThread * slot;
|
||||
int i;
|
||||
|
||||
if (!threadMGR->threadLock)
|
||||
return 0;
|
||||
PR_Lock(threadMGR->threadLock);
|
||||
while (threadMGR->numRunning > 0) {
|
||||
PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT);
|
||||
for (i = 0; i < threadMGR->numUsed; ++i) {
|
||||
slot = &threadMGR->threads[i];
|
||||
if (slot->running == rs_zombie) {
|
||||
/* Handle cleanup of thread here. */
|
||||
printf("Thread in slot %d returned %d\n", i, slot->rv);
|
||||
|
||||
/* Now make sure the thread has ended OK. */
|
||||
PR_JoinThread(slot->prThread);
|
||||
slot->running = rs_idle;
|
||||
--threadMGR->numRunning;
|
||||
|
||||
/* notify the thread launcher. */
|
||||
PR_NotifyCondVar(threadMGR->threadStartQ);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Safety Sam sez: make sure count is right. */
|
||||
for (i = 0; i < threadMGR->numUsed; ++i) {
|
||||
slot = &threadMGR->threads[i];
|
||||
if (slot->running != rs_idle) {
|
||||
fprintf(stderr, "Thread in slot %d is in state %d!\n",
|
||||
i, slot->running);
|
||||
}
|
||||
}
|
||||
PR_Unlock(threadMGR->threadLock);
|
||||
return 0;
|
||||
}
|
||||
|
||||
void
|
||||
destroy_thread_data(GlobalThreadMgr *threadMGR)
|
||||
{
|
||||
PORT_Memset(threadMGR->threads, 0, sizeof(threadMGR->threads));
|
||||
|
||||
if (threadMGR->threadEndQ) {
|
||||
PR_DestroyCondVar(threadMGR->threadEndQ);
|
||||
threadMGR->threadEndQ = NULL;
|
||||
}
|
||||
if (threadMGR->threadStartQ) {
|
||||
PR_DestroyCondVar(threadMGR->threadStartQ);
|
||||
threadMGR->threadStartQ = NULL;
|
||||
}
|
||||
if (threadMGR->threadLock) {
|
||||
PR_DestroyLock(threadMGR->threadLock);
|
||||
threadMGR->threadLock = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/**************************************************************************
|
||||
** End thread management routines.
|
||||
**************************************************************************/
|
||||
|
||||
void
|
||||
lockedVars_Init( lockedVars * lv)
|
||||
{
|
||||
lv->count = 0;
|
||||
lv->waiters = 0;
|
||||
lv->lock = PR_NewLock();
|
||||
lv->condVar = PR_NewCondVar(lv->lock);
|
||||
}
|
||||
|
||||
void
|
||||
lockedVars_Destroy( lockedVars * lv)
|
||||
{
|
||||
PR_DestroyCondVar(lv->condVar);
|
||||
lv->condVar = NULL;
|
||||
|
||||
PR_DestroyLock(lv->lock);
|
||||
lv->lock = NULL;
|
||||
}
|
||||
|
||||
void
|
||||
lockedVars_WaitForDone(lockedVars * lv)
|
||||
{
|
||||
PR_Lock(lv->lock);
|
||||
while (lv->count > 0) {
|
||||
PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
|
||||
}
|
||||
PR_Unlock(lv->lock);
|
||||
}
|
||||
|
||||
int /* returns count */
|
||||
lockedVars_AddToCount(lockedVars * lv, int addend)
|
||||
{
|
||||
int rv;
|
||||
|
||||
PR_Lock(lv->lock);
|
||||
rv = lv->count += addend;
|
||||
if (rv <= 0) {
|
||||
PR_NotifyCondVar(lv->condVar);
|
||||
}
|
||||
PR_Unlock(lv->lock);
|
||||
return rv;
|
||||
}
|
@ -1,180 +0,0 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifndef SSLSAMPLE_H
|
||||
#define SSLSAMPLE_H
|
||||
|
||||
/* Generic header files */
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
/* NSPR header files */
|
||||
|
||||
#include "nspr.h"
|
||||
#include "prerror.h"
|
||||
#include "prnetdb.h"
|
||||
|
||||
/* NSS header files */
|
||||
|
||||
#include "pk11func.h"
|
||||
#include "secitem.h"
|
||||
#include "ssl.h"
|
||||
#include "certt.h"
|
||||
#include "nss.h"
|
||||
#include "secder.h"
|
||||
#include "key.h"
|
||||
#include "sslproto.h"
|
||||
|
||||
/* Custom header files */
|
||||
|
||||
/*
|
||||
#include "sslerror.h"
|
||||
*/
|
||||
|
||||
#define BUFFER_SIZE 10240
|
||||
|
||||
/* Declare SSL cipher suites. */
|
||||
|
||||
extern int cipherSuites[];
|
||||
extern int ssl2CipherSuites[];
|
||||
extern int ssl3CipherSuites[];
|
||||
|
||||
/* Data buffer read from a socket. */
|
||||
typedef struct DataBufferStr {
|
||||
char data[BUFFER_SIZE];
|
||||
int index;
|
||||
int remaining;
|
||||
int dataStart;
|
||||
int dataEnd;
|
||||
} DataBuffer;
|
||||
|
||||
/* SSL callback routines. */
|
||||
|
||||
char * myPasswd(PK11SlotInfo *info, PRBool retry, void *arg);
|
||||
|
||||
SECStatus myAuthCertificate(void *arg, PRFileDesc *socket,
|
||||
PRBool checksig, PRBool isServer);
|
||||
|
||||
SECStatus myBadCertHandler(void *arg, PRFileDesc *socket);
|
||||
|
||||
void myHandshakeCallback(PRFileDesc *socket, void *arg);
|
||||
|
||||
SECStatus myGetClientAuthData(void *arg, PRFileDesc *socket,
|
||||
struct CERTDistNamesStr *caNames,
|
||||
struct CERTCertificateStr **pRetCert,
|
||||
struct SECKEYPrivateKeyStr **pRetKey);
|
||||
|
||||
/* Disable all v2/v3 SSL ciphers. */
|
||||
|
||||
void disableAllSSLCiphers(void);
|
||||
|
||||
|
||||
/* Error and information utilities. */
|
||||
|
||||
void errWarn(char *function);
|
||||
|
||||
void exitErr(char *function);
|
||||
|
||||
void printSecurityInfo(PRFileDesc *fd);
|
||||
|
||||
/* Some simple thread management routines. */
|
||||
|
||||
#define MAX_THREADS 32
|
||||
|
||||
typedef SECStatus startFn(void *a, int b);
|
||||
|
||||
typedef enum { rs_idle = 0, rs_running = 1, rs_zombie = 2 } runState;
|
||||
|
||||
typedef struct perThreadStr {
|
||||
PRFileDesc *a;
|
||||
int b;
|
||||
int rv;
|
||||
startFn *startFunc;
|
||||
PRThread *prThread;
|
||||
PRBool inUse;
|
||||
runState running;
|
||||
} perThread;
|
||||
|
||||
typedef struct GlobalThreadMgrStr {
|
||||
PRLock *threadLock;
|
||||
PRCondVar *threadStartQ;
|
||||
PRCondVar *threadEndQ;
|
||||
perThread threads[MAX_THREADS];
|
||||
int index;
|
||||
int numUsed;
|
||||
int numRunning;
|
||||
} GlobalThreadMgr;
|
||||
|
||||
void thread_wrapper(void * arg);
|
||||
|
||||
SECStatus launch_thread(GlobalThreadMgr *threadMGR,
|
||||
startFn *startFunc, void *a, int b);
|
||||
|
||||
SECStatus reap_threads(GlobalThreadMgr *threadMGR);
|
||||
|
||||
void destroy_thread_data(GlobalThreadMgr *threadMGR);
|
||||
|
||||
/* Management of locked variables. */
|
||||
|
||||
struct lockedVarsStr {
|
||||
PRLock * lock;
|
||||
int count;
|
||||
int waiters;
|
||||
PRCondVar * condVar;
|
||||
};
|
||||
|
||||
typedef struct lockedVarsStr lockedVars;
|
||||
|
||||
void lockedVars_Init(lockedVars *lv);
|
||||
|
||||
void lockedVars_Destroy(lockedVars *lv);
|
||||
|
||||
void lockedVars_WaitForDone(lockedVars *lv);
|
||||
|
||||
int lockedVars_AddToCount(lockedVars *lv, int addend);
|
||||
|
||||
/* Buffer stuff. */
|
||||
|
||||
static const char stopCmd[] = { "GET /stop " };
|
||||
static const char defaultHeader[] = {
|
||||
"HTTP/1.0 200 OK\r\n"
|
||||
"Server: SSL sample server\r\n"
|
||||
"Content-type: text/plain\r\n"
|
||||
"\r\n"
|
||||
};
|
||||
|
||||
#endif
|
@ -537,7 +537,7 @@ ListCerts(CERTCertDBHandle *handle, char *nickname, PK11SlotInfo *slot,
|
||||
{
|
||||
SECStatus rv;
|
||||
|
||||
if (!ascii && !raw) {
|
||||
if (!ascii && !raw && !nickname) {
|
||||
PR_fprintf(outfile, "\n%-60s %-5s\n%-60s %-5s\n\n",
|
||||
"Certificate Nickname", "Trust Attributes", "",
|
||||
"SSL,S/MIME,JAR/XPI");
|
||||
@ -2207,7 +2207,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
|
||||
/* If making a cert request, need a subject. */
|
||||
if ((certutil.commands[cmd_CertReq].activated ||
|
||||
certutil.commands[cmd_CreateAndAddCert].activated) &&
|
||||
!certutil.options[opt_Subject].activated) {
|
||||
!(certutil.options[opt_Subject].activated || keysource)) {
|
||||
PR_fprintf(PR_STDERR,
|
||||
"%s -%c: subject is required to create a cert request.\n",
|
||||
progName, commandToRun);
|
||||
@ -2626,14 +2626,28 @@ merge_fail:
|
||||
privkey = PK11_FindKeyByDERCert(slot, keycert, &pwdata);
|
||||
if (privkey)
|
||||
pubkey = CERT_ExtractPublicKey(keycert);
|
||||
CERT_DestroyCertificate(keycert);
|
||||
if (!pubkey) {
|
||||
SECU_PrintError(progName,
|
||||
"Could not get keys from cert %s", keysource);
|
||||
rv = SECFailure;
|
||||
CERT_DestroyCertificate(keycert);
|
||||
goto shutdown;
|
||||
}
|
||||
keytype = privkey->keyType;
|
||||
/* On CertReq for renewal if no subject has been
|
||||
* specified obtain it from the certificate.
|
||||
*/
|
||||
if (certutil.commands[cmd_CertReq].activated && !subject) {
|
||||
subject = CERT_AsciiToName(keycert->subjectName);
|
||||
if (!subject) {
|
||||
SECU_PrintError(progName,
|
||||
"Could not get subject from certificate %s", keysource);
|
||||
CERT_DestroyCertificate(keycert);
|
||||
rv = SECFailure;
|
||||
goto shutdown;
|
||||
}
|
||||
}
|
||||
CERT_DestroyCertificate(keycert);
|
||||
} else {
|
||||
privkey =
|
||||
CERTUTIL_GeneratePrivateKey(keytype, slot, keysize,
|
||||
|
@ -254,7 +254,7 @@ SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type,
|
||||
SECItem crlDER;
|
||||
PK11SlotInfo* slot = NULL;
|
||||
int rv;
|
||||
#if defined(DEBUG_jpierre)
|
||||
#if defined(DEBUG_jp96085)
|
||||
PRIntervalTime starttime, endtime, elapsed;
|
||||
PRUint32 mins, secs, msecs;
|
||||
#endif
|
||||
@ -273,12 +273,12 @@ SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type,
|
||||
|
||||
slot = PK11_GetInternalKeySlot();
|
||||
|
||||
#if defined(DEBUG_jpierre)
|
||||
#if defined(DEBUG_jp96085)
|
||||
starttime = PR_IntervalNow();
|
||||
#endif
|
||||
crl = PK11_ImportCRL(slot, &crlDER, url, type,
|
||||
NULL, importOptions, NULL, decodeOptions);
|
||||
#if defined(DEBUG_jpierre)
|
||||
#if defined(DEBUG_jp96085)
|
||||
endtime = PR_IntervalNow();
|
||||
elapsed = endtime - starttime;
|
||||
mins = PR_IntervalToSeconds(elapsed) / 60;
|
||||
|
@ -546,3 +546,12 @@ ER3(SEC_ERROR_BAD_INFO_ACCESS_LOCATION, (SEC_ERROR_BASE + 165),
|
||||
|
||||
ER3(SEC_ERROR_LIBPKIX_INTERNAL, (SEC_ERROR_BASE + 166),
|
||||
"Libpkix internal error occured during cert validation.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS11_GENERAL_ERROR, (SEC_ERROR_BASE + 167),
|
||||
"A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an unrecoverable error has occurred.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS11_FUNCTION_FAILED, (SEC_ERROR_BASE + 168),
|
||||
"A PKCS #11 module returned CKR_FUNCTION_FAILED, indicating that the requested function could not be performed. Trying the same operation again might succeed.")
|
||||
|
||||
ER3(SEC_ERROR_PKCS11_DEVICE_ERROR, (SEC_ERROR_BASE + 169),
|
||||
"A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot.")
|
||||
|
@ -33,7 +33,7 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
#ifdef XP_PC
|
||||
#if !defined(XP_UNIX) && !defined(XP_OS2)
|
||||
|
||||
int ffs( unsigned int i)
|
||||
{
|
||||
|
@ -1057,7 +1057,7 @@ secu_PrintTime(FILE *out, int64 time, char *m, int level)
|
||||
/* Convert to local time */
|
||||
PR_ExplodeTime(time, PR_GMTParameters, &printableTime);
|
||||
|
||||
timeString = PORT_Alloc(100);
|
||||
timeString = PORT_Alloc(256);
|
||||
if (timeString == NULL)
|
||||
return;
|
||||
|
||||
@ -1066,8 +1066,9 @@ secu_PrintTime(FILE *out, int64 time, char *m, int level)
|
||||
fprintf(out, "%s: ", m);
|
||||
}
|
||||
|
||||
PR_FormatTime(timeString, 100, "%a %b %d %H:%M:%S %Y", &printableTime);
|
||||
fprintf(out, timeString);
|
||||
if (PR_FormatTime(timeString, 256, "%a %b %d %H:%M:%S %Y", &printableTime)) {
|
||||
fprintf(out, timeString);
|
||||
}
|
||||
|
||||
if (m != NULL)
|
||||
fprintf(out, "\n");
|
||||
|
@ -450,7 +450,7 @@ char *SECU_ErrorStringRaw(int16 err);
|
||||
|
||||
void printflags(char *trusts, unsigned int flags);
|
||||
|
||||
#ifndef XP_UNIX
|
||||
#if !defined(XP_UNIX) && !defined(XP_OS2)
|
||||
extern int ffs(unsigned int i);
|
||||
#endif
|
||||
|
||||
|
@ -72,7 +72,6 @@ DIRS = lib \
|
||||
signver \
|
||||
shlibsign \
|
||||
smimetools \
|
||||
SSLsample \
|
||||
ssltap \
|
||||
strsclnt \
|
||||
symkeyutil \
|
||||
|
@ -37,6 +37,10 @@
|
||||
#ifndef MODUTIL_ERROR_H
|
||||
#define MODUTIL_ERROR_H
|
||||
|
||||
/*
|
||||
* The values of these enumerated constants are immutable and must not be
|
||||
* changed.
|
||||
*/
|
||||
typedef enum {
|
||||
NO_ERR=0,
|
||||
INVALID_USAGE_ERR,
|
||||
@ -61,7 +65,7 @@ typedef enum {
|
||||
DIR_NOT_WRITEABLE_ERR,
|
||||
INVALID_CONSTANT_ERR,
|
||||
ADD_MODULE_FAILED_ERR,
|
||||
ADD_MODULE_FAILED_STATUS_ERR,
|
||||
UNUSED_ERR, /* reserved for future use */
|
||||
OUT_OF_MEM_ERR,
|
||||
DELETE_INTERNAL_ERR,
|
||||
DELETE_FAILED_ERR,
|
||||
@ -114,8 +118,8 @@ static char *errStrings[] = {
|
||||
"ERROR: Directory \"%s\" is not readable.\n",
|
||||
"ERROR: Directory \"%s\" is not writeable.\n",
|
||||
"\"%s\" is not a recognized value.\n",
|
||||
"ERROR: Failed to add module \"%s\".\n",
|
||||
"ERROR: Failed to add module \"%s\". Probable cause : \"%s\".\n",
|
||||
"Unused error string",
|
||||
"ERROR: Out of memory.\n",
|
||||
"ERROR: Cannot delete internal module.\n",
|
||||
"ERROR: Failed to delete module \"%s\".\n",
|
||||
|
@ -297,12 +297,12 @@ AddModule(char *moduleName, char *libFile, char *cipherString,
|
||||
copied = PR_GetErrorText(errtxt);
|
||||
}
|
||||
if (copied && errtxt) {
|
||||
PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_STATUS_ERR],
|
||||
PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_ERR],
|
||||
moduleName, errtxt);
|
||||
PR_Free(errtxt);
|
||||
} else {
|
||||
PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_ERR],
|
||||
moduleName);
|
||||
moduleName, SECU_Strerror(PORT_GetError()));
|
||||
}
|
||||
return ADD_MODULE_FAILED_ERR;
|
||||
} else {
|
||||
|
@ -67,8 +67,8 @@ Usage(char *progName)
|
||||
|
||||
FPS "Usage: %s -o exportfile -n certname [-d certdir] [-P dbprefix] [-v]\n",
|
||||
progName);
|
||||
FPS "\t\t [-c key_cipher] [-C cert_cipher] [-k key_leng]\n");
|
||||
FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filepw]\n");
|
||||
FPS "\t\t [-c key_cipher] [-C cert_cipher] [-m | --key_len keyLen] [-n | --cert_key_len certKeyLen]\n");
|
||||
FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filefilepw]\n");
|
||||
|
||||
exit(PK12UERR_USAGE);
|
||||
}
|
||||
@ -953,8 +953,8 @@ static secuCommandFlag pk12util_options[] =
|
||||
{ /* opt_Debug */ 'v', PR_FALSE, 0, PR_FALSE },
|
||||
{ /* opt_Cipher */ 'c', PR_TRUE, 0, PR_FALSE },
|
||||
{ /* opt_CertCipher */ 'C', PR_TRUE, 0, PR_FALSE },
|
||||
{ /* opt_KeyLength */ 'k', PR_TRUE, 0, PR_FALSE },
|
||||
{ /* opt_CertKeyLength */ 'K', PR_TRUE, 0, PR_FALSE }
|
||||
{ /* opt_KeyLength */ 'm', PR_TRUE, 0, PR_FALSE, "key_len" },
|
||||
{ /* opt_CertKeyLength */ 'n', PR_TRUE, 0, PR_FALSE, "cert_key_len" }
|
||||
};
|
||||
|
||||
int
|
||||
|
@ -240,26 +240,6 @@ ifeq ($(OS_ARCH), AIX)
|
||||
EXTRA_SHARED_LIBS += -brtl
|
||||
endif
|
||||
|
||||
# If GNU ld is used, we must use the -rpath-link option to tell
|
||||
# the linker where to find libsoftokn3.so, an implicit dependency
|
||||
# of libnss3.so.
|
||||
ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD, $(OS_ARCH)))
|
||||
EXTRA_SHARED_LIBS += -Wl,-rpath-link,$(DIST)/lib
|
||||
endif
|
||||
|
||||
ifeq ($(OS_ARCH), SunOS)
|
||||
ifdef NS_USE_GCC
|
||||
ifdef GCC_USE_GNU_LD
|
||||
EXTRA_SHARED_LIBS += -Wl,-rpath-link,$(DIST)/lib
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
|
||||
ifeq ($(OS_ARCH), Darwin)
|
||||
EXTRA_SHARED_LIBS += -dylib_file @executable_path/libsoftokn3.dylib:$(DIST)/lib/libsoftokn3.dylib
|
||||
endif
|
||||
|
||||
|
||||
# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
|
||||
# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
|
||||
EXTRA_SHARED_LIBS += \
|
||||
|
@ -1766,35 +1766,6 @@ beAGoodParent(int argc, char **argv, int maxProcs, PRFileDesc * listen_sock)
|
||||
exit(0);
|
||||
}
|
||||
|
||||
#ifdef DEBUG_nelsonb
|
||||
|
||||
#if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
|
||||
#define SSL_GETPID getpid
|
||||
#elif defined(_WIN32_WCE)
|
||||
#define SSL_GETPID GetCurrentProcessId
|
||||
#elif defined(WIN32)
|
||||
extern int __cdecl _getpid(void);
|
||||
#define SSL_GETPID _getpid
|
||||
#else
|
||||
#define SSL_GETPID() 0
|
||||
#endif
|
||||
|
||||
void
|
||||
WaitForDebugger(void)
|
||||
{
|
||||
|
||||
int waiting = 12;
|
||||
int myPid = SSL_GETPID();
|
||||
PRIntervalTime nrval = PR_SecondsToInterval(5);
|
||||
|
||||
while (waiting) {
|
||||
printf("child %d is waiting to be debugged!\n", myPid);
|
||||
PR_Sleep(nrval);
|
||||
--waiting;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
#define HEXCHAR_TO_INT(c, i) \
|
||||
if (((c) >= '0') && ((c) <= '9')) { \
|
||||
i = (c) - '0'; \
|
||||
@ -2060,9 +2031,6 @@ main(int argc, char **argv)
|
||||
prStatus = PR_SetFDInheritable(listen_sock, PR_FALSE);
|
||||
if (prStatus != PR_SUCCESS)
|
||||
errExit("PR_SetFDInheritable");
|
||||
#endif
|
||||
#ifdef DEBUG_nelsonb
|
||||
WaitForDebugger();
|
||||
#endif
|
||||
rv = SSL_InheritMPServerSIDCache(envString);
|
||||
if (rv != SECSuccess)
|
||||
|
@ -37,7 +37,7 @@
|
||||
/*
|
||||
* Test program for SDR (Secret Decoder Ring) functions.
|
||||
*
|
||||
* $Id: shlibsign.c,v 1.16 2008/08/08 23:48:04 julien.pierre.boogz%sun.com Exp $
|
||||
* $Id: shlibsign.c,v 1.17 2008/09/30 04:32:43 nelson%bolyard.com Exp $
|
||||
*/
|
||||
|
||||
#ifdef XP_UNIX
|
||||
@ -130,6 +130,100 @@ writeItem(PRFileDesc *fd, SECItem *item, char *file)
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
static const unsigned char prime[] = { 0x00,
|
||||
0x97, 0x44, 0x1d, 0xcc, 0x0d, 0x39, 0x0d, 0x8d,
|
||||
0xcb, 0x75, 0xdc, 0x24, 0x25, 0x6f, 0x01, 0x92,
|
||||
0xa1, 0x11, 0x07, 0x6b, 0x70, 0xac, 0x73, 0xd7,
|
||||
0x82, 0x28, 0xdf, 0xab, 0x82, 0x0c, 0x41, 0x0c,
|
||||
0x95, 0xb3, 0x3c, 0x3d, 0xea, 0x8a, 0xe6, 0x44,
|
||||
0x0a, 0xb8, 0xab, 0x90, 0x15, 0x41, 0x11, 0xe8,
|
||||
0x48, 0x7b, 0x8d, 0xb0, 0x9c, 0xd3, 0xf2, 0x69,
|
||||
0x66, 0xff, 0x66, 0x4b, 0x70, 0x2b, 0xbf, 0xfb,
|
||||
0xd6, 0x68, 0x85, 0x76, 0x1e, 0x34, 0xaa, 0xc5,
|
||||
0x57, 0x6e, 0x23, 0x02, 0x08, 0x60, 0x6e, 0xfd,
|
||||
0x67, 0x76, 0xe1, 0x7c, 0xc8, 0xcb, 0x51, 0x77,
|
||||
0xcf, 0xb1, 0x3b, 0x00, 0x2e, 0xfa, 0x21, 0xcd,
|
||||
0x34, 0x76, 0x75, 0x01, 0x19, 0xfe, 0xf8, 0x5d,
|
||||
0x43, 0xc5, 0x34, 0xf3, 0x7a, 0x95, 0xdc, 0xc2,
|
||||
0x58, 0x07, 0x19, 0x2f, 0x1d, 0x6f, 0x9a, 0x77,
|
||||
0x7e, 0x55, 0xaa, 0xe7, 0x5a, 0x50, 0x43, 0xd3 };
|
||||
|
||||
static const unsigned char subprime[] = { 0x0,
|
||||
0xd8, 0x16, 0x23, 0x34, 0x8a, 0x9e, 0x3a, 0xf5,
|
||||
0xd9, 0x10, 0x13, 0x35, 0xaa, 0xf3, 0xf3, 0x54,
|
||||
0x0b, 0x31, 0x24, 0xf1 };
|
||||
|
||||
static const unsigned char base[] = {
|
||||
0x03, 0x3a, 0xad, 0xfa, 0x3a, 0x0c, 0xea, 0x0a,
|
||||
0x4e, 0x43, 0x32, 0x92, 0xbb, 0x87, 0xf1, 0x11,
|
||||
0xc0, 0xad, 0x39, 0x38, 0x56, 0x1a, 0xdb, 0x23,
|
||||
0x66, 0xb1, 0x08, 0xda, 0xb6, 0x19, 0x51, 0x42,
|
||||
0x93, 0x4f, 0xc3, 0x44, 0x43, 0xa8, 0x05, 0xc1,
|
||||
0xf8, 0x71, 0x62, 0x6f, 0x3d, 0xe2, 0xab, 0x6f,
|
||||
0xd7, 0x80, 0x22, 0x6f, 0xca, 0x0d, 0xf6, 0x9f,
|
||||
0x45, 0x27, 0x83, 0xec, 0x86, 0x0c, 0xda, 0xaa,
|
||||
0xd6, 0xe0, 0xd0, 0x84, 0xfd, 0xb1, 0x4f, 0xdc,
|
||||
0x08, 0xcd, 0x68, 0x3a, 0x77, 0xc2, 0xc5, 0xf1,
|
||||
0x99, 0x0f, 0x15, 0x1b, 0x6a, 0x8c, 0x3d, 0x18,
|
||||
0x2b, 0x6f, 0xdc, 0x2b, 0xd8, 0xb5, 0x9b, 0xb8,
|
||||
0x2d, 0x57, 0x92, 0x1c, 0x46, 0x27, 0xaf, 0x6d,
|
||||
0xe1, 0x45, 0xcf, 0x0b, 0x3f, 0xfa, 0x07, 0xcc,
|
||||
0x14, 0x8e, 0xe7, 0xb8, 0xaa, 0xd5, 0xd1, 0x36,
|
||||
0x1d, 0x7e, 0x5e, 0x7d, 0xfa, 0x5b, 0x77, 0x1f };
|
||||
|
||||
static const unsigned char h[] = {
|
||||
0x41, 0x87, 0x47, 0x79, 0xd8, 0xba, 0x4e, 0xac,
|
||||
0x44, 0x4f, 0x6b, 0xd2, 0x16, 0x5e, 0x04, 0xc6,
|
||||
0xc2, 0x29, 0x93, 0x5e, 0xbd, 0xc7, 0xa9, 0x8f,
|
||||
0x23, 0xa1, 0xc8, 0xee, 0x80, 0x64, 0xd5, 0x67,
|
||||
0x3c, 0xba, 0x59, 0x9a, 0x06, 0x0c, 0xcc, 0x29,
|
||||
0x56, 0xc0, 0xb2, 0x21, 0xe0, 0x5b, 0x52, 0xcd,
|
||||
0x84, 0x73, 0x57, 0xfd, 0xd8, 0xc3, 0x5b, 0x13,
|
||||
0x54, 0xd7, 0x4a, 0x06, 0x86, 0x63, 0x09, 0xa5,
|
||||
0xb0, 0x59, 0xe2, 0x32, 0x9e, 0x09, 0xa3, 0x9f,
|
||||
0x49, 0x62, 0xcc, 0xa6, 0xf9, 0x54, 0xd5, 0xb2,
|
||||
0xc3, 0x08, 0x71, 0x7e, 0xe3, 0x37, 0x50, 0xd6,
|
||||
0x7b, 0xa7, 0xc2, 0x60, 0xc1, 0xeb, 0x51, 0x32,
|
||||
0xfa, 0xad, 0x35, 0x25, 0x17, 0xf0, 0x7f, 0x23,
|
||||
0xe5, 0xa8, 0x01, 0x52, 0xcf, 0x2f, 0xd9, 0xa9,
|
||||
0xf6, 0x00, 0x21, 0x15, 0xf1, 0xf7, 0x70, 0xb7,
|
||||
0x57, 0x8a, 0xd0, 0x59, 0x6a, 0x82, 0xdc, 0x9c };
|
||||
|
||||
static const unsigned char seed[] = { 0x00,
|
||||
0xcc, 0x4c, 0x69, 0x74, 0xf6, 0x72, 0x24, 0x68,
|
||||
0x24, 0x4f, 0xd7, 0x50, 0x11, 0x40, 0x81, 0xed,
|
||||
0x19, 0x3c, 0x8a, 0x25, 0xbc, 0x78, 0x0a, 0x85,
|
||||
0x82, 0x53, 0x70, 0x20, 0xf6, 0x54, 0xa5, 0x1b,
|
||||
0xf4, 0x15, 0xcd, 0xff, 0xc4, 0x88, 0xa7, 0x9d,
|
||||
0xf3, 0x47, 0x1c, 0x0a, 0xbe, 0x10, 0x29, 0x83,
|
||||
0xb9, 0x0f, 0x4c, 0xdf, 0x90, 0x16, 0x83, 0xa2,
|
||||
0xb3, 0xe3, 0x2e, 0xc1, 0xc2, 0x24, 0x6a, 0xc4,
|
||||
0x9d, 0x57, 0xba, 0xcb, 0x0f, 0x18, 0x75, 0x00,
|
||||
0x33, 0x46, 0x82, 0xec, 0xd6, 0x94, 0x77, 0xc3,
|
||||
0x4f, 0x4c, 0x58, 0x1c, 0x7f, 0x61, 0x3c, 0x36,
|
||||
0xd5, 0x2f, 0xa5, 0x66, 0xd8, 0x2f, 0xce, 0x6e,
|
||||
0x8e, 0x20, 0x48, 0x4a, 0xbb, 0xe3, 0xe0, 0xb2,
|
||||
0x50, 0x33, 0x63, 0x8a, 0x5b, 0x2d, 0x6a, 0xbe,
|
||||
0x4c, 0x28, 0x81, 0x53, 0x5b, 0xe4, 0xf6, 0xfc,
|
||||
0x64, 0x06, 0x13, 0x51, 0xeb, 0x4a, 0x91, 0x9c };
|
||||
|
||||
#define MK_SECITEM(bb) { siBuffer, (unsigned char *)(bb), sizeof(bb) }
|
||||
|
||||
static PQGParams pqgParams = {
|
||||
NULL, /* arena */
|
||||
MK_SECITEM(prime), /* P */
|
||||
MK_SECITEM(subprime), /* Q */
|
||||
MK_SECITEM(base) /* G */
|
||||
};
|
||||
|
||||
static PQGVerify pqgVerify = {
|
||||
NULL, /* arena */
|
||||
1496, /* counter */
|
||||
MK_SECITEM(seed), /* seed */
|
||||
MK_SECITEM(h) /* h */
|
||||
};
|
||||
|
||||
|
||||
|
||||
int
|
||||
main (int argc, char **argv)
|
||||
@ -152,10 +246,8 @@ main (int argc, char **argv)
|
||||
unsigned char sign_buf[40]; /* DSA_LENGTH */
|
||||
SECItem hash,sign;
|
||||
PK11Context *hashcx = NULL;
|
||||
int ks, count=0;
|
||||
int count=0;
|
||||
int keySize = 1024;
|
||||
PQGParams *pqgParams = NULL;
|
||||
PQGVerify *pqgVerify = NULL;
|
||||
const char *nssDir = NULL;
|
||||
secuPWData pwdata = { PW_NONE, 0 };
|
||||
#ifdef USES_LINKS
|
||||
@ -249,13 +341,7 @@ main (int argc, char **argv)
|
||||
|
||||
}
|
||||
printf("Generating DSA Key Pair...."); fflush(stdout);
|
||||
ks = PQG_PBITS_TO_INDEX(keySize);
|
||||
rv = PK11_PQG_ParamGen(ks,&pqgParams, &pqgVerify);
|
||||
if (rv != SECSuccess) {
|
||||
lperror("Generating PQG Params");
|
||||
goto loser;
|
||||
}
|
||||
privk = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, &pubk,
|
||||
privk = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, &pqgParams, &pubk,
|
||||
PR_FALSE, PR_TRUE, &pwdata);
|
||||
if (privk == NULL) {
|
||||
lperror("Generating DSA Key");
|
||||
|
@ -185,7 +185,7 @@ ProcessCommandFile()
|
||||
return - 1;
|
||||
}
|
||||
|
||||
while (pr_fgets(buf, CMD_FILE_BUFSIZE, fd), buf && *buf != '\0') {
|
||||
while (pr_fgets(buf, CMD_FILE_BUFSIZE, fd)) {
|
||||
char *eol;
|
||||
linenum++;
|
||||
|
||||
|
@ -1109,10 +1109,13 @@ pr_fgets(char *buf, int size, PRFileDesc *file)
|
||||
|
||||
i = 0;
|
||||
while (i < size - 1) {
|
||||
status = PR_Read(file, (void * ) &c, 1);
|
||||
status = PR_Read(file, &c, 1);
|
||||
if (status == -1) {
|
||||
return NULL;
|
||||
} else if (status == 0) {
|
||||
if (i == 0) {
|
||||
return NULL;
|
||||
}
|
||||
break;
|
||||
}
|
||||
buf[i++] = c;
|
||||
|
@ -54,5 +54,3 @@ PACKAGE_FILES += signver
|
||||
endif
|
||||
|
||||
ARCHIVE_NAME = signver
|
||||
|
||||
USE_STATIC_LIBS = 1
|
||||
|
@ -119,11 +119,12 @@ sv_PrintTime(FILE *out, SECItem *t, char *m)
|
||||
/* Convert to local time */
|
||||
PR_ExplodeTime(time, PR_LocalTimeParameters, &printableTime);
|
||||
|
||||
timeString = (char *)PORT_Alloc(100);
|
||||
timeString = (char *)PORT_Alloc(256);
|
||||
|
||||
if ( timeString ) {
|
||||
PR_FormatTime( timeString, 100, "%a %b %d %H:%M:%S %Y", &printableTime );
|
||||
fprintf(out, "%s%s\n", m, timeString);
|
||||
if (PR_FormatTime( timeString, 256, "%a %b %d %H:%M:%S %Y", &printableTime )) {
|
||||
fprintf(out, "%s%s\n", m, timeString);
|
||||
}
|
||||
PORT_Free(timeString);
|
||||
return 0;
|
||||
}
|
||||
@ -361,14 +362,16 @@ sv_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena,
|
||||
DER_ConvertBitString(&i->subjectPublicKey);
|
||||
switch(SECOID_FindOIDTag(&i->algorithm.algorithm)) {
|
||||
case SEC_OID_PKCS1_RSA_ENCRYPTION:
|
||||
rv = SEC_ASN1DecodeItem(arena, pk, SECKEY_RSAPublicKeyTemplate,
|
||||
rv = SEC_ASN1DecodeItem(arena, pk,
|
||||
SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate),
|
||||
&i->subjectPublicKey);
|
||||
if (rv) return rv;
|
||||
sprintf(mm, "%s.rsaPublicKey.", msg);
|
||||
sv_PrintRSAPublicKey(out, pk, mm);
|
||||
break;
|
||||
case SEC_OID_ANSIX9_DSA_SIGNATURE:
|
||||
rv = SEC_ASN1DecodeItem(arena, pk, SECKEY_DSAPublicKeyTemplate,
|
||||
rv = SEC_ASN1DecodeItem(arena, pk,
|
||||
SEC_ASN1_GET(SECKEY_DSAPublicKeyTemplate),
|
||||
&i->subjectPublicKey);
|
||||
if (rv) return rv;
|
||||
sprintf(mm, "%s.dsaPublicKey.", msg);
|
||||
@ -391,7 +394,8 @@ sv_PrintInvalidDateExten (FILE *out, SECItem *value, char *msg)
|
||||
char *formattedTime = NULL;
|
||||
|
||||
decodedValue.data = NULL;
|
||||
rv = SEC_ASN1DecodeItem (NULL, &decodedValue, SEC_GeneralizedTimeTemplate,
|
||||
rv = SEC_ASN1DecodeItem (NULL, &decodedValue,
|
||||
SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
|
||||
value);
|
||||
if (rv == SECSuccess) {
|
||||
rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue);
|
||||
@ -495,7 +499,8 @@ sv_PrintCertificate(FILE *out, SECItem *der, char *m, int level)
|
||||
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
||||
if (!arena) return SEC_ERROR_NO_MEMORY;
|
||||
|
||||
rv = SEC_ASN1DecodeItem(arena, c, CERT_CertificateTemplate, der);
|
||||
rv = SEC_ASN1DecodeItem(arena, c, SEC_ASN1_GET(CERT_CertificateTemplate),
|
||||
der);
|
||||
if (rv) {
|
||||
PORT_FreeArena(arena, PR_FALSE);
|
||||
return rv;
|
||||
@ -541,7 +546,8 @@ sv_PrintSignedData(FILE *out, SECItem *der, char *m, SECU_PPFunc inner)
|
||||
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
||||
if (!arena) return SEC_ERROR_NO_MEMORY;
|
||||
|
||||
rv = SEC_ASN1DecodeItem(arena, sd, CERT_SignedDataTemplate, der);
|
||||
rv = SEC_ASN1DecodeItem(arena, sd, SEC_ASN1_GET(CERT_SignedDataTemplate),
|
||||
der);
|
||||
if (rv) {
|
||||
PORT_FreeArena(arena, PR_FALSE);
|
||||
return rv;
|
||||
|
58
security/nss/cmd/tests/conflict.c
Normal file
58
security/nss/cmd/tests/conflict.c
Normal file
@ -0,0 +1,58 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 2008
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
/*
|
||||
* This test verifies that NSS public headers don't conflict with common
|
||||
* identifier names.
|
||||
*/
|
||||
|
||||
#include "nssilckt.h"
|
||||
|
||||
/*
|
||||
* Bug 455424: nssilckt.h used to define the enumeration constant 'Lock',
|
||||
* which conflicts with C++ code that defines a Lock class. This is a
|
||||
* reduced test case in C for that name conflict.
|
||||
*/
|
||||
typedef struct {
|
||||
int dummy;
|
||||
} Lock;
|
||||
|
||||
Lock lock;
|
||||
|
||||
int main()
|
||||
{
|
||||
return 0;
|
||||
}
|
@ -41,6 +41,7 @@ CORE_DEPTH = ../../..
|
||||
MODULE = nss
|
||||
|
||||
CSRCS = \
|
||||
conflict.c \
|
||||
nonspr10.c \
|
||||
remtest.c \
|
||||
$(NULL)
|
||||
|
@ -38,7 +38,7 @@
|
||||
|
||||
/*
|
||||
**
|
||||
** Sample client side test program that uses SSL and libsec
|
||||
** Sample client side test program that uses SSL and NSS
|
||||
**
|
||||
*/
|
||||
|
||||
@ -126,20 +126,7 @@ int renegotiate = 0;
|
||||
|
||||
static char *progName;
|
||||
|
||||
/* This exists only for the automated test suite. It allows us to
|
||||
* pass in a password on the command line.
|
||||
*/
|
||||
|
||||
char *password = NULL;
|
||||
|
||||
char * ownPasswd( PK11SlotInfo *slot, PRBool retry, void *arg)
|
||||
{
|
||||
char *passwd = NULL;
|
||||
if ( (!retry) && arg ) {
|
||||
passwd = PL_strdup((char *)arg);
|
||||
}
|
||||
return passwd;
|
||||
}
|
||||
secuPWData pwdata = { PW_NONE, 0 };
|
||||
|
||||
void printSecurityInfo(PRFileDesc *fd)
|
||||
{
|
||||
@ -203,7 +190,7 @@ static void Usage(const char *progName)
|
||||
{
|
||||
fprintf(stderr,
|
||||
"Usage: %s -h host [-p port] [-d certdir] [-n nickname] [-23BTfosvxr] \n"
|
||||
" [-c ciphers] [-w passwd] [-q]\n", progName);
|
||||
" [-c ciphers] [-w passwd] [-W pwfile] [-q]\n", progName);
|
||||
fprintf(stderr, "%-20s Hostname to connect with\n", "-h host");
|
||||
fprintf(stderr, "%-20s Port number for SSL server\n", "-p port");
|
||||
fprintf(stderr,
|
||||
@ -523,7 +510,6 @@ int main(int argc, char **argv)
|
||||
PRSocketOptionData opt;
|
||||
PRNetAddr addr;
|
||||
PRPollDesc pollset[2];
|
||||
PRBool useCommandLinePassword = PR_FALSE;
|
||||
PRBool pingServerFirst = PR_FALSE;
|
||||
PRBool clientSpeaksFirst = PR_FALSE;
|
||||
PRBool wrStarted = PR_FALSE;
|
||||
@ -548,7 +534,7 @@ int main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
optstate = PL_CreateOptState(argc, argv, "23BTSfc:h:p:d:m:n:oqr:suvw:x");
|
||||
optstate = PL_CreateOptState(argc, argv, "23BTSfc:h:p:d:m:n:oqr:suvw:xW:");
|
||||
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
|
||||
switch (optstate->option) {
|
||||
case '?':
|
||||
@ -594,11 +580,16 @@ int main(int argc, char **argv)
|
||||
|
||||
case 'r': renegotiate = atoi(optstate->value); break;
|
||||
|
||||
case 'w':
|
||||
password = PORT_Strdup(optstate->value);
|
||||
useCommandLinePassword = PR_TRUE;
|
||||
case 'w':
|
||||
pwdata.source = PW_PLAINTEXT;
|
||||
pwdata.data = PORT_Strdup(optstate->value);
|
||||
break;
|
||||
|
||||
case 'W':
|
||||
pwdata.source = PW_FROMFILE;
|
||||
pwdata.data = PORT_Strdup(optstate->value);
|
||||
break;
|
||||
|
||||
case 'x': useExportPolicy = 1; break;
|
||||
}
|
||||
}
|
||||
@ -613,12 +604,7 @@ int main(int argc, char **argv)
|
||||
|
||||
PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
|
||||
|
||||
/* set our password function */
|
||||
if ( useCommandLinePassword ) {
|
||||
PK11_SetPasswordFunc(ownPasswd);
|
||||
} else {
|
||||
PK11_SetPasswordFunc(SECU_GetModulePassword);
|
||||
}
|
||||
PK11_SetPasswordFunc(SECU_GetModulePassword);
|
||||
|
||||
/* open the cert DB, the key DB, and the secmod DB. */
|
||||
if (!certDir) {
|
||||
@ -843,9 +829,7 @@ int main(int argc, char **argv)
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (useCommandLinePassword) {
|
||||
SSL_SetPKCS11PinArg(s, password);
|
||||
}
|
||||
SSL_SetPKCS11PinArg(s, &pwdata);
|
||||
|
||||
SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle);
|
||||
if (override) {
|
||||
@ -1064,8 +1048,8 @@ int main(int argc, char **argv)
|
||||
if (nickname) {
|
||||
PORT_Free(nickname);
|
||||
}
|
||||
if (password) {
|
||||
PORT_Free(password);
|
||||
if (pwdata.data) {
|
||||
PORT_Free(pwdata.data);
|
||||
}
|
||||
PORT_Free(host);
|
||||
|
||||
@ -1075,6 +1059,7 @@ int main(int argc, char **argv)
|
||||
exit(1);
|
||||
}
|
||||
|
||||
FPRINTF(stderr, "tstclnt: exiting with return code %d\n", error);
|
||||
PR_Cleanup();
|
||||
return error;
|
||||
}
|
||||
|
@ -38,7 +38,7 @@
|
||||
#define NSSBASET_H
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char NSSBASET_CVS_ID[] = "@(#) $RCSfile: nssbaset.h,v $ $Revision: 1.6 $ $Date: 2005/01/20 02:25:45 $";
|
||||
static const char NSSBASET_CVS_ID[] = "@(#) $RCSfile: nssbaset.h,v $ $Revision: 1.7 $ $Date: 2008/10/05 20:59:16 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
@ -61,10 +61,10 @@ static const char NSSBASET_CVS_ID[] = "@(#) $RCSfile: nssbaset.h,v $ $Revision:
|
||||
*/
|
||||
|
||||
#define DUMMY /* dummy */
|
||||
#define NSS_EXTERN PR_EXTERN(DUMMY)
|
||||
#define NSS_IMPLEMENT PR_IMPLEMENT(DUMMY)
|
||||
#define NSS_EXTERN_DATA PR_EXTERN_DATA(DUMMY)
|
||||
#define NSS_IMPLEMENT_DATA PR_IMPLEMENT_DATA(DUMMY)
|
||||
#define NSS_EXTERN extern
|
||||
#define NSS_EXTERN_DATA extern
|
||||
#define NSS_IMPLEMENT
|
||||
#define NSS_IMPLEMENT_DATA
|
||||
|
||||
PR_BEGIN_EXTERN_C
|
||||
|
||||
|
@ -996,6 +996,7 @@ CERT_OpenCertDBFilename(CERTCertDBHandle *handle, char *certdbname,
|
||||
PRBool readOnly)
|
||||
{
|
||||
PORT_Assert("CERT_OpenCertDBFilename is Deprecated" == NULL);
|
||||
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
@ -1003,6 +1004,7 @@ SECItem *
|
||||
SECKEY_HashPassword(char *pw, SECItem *salt)
|
||||
{
|
||||
PORT_Assert("SECKEY_HashPassword is Deprecated" == NULL);
|
||||
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -1012,6 +1014,7 @@ __CERT_TraversePermCertsForSubject(CERTCertDBHandle *handle,
|
||||
void *cb, void *cbarg)
|
||||
{
|
||||
PORT_Assert("CERT_TraversePermCertsForSubject is Deprecated" == NULL);
|
||||
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
@ -1021,6 +1024,7 @@ __CERT_TraversePermCertsForNickname(CERTCertDBHandle *handle, char *nickname,
|
||||
void *cb, void *cbarg)
|
||||
{
|
||||
PORT_Assert("CERT_TraversePermCertsForNickname is Deprecated" == NULL);
|
||||
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
|
@ -39,7 +39,7 @@
|
||||
* Implementation of OCSP services, for both client and server.
|
||||
* (XXX, really, mostly just for client right now, but intended to do both.)
|
||||
*
|
||||
* $Id: ocsp.c,v 1.54 2008/07/08 21:34:32 alexei.volkov.bugs%sun.com Exp $
|
||||
* $Id: ocsp.c,v 1.55 2008/10/06 23:37:55 julien.pierre.boogz%sun.com Exp $
|
||||
*/
|
||||
|
||||
#include "prerror.h"
|
||||
@ -205,14 +205,14 @@ static void
|
||||
ocsp_dumpStringWithTime(const char *str, int64 time)
|
||||
{
|
||||
PRExplodedTime timePrintable;
|
||||
char timestr[100];
|
||||
char timestr[256];
|
||||
|
||||
if (!wantOcspTrace())
|
||||
return;
|
||||
PR_ExplodeTime(time, PR_GMTParameters, &timePrintable);
|
||||
PR_FormatTime(timestr, 100, "%a %b %d %H:%M:%S %Y",
|
||||
&timePrintable);
|
||||
ocsp_Trace("OCSP %s %s\n", str, timestr);
|
||||
if (PR_FormatTime(timestr, 256, "%a %b %d %H:%M:%S %Y", &timePrintable)) {
|
||||
ocsp_Trace("OCSP %s %s\n", str, timestr);
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
@ -245,16 +245,18 @@ dumpCertificate(CERTCertificate *cert)
|
||||
{
|
||||
int64 timeBefore, timeAfter;
|
||||
PRExplodedTime beforePrintable, afterPrintable;
|
||||
char beforestr[100], afterstr[100];
|
||||
char beforestr[256], afterstr[256];
|
||||
PRStatus rv1, rv2;
|
||||
DER_DecodeTimeChoice(&timeBefore, &cert->validity.notBefore);
|
||||
DER_DecodeTimeChoice(&timeAfter, &cert->validity.notAfter);
|
||||
PR_ExplodeTime(timeBefore, PR_GMTParameters, &beforePrintable);
|
||||
PR_ExplodeTime(timeAfter, PR_GMTParameters, &afterPrintable);
|
||||
PR_FormatTime(beforestr, 100, "%a %b %d %H:%M:%S %Y",
|
||||
rv1 = PR_FormatTime(beforestr, 256, "%a %b %d %H:%M:%S %Y",
|
||||
&beforePrintable);
|
||||
PR_FormatTime(afterstr, 100, "%a %b %d %H:%M:%S %Y",
|
||||
rv2 = PR_FormatTime(afterstr, 256, "%a %b %d %H:%M:%S %Y",
|
||||
&afterPrintable);
|
||||
ocsp_Trace("OCSP ## VALIDITY: %s to %s\n", beforestr, afterstr);
|
||||
ocsp_Trace("OCSP ## VALIDITY: %s to %s\n", rv1 ? beforestr : "",
|
||||
rv2 ? afterstr : "");
|
||||
}
|
||||
ocsp_Trace("OCSP ## ISSUER: %s\n", cert->issuerName);
|
||||
printHexString("OCSP ## SERIAL NUMBER:", &cert->serialNumber);
|
||||
|
@ -35,7 +35,7 @@
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.50 $ $Date: 2008/08/14 18:15:56 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.50 $ $Date: 2008/08/14 18:15:56 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef BUILTINS_H
|
||||
@ -803,6 +803,12 @@ static const CK_ATTRIBUTE_TYPE nss_builtins_types_248 [] = {
|
||||
static const CK_ATTRIBUTE_TYPE nss_builtins_types_249 [] = {
|
||||
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
|
||||
};
|
||||
static const CK_ATTRIBUTE_TYPE nss_builtins_types_250 [] = {
|
||||
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
|
||||
};
|
||||
static const CK_ATTRIBUTE_TYPE nss_builtins_types_251 [] = {
|
||||
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
|
||||
};
|
||||
#ifdef DEBUG
|
||||
static const NSSItem nss_builtins_items_0 [] = {
|
||||
{ (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
|
||||
@ -811,7 +817,7 @@ static const NSSItem nss_builtins_items_0 [] = {
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)"CVS ID", (PRUint32)7 },
|
||||
{ (void *)"NSS", (PRUint32)4 },
|
||||
{ (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.50 $ $Date: 2008/08/14 18:15:56 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.50 $ $Date: 2008/08/14 18:15:56 $", (PRUint32)160 }
|
||||
{ (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $", (PRUint32)160 }
|
||||
};
|
||||
#endif /* DEBUG */
|
||||
static const NSSItem nss_builtins_items_1 [] = {
|
||||
@ -16868,6 +16874,109 @@ static const NSSItem nss_builtins_items_249 [] = {
|
||||
{ (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) },
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
|
||||
};
|
||||
static const NSSItem nss_builtins_items_250 [] = {
|
||||
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
|
||||
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)"COMODO ECC Certification Authority", (PRUint32)35 },
|
||||
{ (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
|
||||
{ (void *)"\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102"
|
||||
"\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164"
|
||||
"\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060"
|
||||
"\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061"
|
||||
"\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117"
|
||||
"\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006"
|
||||
"\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103"
|
||||
"\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101"
|
||||
"\165\164\150\157\162\151\164\171"
|
||||
, (PRUint32)136 },
|
||||
{ (void *)"0", (PRUint32)2 },
|
||||
{ (void *)"\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102"
|
||||
"\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164"
|
||||
"\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060"
|
||||
"\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061"
|
||||
"\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117"
|
||||
"\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006"
|
||||
"\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103"
|
||||
"\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101"
|
||||
"\165\164\150\157\162\151\164\171"
|
||||
, (PRUint32)136 },
|
||||
{ (void *)"\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143"
|
||||
"\231\052"
|
||||
, (PRUint32)18 },
|
||||
{ (void *)"\060\202\002\211\060\202\002\017\240\003\002\001\002\002\020\037"
|
||||
"\107\257\252\142\000\160\120\124\114\001\236\233\143\231\052\060"
|
||||
"\012\006\010\052\206\110\316\075\004\003\003\060\201\205\061\013"
|
||||
"\060\011\006\003\125\004\006\023\002\107\102\061\033\060\031\006"
|
||||
"\003\125\004\010\023\022\107\162\145\141\164\145\162\040\115\141"
|
||||
"\156\143\150\145\163\164\145\162\061\020\060\016\006\003\125\004"
|
||||
"\007\023\007\123\141\154\146\157\162\144\061\032\060\030\006\003"
|
||||
"\125\004\012\023\021\103\117\115\117\104\117\040\103\101\040\114"
|
||||
"\151\155\151\164\145\144\061\053\060\051\006\003\125\004\003\023"
|
||||
"\042\103\117\115\117\104\117\040\105\103\103\040\103\145\162\164"
|
||||
"\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162"
|
||||
"\151\164\171\060\036\027\015\060\070\060\063\060\066\060\060\060"
|
||||
"\060\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071"
|
||||
"\065\071\132\060\201\205\061\013\060\011\006\003\125\004\006\023"
|
||||
"\002\107\102\061\033\060\031\006\003\125\004\010\023\022\107\162"
|
||||
"\145\141\164\145\162\040\115\141\156\143\150\145\163\164\145\162"
|
||||
"\061\020\060\016\006\003\125\004\007\023\007\123\141\154\146\157"
|
||||
"\162\144\061\032\060\030\006\003\125\004\012\023\021\103\117\115"
|
||||
"\117\104\117\040\103\101\040\114\151\155\151\164\145\144\061\053"
|
||||
"\060\051\006\003\125\004\003\023\042\103\117\115\117\104\117\040"
|
||||
"\105\103\103\040\103\145\162\164\151\146\151\143\141\164\151\157"
|
||||
"\156\040\101\165\164\150\157\162\151\164\171\060\166\060\020\006"
|
||||
"\007\052\206\110\316\075\002\001\006\005\053\201\004\000\042\003"
|
||||
"\142\000\004\003\107\173\057\165\311\202\025\205\373\165\344\221"
|
||||
"\026\324\253\142\231\365\076\122\013\006\316\101\000\177\227\341"
|
||||
"\012\044\074\035\001\004\356\075\322\215\011\227\014\340\165\344"
|
||||
"\372\373\167\212\052\365\003\140\113\066\213\026\043\026\255\011"
|
||||
"\161\364\112\364\050\120\264\376\210\034\156\077\154\057\057\011"
|
||||
"\131\133\245\133\013\063\231\342\303\075\211\371\152\054\357\262"
|
||||
"\323\006\351\243\102\060\100\060\035\006\003\125\035\016\004\026"
|
||||
"\004\024\165\161\247\031\110\031\274\235\235\352\101\107\337\224"
|
||||
"\304\110\167\231\323\171\060\016\006\003\125\035\017\001\001\377"
|
||||
"\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377"
|
||||
"\004\005\060\003\001\001\377\060\012\006\010\052\206\110\316\075"
|
||||
"\004\003\003\003\150\000\060\145\002\061\000\357\003\133\172\254"
|
||||
"\267\170\012\162\267\210\337\377\265\106\024\011\012\372\240\346"
|
||||
"\175\010\306\032\207\275\030\250\163\275\046\312\140\014\235\316"
|
||||
"\231\237\317\134\017\060\341\276\024\061\352\002\060\024\364\223"
|
||||
"\074\111\247\063\172\220\106\107\263\143\175\023\233\116\267\157"
|
||||
"\030\067\200\123\376\335\040\340\065\232\066\321\307\001\271\346"
|
||||
"\334\335\363\377\035\054\072\026\127\331\222\071\326"
|
||||
, (PRUint32)653 }
|
||||
};
|
||||
static const NSSItem nss_builtins_items_251 [] = {
|
||||
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
|
||||
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)"COMODO ECC Certification Authority", (PRUint32)35 },
|
||||
{ (void *)"\237\164\116\237\053\115\272\354\017\061\054\120\266\126\073\216"
|
||||
"\055\223\303\021"
|
||||
, (PRUint32)20 },
|
||||
{ (void *)"\174\142\377\164\235\061\123\136\150\112\325\170\252\036\277\043"
|
||||
, (PRUint32)16 },
|
||||
{ (void *)"\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102"
|
||||
"\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164"
|
||||
"\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060"
|
||||
"\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061"
|
||||
"\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117"
|
||||
"\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006"
|
||||
"\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103"
|
||||
"\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101"
|
||||
"\165\164\150\157\162\151\164\171"
|
||||
, (PRUint32)136 },
|
||||
{ (void *)"\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143"
|
||||
"\231\052"
|
||||
, (PRUint32)18 },
|
||||
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
|
||||
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
|
||||
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
|
||||
};
|
||||
|
||||
builtinsInternalObject
|
||||
nss_builtins_data[] = {
|
||||
@ -17122,11 +17231,13 @@ nss_builtins_data[] = {
|
||||
{ 11, nss_builtins_types_246, nss_builtins_items_246, {NULL} },
|
||||
{ 13, nss_builtins_types_247, nss_builtins_items_247, {NULL} },
|
||||
{ 11, nss_builtins_types_248, nss_builtins_items_248, {NULL} },
|
||||
{ 13, nss_builtins_types_249, nss_builtins_items_249, {NULL} }
|
||||
{ 13, nss_builtins_types_249, nss_builtins_items_249, {NULL} },
|
||||
{ 11, nss_builtins_types_250, nss_builtins_items_250, {NULL} },
|
||||
{ 13, nss_builtins_types_251, nss_builtins_items_251, {NULL} }
|
||||
};
|
||||
const PRUint32
|
||||
#ifdef DEBUG
|
||||
nss_builtins_nObjects = 249+1;
|
||||
nss_builtins_nObjects = 251+1;
|
||||
#else
|
||||
nss_builtins_nObjects = 249;
|
||||
nss_builtins_nObjects = 251;
|
||||
#endif /* DEBUG */
|
||||
|
@ -34,7 +34,7 @@
|
||||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.49 $ $Date: 2008/08/14 18:15:56 $"
|
||||
CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.50 $ $Date: 2008/10/17 23:06:48 $"
|
||||
|
||||
#
|
||||
# certdata.txt
|
||||
@ -17388,3 +17388,116 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "COMODO ECC Certification Authority"
|
||||
#
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "COMODO ECC Certification Authority"
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102
|
||||
\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
|
||||
\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
|
||||
\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
|
||||
\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
|
||||
\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006
|
||||
\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103
|
||||
\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
|
||||
\165\164\150\157\162\151\164\171
|
||||
END
|
||||
CKA_ID UTF8 "0"
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102
|
||||
\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
|
||||
\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
|
||||
\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
|
||||
\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
|
||||
\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006
|
||||
\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103
|
||||
\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
|
||||
\165\164\150\157\162\151\164\171
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143
|
||||
\231\052
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\002\211\060\202\002\017\240\003\002\001\002\002\020\037
|
||||
\107\257\252\142\000\160\120\124\114\001\236\233\143\231\052\060
|
||||
\012\006\010\052\206\110\316\075\004\003\003\060\201\205\061\013
|
||||
\060\011\006\003\125\004\006\023\002\107\102\061\033\060\031\006
|
||||
\003\125\004\010\023\022\107\162\145\141\164\145\162\040\115\141
|
||||
\156\143\150\145\163\164\145\162\061\020\060\016\006\003\125\004
|
||||
\007\023\007\123\141\154\146\157\162\144\061\032\060\030\006\003
|
||||
\125\004\012\023\021\103\117\115\117\104\117\040\103\101\040\114
|
||||
\151\155\151\164\145\144\061\053\060\051\006\003\125\004\003\023
|
||||
\042\103\117\115\117\104\117\040\105\103\103\040\103\145\162\164
|
||||
\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162
|
||||
\151\164\171\060\036\027\015\060\070\060\063\060\066\060\060\060
|
||||
\060\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071
|
||||
\065\071\132\060\201\205\061\013\060\011\006\003\125\004\006\023
|
||||
\002\107\102\061\033\060\031\006\003\125\004\010\023\022\107\162
|
||||
\145\141\164\145\162\040\115\141\156\143\150\145\163\164\145\162
|
||||
\061\020\060\016\006\003\125\004\007\023\007\123\141\154\146\157
|
||||
\162\144\061\032\060\030\006\003\125\004\012\023\021\103\117\115
|
||||
\117\104\117\040\103\101\040\114\151\155\151\164\145\144\061\053
|
||||
\060\051\006\003\125\004\003\023\042\103\117\115\117\104\117\040
|
||||
\105\103\103\040\103\145\162\164\151\146\151\143\141\164\151\157
|
||||
\156\040\101\165\164\150\157\162\151\164\171\060\166\060\020\006
|
||||
\007\052\206\110\316\075\002\001\006\005\053\201\004\000\042\003
|
||||
\142\000\004\003\107\173\057\165\311\202\025\205\373\165\344\221
|
||||
\026\324\253\142\231\365\076\122\013\006\316\101\000\177\227\341
|
||||
\012\044\074\035\001\004\356\075\322\215\011\227\014\340\165\344
|
||||
\372\373\167\212\052\365\003\140\113\066\213\026\043\026\255\011
|
||||
\161\364\112\364\050\120\264\376\210\034\156\077\154\057\057\011
|
||||
\131\133\245\133\013\063\231\342\303\075\211\371\152\054\357\262
|
||||
\323\006\351\243\102\060\100\060\035\006\003\125\035\016\004\026
|
||||
\004\024\165\161\247\031\110\031\274\235\235\352\101\107\337\224
|
||||
\304\110\167\231\323\171\060\016\006\003\125\035\017\001\001\377
|
||||
\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377
|
||||
\004\005\060\003\001\001\377\060\012\006\010\052\206\110\316\075
|
||||
\004\003\003\003\150\000\060\145\002\061\000\357\003\133\172\254
|
||||
\267\170\012\162\267\210\337\377\265\106\024\011\012\372\240\346
|
||||
\175\010\306\032\207\275\030\250\163\275\046\312\140\014\235\316
|
||||
\231\237\317\134\017\060\341\276\024\061\352\002\060\024\364\223
|
||||
\074\111\247\063\172\220\106\107\263\143\175\023\233\116\267\157
|
||||
\030\067\200\123\376\335\040\340\065\232\066\321\307\001\271\346
|
||||
\334\335\363\377\035\054\072\026\127\331\222\071\326
|
||||
END
|
||||
|
||||
# Trust for Certificate "COMODO ECC Certification Authority"
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "COMODO ECC Certification Authority"
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\237\164\116\237\053\115\272\354\017\061\054\120\266\126\073\216
|
||||
\055\223\303\021
|
||||
END
|
||||
CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||
\174\142\377\164\235\061\123\136\150\112\325\170\252\036\277\043
|
||||
END
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102
|
||||
\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
|
||||
\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
|
||||
\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
|
||||
\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
|
||||
\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006
|
||||
\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103
|
||||
\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
|
||||
\165\164\150\157\162\151\164\171
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143
|
||||
\231\052
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
@ -75,8 +75,8 @@
|
||||
* of the comment in the CK_VERSION type definition.
|
||||
*/
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 71
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION "1.71"
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 72
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION "1.72"
|
||||
|
||||
/* These version numbers detail the semantic changes to the ckfw engine. */
|
||||
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
|
||||
|
@ -37,7 +37,7 @@
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: staticobj.c,v $ $Revision: 1.1 $ $Date: 2005/11/04 02:05:04 $""; @(#) $RCSfile: staticobj.c,v $ $Revision: 1.1 $ $Date: 2005/11/04 02:05:04 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: staticobj.c,v $ $Revision: 1.2 $ $Date: 2008/10/05 20:59:19 $""; @(#) $RCSfile: staticobj.c,v $ $Revision: 1.2 $ $Date: 2008/10/05 20:59:19 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef CKCAPI_H
|
||||
@ -67,8 +67,8 @@ static const NSSItem nss_ckcapi_items_1 [] = {
|
||||
{ (void *)"Mozilla CAPI Access", (PRUint32)20 }
|
||||
};
|
||||
|
||||
PR_IMPLEMENT_DATA(ckcapiInternalObject) nss_ckcapi_data[] = {
|
||||
ckcapiInternalObject nss_ckcapi_data[] = {
|
||||
{ ckcapiRaw, { 5, nss_ckcapi_types_1, nss_ckcapi_items_1} , {NULL} },
|
||||
};
|
||||
|
||||
PR_IMPLEMENT_DATA(const PRUint32) nss_ckcapi_nObjects = 1;
|
||||
const PRUint32 nss_ckcapi_nObjects = 1;
|
||||
|
@ -37,7 +37,7 @@
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: staticobj.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $""; @(#) $RCSfile: staticobj.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: staticobj.c,v $ $Revision: 1.2 $ $Date: 2008/10/05 20:59:22 $""; @(#) $RCSfile: staticobj.c,v $ $Revision: 1.2 $ $Date: 2008/10/05 20:59:22 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef CKMK_H
|
||||
@ -67,8 +67,8 @@ static const NSSItem nss_ckmk_items_1 [] = {
|
||||
{ (void *)"Mozilla Mac Key Ring Access", (PRUint32)28 }
|
||||
};
|
||||
|
||||
PR_IMPLEMENT_DATA(ckmkInternalObject) nss_ckmk_data[] = {
|
||||
ckmkInternalObject nss_ckmk_data[] = {
|
||||
{ ckmkRaw, {{ 5, nss_ckmk_types_1, nss_ckmk_items_1}} , CKO_DATA, {NULL} },
|
||||
};
|
||||
|
||||
PR_IMPLEMENT_DATA(const PRUint32) nss_ckmk_nObjects = 1;
|
||||
const PRUint32 nss_ckmk_nObjects = 1;
|
||||
|
@ -35,7 +35,7 @@
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: wrap.c,v $ $Revision: 1.16 $ $Date: 2008/02/25 20:35:23 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: wrap.c,v $ $Revision: 1.17 $ $Date: 2008/08/25 22:47:32 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
@ -274,6 +274,17 @@ NSSCKFWC_Finalize
|
||||
break;
|
||||
}
|
||||
|
||||
/*
|
||||
* A thread's error stack is automatically destroyed when the thread
|
||||
* terminates or, for the primordial thread, by PR_Cleanup. On
|
||||
* Windows with MinGW, the thread private data destructor PR_Free
|
||||
* registered by this module is actually a thunk for PR_Free defined
|
||||
* in this module. When the thread that unloads this module terminates
|
||||
* or calls PR_Cleanup, the thunk for PR_Free is already gone with the
|
||||
* module. Therefore we need to destroy the error stack before the
|
||||
* module is unloaded.
|
||||
*/
|
||||
nss_DestroyErrorStack();
|
||||
return error;
|
||||
}
|
||||
|
||||
|
@ -35,7 +35,7 @@
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.37 $ $Date: 2008/05/29 17:24:15 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.38 $ $Date: 2008/09/30 04:09:02 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef NSSCKEPV_H
|
||||
@ -359,6 +359,10 @@ nssCryptokiCertificate_GetAttributes (
|
||||
session = sessionOpt ?
|
||||
sessionOpt :
|
||||
nssToken_GetDefaultSession(certObject->token);
|
||||
if (!session) {
|
||||
nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
|
||||
return PR_FAILURE;
|
||||
}
|
||||
|
||||
slot = nssToken_GetSlot(certObject->token);
|
||||
status = nssCKObject_GetAttributes(certObject->handle,
|
||||
@ -457,6 +461,10 @@ nssCryptokiTrust_GetAttributes (
|
||||
session = sessionOpt ?
|
||||
sessionOpt :
|
||||
nssToken_GetDefaultSession(trustObject->token);
|
||||
if (!session) {
|
||||
nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
|
||||
return PR_FAILURE;
|
||||
}
|
||||
|
||||
slot = nssToken_GetSlot(trustObject->token);
|
||||
status = nssCKObject_GetAttributes(trustObject->handle,
|
||||
@ -522,6 +530,10 @@ nssCryptokiCRL_GetAttributes (
|
||||
session = sessionOpt ?
|
||||
sessionOpt :
|
||||
nssToken_GetDefaultSession(crlObject->token);
|
||||
if (session == NULL) {
|
||||
nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
|
||||
return PR_FAILURE;
|
||||
}
|
||||
|
||||
slot = nssToken_GetSlot(crlObject->token);
|
||||
status = nssCKObject_GetAttributes(crlObject->handle,
|
||||
@ -580,10 +592,9 @@ nssCryptokiPrivateKey_SetCertificate (
|
||||
if (sessionOpt) {
|
||||
if (!nssSession_IsReadWrite(sessionOpt)) {
|
||||
return PR_FAILURE;
|
||||
} else {
|
||||
session = sessionOpt;
|
||||
}
|
||||
} else if (nssSession_IsReadWrite(defaultSession)) {
|
||||
}
|
||||
session = sessionOpt;
|
||||
} else if (defaultSession && nssSession_IsReadWrite(defaultSession)) {
|
||||
session = defaultSession;
|
||||
} else {
|
||||
NSSSlot *slot = nssToken_GetSlot(token);
|
||||
|
@ -35,7 +35,7 @@
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.50 $ $Date: 2008/08/09 01:25:58 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.51 $ $Date: 2008/09/30 04:09:02 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef NSSCKEPV_H
|
||||
@ -182,7 +182,8 @@ nssToken_DeleteStoredObject (
|
||||
nssTokenObjectCache_RemoveObject(token->cache, instance);
|
||||
}
|
||||
if (instance->isTokenObject) {
|
||||
if (nssSession_IsReadWrite(token->defaultSession)) {
|
||||
if (token->defaultSession &&
|
||||
nssSession_IsReadWrite(token->defaultSession)) {
|
||||
session = token->defaultSession;
|
||||
} else {
|
||||
session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE);
|
||||
@ -227,10 +228,10 @@ import_object (
|
||||
if (!nssSession_IsReadWrite(sessionOpt)) {
|
||||
nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
|
||||
return NULL;
|
||||
} else {
|
||||
session = sessionOpt;
|
||||
}
|
||||
} else if (nssSession_IsReadWrite(tok->defaultSession)) {
|
||||
session = sessionOpt;
|
||||
} else if (tok->defaultSession &&
|
||||
nssSession_IsReadWrite(tok->defaultSession)) {
|
||||
session = tok->defaultSession;
|
||||
} else {
|
||||
session = nssSlot_CreateSession(tok->slot, NULL, PR_TRUE);
|
||||
@ -307,8 +308,7 @@ find_objects (
|
||||
nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
|
||||
|
||||
/* Don't ask the module to use an invalid session handle. */
|
||||
PORT_Assert(session->handle != CK_INVALID_SESSION);
|
||||
if (session->handle == CK_INVALID_SESSION) {
|
||||
if (!session || session->handle == CK_INVALID_SESSION) {
|
||||
ckrv = CKR_SESSION_HANDLE_INVALID;
|
||||
goto loser;
|
||||
}
|
||||
@ -1147,7 +1147,13 @@ nssToken_FindTrustForCertificate (
|
||||
CK_ATTRIBUTE tobj_template[5];
|
||||
CK_ULONG tobj_size;
|
||||
nssSession *session = sessionOpt ? sessionOpt : token->defaultSession;
|
||||
nssCryptokiObject *object, **objects;
|
||||
nssCryptokiObject *object = NULL, **objects;
|
||||
|
||||
/* Don't ask the module to use an invalid session handle. */
|
||||
if (!session || session->handle == CK_INVALID_SESSION) {
|
||||
PORT_SetError(SEC_ERROR_NO_TOKEN);
|
||||
return object;
|
||||
}
|
||||
|
||||
NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size);
|
||||
if (searchType == nssTokenSearchType_SessionOnly) {
|
||||
@ -1159,7 +1165,6 @@ nssToken_FindTrustForCertificate (
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, certIssuer);
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER , certSerial);
|
||||
NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size);
|
||||
object = NULL;
|
||||
objects = find_objects_by_template(token, session,
|
||||
tobj_template, tobj_size,
|
||||
1, NULL);
|
||||
@ -1227,9 +1232,15 @@ nssToken_FindCRLsBySubject (
|
||||
CK_ATTRIBUTE_PTR attr;
|
||||
CK_ATTRIBUTE crlobj_template[3];
|
||||
CK_ULONG crlobj_size;
|
||||
nssCryptokiObject **objects;
|
||||
nssCryptokiObject **objects = NULL;
|
||||
nssSession *session = sessionOpt ? sessionOpt : token->defaultSession;
|
||||
|
||||
/* Don't ask the module to use an invalid session handle. */
|
||||
if (!session || session->handle == CK_INVALID_SESSION) {
|
||||
PORT_SetError(SEC_ERROR_NO_TOKEN);
|
||||
return objects;
|
||||
}
|
||||
|
||||
NSS_CK_TEMPLATE_START(crlobj_template, attr, crlobj_size);
|
||||
if (searchType == nssTokenSearchType_SessionOnly) {
|
||||
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
|
||||
@ -1280,8 +1291,14 @@ nssToken_Digest (
|
||||
CK_BYTE_PTR digest;
|
||||
NSSItem *rvItem = NULL;
|
||||
void *epv = nssToken_GetCryptokiEPV(tok);
|
||||
nssSession *session;
|
||||
session = (sessionOpt) ? sessionOpt : tok->defaultSession;
|
||||
nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
|
||||
|
||||
/* Don't ask the module to use an invalid session handle. */
|
||||
if (!session || session->handle == CK_INVALID_SESSION) {
|
||||
PORT_SetError(SEC_ERROR_NO_TOKEN);
|
||||
return rvItem;
|
||||
}
|
||||
|
||||
nssSession_EnterMonitor(session);
|
||||
ckrv = CKAPI(epv)->C_DigestInit(session->handle, &ap->mechanism);
|
||||
if (ckrv != CKR_OK) {
|
||||
@ -1340,9 +1357,15 @@ nssToken_BeginDigest (
|
||||
)
|
||||
{
|
||||
CK_RV ckrv;
|
||||
nssSession *session;
|
||||
void *epv = nssToken_GetCryptokiEPV(tok);
|
||||
session = (sessionOpt) ? sessionOpt : tok->defaultSession;
|
||||
nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
|
||||
|
||||
/* Don't ask the module to use an invalid session handle. */
|
||||
if (!session || session->handle == CK_INVALID_SESSION) {
|
||||
PORT_SetError(SEC_ERROR_NO_TOKEN);
|
||||
return PR_FAILURE;
|
||||
}
|
||||
|
||||
nssSession_EnterMonitor(session);
|
||||
ckrv = CKAPI(epv)->C_DigestInit(session->handle, &ap->mechanism);
|
||||
nssSession_ExitMonitor(session);
|
||||
@ -1357,9 +1380,15 @@ nssToken_ContinueDigest (
|
||||
)
|
||||
{
|
||||
CK_RV ckrv;
|
||||
nssSession *session;
|
||||
void *epv = nssToken_GetCryptokiEPV(tok);
|
||||
session = (sessionOpt) ? sessionOpt : tok->defaultSession;
|
||||
nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
|
||||
|
||||
/* Don't ask the module to use an invalid session handle. */
|
||||
if (!session || session->handle == CK_INVALID_SESSION) {
|
||||
PORT_SetError(SEC_ERROR_NO_TOKEN);
|
||||
return PR_FAILURE;
|
||||
}
|
||||
|
||||
nssSession_EnterMonitor(session);
|
||||
ckrv = CKAPI(epv)->C_DigestUpdate(session->handle,
|
||||
(CK_BYTE_PTR)item->data,
|
||||
@ -1381,8 +1410,14 @@ nssToken_FinishDigest (
|
||||
CK_BYTE_PTR digest;
|
||||
NSSItem *rvItem = NULL;
|
||||
void *epv = nssToken_GetCryptokiEPV(tok);
|
||||
nssSession *session;
|
||||
session = (sessionOpt) ? sessionOpt : tok->defaultSession;
|
||||
nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
|
||||
|
||||
/* Don't ask the module to use an invalid session handle. */
|
||||
if (!session || session->handle == CK_INVALID_SESSION) {
|
||||
PORT_SetError(SEC_ERROR_NO_TOKEN);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
nssSession_EnterMonitor(session);
|
||||
ckrv = CKAPI(epv)->C_DigestFinal(session->handle, NULL, &digestLen);
|
||||
if (ckrv != CKR_OK || digestLen == 0) {
|
||||
@ -1459,6 +1494,12 @@ nssToken_TraverseCertificates (
|
||||
void *epv = nssToken_GetCryptokiEPV(token);
|
||||
nssSession *session = (sessionOpt) ? sessionOpt : token->defaultSession;
|
||||
|
||||
/* Don't ask the module to use an invalid session handle. */
|
||||
if (!session || session->handle == CK_INVALID_SESSION) {
|
||||
PORT_SetError(SEC_ERROR_NO_TOKEN);
|
||||
return PR_FAILURE;
|
||||
}
|
||||
|
||||
/* template for all certs */
|
||||
NSS_CK_TEMPLATE_START(cert_template, attr, ctsize);
|
||||
if (searchType == nssTokenSearchType_SessionOnly) {
|
||||
|
@ -35,7 +35,7 @@
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: devutil.c,v $ $Revision: 1.31 $ $Date: 2008/05/18 01:51:45 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: devutil.c,v $ $Revision: 1.32 $ $Date: 2008/09/30 04:09:02 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef DEVM_H
|
||||
@ -387,7 +387,10 @@ create_object (
|
||||
goto loser;
|
||||
}
|
||||
session = nssToken_GetDefaultSession(object->token);
|
||||
|
||||
if (!session) {
|
||||
nss_SetError(NSS_ERROR_INVALID_POINTER);
|
||||
goto loser;
|
||||
}
|
||||
arena = nssArena_Create();
|
||||
if (!arena) {
|
||||
goto loser;
|
||||
|
@ -455,7 +455,7 @@ $(ECL_OBJS): $(ECL_HDRS)
|
||||
|
||||
|
||||
|
||||
$(OBJDIR)/sysrand$(OBJ_SUFFIX): sysrand.c unix_rand.c win_rand.c mac_rand.c os2_rand.c
|
||||
$(OBJDIR)/sysrand$(OBJ_SUFFIX): sysrand.c unix_rand.c win_rand.c os2_rand.c
|
||||
|
||||
$(OBJDIR)/$(PROG_PREFIX)mpprime$(OBJ_SUFFIX): primes.c
|
||||
|
||||
|
@ -90,15 +90,11 @@ EXTRA_SHARED_LIBS += \
|
||||
-L$(DIST)/lib \
|
||||
-lnssutil3 \
|
||||
-L$(NSPR_LIB_DIR) \
|
||||
-lplc4 \
|
||||
-lplds4 \
|
||||
-lnspr4 \
|
||||
$(NULL)
|
||||
else # ! NS_USE_GCC
|
||||
EXTRA_SHARED_LIBS += \
|
||||
$(DIST)/lib/nssutil3.lib \
|
||||
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \
|
||||
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \
|
||||
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
|
||||
$(NULL)
|
||||
endif # NS_USE_GCC
|
||||
@ -109,11 +105,13 @@ EXTRA_SHARED_LIBS += \
|
||||
-L$(DIST)/lib \
|
||||
-lnssutil3 \
|
||||
-L$(NSPR_LIB_DIR) \
|
||||
-lplc4 \
|
||||
-lplds4 \
|
||||
-lnspr4 \
|
||||
$(NULL)
|
||||
|
||||
endif
|
||||
|
||||
ifeq ($(OS_ARCH), Darwin)
|
||||
EXTRA_SHARED_LIBS += -dylib_file @executable_path/libplc4.dylib:$(DIST)/lib/libplc4.dylib -dylib_file @executable_path/libplds4.dylib:$(DIST)/lib/libplds4.dylib
|
||||
endif
|
||||
|
||||
endif
|
||||
|
@ -1,318 +0,0 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef notdef
|
||||
#include "xp_core.h"
|
||||
#include "xp_file.h"
|
||||
#endif
|
||||
#include "secrng.h"
|
||||
#include "mcom_db.h"
|
||||
#ifdef XP_MAC
|
||||
#include <Events.h>
|
||||
#include <OSUtils.h>
|
||||
#include <QDOffscreen.h>
|
||||
#include <PPCToolbox.h>
|
||||
#include <Processes.h>
|
||||
#include <LowMem.h>
|
||||
#include <Scrap.h>
|
||||
|
||||
/* Static prototypes */
|
||||
static size_t CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen);
|
||||
void FE_ReadScreen();
|
||||
|
||||
static size_t CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen)
|
||||
{
|
||||
union endianness {
|
||||
int32 i;
|
||||
char c[4];
|
||||
} u;
|
||||
|
||||
if (srclen <= dstlen) {
|
||||
memcpy(dst, src, srclen);
|
||||
return srclen;
|
||||
}
|
||||
u.i = 0x01020304;
|
||||
if (u.c[0] == 0x01) {
|
||||
/* big-endian case */
|
||||
memcpy(dst, (char*)src + (srclen - dstlen), dstlen);
|
||||
} else {
|
||||
/* little-endian case */
|
||||
memcpy(dst, src, dstlen);
|
||||
}
|
||||
return dstlen;
|
||||
}
|
||||
|
||||
size_t RNG_GetNoise(void *buf, size_t maxbytes)
|
||||
{
|
||||
UnsignedWide microTickCount;
|
||||
Microseconds(µTickCount);
|
||||
return CopyLowBits(buf, maxbytes, µTickCount, sizeof(microTickCount));
|
||||
}
|
||||
|
||||
void RNG_FileForRNG(const char *filename)
|
||||
{
|
||||
unsigned char buffer[BUFSIZ];
|
||||
size_t bytes;
|
||||
#ifdef notdef /*sigh*/
|
||||
XP_File file;
|
||||
unsigned long totalFileBytes = 0;
|
||||
|
||||
if (filename == NULL) /* For now, read in global history if filename is null */
|
||||
file = XP_FileOpen(NULL, xpGlobalHistory,XP_FILE_READ_BIN);
|
||||
else
|
||||
file = XP_FileOpen(NULL, xpURL,XP_FILE_READ_BIN);
|
||||
if (file != NULL) {
|
||||
for (;;) {
|
||||
bytes = XP_FileRead(buffer, sizeof(buffer), file);
|
||||
if (bytes == 0) break;
|
||||
RNG_RandomUpdate( buffer, bytes);
|
||||
totalFileBytes += bytes;
|
||||
if (totalFileBytes > 100*1024) break; /* No more than 100 K */
|
||||
}
|
||||
XP_FileClose(file);
|
||||
}
|
||||
#endif
|
||||
/*
|
||||
* Pass yet another snapshot of our highest resolution clock into
|
||||
* the hash function.
|
||||
*/
|
||||
bytes = RNG_GetNoise(buffer, sizeof(buffer));
|
||||
RNG_RandomUpdate(buffer, sizeof(buffer));
|
||||
}
|
||||
|
||||
void RNG_SystemInfoForRNG()
|
||||
{
|
||||
/* Time */
|
||||
{
|
||||
unsigned long sec;
|
||||
size_t bytes;
|
||||
GetDateTime(&sec); /* Current time since 1970 */
|
||||
RNG_RandomUpdate( &sec, sizeof(sec));
|
||||
bytes = RNG_GetNoise(&sec, sizeof(sec));
|
||||
RNG_RandomUpdate(&sec, bytes);
|
||||
}
|
||||
/* User specific variables */
|
||||
{
|
||||
MachineLocation loc;
|
||||
ReadLocation(&loc);
|
||||
RNG_RandomUpdate( &loc, sizeof(loc));
|
||||
}
|
||||
#if !TARGET_CARBON
|
||||
/* User name */
|
||||
{
|
||||
unsigned long userRef;
|
||||
Str32 userName;
|
||||
GetDefaultUser(&userRef, userName);
|
||||
RNG_RandomUpdate( &userRef, sizeof(userRef));
|
||||
RNG_RandomUpdate( userName, sizeof(userName));
|
||||
}
|
||||
#endif
|
||||
/* Mouse location */
|
||||
{
|
||||
Point mouseLoc;
|
||||
GetMouse(&mouseLoc);
|
||||
RNG_RandomUpdate( &mouseLoc, sizeof(mouseLoc));
|
||||
}
|
||||
/* Keyboard time threshold */
|
||||
{
|
||||
SInt16 keyTresh = LMGetKeyThresh();
|
||||
RNG_RandomUpdate( &keyTresh, sizeof(keyTresh));
|
||||
}
|
||||
/* Last key pressed */
|
||||
{
|
||||
SInt8 keyLast;
|
||||
keyLast = LMGetKbdLast();
|
||||
RNG_RandomUpdate( &keyLast, sizeof(keyLast));
|
||||
}
|
||||
/* Volume */
|
||||
{
|
||||
UInt8 volume = LMGetSdVolume();
|
||||
RNG_RandomUpdate( &volume, sizeof(volume));
|
||||
}
|
||||
#if !TARGET_CARBON
|
||||
/* Current directory */
|
||||
{
|
||||
SInt32 dir = LMGetCurDirStore();
|
||||
RNG_RandomUpdate( &dir, sizeof(dir));
|
||||
}
|
||||
#endif
|
||||
/* Process information about all the processes in the machine */
|
||||
{
|
||||
ProcessSerialNumber process;
|
||||
ProcessInfoRec pi;
|
||||
|
||||
process.highLongOfPSN = process.lowLongOfPSN = kNoProcess;
|
||||
|
||||
while (GetNextProcess(&process) == noErr)
|
||||
{
|
||||
FSSpec fileSpec;
|
||||
pi.processInfoLength = sizeof(ProcessInfoRec);
|
||||
pi.processName = NULL;
|
||||
pi.processAppSpec = &fileSpec;
|
||||
GetProcessInformation(&process, &pi);
|
||||
RNG_RandomUpdate( &pi, sizeof(pi));
|
||||
RNG_RandomUpdate( &fileSpec, sizeof(fileSpec));
|
||||
}
|
||||
}
|
||||
|
||||
#if !TARGET_CARBON
|
||||
/* Heap */
|
||||
{
|
||||
THz zone = LMGetTheZone();
|
||||
RNG_RandomUpdate( &zone, sizeof(zone));
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Screen */
|
||||
{
|
||||
GDHandle h = GetMainDevice(); /* GDHandle is **GDevice */
|
||||
RNG_RandomUpdate( *h, sizeof(GDevice));
|
||||
}
|
||||
|
||||
#if !TARGET_CARBON
|
||||
/* Scrap size */
|
||||
{
|
||||
SInt32 scrapSize = LMGetScrapSize();
|
||||
RNG_RandomUpdate( &scrapSize, sizeof(scrapSize));
|
||||
}
|
||||
/* Scrap count */
|
||||
{
|
||||
SInt16 scrapCount = LMGetScrapCount();
|
||||
RNG_RandomUpdate( &scrapCount, sizeof(scrapCount));
|
||||
}
|
||||
#else
|
||||
{
|
||||
ScrapRef scrap;
|
||||
if (GetCurrentScrap(&scrap) == noErr) {
|
||||
UInt32 flavorCount;
|
||||
if (GetScrapFlavorCount(scrap, &flavorCount) == noErr) {
|
||||
ScrapFlavorInfo* flavorInfo = (ScrapFlavorInfo*) malloc(flavorCount * sizeof(ScrapFlavorInfo));
|
||||
if (flavorInfo != NULL) {
|
||||
if (GetScrapFlavorInfoList(scrap, &flavorCount, flavorInfo) == noErr) {
|
||||
UInt32 i;
|
||||
RNG_RandomUpdate(&flavorCount, sizeof(flavorCount));
|
||||
for (i = 0; i < flavorCount; ++i) {
|
||||
Size flavorSize;
|
||||
if (GetScrapFlavorSize(scrap, flavorInfo[i].flavorType, &flavorSize) == noErr)
|
||||
RNG_RandomUpdate(&flavorSize, sizeof(flavorSize));
|
||||
}
|
||||
}
|
||||
free(flavorInfo);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
/* File stuff, last modified, etc. */
|
||||
{
|
||||
HParamBlockRec pb;
|
||||
GetVolParmsInfoBuffer volInfo;
|
||||
pb.ioParam.ioVRefNum = 0;
|
||||
pb.ioParam.ioNamePtr = nil;
|
||||
pb.ioParam.ioBuffer = (Ptr) &volInfo;
|
||||
pb.ioParam.ioReqCount = sizeof(volInfo);
|
||||
PBHGetVolParmsSync(&pb);
|
||||
RNG_RandomUpdate( &volInfo, sizeof(volInfo));
|
||||
}
|
||||
#if !TARGET_CARBON
|
||||
/* Event queue */
|
||||
{
|
||||
EvQElPtr eventQ;
|
||||
for (eventQ = (EvQElPtr) LMGetEventQueue()->qHead;
|
||||
eventQ;
|
||||
eventQ = (EvQElPtr)eventQ->qLink)
|
||||
RNG_RandomUpdate( &eventQ->evtQWhat, sizeof(EventRecord));
|
||||
}
|
||||
#endif
|
||||
FE_ReadScreen();
|
||||
RNG_FileForRNG(NULL);
|
||||
}
|
||||
|
||||
void FE_ReadScreen()
|
||||
{
|
||||
UInt16 coords[4];
|
||||
PixMapHandle pmap;
|
||||
GDHandle gh;
|
||||
UInt16 screenHeight;
|
||||
UInt16 screenWidth; /* just what they say */
|
||||
UInt32 bytesToRead; /* number of bytes we're giving */
|
||||
UInt32 offset; /* offset into the graphics buffer */
|
||||
UInt16 rowBytes;
|
||||
UInt32 rowsToRead;
|
||||
float bytesPerPixel; /* dependent on buffer depth */
|
||||
Ptr p; /* temporary */
|
||||
UInt16 x, y, w, h;
|
||||
|
||||
gh = LMGetMainDevice();
|
||||
if ( !gh )
|
||||
return;
|
||||
pmap = (**gh).gdPMap;
|
||||
if ( !pmap )
|
||||
return;
|
||||
|
||||
RNG_GenerateGlobalRandomBytes( coords, sizeof( coords ) );
|
||||
|
||||
/* make x and y inside the screen rect */
|
||||
screenHeight = (**pmap).bounds.bottom - (**pmap).bounds.top;
|
||||
screenWidth = (**pmap).bounds.right - (**pmap).bounds.left;
|
||||
x = coords[0] % screenWidth;
|
||||
y = coords[1] % screenHeight;
|
||||
w = ( coords[2] & 0x7F ) | 0x40; /* Make sure that w is in the range 64..128 */
|
||||
h = ( coords[3] & 0x7F ) | 0x40; /* same for h */
|
||||
|
||||
bytesPerPixel = (**pmap).pixelSize / 8;
|
||||
rowBytes = (**pmap).rowBytes & 0x7FFF;
|
||||
|
||||
/* starting address */
|
||||
offset = ( rowBytes * y ) + (UInt32)( (float)x * bytesPerPixel );
|
||||
|
||||
/* don't read past the end of the pixmap's rowbytes */
|
||||
bytesToRead = PR_MIN( (UInt32)( w * bytesPerPixel ),
|
||||
(UInt32)( rowBytes - ( x * bytesPerPixel ) ) );
|
||||
|
||||
/* don't read past the end of the graphics device pixmap */
|
||||
rowsToRead = PR_MIN( h,
|
||||
( screenHeight - y ) );
|
||||
|
||||
p = GetPixBaseAddr( pmap ) + offset;
|
||||
|
||||
while ( rowsToRead-- )
|
||||
{
|
||||
RNG_RandomUpdate( p, bytesToRead );
|
||||
p += rowBytes;
|
||||
}
|
||||
}
|
||||
#endif
|
@ -100,7 +100,7 @@ MD2_Hash(unsigned char *dest, const char *src)
|
||||
return SECFailure;
|
||||
}
|
||||
MD2_Begin(cx);
|
||||
MD2_Update(cx, (unsigned char *)src, PL_strlen(src));
|
||||
MD2_Update(cx, (const unsigned char *)src, PORT_Strlen(src));
|
||||
MD2_End(cx, dest, &len, MD2_DIGEST_LEN);
|
||||
MD2_DestroyContext(cx, PR_TRUE);
|
||||
return SECSuccess;
|
||||
|
@ -222,7 +222,7 @@ struct MD5ContextStr {
|
||||
SECStatus
|
||||
MD5_Hash(unsigned char *dest, const char *src)
|
||||
{
|
||||
return MD5_HashBuf(dest, (unsigned char *)src, PL_strlen(src));
|
||||
return MD5_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
|
||||
}
|
||||
|
||||
SECStatus
|
||||
|
@ -41,9 +41,6 @@
|
||||
#ifdef XP_WIN
|
||||
#include "win_rand.c"
|
||||
#endif
|
||||
#ifdef XP_MAC
|
||||
#include "mac_rand.c"
|
||||
#endif
|
||||
#ifdef XP_OS2
|
||||
#include "os2_rand.c"
|
||||
#endif
|
||||
|
@ -360,7 +360,8 @@ static int jar_physical_inflate
|
||||
|
||||
unsigned long prev_total, ochunk, tin;
|
||||
|
||||
if ((inbuf = (char *) PORT_ZAlloc (ICHUNK)) == NULL)
|
||||
/* Raw inflate in zlib 1.1.4 needs an extra dummy byte at the end */
|
||||
if ((inbuf = (char *) PORT_ZAlloc (ICHUNK + 1)) == NULL)
|
||||
return JAR_ERR_MEMORY;
|
||||
|
||||
if ((outbuf = (char *) PORT_ZAlloc (OCHUNK)) == NULL)
|
||||
@ -400,6 +401,12 @@ static int jar_physical_inflate
|
||||
|
||||
at += chunk;
|
||||
|
||||
if (at == length)
|
||||
{
|
||||
/* add an extra dummy byte at the end */
|
||||
inbuf[chunk++] = 0xDD;
|
||||
}
|
||||
|
||||
zs.next_in = (Bytef *) inbuf;
|
||||
zs.avail_in = chunk;
|
||||
zs.avail_out = OCHUNK;
|
||||
@ -631,7 +638,7 @@ static int jar_extract_mf (JAR *jar, jarArch format, JAR_FILE fp, char *ext)
|
||||
ZZList *list;
|
||||
|
||||
char *fn, *e;
|
||||
char ZHUGEP *manifest = NULL;
|
||||
char ZHUGEP *manifest;
|
||||
|
||||
long length;
|
||||
int status, ret = 0, num;
|
||||
@ -676,17 +683,16 @@ static int jar_extract_mf (JAR *jar, jarArch format, JAR_FILE fp, char *ext)
|
||||
continue;
|
||||
}
|
||||
|
||||
if (phy->length == 0)
|
||||
if (phy->length == 0 || phy->length > 0xFFFF)
|
||||
{
|
||||
/* manifest files cannot be zero length! */
|
||||
/* manifest files cannot be zero length or too big! */
|
||||
/* the 0xFFFF limit is per J2SE SDK */
|
||||
return JAR_ERR_CORRUPT;
|
||||
}
|
||||
|
||||
/* Read in the manifest and parse it */
|
||||
/* limit is per J2SE SDK */
|
||||
if (phy->length <= 0xFFFF) {
|
||||
manifest = (char ZHUGEP *) PORT_ZAlloc (phy->length + 1);
|
||||
}
|
||||
/* Raw inflate in zlib 1.1.4 needs an extra dummy byte at the end */
|
||||
manifest = (char ZHUGEP *) PORT_ZAlloc (phy->length + 1);
|
||||
if (manifest)
|
||||
{
|
||||
JAR_FSEEK (fp, phy->offset, (PRSeekWhence)0);
|
||||
@ -702,6 +708,8 @@ static int jar_extract_mf (JAR *jar, jarArch format, JAR_FILE fp, char *ext)
|
||||
if (phy->compression == 8)
|
||||
{
|
||||
length = phy->length;
|
||||
/* add an extra dummy byte at the end */
|
||||
manifest[length++] = 0xDD;
|
||||
|
||||
status = jar_inflate_memory ((unsigned int) phy->compression, &length, phy->uncompressed_length, &manifest);
|
||||
|
||||
|
@ -41,19 +41,35 @@ EXPORTS = \
|
||||
$(NULL)
|
||||
|
||||
PRIVATE_EXPORTS = \
|
||||
pkix_basicconstraintschecker.h \
|
||||
pkix_certchainchecker.h \
|
||||
pkix_defaultcrlchecker.h \
|
||||
pkix_defaultrevchecker.h \
|
||||
pkix_expirationchecker.h \
|
||||
pkix_namechainingchecker.h \
|
||||
pkix_nameconstraintschecker.h \
|
||||
pkix_ocspchecker.h \
|
||||
pkix_policychecker.h \
|
||||
pkix_revocationchecker.h \
|
||||
pkix_signaturechecker.h \
|
||||
pkix_targetcertchecker.h \
|
||||
$(NULL)
|
||||
|
||||
MODULE = nss
|
||||
|
||||
CSRCS = \
|
||||
pkix_basicconstraintschecker.c \
|
||||
pkix_certchainchecker.c \
|
||||
pkix_defaultcrlchecker.c \
|
||||
pkix_defaultrevchecker.c \
|
||||
pkix_expirationchecker.c \
|
||||
pkix_namechainingchecker.c \
|
||||
pkix_nameconstraintschecker.c \
|
||||
pkix_ocspchecker.c \
|
||||
pkix_revocationchecker.c \
|
||||
pkix_policychecker.c \
|
||||
pkix_signaturechecker.c \
|
||||
pkix_targetcertchecker.c \
|
||||
$(NULL)
|
||||
|
||||
REQUIRES = dbm
|
||||
|
@ -41,31 +41,15 @@ EXPORTS = \
|
||||
$(NULL)
|
||||
|
||||
PRIVATE_EXPORTS = \
|
||||
pkix_basicconstraintschecker.h \
|
||||
pkix_nameconstraintschecker.h \
|
||||
pkix_build.h \
|
||||
pkix_policychecker.h \
|
||||
pkix_defaultcrlchecker.h \
|
||||
pkix_signaturechecker.h \
|
||||
pkix_expirationchecker.h \
|
||||
pkix_targetcertchecker.h \
|
||||
pkix_lifecycle.h \
|
||||
pkix_validate.h \
|
||||
pkix_namechainingchecker.h \
|
||||
$(NULL)
|
||||
|
||||
MODULE = nss
|
||||
|
||||
CSRCS = \
|
||||
pkix_signaturechecker.c \
|
||||
pkix_expirationchecker.c \
|
||||
pkix_namechainingchecker.c \
|
||||
pkix_basicconstraintschecker.c \
|
||||
pkix_policychecker.c \
|
||||
pkix_validate.c \
|
||||
pkix_targetcertchecker.c \
|
||||
pkix_defaultcrlchecker.c \
|
||||
pkix_nameconstraintschecker.c \
|
||||
pkix_lifecycle.c \
|
||||
pkix_build.c \
|
||||
$(NULL)
|
||||
|
@ -328,7 +328,7 @@ extern PLHashNumber PR_CALLBACK pkix_ErrorGen_Hash (const void *key);
|
||||
#endif
|
||||
|
||||
/* disable to disable ;-) */
|
||||
#define WANT_TRACE_CHECK_FAILURES
|
||||
/* #define WANT_TRACE_CHECK_FAILURES */
|
||||
|
||||
#ifdef WANT_TRACE_CHECK_FAILURES
|
||||
#define TRACE_CHECK_FAILURE(what, errorstring) \
|
||||
|
@ -331,9 +331,6 @@ pkix_pl_AIAMgr_GetHTTPCerts(
|
||||
&requestSession));
|
||||
|
||||
if (rv != SECSuccess) {
|
||||
if (path != NULL) {
|
||||
PORT_Free(path);
|
||||
}
|
||||
PKIX_ERROR(PKIX_HTTPSERVERERROR);
|
||||
}
|
||||
|
||||
@ -415,6 +412,12 @@ cleanup:
|
||||
if (locationAscii) {
|
||||
PORT_Free(locationAscii);
|
||||
}
|
||||
if (hostname) {
|
||||
PORT_Free(hostname);
|
||||
}
|
||||
if (path) {
|
||||
PORT_Free(path);
|
||||
}
|
||||
|
||||
PKIX_RETURN(AIAMGR);
|
||||
}
|
||||
|
@ -410,7 +410,7 @@ pkix_pl_HttpDefaultClient_Create(
|
||||
PKIX_PL_HttpDefaultClient *client = NULL;
|
||||
|
||||
PKIX_ENTER(HTTPDEFAULTCLIENT, "PKIX_PL_HttpDefaultClient_Create");
|
||||
PKIX_NULLCHECK_ONE(pClient);
|
||||
PKIX_NULLCHECK_TWO(pClient, host);
|
||||
|
||||
/* allocate an HttpDefaultClient */
|
||||
PKIX_CHECK(PKIX_PL_Object_Alloc
|
||||
@ -439,7 +439,12 @@ pkix_pl_HttpDefaultClient_Create(
|
||||
client->GETBuf = NULL;
|
||||
client->POSTBuf = NULL;
|
||||
client->rcvBuf = NULL;
|
||||
client->host = host;
|
||||
/* "host" is a parsing result by CERT_GetURL function that adds
|
||||
* "end of line" to the value. OK to dup the string. */
|
||||
client->host = PORT_Strdup(host);
|
||||
if (!client->host) {
|
||||
PKIX_ERROR(PKIX_ALLOCERROR);
|
||||
}
|
||||
client->path = NULL;
|
||||
client->rcvContentType = NULL;
|
||||
client->rcvHeaders = NULL;
|
||||
@ -495,17 +500,22 @@ pkix_pl_HttpDefaultClient_Destroy(
|
||||
PR_smprintf_free(client->GETBuf);
|
||||
client->GETBuf = NULL;
|
||||
}
|
||||
|
||||
if (client->POSTBuf != NULL) {
|
||||
PKIX_PL_Free(client->POSTBuf, plContext);
|
||||
client->POSTBuf = NULL;
|
||||
}
|
||||
|
||||
if (client->rcvBuf != NULL) {
|
||||
PKIX_PL_Free(client->rcvBuf, plContext);
|
||||
client->rcvBuf = NULL;
|
||||
}
|
||||
|
||||
if (client->host) {
|
||||
PORT_Free(client->host);
|
||||
client->host = NULL;
|
||||
}
|
||||
if (client->path) {
|
||||
PORT_Free(client->path);
|
||||
client->path = NULL;
|
||||
}
|
||||
PKIX_DECREF(client->socket);
|
||||
|
||||
cleanup:
|
||||
@ -1254,7 +1264,15 @@ pkix_pl_HttpDefaultClient_RequestCreate(
|
||||
PKIX_ERROR(PKIX_UNRECOGNIZEDREQUESTMETHOD);
|
||||
}
|
||||
|
||||
client->path = path_and_query_string;
|
||||
if (path_and_query_string) {
|
||||
/* "path_and_query_string" is a parsing result by CERT_GetURL
|
||||
* function that adds "end of line" to the value. OK to dup
|
||||
* the string. */
|
||||
client->path = PORT_Strdup(path_and_query_string);
|
||||
if (!client->path) {
|
||||
PKIX_ERROR(PKIX_ALLOCERROR);
|
||||
}
|
||||
}
|
||||
|
||||
client->timeout = timeout;
|
||||
|
||||
|
@ -91,8 +91,8 @@ struct PKIX_PL_HttpDefaultClientStruct {
|
||||
char *GETBuf;
|
||||
char *POSTBuf;
|
||||
char *rcvBuf;
|
||||
const char *host;
|
||||
const char *path;
|
||||
char *host;
|
||||
char *path;
|
||||
const char *rcvContentType;
|
||||
void *rcvHeaders;
|
||||
HttpMethod send_http_method;
|
||||
|
@ -2903,6 +2903,7 @@ PKIX_PL_Cert_VerifySignature(
|
||||
SECStatus status;
|
||||
PKIX_Boolean certEqual = PKIX_FALSE;
|
||||
PKIX_Boolean certInHash = PKIX_FALSE;
|
||||
void* wincx = NULL;
|
||||
|
||||
PKIX_ENTER(CERT, "PKIX_PL_Cert_VerifySignature");
|
||||
PKIX_NULLCHECK_THREE(cert, cert->nssCert, pubKey);
|
||||
@ -2934,7 +2935,12 @@ PKIX_PL_Cert_VerifySignature(
|
||||
}
|
||||
|
||||
PKIX_CERT_DEBUG("\t\tCalling CERT_VerifySignedDataWithPublicKey).\n");
|
||||
status = CERT_VerifySignedDataWithPublicKey(tbsCert, nssPubKey, NULL);
|
||||
|
||||
PKIX_CHECK(pkix_pl_NssContext_GetWincx
|
||||
((PKIX_PL_NssContext *)plContext, &wincx),
|
||||
PKIX_NSSCONTEXTGETWINCXFAILED);
|
||||
|
||||
status = CERT_VerifySignedDataWithPublicKey(tbsCert, nssPubKey, wincx);
|
||||
|
||||
if (status != SECSuccess) {
|
||||
PKIX_ERROR(PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY);
|
||||
|
@ -1153,6 +1153,7 @@ PKIX_PL_CRL_VerifySignature(
|
||||
CERTSignedCrl *nssSignedCrl = NULL;
|
||||
SECKEYPublicKey *nssPubKey = NULL;
|
||||
CERTSignedData *tbsCrl = NULL;
|
||||
void* wincx = NULL;
|
||||
SECStatus status;
|
||||
|
||||
PKIX_ENTER(CRL, "PKIX_PL_CRL_VerifySignature");
|
||||
@ -1184,8 +1185,12 @@ PKIX_PL_CRL_VerifySignature(
|
||||
PKIX_ERROR(PKIX_SECKEYEXTRACTPUBLICKEYFAILED);
|
||||
}
|
||||
|
||||
PKIX_CHECK(pkix_pl_NssContext_GetWincx
|
||||
((PKIX_PL_NssContext *)plContext, &wincx),
|
||||
PKIX_NSSCONTEXTGETWINCXFAILED);
|
||||
|
||||
PKIX_CRL_DEBUG("\t\tCalling CERT_VerifySignedDataWithPublicKey\n");
|
||||
status = CERT_VerifySignedDataWithPublicKey(tbsCrl, nssPubKey, NULL);
|
||||
status = CERT_VerifySignedDataWithPublicKey(tbsCrl, nssPubKey, wincx);
|
||||
|
||||
if (status != SECSuccess) {
|
||||
PKIX_ERROR(PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY);
|
||||
|
@ -127,11 +127,6 @@ SHARED_LIBRARY_DIRS = \
|
||||
../libpkix/pkix_pl_nss/module \
|
||||
$(NULL)
|
||||
|
||||
ifeq ($(OS_ARCH), Darwin)
|
||||
EXTRA_SHARED_LIBS += -dylib_file @executable_path/libsqlite3.dylib:$(DIST)/lib/libsqlite3.dylib
|
||||
endif
|
||||
|
||||
|
||||
ifeq ($(OS_TARGET),SunOS)
|
||||
ifeq ($(BUILD_SUN_PKG), 1)
|
||||
# The -R '$ORIGIN' linker option instructs this library to search for its
|
||||
|
@ -36,7 +36,7 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: nss.h,v 1.58.4.1 2008/09/05 17:02:49 kaie%kuix.de Exp $ */
|
||||
/* $Id: nss.h,v 1.61 2008/10/21 03:58:14 kaie%kuix.de Exp $ */
|
||||
|
||||
#ifndef __nss_h_
|
||||
#define __nss_h_
|
||||
@ -70,10 +70,10 @@ SEC_BEGIN_PROTOS
|
||||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>][ <ECC>][ <Beta>]"
|
||||
*/
|
||||
#define NSS_VERSION "3.12.1.1" _NSS_ECC_STRING _NSS_CUSTOMIZED
|
||||
#define NSS_VERSION "3.12.2.0" _NSS_ECC_STRING _NSS_CUSTOMIZED
|
||||
#define NSS_VMAJOR 3
|
||||
#define NSS_VMINOR 12
|
||||
#define NSS_VPATCH 1
|
||||
#define NSS_VPATCH 2
|
||||
#define NSS_BETA PR_FALSE
|
||||
|
||||
/*
|
||||
|
@ -36,7 +36,7 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: nssinit.c,v 1.96 2008/05/17 03:44:41 wtc%google.com Exp $ */
|
||||
/* $Id: nssinit.c,v 1.97 2008/08/22 01:33:03 wtc%google.com Exp $ */
|
||||
|
||||
#include <ctype.h>
|
||||
#include "seccomon.h"
|
||||
@ -291,11 +291,9 @@ done:
|
||||
}
|
||||
|
||||
|
||||
#ifndef XP_MAC
|
||||
/*
|
||||
* The following code is an attempt to automagically find the external root
|
||||
* module. NOTE: This code should be checked out on the MAC! There must be
|
||||
* some cross platform support out there to help out with this?
|
||||
* module.
|
||||
* Note: Keep the #if-defined chunks in order. HPUX must select before UNIX.
|
||||
*/
|
||||
|
||||
@ -308,8 +306,6 @@ static const char *dllname =
|
||||
"libnssckbi.dylib";
|
||||
#elif defined(XP_UNIX) || defined(XP_BEOS)
|
||||
"libnssckbi.so";
|
||||
#elif defined(XP_MAC)
|
||||
"NSS Builtin Root Certs";
|
||||
#else
|
||||
#error "Uh! Oh! I don't know about this platform."
|
||||
#endif
|
||||
@ -390,7 +386,6 @@ nss_FindExternalRoot(const char *dbpath, const char* secmodprefix)
|
||||
nss_FreeExternalRootPaths(oldpath, path);
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* OK there are now lots of options here, lets go through them all:
|
||||
@ -558,14 +553,11 @@ loser:
|
||||
}
|
||||
CERT_SetDefaultCertDB((CERTCertDBHandle *)
|
||||
STAN_GetDefaultTrustDomain());
|
||||
#ifndef XP_MAC
|
||||
/* only servers need this. We currently do not have a mac server */
|
||||
if ((!noModDB) && (!noCertDB) && (!noRootInit)) {
|
||||
if (!SECMOD_HasRootCerts()) {
|
||||
nss_FindExternalRoot(configdir, secmodName);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
pk11sdr_Init();
|
||||
cert_CreateSubjectKeyIDHashTable();
|
||||
nss_IsInitted = PR_TRUE;
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -35,7 +35,7 @@
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: dev3hack.c,v $ $Revision: 1.24 $ $Date: 2008/08/09 01:26:04 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: dev3hack.c,v $ $Revision: 1.25 $ $Date: 2008/09/30 04:09:04 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef PKIT_H
|
||||
@ -195,7 +195,12 @@ nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
|
||||
nss3slot->session,
|
||||
nss3slot->sessionLock,
|
||||
nss3slot->defRWSession);
|
||||
/* continue, even if rvToken->defaultSession is NULL */
|
||||
#if 0 /* we should do this instead of blindly continuing. */
|
||||
if (!rvToken->defaultSession) {
|
||||
PORT_SetError(SEC_ERROR_NO_TOKEN);
|
||||
goto loser;
|
||||
}
|
||||
#endif
|
||||
if (!PK11_IsInternal(nss3slot) && PK11_IsHW(nss3slot)) {
|
||||
rvToken->cache = nssTokenObjectCache_Create(rvToken,
|
||||
PR_TRUE, PR_TRUE, PR_TRUE);
|
||||
@ -271,7 +276,7 @@ nssSlot_Refresh
|
||||
{
|
||||
PK11SlotInfo *nss3slot = slot->pk11slot;
|
||||
PRBool doit = PR_FALSE;
|
||||
if (slot->token->base.name[0] == 0) {
|
||||
if (slot->token && slot->token->base.name[0] == 0) {
|
||||
doit = PR_TRUE;
|
||||
}
|
||||
if (PK11_InitToken(nss3slot, PR_FALSE) != SECSuccess) {
|
||||
|
@ -257,14 +257,18 @@ static CERTCertificate
|
||||
CK_ATTRIBUTE *privateLabel, char **nickptr)
|
||||
{
|
||||
NSSCertificate *c;
|
||||
nssCryptokiObject *co;
|
||||
nssCryptokiObject *co = NULL;
|
||||
nssPKIObject *pkio;
|
||||
NSSToken *token;
|
||||
NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
|
||||
|
||||
/* Get the cryptoki object from the handle */
|
||||
token = PK11Slot_GetNSSToken(slot);
|
||||
co = nssCryptokiObject_Create(token, token->defaultSession, certID);
|
||||
if (token->defaultSession) {
|
||||
co = nssCryptokiObject_Create(token, token->defaultSession, certID);
|
||||
} else {
|
||||
PORT_SetError(SEC_ERROR_NO_TOKEN);
|
||||
}
|
||||
if (!co) {
|
||||
return NULL;
|
||||
}
|
||||
|
@ -291,6 +291,7 @@ static PK11Context *pk11_CreateNewContextInSlot(CK_MECHANISM_TYPE type,
|
||||
context->param = (SECItem *)&pk11_null_params;
|
||||
}
|
||||
} else {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
context->param = NULL;
|
||||
}
|
||||
context->init = PR_FALSE;
|
||||
|
@ -72,12 +72,14 @@ PK11_MapError(CK_RV rv) {
|
||||
MAPERROR(CKR_CANCEL, SEC_ERROR_IO)
|
||||
MAPERROR(CKR_HOST_MEMORY, SEC_ERROR_NO_MEMORY)
|
||||
MAPERROR(CKR_SLOT_ID_INVALID, SEC_ERROR_BAD_DATA)
|
||||
MAPERROR(CKR_ARGUMENTS_BAD, SEC_ERROR_INVALID_ARGS)
|
||||
MAPERROR(CKR_ATTRIBUTE_READ_ONLY, SEC_ERROR_READ_ONLY)
|
||||
MAPERROR(CKR_ATTRIBUTE_SENSITIVE, SEC_ERROR_IO) /* XX SENSITIVE */
|
||||
MAPERROR(CKR_ATTRIBUTE_TYPE_INVALID, SEC_ERROR_BAD_DATA)
|
||||
MAPERROR(CKR_ATTRIBUTE_VALUE_INVALID, SEC_ERROR_BAD_DATA)
|
||||
MAPERROR(CKR_BUFFER_TOO_SMALL, SEC_ERROR_OUTPUT_LEN)
|
||||
MAPERROR(CKR_DATA_INVALID, SEC_ERROR_BAD_DATA)
|
||||
MAPERROR(CKR_DATA_LEN_RANGE, SEC_ERROR_BAD_DATA)
|
||||
MAPERROR(CKR_DATA_LEN_RANGE, SEC_ERROR_INPUT_LEN)
|
||||
MAPERROR(CKR_DEVICE_ERROR, SEC_ERROR_IO)
|
||||
MAPERROR(CKR_DEVICE_MEMORY, SEC_ERROR_NO_MEMORY)
|
||||
MAPERROR(CKR_DEVICE_REMOVED, SEC_ERROR_NO_TOKEN)
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user