Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-08 19:04:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 461082, Deliver NSS 3.12.2 and NSPR 4.7.2 to Mozilla

Browse Source 
r=wtc
This commit is contained in:
Kai Engert 2008-10-23 02:38:29 +02:00
parent ca2234d47a
commit 77debeca59
138 changed files with 3003 additions and 4836 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
dbm/include/mcom_db.h
View File

@ -156,7 +156,7 @@
#define LITTLE_ENDIAN 1234
#endif
#ifdef _WINDOWS
#if defined(_WINDOWS) || defined(XP_OS2_VACPP)
#ifdef BYTE_ORDER
#undef BYTE_ORDER
#endif
@ -188,6 +188,14 @@
#define MAXPATHLEN 1024
#endif
#ifdef XP_OS2_VACPP
#include <os2.h>
#define MAXPATHLEN CCHMAXPATH
#define EPERM EINVAL
#define ENOTDIR EBADPOS
#define S_ISDIR(s) ((s) & S_IFDIR)
#endif
#define EFTYPE EINVAL /* POSIX 1003.1 format errno. */
#ifndef STDERR_FILENO

2
dbm/src/h_bigkey.c
View File

@ -56,7 +56,7 @@ static char sccsid[] = "@(#)hash_bigkey.c 8.3 (Berkeley) 5/31/94";
* collect_data
*/
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
#include <sys/param.h>
#endif

2
dbm/src/h_page.c
View File

@ -78,7 +78,7 @@ static char sccsid[] = "@(#)hash_page.c 8.7 (Berkeley) 8/16/94";
#include <stdlib.h>
#include <string.h>
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
#include <unistd.h>
#endif

6
dbm/src/hash.c
View File

@ -38,12 +38,12 @@ static char sccsid[] = "@(#)hash.c 8.9 (Berkeley) 6/16/94";
#include "watcomfx.h"
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
#include <sys/param.h>
#endif
#if !defined(macintosh)
#ifdef XP_OS2
#ifdef XP_OS2_EMX
#include <sys/types.h>
#endif
#include <sys/stat.h>
@ -60,7 +60,7 @@ static char sccsid[] = "@(#)hash.c 8.9 (Berkeley) 6/16/94";
#include <stdlib.h>
#include <string.h>
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
#include <unistd.h>
#endif
#if defined(_WIN32) || defined(_WINDOWS)

2
dbm/src/hash_buf.c
View File

@ -53,7 +53,7 @@ static char sccsid[] = "@(#)hash_buf.c 8.5 (Berkeley) 7/15/94";
* Internal
* newbuf
*/
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
#include <sys/param.h>
#endif

6
dbm/src/mktemp.c
View File

@ -47,10 +47,14 @@ static char sccsid[] = "@(#)mktemp.c 8.1 (Berkeley) 6/4/93";
#include <ctype.h>
#include "mcom_db.h"
#ifndef _WINDOWS
#if !defined(_WINDOWS) && !defined(XP_OS2_VACPP)
#include <unistd.h>
#endif
#ifdef XP_OS2_VACPP
#include <process.h>
#endif
#ifdef _WINDOWS
#include <process.h>
#include "winfile.h"

6
dbm/src/snprintf.c
View File

@ -16,14 +16,14 @@
#include <ncompat.h>
/* The OS/2 VAC compiler doesn't appear to define __STDC__ and won't let us define it either */
#ifdef __STDC__
#if defined(__STDC__) || defined(XP_OS2_VACPP)
#include <stdarg.h>
#else
#include <varargs.h>
#endif
int
#ifdef __STDC__
#if defined(__STDC__) || defined(XP_OS2_VACPP)
snprintf(char *str, size_t n, const char *fmt, ...)
#else
snprintf(str, n, fmt, va_alist)
@ -39,7 +39,7 @@ snprintf(str, n, fmt, va_alist)
#else
int rval;
#endif
#ifdef __STDC__
#if defined(__STDC__) || defined(XP_OS2_VACPP)
va_start(ap, fmt);
#else
va_start(ap);

5
nsprpub/pkg/linux/Makefile.in
View File

@ -38,7 +38,7 @@
#
# ***** END LICENSE BLOCK *****
#
#ident "$Id: Makefile.in,v 1.10 2005/11/18 21:50:20 christophe.ravel.bugs%sun.com Exp $"
#ident "$Id: Makefile.in,v 1.11 2008/10/20 22:38:45 christophe.ravel.bugs%sun.com Exp $"
#
MOD_DEPTH = ../..
@ -74,7 +74,7 @@ publish:
(cd $(dist_includedir) && tar cphf - .) \
| (mkdir -p opt/sun/private/include/nspr && cd opt/sun/private/include/nspr && tar xvfBp -)
(cd opt/sun/private/include/nspr && \
rm -rf md private obsolete/pralarm.h obsolete/probslet.h obsolete/prsem.h)
rm -rf md)
tar czvf SOURCES/$(NAME)-$(VERSION).tar.gz opt
echo "%define name $(NAME)" >$(SPECFILE)
echo "%define version $(VERSION)" >>$(SPECFILE)
@ -100,6 +100,7 @@ publish:
echo "%dir /opt/sun/private/include" >>$(SPECFILE)
echo "%dir /opt/sun/private/include/nspr" >>$(SPECFILE)
echo "%dir /opt/sun/private/include/nspr/obsolete" >>$(SPECFILE)
echo "%dir /opt/sun/private/include/nspr/private" >>$(SPECFILE)
find opt -type f \( -name "*.h" \) \
| sed -e "s-^-/-" >>$(SPECFILE)
rpmbuild $(RPMTARGET) -bb $(SPECFILE)

9
nsprpub/pkg/solaris/SUNWprd/prototype
View File

@ -38,7 +38,7 @@
#
# ***** END LICENSE BLOCK *****
#
#ident "$Id: prototype,v 1.4 2006/04/05 20:57:09 wtchang%redhat.com Exp $"
#ident "$Id: prototype,v 1.5 2008/10/20 22:38:46 christophe.ravel.bugs%sun.com Exp $"
#
# This required package information file contains a list of package contents.
# The 'pkgmk' command uses this file to identify the contents of a package
@ -63,7 +63,11 @@ d none usr 0755 root sys
d none usr/include 0755 root bin
d none usr/include/mps 0755 root bin
d none usr/include/mps/obsolete 0755 root bin
d none usr/include/mps/private 0755 root bin
f none usr/include/mps/obsolete/pralarm.h 0644 root bin
f none usr/include/mps/obsolete/probslet.h 0644 root bin
f none usr/include/mps/obsolete/protypes.h 0644 root bin
f none usr/include/mps/obsolete/prsem.h 0644 root bin
f none usr/include/mps/prcpucfg.h 0644 root bin
f none usr/include/mps/nspr.h 0644 root bin
f none usr/include/mps/pratom.h 0644 root bin
@ -81,6 +85,9 @@ f none usr/include/mps/prinit.h 0644 root bin
f none usr/include/mps/prinrval.h 0644 root bin
f none usr/include/mps/prio.h 0644 root bin
f none usr/include/mps/pripcsem.h 0644 root bin
f none usr/include/mps/private/pprio.h 0644 root bin
f none usr/include/mps/private/pprthred.h 0644 root bin
f none usr/include/mps/private/prpriv.h 0644 root bin
f none usr/include/mps/prlink.h 0644 root bin
f none usr/include/mps/prlock.h 0644 root bin
f none usr/include/mps/prlog.h 0644 root bin

4
nsprpub/pr/include/prinit.h
View File

@ -63,11 +63,11 @@ PR_BEGIN_EXTERN_C
** The format of the version string is
** "<major version>.<minor version>[.<patch level>] [<Beta>]"
*/
#define PR_VERSION "4.7.2 Beta 4"
#define PR_VERSION "4.7.2"
#define PR_VMAJOR 4
#define PR_VMINOR 7
#define PR_VPATCH 2
#define PR_BETA PR_TRUE
#define PR_BETA PR_FALSE
/*
** PRVersionCheck

40
nsprpub/pr/src/misc/prtime.c
View File

@ -1698,29 +1698,37 @@ PR_FormatTime(char *buf, int buflen, const char *fmt, const PRExplodedTime *tm)
{
size_t rv;
struct tm a;
a.tm_sec = tm->tm_sec;
a.tm_min = tm->tm_min;
a.tm_hour = tm->tm_hour;
a.tm_mday = tm->tm_mday;
a.tm_mon = tm->tm_month;
a.tm_wday = tm->tm_wday;
a.tm_year = tm->tm_year - 1900;
a.tm_yday = tm->tm_yday;
a.tm_isdst = tm->tm_params.tp_dst_offset ? 1 : 0;
struct tm *ap;
/*
* On some platforms, for example SunOS 4, struct tm has two additional
* fields: tm_zone and tm_gmtoff.
*/
if (tm) {
ap = &a;
a.tm_sec = tm->tm_sec;
a.tm_min = tm->tm_min;
a.tm_hour = tm->tm_hour;
a.tm_mday = tm->tm_mday;
a.tm_mon = tm->tm_month;
a.tm_wday = tm->tm_wday;
a.tm_year = tm->tm_year - 1900;
a.tm_yday = tm->tm_yday;
a.tm_isdst = tm->tm_params.tp_dst_offset ? 1 : 0;
/*
* On some platforms, for example SunOS 4, struct tm has two
* additional fields: tm_zone and tm_gmtoff.
*/
#if defined(SUNOS4) || (__GLIBC__ >= 2) || defined(XP_BEOS) \
|| defined(NETBSD) || defined(OPENBSD) || defined(FREEBSD) \
|| defined(DARWIN) || defined(SYMBIAN)
a.tm_zone = NULL;
a.tm_gmtoff = tm->tm_params.tp_gmt_offset + tm->tm_params.tp_dst_offset;
a.tm_zone = NULL;
a.tm_gmtoff = tm->tm_params.tp_gmt_offset +
tm->tm_params.tp_dst_offset;
#endif
} else {
ap = NULL;
}
rv = strftime(buf, buflen, fmt, &a);
rv = strftime(buf, buflen, fmt, ap);
if (!rv && buf && buflen > 0) {
/*
* When strftime fails, the contents of buf are indeterminate.

29
nsprpub/pr/tests/formattm.c
View File

@ -44,16 +44,39 @@
int main()
{
char buffer[256];
char small_buffer[8];
PRTime now;
PRExplodedTime tod;
now = PR_Now();
PR_ExplodeTime(now, PR_LocalTimeParameters, &tod);
(void)PR_FormatTime(buffer, sizeof(buffer),
"%a %b %d %H:%M:%S %Z %Y", &tod);
printf("%s\n", buffer);
if (PR_FormatTime(buffer, sizeof(buffer),
"%a %b %d %H:%M:%S %Z %Y", &tod) != 0) {
printf("%s\n", buffer);
} else {
fprintf(stderr, "PR_FormatTime(buffer) failed\n");
return 1;
}
small_buffer[0] = '?';
if (PR_FormatTime(small_buffer, sizeof(small_buffer),
"%a %b %d %H:%M:%S %Z %Y", &tod) == 0) {
if (small_buffer[0] != '\0') {
fprintf(stderr, "PR_FormatTime(small_buffer) did not output "
"an empty string on failure\n");
return 1;
}
printf("%s\n", small_buffer);
} else {
fprintf(stderr, "PR_FormatTime(small_buffer) succeeded "
"unexpectedly\n");
return 1;
}
(void)PR_FormatTimeUSEnglish(buffer, sizeof(buffer),
"%a %b %d %H:%M:%S %Z %Y", &tod);
printf("%s\n", buffer);
return 0;
}

0
nsprpub/pr/tests/runtests.pl Normal file → Executable file
View File

3
security/coreconf/Linux.mk
View File

@ -185,3 +185,6 @@ G++INCLUDES = -I/usr/include/g++
# Always set CPU_TAG on Linux, OpenVMS, WINCE.
#
CPU_TAG = _$(CPU_ARCH)
USE_SYSTEM_ZLIB = 1
ZLIB_LIBS = -lz

4
security/coreconf/UNIX.mk
View File

@ -46,7 +46,9 @@ ifdef BUILD_OPT
DEFINES += -UDEBUG -DNDEBUG
else
OPTIMIZER += -g
DEFINES += -DDEBUG -UNDEBUG -DDEBUG_$(shell whoami)
USERNAME := $(shell whoami)
USERNAME := $(subst -,_,$(USERNAME))
DEFINES += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME)
endif
ifdef BUILD_TREE

74
security/coreconf/WINNT6.0.mk
View File

@ -76,77 +76,3 @@ OS_CFLAGS += -GT
DEFINES += -DWINNT
NSPR31_LIB_PREFIX = lib
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
# Robert Longson <longsonr@gmail.com>
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#
# Config stuff for WINNT 6.0 (Windows Vista)
#
# This makefile defines the following variables:
# OS_CFLAGS and OS_DLLFLAGS.
include $(CORE_DEPTH)/coreconf/WIN32.mk
ifeq ($(CPU_ARCH), x386)
OS_CFLAGS += -W3 -nologo
DEFINES += -D_X86_
else
ifeq ($(CPU_ARCH), MIPS)
#OS_CFLAGS += -W3 -nologo
#DEFINES += -D_MIPS_
OS_CFLAGS += -W3 -nologo
else
ifeq ($(CPU_ARCH), ALPHA)
OS_CFLAGS += -W3 -nologo
DEFINES += -D_ALPHA_=1
endif
endif
endif
OS_DLLFLAGS += -nologo -DLL -SUBSYSTEM:WINDOWS
ifndef MOZ_DEBUG_SYMBOLS
OS_DLLFLAGS += -PDB:NONE
endif
#
# Win NT needs -GT so that fibers can work
#
OS_CFLAGS += -GT
DEFINES += -DWINNT
NSPR31_LIB_PREFIX = lib

2
security/coreconf/nsinstall/nsinstall.c
View File

@ -359,6 +359,8 @@ retry:
if (!exists && symlink(name, toname) < 0) {
if (errno == EEXIST) {
fprintf(stderr, "symlink creation race: %s\n", toname);
fail("symlink was attempted in working directory %s "
"from %s to %s.\n", cwd, name, toname);
goto retry;
}
diagnosePath(toname);

48
security/nss/cmd/SSLsample/Makefile
View File

@ -1,48 +0,0 @@
#! gmake
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
# do these once for each target program
all default export libs program install release_export::
$(MAKE) -f make.client $@
$(MAKE) -f make.server $@
# only do these things once for the whole directory
depend dependclean clean clobber realclean clobber_all release_classes release_clean release_cpdistdir release_export release_jars release_md release_policy show::
$(MAKE) -f make.client $@

35
security/nss/cmd/SSLsample/README
View File

@ -1,35 +0,0 @@
These sample programs can be built in either of two ways:
1) is the NSS source tree, using the coreconf build system, and
2) stand alone (as part of the NSS distribution).
The following makefiles are used only when building in the NSS source tree
using coreconf. These are NOT part of the distribution.
Makefile
client.mn
server.mn
config.mk
make.client
make.server
The following source files are common to both build environments and are
part of the distribution.
NSPRerrs.h
SECerrs.h
SSLerrs.h
client.c
getopt.c
server.c
sslerror.h
In the NSS 2.0 distribution, the sample code and makefiles are in a
directory named "samples". The directories relevant to building
in the distributed tree are:
./samples
./include/dbm
./include/nspr
./include/security
./lib

456
security/nss/cmd/SSLsample/client.c
View File

@ -1,456 +0,0 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/****************************************************************************
* SSL client program that sets up a connection to SSL server, transmits *
* some data and then reads the reply *
****************************************************************************/
#include <stdio.h>
#include <string.h>
#if defined(XP_UNIX)
#include <unistd.h>
#endif
#include "prerror.h"
#include "pk11func.h"
#include "secitem.h"
#include <stdlib.h>
#include <errno.h>
#include <fcntl.h>
#include <stdarg.h>
#include "nspr.h"
#include "plgetopt.h"
#include "prio.h"
#include "prnetdb.h"
#include "nss.h"
#include "sslsample.h"
#define RD_BUF_SIZE (60 * 1024)
extern int ssl2CipherSuites[];
extern int ssl3CipherSuites[];
GlobalThreadMgr threadMGR;
char *certNickname = NULL;
char *hostName = NULL;
char *password = NULL;
unsigned short port = 0;
static void
Usage(const char *progName)
{
fprintf(stderr,
"Usage: %s [-n rsa_nickname] [-p port] [-d dbdir] [-c connections]\n"
" [-w dbpasswd] [-C cipher(s)] hostname\n",
progName);
exit(1);
}
PRFileDesc *
setupSSLSocket(PRNetAddr *addr)
{
PRFileDesc *tcpSocket;
PRFileDesc *sslSocket;
PRSocketOptionData socketOption;
PRStatus prStatus;
SECStatus secStatus;
#if 0
retry:
#endif
tcpSocket = PR_NewTCPSocket();
if (tcpSocket == NULL) {
errWarn("PR_NewTCPSocket");
}
/* Make the socket blocking. */
socketOption.option = PR_SockOpt_Nonblocking;
socketOption.value.non_blocking = PR_FALSE;
prStatus = PR_SetSocketOption(tcpSocket, &socketOption);
if (prStatus != PR_SUCCESS) {
errWarn("PR_SetSocketOption");
goto loser;
}
#if 0
/* Verify that a connection can be made to the socket. */
prStatus = PR_Connect(tcpSocket, addr, PR_INTERVAL_NO_TIMEOUT);
if (prStatus != PR_SUCCESS) {
PRErrorCode err = PR_GetError();
if (err == PR_CONNECT_REFUSED_ERROR) {
PR_Close(tcpSocket);
PR_Sleep(PR_MillisecondsToInterval(10));
fprintf(stderr, "Connection to port refused, retrying.\n");
goto retry;
}
errWarn("PR_Connect");
goto loser;
}
#endif
/* Import the socket into the SSL layer. */
sslSocket = SSL_ImportFD(NULL, tcpSocket);
if (!sslSocket) {
errWarn("SSL_ImportFD");
goto loser;
}
/* Set configuration options. */
secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_OptionSet:SSL_SECURITY");
goto loser;
}
secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_CLIENT");
goto loser;
}
/* Set SSL callback routines. */
secStatus = SSL_GetClientAuthDataHook(sslSocket,
(SSLGetClientAuthData)myGetClientAuthData,
(void *)certNickname);
if (secStatus != SECSuccess) {
errWarn("SSL_GetClientAuthDataHook");
goto loser;
}
secStatus = SSL_AuthCertificateHook(sslSocket,
(SSLAuthCertificate)myAuthCertificate,
(void *)CERT_GetDefaultCertDB());
if (secStatus != SECSuccess) {
errWarn("SSL_AuthCertificateHook");
goto loser;
}
secStatus = SSL_BadCertHook(sslSocket,
(SSLBadCertHandler)myBadCertHandler, NULL);
if (secStatus != SECSuccess) {
errWarn("SSL_BadCertHook");
goto loser;
}
secStatus = SSL_HandshakeCallback(sslSocket,
myHandshakeCallback,
NULL);
if (secStatus != SECSuccess) {
errWarn("SSL_HandshakeCallback");
goto loser;
}
return sslSocket;
loser:
PR_Close(tcpSocket);
return NULL;
}
const char requestString[] = {"GET /testfile HTTP/1.0\r\n\r\n" };
SECStatus
handle_connection(PRFileDesc *sslSocket, int connection)
{
int countRead = 0;
PRInt32 numBytes;
char *readBuffer;
readBuffer = PORT_Alloc(RD_BUF_SIZE);
if (!readBuffer) {
exitErr("PORT_Alloc");
}
/* compose the http request here. */
numBytes = PR_Write(sslSocket, requestString, strlen(requestString));
if (numBytes <= 0) {
errWarn("PR_Write");
PR_Free(readBuffer);
readBuffer = NULL;
return SECFailure;
}
/* read until EOF */
while (PR_TRUE) {
numBytes = PR_Read(sslSocket, readBuffer, RD_BUF_SIZE);
if (numBytes == 0) {
break; /* EOF */
}
if (numBytes < 0) {
errWarn("PR_Read");
break;
}
countRead += numBytes;
fprintf(stderr, "***** Connection %d read %d bytes (%d total).\n",
connection, numBytes, countRead );
readBuffer[numBytes] = '\0';
fprintf(stderr, "************\n%s\n************\n", readBuffer);
}
printSecurityInfo(sslSocket);
PR_Free(readBuffer);
readBuffer = NULL;
/* Caller closes the socket. */
fprintf(stderr,
"***** Connection %d read %d bytes total.\n",
connection, countRead);
return SECSuccess; /* success */
}
/* one copy of this function is launched in a separate thread for each
** connection to be made.
*/
SECStatus
do_connects(void *a, int connection)
{
PRNetAddr *addr = (PRNetAddr *)a;
PRFileDesc *sslSocket;
PRHostEnt hostEntry;
char buffer[PR_NETDB_BUF_SIZE];
PRStatus prStatus;
PRIntn hostenum;
SECStatus secStatus;
/* Set up SSL secure socket. */
sslSocket = setupSSLSocket(addr);
if (sslSocket == NULL) {
errWarn("setupSSLSocket");
return SECFailure;
}
secStatus = SSL_SetPKCS11PinArg(sslSocket, password);
if (secStatus != SECSuccess) {
errWarn("SSL_SetPKCS11PinArg");
return secStatus;
}
secStatus = SSL_SetURL(sslSocket, hostName);
if (secStatus != SECSuccess) {
errWarn("SSL_SetURL");
return secStatus;
}
/* Prepare and setup network connection. */
prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry);
if (prStatus != PR_SUCCESS) {
errWarn("PR_GetHostByName");
return SECFailure;
}
hostenum = PR_EnumerateHostEnt(0, &hostEntry, port, addr);
if (hostenum == -1) {
errWarn("PR_EnumerateHostEnt");
return SECFailure;
}
prStatus = PR_Connect(sslSocket, addr, PR_INTERVAL_NO_TIMEOUT);
if (prStatus != PR_SUCCESS) {
errWarn("PR_Connect");
return SECFailure;
}
/* Established SSL connection, ready to send data. */
#if 0
secStatus = SSL_ForceHandshake(sslSocket);
if (secStatus != SECSuccess) {
errWarn("SSL_ForceHandshake");
return secStatus;
}
#endif
secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_FALSE);
if (secStatus != SECSuccess) {
errWarn("SSL_ResetHandshake");
prStatus = PR_Close(sslSocket);
if (prStatus != PR_SUCCESS) {
errWarn("PR_Close");
}
return secStatus;
}
secStatus = handle_connection(sslSocket, connection);
if (secStatus != SECSuccess) {
errWarn("handle_connection");
return secStatus;
}
PR_Close(sslSocket);
return SECSuccess;
}
void
client_main(unsigned short port,
int connections,
const char * hostName)
{
int i;
SECStatus secStatus;
PRStatus prStatus;
PRInt32 rv;
PRNetAddr addr;
PRHostEnt hostEntry;
char buffer[256];
/* Setup network connection. */
prStatus = PR_GetHostByName(hostName, buffer, 256, &hostEntry);
if (prStatus != PR_SUCCESS) {
exitErr("PR_GetHostByName");
}
rv = PR_EnumerateHostEnt(0, &hostEntry, port, &addr);
if (rv < 0) {
exitErr("PR_EnumerateHostEnt");
}
secStatus = launch_thread(&threadMGR, do_connects, &addr, 1);
if (secStatus != SECSuccess) {
exitErr("launch_thread");
}
if (connections > 1) {
/* wait for the first connection to terminate, then launch the rest. */
reap_threads(&threadMGR);
/* Start up the connections */
for (i = 2; i <= connections; ++i) {
secStatus = launch_thread(&threadMGR, do_connects, &addr, i);
if (secStatus != SECSuccess) {
errWarn("launch_thread");
}
}
}
reap_threads(&threadMGR);
destroy_thread_data(&threadMGR);
}
int
main(int argc, char **argv)
{
char * certDir = ".";
char * progName = NULL;
int connections = 1;
char * cipherString = NULL;
SECStatus secStatus;
PLOptState * optstate;
PLOptStatus status;
/* Call the NSPR initialization routines */
PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
progName = PL_strdup(argv[0]);
hostName = NULL;
optstate = PL_CreateOptState(argc, argv, "C:c:d:n:p:w:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch(optstate->option) {
case 'C' : cipherString = PL_strdup(optstate->value); break;
case 'c' : connections = PORT_Atoi(optstate->value); break;
case 'd' : certDir = PL_strdup(optstate->value); break;
case 'n' : certNickname = PL_strdup(optstate->value); break;
case 'p' : port = PORT_Atoi(optstate->value); break;
case 'w' : password = PL_strdup(optstate->value); break;
case '\0': hostName = PL_strdup(optstate->value); break;
default : Usage(progName);
}
}
if (port == 0 || hostName == NULL)
Usage(progName);
if (certDir == NULL) {
certDir = PR_smprintf("%s/.netscape", getenv("HOME"));
}
/* Set our password function callback. */
PK11_SetPasswordFunc(myPasswd);
/* Initialize the NSS libraries. */
secStatus = NSS_Init(certDir);
if (secStatus != SECSuccess) {
exitErr("NSS_Init");
}
/* All cipher suites except RSA_NULL_MD5 are enabled by Domestic Policy. */
NSS_SetDomesticPolicy();
SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE);
/* all the SSL2 and SSL3 cipher suites are enabled by default. */
if (cipherString) {
int ndx;
/* disable all the ciphers, then enable the ones we want. */
disableAllSSLCiphers();
while (0 != (ndx = *cipherString++)) {
int *cptr;
int cipher;
if (! isalpha(ndx))
Usage(progName);
cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
/* do nothing */;
if (cipher) {
SSL_CipherPrefSetDefault(cipher, PR_TRUE);
}
}
}
client_main(port, connections, hostName);
if (NSS_Shutdown() != SECSuccess) {
exit(1);
}
PR_Cleanup();
return 0;
}

50
security/nss/cmd/SSLsample/client.mn
View File

@ -1,50 +0,0 @@
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CORE_DEPTH = ../../..
MODULE = nss
EXPORTS =
CSRCS = client.c \
sslsample.c \
$(NULL)
PROGRAM = client
IMPORTS = nss/lib/nss

81
security/nss/cmd/SSLsample/gencerts
View File

@ -1,81 +0,0 @@
#!/bin/sh
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
# Directory for db's, use in all subsequent -d flags.
rm -rf SampleCertDBs
mkdir SampleCertDBs
# Password to use.
echo sample > passfile
# Generate the db files, using the above password.
certutil -N -d SampleCertDBs -f passfile
# Generate the CA cert. This cert is self-signed and only useful for
# test purposes. Set the trust bits to allow it to sign SSL client/server
# certs.
certutil -S -n SampleRootCA -x -t "CTu,CTu,CTu" \
-s "CN=My Sample Root CA, O=My Organization" \
-m 25000 -o ./SampleCertDBs/SampleRootCA.crt \
-d SampleCertDBs -f passfile
# Generate the server cert. This cert is signed by the CA cert generated
# above. The CN must be hostname.domain.[com|org|net|...].
certutil -S -n SampleSSLServerCert -c SampleRootCA -t "u,u,u" \
-s "CN=$HOSTNAME.$MYDOMAIN, O=$HOSTNAME Corp." \
-m 25001 -o ./SampleCertDBs/SampleSSLServer.crt \
-d SampleCertDBs -f passfile
# Generate the client cert. This cert is signed by the CA cert generated
# above.
certutil -S -n SampleSSLClientCert -c SampleRootCA -t "u,u,u" \
-s "CN=My Client Cert, O=Client Organization" \
-m 25002 -o ./SampleCertDBs/SampleSSLClient.crt \
-d SampleCertDBs -f passfile
# Verify the certificates.
certutil -V -u V -n SampleSSLServerCert -d SampleCertDBs
certutil -V -u C -n SampleSSLClientCert -d SampleCertDBs
# Remove unneccessary files.
rm -f passfile
rm -f tempcert*
# You are now ready to run your client/server! Example command lines:
# server -n SampleSSLServerCert -p 8080 -d SampleCertDBs -w sample -c e -R
# client -n SampleSSLClientCert -p 8080 -d SampleCertDBs -w sample -c 2 trane.mcom.com

81
security/nss/cmd/SSLsample/make.client
View File

@ -1,81 +0,0 @@
#! gmake
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include client.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#include $(CORE_DEPTH)/$(MODULE)/config/config.mk
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include ../platlibs.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
#CC = cc

80
security/nss/cmd/SSLsample/make.server
View File

@ -1,80 +0,0 @@
#! gmake
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include server.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#include $(CORE_DEPTH)/$(MODULE)/config/config.mk
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include ../platlibs.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################

821
security/nss/cmd/SSLsample/server.c
View File

@ -1,821 +0,0 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/****************************************************************************
* SSL server program listens on a port, accepts client connection, reads *
* request and responds to it *
****************************************************************************/
/* Generic header files */
#include <stdio.h>
#include <string.h>
/* NSPR header files */
#include "nspr.h"
#include "plgetopt.h"
#include "prerror.h"
#include "prnetdb.h"
/* NSS header files */
#include "pk11func.h"
#include "secitem.h"
#include "ssl.h"
#include "certt.h"
#include "nss.h"
#include "secder.h"
#include "key.h"
#include "sslproto.h"
/* Custom header files */
#include "sslsample.h"
#ifndef PORT_Sprintf
#define PORT_Sprintf sprintf
#endif
#define REQUEST_CERT_ONCE 1
#define REQUIRE_CERT_ONCE 2
#define REQUEST_CERT_ALL 3
#define REQUIRE_CERT_ALL 4
/* Global variables */
GlobalThreadMgr threadMGR;
char *password = NULL;
CERTCertificate *cert = NULL;
SECKEYPrivateKey *privKey = NULL;
int stopping;
static void
Usage(const char *progName)
{
fprintf(stderr,
"Usage: %s -n rsa_nickname -p port [-3RFrf] [-w password]\n"
" [-c ciphers] [-d dbdir] \n"
"-3 means disable SSL v3\n"
"-r means request certificate on first handshake.\n"
"-f means require certificate on first handshake.\n"
"-R means request certificate on all handshakes.\n"
"-F means require certificate on all handshakes.\n"
"-c ciphers Letter(s) chosen from the following list\n"
"A SSL2 RC4 128 WITH MD5\n"
"B SSL2 RC4 128 EXPORT40 WITH MD5\n"
"C SSL2 RC2 128 CBC WITH MD5\n"
"D SSL2 RC2 128 CBC EXPORT40 WITH MD5\n"
"E SSL2 DES 64 CBC WITH MD5\n"
"F SSL2 DES 192 EDE3 CBC WITH MD5\n"
"\n"
"c SSL3 RSA WITH RC4 128 MD5\n"
"d SSL3 RSA WITH 3DES EDE CBC SHA\n"
"e SSL3 RSA WITH DES CBC SHA\n"
"f SSL3 RSA EXPORT WITH RC4 40 MD5\n"
"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
"i SSL3 RSA WITH NULL MD5\n"
"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
"k SSL3 RSA FIPS WITH DES CBC SHA\n"
"l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n"
"m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n",
progName);
exit(1);
}
/* Function: readDataFromSocket()
*
* Purpose: Parse an HTTP request by reading data from a GET or POST.
*
*/
SECStatus
readDataFromSocket(PRFileDesc *sslSocket, DataBuffer *buffer, char **fileName)
{
char *post;
int numBytes = 0;
int newln = 0; /* # of consecutive newlns */
/* Read data while it comes in from the socket. */
while (PR_TRUE) {
buffer->index = 0;
newln = 0;
/* Read the buffer. */
numBytes = PR_Read(sslSocket, &buffer->data[buffer->index],
buffer->remaining);
if (numBytes <= 0) {
errWarn("PR_Read");
return SECFailure;
}
buffer->dataEnd = buffer->dataStart + numBytes;
/* Parse the input, starting at the beginning of the buffer.
* Stop when we detect two consecutive \n's (or \r\n's)
* as this signifies the end of the GET or POST portion.
* The posted data follows.
*/
while (buffer->index < buffer->dataEnd && newln < 2) {
int octet = buffer->data[buffer->index++];
if (octet == '\n') {
newln++;
} else if (octet != '\r') {
newln = 0;
}
}
/* Came to the end of the buffer, or second newline.
* If we didn't get an empty line ("\r\n\r\n"), then keep on reading.
*/
if (newln < 2)
continue;
/* we're at the end of the HTTP request.
* If the request is a POST, then there will be one more
* line of data.
* This parsing is a hack, but ok for SSL test purposes.
*/
post = PORT_Strstr(buffer->data, "POST ");
if (!post || *post != 'P')
break;
/* It's a post, so look for the next and final CR/LF. */
/* We should parse content length here, but ... */
while (buffer->index < buffer->dataEnd && newln < 3) {
int octet = buffer->data[buffer->index++];
if (octet == '\n') {
newln++;
}
}
if (newln == 3)
break;
}
/* Have either (a) a complete get, (b) a complete post, (c) EOF */
/* Execute a "GET " operation. */
if (buffer->index > 0 && PORT_Strncmp(buffer->data, "GET ", 4) == 0) {
int fnLength;
/* File name is the part after "GET ". */
fnLength = strcspn(buffer->data + 5, " \r\n");
*fileName = (char *)PORT_Alloc(fnLength + 1);
PORT_Strncpy(*fileName, buffer->data + 5, fnLength);
(*fileName)[fnLength] = '\0';
}
return SECSuccess;
}
/* Function: authenticateSocket()
*
* Purpose: Configure a socket for SSL.
*
*
*/
PRFileDesc *
setupSSLSocket(PRFileDesc *tcpSocket, int requestCert)
{
PRFileDesc *sslSocket;
SSLKEAType certKEA;
int certErr = 0;
SECStatus secStatus;
/* Set the appropriate flags. */
sslSocket = SSL_ImportFD(NULL, tcpSocket);
if (sslSocket == NULL) {
errWarn("SSL_ImportFD");
goto loser;
}
secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_OptionSet SSL_SECURITY");
goto loser;
}
secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_SERVER, PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_SERVER");
goto loser;
}
secStatus = SSL_OptionSet(sslSocket, SSL_REQUEST_CERTIFICATE,
(requestCert >= REQUEST_CERT_ONCE));
if (secStatus != SECSuccess) {
errWarn("SSL_OptionSet:SSL_REQUEST_CERTIFICATE");
goto loser;
}
secStatus = SSL_OptionSet(sslSocket, SSL_REQUIRE_CERTIFICATE,
(requestCert == REQUIRE_CERT_ONCE));
if (secStatus != SECSuccess) {
errWarn("SSL_OptionSet:SSL_REQUIRE_CERTIFICATE");
goto loser;
}
/* Set the appropriate callback routines. */
secStatus = SSL_AuthCertificateHook(sslSocket, myAuthCertificate,
CERT_GetDefaultCertDB());
if (secStatus != SECSuccess) {
errWarn("SSL_AuthCertificateHook");
goto loser;
}
secStatus = SSL_BadCertHook(sslSocket,
(SSLBadCertHandler)myBadCertHandler, &certErr);
if (secStatus != SECSuccess) {
errWarn("SSL_BadCertHook");
goto loser;
}
secStatus = SSL_HandshakeCallback(sslSocket,
myHandshakeCallback,
NULL);
if (secStatus != SECSuccess) {
errWarn("SSL_HandshakeCallback");
goto loser;
}
secStatus = SSL_SetPKCS11PinArg(sslSocket, password);
if (secStatus != SECSuccess) {
errWarn("SSL_HandshakeCallback");
goto loser;
}
certKEA = NSS_FindCertKEAType(cert);
secStatus = SSL_ConfigSecureServer(sslSocket, cert, privKey, certKEA);
if (secStatus != SECSuccess) {
errWarn("SSL_ConfigSecureServer");
goto loser;
}
return sslSocket;
loser:
PR_Close(tcpSocket);
return NULL;
}
/* Function: authenticateSocket()
*
* Purpose: Perform client authentication on the socket.
*
*/
SECStatus
authenticateSocket(PRFileDesc *sslSocket, PRBool requireCert)
{
CERTCertificate *cert;
SECStatus secStatus;
/* Returns NULL if client authentication is not enabled or if the
* client had no certificate. */
cert = SSL_PeerCertificate(sslSocket);
if (cert) {
/* Client had a certificate, so authentication is through. */
CERT_DestroyCertificate(cert);
return SECSuccess;
}
/* Request client to authenticate itself. */
secStatus = SSL_OptionSet(sslSocket, SSL_REQUEST_CERTIFICATE, PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_OptionSet:SSL_REQUEST_CERTIFICATE");
return SECFailure;
}
/* If desired, require client to authenticate itself. Note
* SSL_REQUEST_CERTIFICATE must also be on, as above. */
secStatus = SSL_OptionSet(sslSocket, SSL_REQUIRE_CERTIFICATE, requireCert);
if (secStatus != SECSuccess) {
errWarn("SSL_OptionSet:SSL_REQUIRE_CERTIFICATE");
return SECFailure;
}
/* Having changed socket configuration parameters, redo handshake. */
secStatus = SSL_ReHandshake(sslSocket, PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_ReHandshake");
return SECFailure;
}
/* Force the handshake to complete before moving on. */
secStatus = SSL_ForceHandshake(sslSocket);
if (secStatus != SECSuccess) {
errWarn("SSL_ForceHandshake");
return SECFailure;
}
return SECSuccess;
}
/* Function: writeDataToSocket
*
* Purpose: Write the client's request back to the socket. If the client
* requested a file, dump it to the socket.
*
*/
SECStatus
writeDataToSocket(PRFileDesc *sslSocket, DataBuffer *buffer, char *fileName)
{
int headerLength;
int numBytes;
char messageBuffer[120];
PRFileDesc *local_file_fd = NULL;
char header[] = "<html><body><h1>Sample SSL server</h1><br><br>";
char filehd[] = "<h2>The file you requested:</h2><br>";
char reqhd[] = "<h2>This is your request:</h2><br>";
char link[] = "Try getting a <a HREF=\"../testfile\">file</a><br>";
char footer[] = "<br><h2>End of request.</h2><br></body></html>";
headerLength = PORT_Strlen(defaultHeader);
/* Write a header to the socket. */
numBytes = PR_Write(sslSocket, header, PORT_Strlen(header));
if (numBytes < 0) {
errWarn("PR_Write");
goto loser;
}
if (fileName) {
PRFileInfo info;
PRStatus prStatus;
/* Try to open the local file named.
* If successful, then write it to the client.
*/
prStatus = PR_GetFileInfo(fileName, &info);
if (prStatus != PR_SUCCESS ||
info.type != PR_FILE_FILE ||
info.size < 0) {
PORT_Free(fileName);
/* Maybe a GET not sent from client.c? */
goto writerequest;
}
local_file_fd = PR_Open(fileName, PR_RDONLY, 0);
if (local_file_fd == NULL) {
PORT_Free(fileName);
goto writerequest;
}
/* Write a header to the socket. */
numBytes = PR_Write(sslSocket, filehd, PORT_Strlen(filehd));
if (numBytes < 0) {
errWarn("PR_Write");
goto loser;
}
/* Transmit the local file prepended by the default header
* across the socket.
*/
numBytes = PR_TransmitFile(sslSocket, local_file_fd,
defaultHeader, headerLength,
PR_TRANSMITFILE_KEEP_OPEN,
PR_INTERVAL_NO_TIMEOUT);
/* Error in transmission. */
if (numBytes < 0) {
errWarn("PR_TransmitFile");
/*
i = PORT_Strlen(errString);
PORT_Memcpy(buf, errString, i);
*/
/* Transmitted bytes successfully. */
} else {
numBytes -= headerLength;
fprintf(stderr, "PR_TransmitFile wrote %d bytes from %s\n",
numBytes, fileName);
}
PORT_Free(fileName);
PR_Close(local_file_fd);
}
writerequest:
/* Write a header to the socket. */
numBytes = PR_Write(sslSocket, reqhd, PORT_Strlen(reqhd));
if (numBytes < 0) {
errWarn("PR_Write");
goto loser;
}
/* Write the buffer data to the socket. */
if (buffer->index <= 0) {
/* Reached the EOF. Report incomplete transaction to socket. */
PORT_Sprintf(messageBuffer,
"GET or POST incomplete after %d bytes.\r\n",
buffer->dataEnd);
numBytes = PR_Write(sslSocket, messageBuffer,
PORT_Strlen(messageBuffer));
if (numBytes < 0) {
errWarn("PR_Write");
goto loser;
}
} else {
/* Display the buffer data. */
fwrite(buffer->data, 1, buffer->index, stdout);
/* Write the buffer data to the socket. */
numBytes = PR_Write(sslSocket, buffer->data, buffer->index);
if (numBytes < 0) {
errWarn("PR_Write");
goto loser;
}
/* Display security information for the socket. */
printSecurityInfo(sslSocket);
/* Write any discarded data out to the socket. */
if (buffer->index < buffer->dataEnd) {
PORT_Sprintf(buffer->data, "Discarded %d characters.\r\n",
buffer->dataEnd - buffer->index);
numBytes = PR_Write(sslSocket, buffer->data,
PORT_Strlen(buffer->data));
if (numBytes < 0) {
errWarn("PR_Write");
goto loser;
}
}
}
/* Write a footer to the socket. */
numBytes = PR_Write(sslSocket, footer, PORT_Strlen(footer));
if (numBytes < 0) {
errWarn("PR_Write");
goto loser;
}
/* Write a link to the socket. */
numBytes = PR_Write(sslSocket, link, PORT_Strlen(link));
if (numBytes < 0) {
errWarn("PR_Write");
goto loser;
}
/* Complete the HTTP transaction. */
numBytes = PR_Write(sslSocket, "EOF\r\n\r\n\r\n", 9);
if (numBytes < 0) {
errWarn("PR_Write");
goto loser;
}
/* Do a nice shutdown if asked. */
if (!strncmp(buffer->data, stopCmd, strlen(stopCmd))) {
stopping = 1;
}
return SECSuccess;
loser:
/* Do a nice shutdown if asked. */
if (!strncmp(buffer->data, stopCmd, strlen(stopCmd))) {
stopping = 1;
}
return SECFailure;
}
/* Function: int handle_connection()
*
* Purpose: Thread to handle a connection to a socket.
*
*/
SECStatus
handle_connection(void *tcp_sock, int requestCert)
{
PRFileDesc * tcpSocket = (PRFileDesc *)tcp_sock;
PRFileDesc * sslSocket = NULL;
SECStatus secStatus = SECFailure;
PRStatus prStatus;
PRSocketOptionData socketOption;
DataBuffer buffer;
char * fileName = NULL;
/* Initialize the data buffer. */
memset(buffer.data, 0, BUFFER_SIZE);
buffer.remaining = BUFFER_SIZE;
buffer.index = 0;
buffer.dataStart = 0;
buffer.dataEnd = 0;
/* Make sure the socket is blocking. */
socketOption.option = PR_SockOpt_Nonblocking;
socketOption.value.non_blocking = PR_FALSE;
PR_SetSocketOption(tcpSocket, &socketOption);
sslSocket = setupSSLSocket(tcpSocket, requestCert);
if (sslSocket == NULL) {
errWarn("setupSSLSocket");
goto cleanup;
}
secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_ResetHandshake");
goto cleanup;
}
/* Read data from the socket, parse it for HTTP content.
* If the user is requesting/requiring authentication, authenticate
* the socket. Then write the result back to the socket. */
fprintf(stdout, "\nReading data from socket...\n\n");
secStatus = readDataFromSocket(sslSocket, &buffer, &fileName);
if (secStatus != SECSuccess) {
goto cleanup;
}
if (requestCert >= REQUEST_CERT_ALL) {
fprintf(stdout, "\nAuthentication requested.\n\n");
secStatus = authenticateSocket(sslSocket,
(requestCert == REQUIRE_CERT_ALL));
if (secStatus != SECSuccess) {
goto cleanup;
}
}
fprintf(stdout, "\nWriting data to socket...\n\n");
secStatus = writeDataToSocket(sslSocket, &buffer, fileName);
cleanup:
/* Close down the socket. */
prStatus = PR_Close(tcpSocket);
if (prStatus != PR_SUCCESS) {
errWarn("PR_Close");
}
return secStatus;
}
/* Function: int accept_connection()
*
* Purpose: Thread to accept a connection to the socket.
*
*/
SECStatus
accept_connection(void *listener, int requestCert)
{
PRFileDesc *listenSocket = (PRFileDesc*)listener;
PRNetAddr addr;
PRStatus prStatus;
/* XXX need an SSL socket here? */
while (!stopping) {
PRFileDesc *tcpSocket;
SECStatus result;
fprintf(stderr, "\n\n\nAbout to call accept.\n");
/* Accept a connection to the socket. */
tcpSocket = PR_Accept(listenSocket, &addr, PR_INTERVAL_NO_TIMEOUT);
if (tcpSocket == NULL) {
errWarn("PR_Accept");
break;
}
/* Accepted the connection, now handle it. */
result = launch_thread(&threadMGR, handle_connection,
tcpSocket, requestCert);
if (result != SECSuccess) {
prStatus = PR_Close(tcpSocket);
if (prStatus != PR_SUCCESS) {
exitErr("PR_Close");
}
break;
}
}
fprintf(stderr, "Closing listen socket.\n");
prStatus = PR_Close(listenSocket);
if (prStatus != PR_SUCCESS) {
exitErr("PR_Close");
}
return SECSuccess;
}
/* Function: void server_main()
*
* Purpose: This is the server's main function. It configures a socket
* and listens to it.
*
*/
void
server_main(
unsigned short port,
int requestCert,
SECKEYPrivateKey * privKey,
CERTCertificate * cert,
PRBool disableSSL3)
{
SECStatus secStatus;
PRStatus prStatus;
PRFileDesc * listenSocket;
PRNetAddr addr;
PRSocketOptionData socketOption;
/* Create a new socket. */
listenSocket = PR_NewTCPSocket();
if (listenSocket == NULL) {
exitErr("PR_NewTCPSocket");
}
/* Set socket to be blocking -
* on some platforms the default is nonblocking.
*/
socketOption.option = PR_SockOpt_Nonblocking;
socketOption.value.non_blocking = PR_FALSE;
prStatus = PR_SetSocketOption(listenSocket, &socketOption);
if (prStatus != PR_SUCCESS) {
exitErr("PR_SetSocketOption");
}
/* This cipher is not on by default. The Acceptance test
* would like it to be. Turn this cipher on.
*/
secStatus = SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE);
if (secStatus != SECSuccess) {
exitErr("SSL_CipherPrefSetDefault:SSL_RSA_WITH_NULL_MD5");
}
/* Configure the network connection. */
addr.inet.family = PR_AF_INET;
addr.inet.ip = PR_INADDR_ANY;
addr.inet.port = PR_htons(port);
/* Bind the address to the listener socket. */
prStatus = PR_Bind(listenSocket, &addr);
if (prStatus != PR_SUCCESS) {
exitErr("PR_Bind");
}
/* Listen for connection on the socket. The second argument is
* the maximum size of the queue for pending connections.
*/
prStatus = PR_Listen(listenSocket, 5);
if (prStatus != PR_SUCCESS) {
exitErr("PR_Listen");
}
/* Launch thread to handle connections to the socket. */
secStatus = launch_thread(&threadMGR, accept_connection,
listenSocket, requestCert);
if (secStatus != SECSuccess) {
PR_Close(listenSocket);
} else {
reap_threads(&threadMGR);
destroy_thread_data(&threadMGR);
}
}
/* Function: int main()
*
* Purpose: Parses command arguments and configures SSL server.
*
*/
int
main(int argc, char **argv)
{
char * progName = NULL;
char * nickName = NULL;
char * cipherString = NULL;
char * dir = ".";
int requestCert = 0;
unsigned short port = 0;
SECStatus secStatus;
PRBool disableSSL3 = PR_FALSE;
PLOptState * optstate;
PLOptStatus status;
/* Zero out the thread manager. */
PORT_Memset(&threadMGR, 0, sizeof(threadMGR));
progName = PL_strdup(argv[0]);
optstate = PL_CreateOptState(argc, argv, "3FRc:d:fp:n:rw:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch(optstate->option) {
case '3': disableSSL3 = PR_TRUE; break;
case 'F': requestCert = REQUIRE_CERT_ALL; break;
case 'R': requestCert = REQUEST_CERT_ALL; break;
case 'c': cipherString = PL_strdup(optstate->value); break;
case 'd': dir = PL_strdup(optstate->value); break;
case 'f': requestCert = REQUIRE_CERT_ONCE; break;
case 'n': nickName = PL_strdup(optstate->value); break;
case 'p': port = PORT_Atoi(optstate->value); break;
case 'r': requestCert = REQUEST_CERT_ONCE; break;
case 'w': password = PL_strdup(optstate->value); break;
default:
case '?': Usage(progName);
}
}
if (nickName == NULL || port == 0)
Usage(progName);
/* Call the NSPR initialization routines. */
PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
/* Set the cert database password callback. */
PK11_SetPasswordFunc(myPasswd);
/* Initialize NSS. */
secStatus = NSS_Init(dir);
if (secStatus != SECSuccess) {
exitErr("NSS_Init");
}
/* Set the policy for this server (REQUIRED - no default). */
secStatus = NSS_SetDomesticPolicy();
if (secStatus != SECSuccess) {
exitErr("NSS_SetDomesticPolicy");
}
/* XXX keep this? */
/* all the SSL2 and SSL3 cipher suites are enabled by default. */
if (cipherString) {
int ndx;
/* disable all the ciphers, then enable the ones we want. */
disableAllSSLCiphers();
while (0 != (ndx = *cipherString++)) {
int *cptr;
int cipher;
if (! isalpha(ndx))
Usage(progName);
cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
/* do nothing */;
if (cipher) {
SECStatus status;
status = SSL_CipherPrefSetDefault(cipher, PR_TRUE);
if (status != SECSuccess)
errWarn("SSL_CipherPrefSetDefault()");
}
}
}
/* Get own certificate and private key. */
cert = PK11_FindCertFromNickname(nickName, password);
if (cert == NULL) {
exitErr("PK11_FindCertFromNickname");
}
privKey = PK11_FindKeyByAnyCert(cert, password);
if (privKey == NULL) {
exitErr("PK11_FindKeyByAnyCert");
}
/* Configure the server's cache for a multi-process application
* using default timeout values (24 hrs) and directory location (/tmp).
*/
SSL_ConfigMPServerSIDCache(256, 0, 0, NULL);
/* Launch server. */
server_main(port, requestCert, privKey, cert, disableSSL3);
/* Shutdown NSS and exit NSPR gracefully. */
if (NSS_Shutdown() != SECSuccess) {
exit(1);
}
PR_Cleanup();
return 0;
}

48
security/nss/cmd/SSLsample/server.mn
View File

@ -1,48 +0,0 @@
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1994-2000
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CORE_DEPTH = ../../..
MODULE = nss
EXPORTS =
CSRCS = server.c \
sslsample.c \
$(NULL)
PROGRAM = server

113
security/nss/cmd/SSLsample/sslerror.h
View File

@ -1,113 +0,0 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include <stdio.h>
#include <string.h>
#include "nspr.h"
struct tuple_str {
PRErrorCode errNum;
const char * errString;
};
typedef struct tuple_str tuple_str;
#define ER2(a,b) {a, b},
#define ER3(a,b,c) {a, c},
#include "secerr.h"
#include "sslerr.h"
const tuple_str errStrings[] = {
/* keep this list in asceding order of error numbers */
#include "SSLerrs.h"
#include "SECerrs.h"
#include "NSPRerrs.h"
};
const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str);
/* Returns a UTF-8 encoded constant error string for "errNum".
* Returns NULL of errNum is unknown.
*/
const char *
SSL_Strerror(PRErrorCode errNum) {
PRInt32 low = 0;
PRInt32 high = numStrings - 1;
PRInt32 i;
PRErrorCode num;
static int initDone;
/* make sure table is in ascending order.
* binary search depends on it.
*/
if (!initDone) {
PRErrorCode lastNum = (PRInt32)0x80000000;
for (i = low; i <= high; ++i) {
num = errStrings[i].errNum;
if (num <= lastNum) {
fprintf(stderr,
"sequence error in error strings at item %d\n"
"error %d (%s)\n"
"should come after \n"
"error %d (%s)\n",
i, lastNum, errStrings[i-1].errString,
num, errStrings[i].errString);
}
lastNum = num;
}
initDone = 1;
}
/* Do binary search of table. */
while (low + 1 < high) {
i = (low + high) / 2;
num = errStrings[i].errNum;
if (errNum == num)
return errStrings[i].errString;
if (errNum < num)
high = i;
else
low = i;
}
if (errNum == errStrings[low].errNum)
return errStrings[low].errString;
if (errNum == errStrings[high].errNum)
return errStrings[high].errString;
return NULL;
}

593
security/nss/cmd/SSLsample/sslsample.c
View File

@ -1,593 +0,0 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "sslsample.h"
#include "sslerror.h"
/* Declare SSL cipher suites. */
int ssl2CipherSuites[] = {
SSL_EN_RC4_128_WITH_MD5, /* A */
SSL_EN_RC4_128_EXPORT40_WITH_MD5, /* B */
SSL_EN_RC2_128_CBC_WITH_MD5, /* C */
SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */
SSL_EN_DES_64_CBC_WITH_MD5, /* E */
SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* F */
0
};
int ssl3CipherSuites[] = {
-1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA a */
-1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */
SSL_RSA_WITH_RC4_128_MD5, /* c */
SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
SSL_RSA_WITH_DES_CBC_SHA, /* e */
SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
SSL_RSA_WITH_NULL_MD5, /* i */
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
0
};
/**************************************************************************
**
** SSL callback routines.
**
**************************************************************************/
/* Function: char * myPasswd()
*
* Purpose: This function is our custom password handler that is called by
* SSL when retreiving private certs and keys from the database. Returns a
* pointer to a string that with a password for the database. Password pointer
* should point to dynamically allocated memory that will be freed later.
*/
char *
myPasswd(PK11SlotInfo *info, PRBool retry, void *arg)
{
char * passwd = NULL;
if ( (!retry) && arg ) {
passwd = PORT_Strdup((char *)arg);
}
return passwd;
}
/* Function: SECStatus myAuthCertificate()
*
* Purpose: This function is our custom certificate authentication handler.
*
* Note: This implementation is essentially the same as the default
* SSL_AuthCertificate().
*/
SECStatus
myAuthCertificate(void *arg, PRFileDesc *socket,
PRBool checksig, PRBool isServer)
{
SECCertUsage certUsage;
CERTCertificate * cert;
void * pinArg;
char * hostName;
SECStatus secStatus;
if (!arg || !socket) {
errWarn("myAuthCertificate");
return SECFailure;
}
/* Define how the cert is being used based upon the isServer flag. */
certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
cert = SSL_PeerCertificate(socket);
pinArg = SSL_RevealPinArg(socket);
secStatus = CERT_VerifyCertNow((CERTCertDBHandle *)arg,
cert,
checksig,
certUsage,
pinArg);
/* If this is a server, we're finished. */
if (isServer || secStatus != SECSuccess) {
CERT_DestroyCertificate(cert);
return secStatus;
}
/* Certificate is OK. Since this is the client side of an SSL
* connection, we need to verify that the name field in the cert
* matches the desired hostname. This is our defense against
* man-in-the-middle attacks.
*/
/* SSL_RevealURL returns a hostName, not an URL. */
hostName = SSL_RevealURL(socket);
if (hostName && hostName[0]) {
secStatus = CERT_VerifyCertName(cert, hostName);
} else {
PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0);
secStatus = SECFailure;
}
if (hostName)
PR_Free(hostName);
CERT_DestroyCertificate(cert);
return secStatus;
}
/* Function: SECStatus myBadCertHandler()
*
* Purpose: This callback is called when the incoming certificate is not
* valid. We define a certain set of parameters that still cause the
* certificate to be "valid" for this session, and return SECSuccess to cause
* the server to continue processing the request when any of these conditions
* are met. Otherwise, SECFailure is return and the server rejects the
* request.
*/
SECStatus
myBadCertHandler(void *arg, PRFileDesc *socket)
{
SECStatus secStatus = SECFailure;
PRErrorCode err;
/* log invalid cert here */
if (!arg) {
return secStatus;
}
*(PRErrorCode *)arg = err = PORT_GetError();
/* If any of the cases in the switch are met, then we will proceed */
/* with the processing of the request anyway. Otherwise, the default */
/* case will be reached and we will reject the request. */
switch (err) {
case SEC_ERROR_INVALID_AVA:
case SEC_ERROR_INVALID_TIME:
case SEC_ERROR_BAD_SIGNATURE:
case SEC_ERROR_EXPIRED_CERTIFICATE:
case SEC_ERROR_UNKNOWN_ISSUER:
case SEC_ERROR_UNTRUSTED_CERT:
case SEC_ERROR_CERT_VALID:
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
case SEC_ERROR_CRL_EXPIRED:
case SEC_ERROR_CRL_BAD_SIGNATURE:
case SEC_ERROR_EXTENSION_VALUE_INVALID:
case SEC_ERROR_CA_CERT_INVALID:
case SEC_ERROR_CERT_USAGES_INVALID:
case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
secStatus = SECSuccess;
break;
default:
secStatus = SECFailure;
break;
}
printf("Bad certificate: %d, %s\n", err, SSL_Strerror(err));
return secStatus;
}
/* Function: SECStatus ownGetClientAuthData()
*
* Purpose: This callback is used by SSL to pull client certificate
* information upon server request.
*/
SECStatus
myGetClientAuthData(void *arg,
PRFileDesc *socket,
struct CERTDistNamesStr *caNames,
struct CERTCertificateStr **pRetCert,
struct SECKEYPrivateKeyStr **pRetKey)
{
CERTCertificate * cert;
SECKEYPrivateKey * privKey;
char * chosenNickName = (char *)arg;
void * proto_win = NULL;
SECStatus secStatus = SECFailure;
proto_win = SSL_RevealPinArg(socket);
if (chosenNickName) {
cert = PK11_FindCertFromNickname(chosenNickName, proto_win);
if (cert) {
privKey = PK11_FindKeyByAnyCert(cert, proto_win);
if (privKey) {
secStatus = SECSuccess;
} else {
CERT_DestroyCertificate(cert);
}
}
} else { /* no nickname given, automatically find the right cert */
CERTCertNicknames *names;
int i;
names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
SEC_CERT_NICKNAMES_USER, proto_win);
if (names != NULL) {
for(i = 0; i < names->numnicknames; i++ ) {
cert = PK11_FindCertFromNickname(names->nicknames[i],
proto_win);
if (!cert) {
continue;
}
/* Only check unexpired certs */
if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE)
!= secCertTimeValid ) {
CERT_DestroyCertificate(cert);
continue;
}
secStatus = NSS_CmpCertChainWCANames(cert, caNames);
if (secStatus == SECSuccess) {
privKey = PK11_FindKeyByAnyCert(cert, proto_win);
if (privKey) {
break;
}
secStatus = SECFailure;
break;
}
} /* for loop */
CERT_FreeNicknames(names);
}
}
if (secStatus == SECSuccess) {
*pRetCert = cert;
*pRetKey = privKey;
}
return secStatus;
}
/* Function: SECStatus myHandshakeCallback()
*
* Purpose: Called by SSL to inform application that the handshake is
* complete. This function is mostly used on the server side of an SSL
* connection, although it is provided for a client as well.
* Useful when a non-blocking SSL_ReHandshake or SSL_ResetHandshake
* is used to initiate a handshake.
*
* A typical scenario would be:
*
* 1. Server accepts an SSL connection from the client without client auth.
* 2. Client sends a request.
* 3. Server determines that to service request it needs to authenticate the
* client and initiates another handshake requesting client auth.
* 4. While handshake is in progress, server can do other work or spin waiting
* for the handshake to complete.
* 5. Server is notified that handshake has been successfully completed by
* the custom handshake callback function and it can service the client's
* request.
*
* Note: This function is not implemented in this sample, as we are using
* blocking sockets.
*/
void
myHandshakeCallback(PRFileDesc *socket, void *arg)
{
printf("Handshake has completed, ready to send data securely.\n");
}
/**************************************************************************
**
** Routines for disabling SSL ciphers.
**
**************************************************************************/
void
disableAllSSLCiphers(void)
{
const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
int i = SSL_NumImplementedCiphers;
SECStatus rv;
/* disable all the SSL3 cipher suites */
while (--i >= 0) {
PRUint16 suite = cipherSuites[i];
rv = SSL_CipherPrefSetDefault(suite, PR_FALSE);
if (rv != SECSuccess) {
printf("SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n",
suite, i);
errWarn("SSL_CipherPrefSetDefault");
exit(2);
}
}
}
/**************************************************************************
**
** Error and information routines.
**
**************************************************************************/
void
errWarn(char *function)
{
PRErrorCode errorNumber = PR_GetError();
const char * errorString = SSL_Strerror(errorNumber);
printf("Error in function %s: %d\n - %s\n",
function, errorNumber, errorString);
}
void
exitErr(char *function)
{
errWarn(function);
/* Exit gracefully. */
/* ignoring return value of NSS_Shutdown as code exits with 1*/
(void) NSS_Shutdown();
PR_Cleanup();
exit(1);
}
void
printSecurityInfo(PRFileDesc *fd)
{
char * cp; /* bulk cipher name */
char * ip; /* cert issuer DN */
char * sp; /* cert subject DN */
int op; /* High, Low, Off */
int kp0; /* total key bits */
int kp1; /* secret key bits */
int result;
SSL3Statistics * ssl3stats = SSL_GetStatistics();
result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp);
if (result != SECSuccess)
return;
printf("bulk cipher %s, %d secret key bits, %d key bits, status: %d\n"
"subject DN: %s\n"
"issuer DN: %s\n", cp, kp1, kp0, op, sp, ip);
PR_Free(cp);
PR_Free(ip);
PR_Free(sp);
printf("%ld cache hits; %ld cache misses, %ld cache not reusable\n",
ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses,
ssl3stats->hch_sid_cache_not_ok);
}
/**************************************************************************
** Begin thread management routines and data.
**************************************************************************/
void
thread_wrapper(void * arg)
{
GlobalThreadMgr *threadMGR = (GlobalThreadMgr *)arg;
perThread *slot = &threadMGR->threads[threadMGR->index];
/* wait for parent to finish launching us before proceeding. */
PR_Lock(threadMGR->threadLock);
PR_Unlock(threadMGR->threadLock);
slot->rv = (* slot->startFunc)(slot->a, slot->b);
PR_Lock(threadMGR->threadLock);
slot->running = rs_zombie;
/* notify the thread exit handler. */
PR_NotifyCondVar(threadMGR->threadEndQ);
PR_Unlock(threadMGR->threadLock);
}
SECStatus
launch_thread(GlobalThreadMgr *threadMGR,
startFn *startFunc,
void *a,
int b)
{
perThread *slot;
int i;
if (!threadMGR->threadStartQ) {
threadMGR->threadLock = PR_NewLock();
threadMGR->threadStartQ = PR_NewCondVar(threadMGR->threadLock);
threadMGR->threadEndQ = PR_NewCondVar(threadMGR->threadLock);
}
PR_Lock(threadMGR->threadLock);
while (threadMGR->numRunning >= MAX_THREADS) {
PR_WaitCondVar(threadMGR->threadStartQ, PR_INTERVAL_NO_TIMEOUT);
}
for (i = 0; i < threadMGR->numUsed; ++i) {
slot = &threadMGR->threads[i];
if (slot->running == rs_idle)
break;
}
if (i >= threadMGR->numUsed) {
if (i >= MAX_THREADS) {
/* something's really wrong here. */
PORT_Assert(i < MAX_THREADS);
PR_Unlock(threadMGR->threadLock);
return SECFailure;
}
++(threadMGR->numUsed);
PORT_Assert(threadMGR->numUsed == i + 1);
slot = &threadMGR->threads[i];
}
slot->a = a;
slot->b = b;
slot->startFunc = startFunc;
threadMGR->index = i;
slot->prThread = PR_CreateThread(PR_USER_THREAD,
thread_wrapper, threadMGR,
PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
PR_JOINABLE_THREAD, 0);
if (slot->prThread == NULL) {
PR_Unlock(threadMGR->threadLock);
printf("Failed to launch thread!\n");
return SECFailure;
}
slot->inUse = 1;
slot->running = 1;
++(threadMGR->numRunning);
PR_Unlock(threadMGR->threadLock);
printf("Launched thread in slot %d \n", threadMGR->index);
return SECSuccess;
}
SECStatus
reap_threads(GlobalThreadMgr *threadMGR)
{
perThread * slot;
int i;
if (!threadMGR->threadLock)
return 0;
PR_Lock(threadMGR->threadLock);
while (threadMGR->numRunning > 0) {
PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT);
for (i = 0; i < threadMGR->numUsed; ++i) {
slot = &threadMGR->threads[i];
if (slot->running == rs_zombie) {
/* Handle cleanup of thread here. */
printf("Thread in slot %d returned %d\n", i, slot->rv);
/* Now make sure the thread has ended OK. */
PR_JoinThread(slot->prThread);
slot->running = rs_idle;
--threadMGR->numRunning;
/* notify the thread launcher. */
PR_NotifyCondVar(threadMGR->threadStartQ);
}
}
}
/* Safety Sam sez: make sure count is right. */
for (i = 0; i < threadMGR->numUsed; ++i) {
slot = &threadMGR->threads[i];
if (slot->running != rs_idle) {
fprintf(stderr, "Thread in slot %d is in state %d!\n",
i, slot->running);
}
}
PR_Unlock(threadMGR->threadLock);
return 0;
}
void
destroy_thread_data(GlobalThreadMgr *threadMGR)
{
PORT_Memset(threadMGR->threads, 0, sizeof(threadMGR->threads));
if (threadMGR->threadEndQ) {
PR_DestroyCondVar(threadMGR->threadEndQ);
threadMGR->threadEndQ = NULL;
}
if (threadMGR->threadStartQ) {
PR_DestroyCondVar(threadMGR->threadStartQ);
threadMGR->threadStartQ = NULL;
}
if (threadMGR->threadLock) {
PR_DestroyLock(threadMGR->threadLock);
threadMGR->threadLock = NULL;
}
}
/**************************************************************************
** End thread management routines.
**************************************************************************/
void
lockedVars_Init( lockedVars * lv)
{
lv->count = 0;
lv->waiters = 0;
lv->lock = PR_NewLock();
lv->condVar = PR_NewCondVar(lv->lock);
}
void
lockedVars_Destroy( lockedVars * lv)
{
PR_DestroyCondVar(lv->condVar);
lv->condVar = NULL;
PR_DestroyLock(lv->lock);
lv->lock = NULL;
}
void
lockedVars_WaitForDone(lockedVars * lv)
{
PR_Lock(lv->lock);
while (lv->count > 0) {
PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
}
PR_Unlock(lv->lock);
}
int /* returns count */
lockedVars_AddToCount(lockedVars * lv, int addend)
{
int rv;
PR_Lock(lv->lock);
rv = lv->count += addend;
if (rv <= 0) {
PR_NotifyCondVar(lv->condVar);
}
PR_Unlock(lv->lock);
return rv;
}

180
security/nss/cmd/SSLsample/sslsample.h
View File

@ -1,180 +0,0 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifndef SSLSAMPLE_H
#define SSLSAMPLE_H
/* Generic header files */
#include <stdio.h>
#include <string.h>
/* NSPR header files */
#include "nspr.h"
#include "prerror.h"
#include "prnetdb.h"
/* NSS header files */
#include "pk11func.h"
#include "secitem.h"
#include "ssl.h"
#include "certt.h"
#include "nss.h"
#include "secder.h"
#include "key.h"
#include "sslproto.h"
/* Custom header files */
/*
#include "sslerror.h"
*/
#define BUFFER_SIZE 10240
/* Declare SSL cipher suites. */
extern int cipherSuites[];
extern int ssl2CipherSuites[];
extern int ssl3CipherSuites[];
/* Data buffer read from a socket. */
typedef struct DataBufferStr {
char data[BUFFER_SIZE];
int index;
int remaining;
int dataStart;
int dataEnd;
} DataBuffer;
/* SSL callback routines. */
char * myPasswd(PK11SlotInfo *info, PRBool retry, void *arg);
SECStatus myAuthCertificate(void *arg, PRFileDesc *socket,
PRBool checksig, PRBool isServer);
SECStatus myBadCertHandler(void *arg, PRFileDesc *socket);
void myHandshakeCallback(PRFileDesc *socket, void *arg);
SECStatus myGetClientAuthData(void *arg, PRFileDesc *socket,
struct CERTDistNamesStr *caNames,
struct CERTCertificateStr **pRetCert,
struct SECKEYPrivateKeyStr **pRetKey);
/* Disable all v2/v3 SSL ciphers. */
void disableAllSSLCiphers(void);
/* Error and information utilities. */
void errWarn(char *function);
void exitErr(char *function);
void printSecurityInfo(PRFileDesc *fd);
/* Some simple thread management routines. */
#define MAX_THREADS 32
typedef SECStatus startFn(void *a, int b);
typedef enum { rs_idle = 0, rs_running = 1, rs_zombie = 2 } runState;
typedef struct perThreadStr {
PRFileDesc *a;
int b;
int rv;
startFn *startFunc;
PRThread *prThread;
PRBool inUse;
runState running;
} perThread;
typedef struct GlobalThreadMgrStr {
PRLock *threadLock;
PRCondVar *threadStartQ;
PRCondVar *threadEndQ;
perThread threads[MAX_THREADS];
int index;
int numUsed;
int numRunning;
} GlobalThreadMgr;
void thread_wrapper(void * arg);
SECStatus launch_thread(GlobalThreadMgr *threadMGR,
startFn *startFunc, void *a, int b);
SECStatus reap_threads(GlobalThreadMgr *threadMGR);
void destroy_thread_data(GlobalThreadMgr *threadMGR);
/* Management of locked variables. */
struct lockedVarsStr {
PRLock * lock;
int count;
int waiters;
PRCondVar * condVar;
};
typedef struct lockedVarsStr lockedVars;
void lockedVars_Init(lockedVars *lv);
void lockedVars_Destroy(lockedVars *lv);
void lockedVars_WaitForDone(lockedVars *lv);
int lockedVars_AddToCount(lockedVars *lv, int addend);
/* Buffer stuff. */
static const char stopCmd[] = { "GET /stop " };
static const char defaultHeader[] = {
"HTTP/1.0 200 OK\r\n"
"Server: SSL sample server\r\n"
"Content-type: text/plain\r\n"
"\r\n"
};
#endif

20
security/nss/cmd/certutil/certutil.c
View File

@ -537,7 +537,7 @@ ListCerts(CERTCertDBHandle *handle, char *nickname, PK11SlotInfo *slot,
{
SECStatus rv;
if (!ascii && !raw) {
if (!ascii && !raw && !nickname) {
PR_fprintf(outfile, "\n%-60s %-5s\n%-60s %-5s\n\n",
"Certificate Nickname", "Trust Attributes", "",
"SSL,S/MIME,JAR/XPI");
@ -2207,7 +2207,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
/* If making a cert request, need a subject. */
if ((certutil.commands[cmd_CertReq].activated ||
certutil.commands[cmd_CreateAndAddCert].activated) &&
!certutil.options[opt_Subject].activated) {
!(certutil.options[opt_Subject].activated || keysource)) {
PR_fprintf(PR_STDERR,
"%s -%c: subject is required to create a cert request.\n",
progName, commandToRun);
@ -2626,14 +2626,28 @@ merge_fail:
privkey = PK11_FindKeyByDERCert(slot, keycert, &pwdata);
if (privkey)
pubkey = CERT_ExtractPublicKey(keycert);
CERT_DestroyCertificate(keycert);
if (!pubkey) {
SECU_PrintError(progName,
"Could not get keys from cert %s", keysource);
rv = SECFailure;
CERT_DestroyCertificate(keycert);
goto shutdown;
}
keytype = privkey->keyType;
/* On CertReq for renewal if no subject has been
* specified obtain it from the certificate.
*/
if (certutil.commands[cmd_CertReq].activated && !subject) {
subject = CERT_AsciiToName(keycert->subjectName);
if (!subject) {
SECU_PrintError(progName,
"Could not get subject from certificate %s", keysource);
CERT_DestroyCertificate(keycert);
rv = SECFailure;
goto shutdown;
}
}
CERT_DestroyCertificate(keycert);
} else {
privkey =
CERTUTIL_GeneratePrivateKey(keytype, slot, keysize,

6
security/nss/cmd/crlutil/crlutil.c
View File

@ -254,7 +254,7 @@ SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type,
SECItem crlDER;
PK11SlotInfo* slot = NULL;
int rv;
#if defined(DEBUG_jpierre)
#if defined(DEBUG_jp96085)
PRIntervalTime starttime, endtime, elapsed;
PRUint32 mins, secs, msecs;
#endif
@ -273,12 +273,12 @@ SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type,
slot = PK11_GetInternalKeySlot();
#if defined(DEBUG_jpierre)
#if defined(DEBUG_jp96085)
starttime = PR_IntervalNow();
#endif
crl = PK11_ImportCRL(slot, &crlDER, url, type,
NULL, importOptions, NULL, decodeOptions);
#if defined(DEBUG_jpierre)
#if defined(DEBUG_jp96085)
endtime = PR_IntervalNow();
elapsed = endtime - starttime;
mins = PR_IntervalToSeconds(elapsed) / 60;

9
security/nss/cmd/lib/SECerrs.h
View File

@ -546,3 +546,12 @@ ER3(SEC_ERROR_BAD_INFO_ACCESS_LOCATION, (SEC_ERROR_BASE + 165),
ER3(SEC_ERROR_LIBPKIX_INTERNAL, (SEC_ERROR_BASE + 166),
"Libpkix internal error occured during cert validation.")
ER3(SEC_ERROR_PKCS11_GENERAL_ERROR, (SEC_ERROR_BASE + 167),
"A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an unrecoverable error has occurred.")
ER3(SEC_ERROR_PKCS11_FUNCTION_FAILED, (SEC_ERROR_BASE + 168),
"A PKCS #11 module returned CKR_FUNCTION_FAILED, indicating that the requested function could not be performed. Trying the same operation again might succeed.")
ER3(SEC_ERROR_PKCS11_DEVICE_ERROR, (SEC_ERROR_BASE + 169),
"A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot.")

2
security/nss/cmd/lib/ffs.c
View File

@ -33,7 +33,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifdef XP_PC
#if !defined(XP_UNIX) && !defined(XP_OS2)
int ffs( unsigned int i)
{

7
security/nss/cmd/lib/secutil.c
View File

@ -1057,7 +1057,7 @@ secu_PrintTime(FILE *out, int64 time, char *m, int level)
/* Convert to local time */
PR_ExplodeTime(time, PR_GMTParameters, &printableTime);
timeString = PORT_Alloc(100);
timeString = PORT_Alloc(256);
if (timeString == NULL)
return;
@ -1066,8 +1066,9 @@ secu_PrintTime(FILE *out, int64 time, char *m, int level)
fprintf(out, "%s: ", m);
}
PR_FormatTime(timeString, 100, "%a %b %d %H:%M:%S %Y", &printableTime);
fprintf(out, timeString);
if (PR_FormatTime(timeString, 256, "%a %b %d %H:%M:%S %Y", &printableTime)) {
fprintf(out, timeString);
}
if (m != NULL)
fprintf(out, "\n");

2
security/nss/cmd/lib/secutil.h
View File

@ -450,7 +450,7 @@ char *SECU_ErrorStringRaw(int16 err);
void printflags(char *trusts, unsigned int flags);
#ifndef XP_UNIX
#if !defined(XP_UNIX) && !defined(XP_OS2)
extern int ffs(unsigned int i);
#endif

1
security/nss/cmd/manifest.mn
View File

@ -72,7 +72,6 @@ DIRS = lib \
signver \
shlibsign \
smimetools \
SSLsample \
ssltap \
strsclnt \
symkeyutil \

8
security/nss/cmd/modutil/error.h
View File

@ -37,6 +37,10 @@
#ifndef MODUTIL_ERROR_H
#define MODUTIL_ERROR_H
/*
* The values of these enumerated constants are immutable and must not be
* changed.
*/
typedef enum {
NO_ERR=0,
INVALID_USAGE_ERR,
@ -61,7 +65,7 @@ typedef enum {
DIR_NOT_WRITEABLE_ERR,
INVALID_CONSTANT_ERR,
ADD_MODULE_FAILED_ERR,
ADD_MODULE_FAILED_STATUS_ERR,
UNUSED_ERR, /* reserved for future use */
OUT_OF_MEM_ERR,
DELETE_INTERNAL_ERR,
DELETE_FAILED_ERR,
@ -114,8 +118,8 @@ static char *errStrings[] = {
"ERROR: Directory \"%s\" is not readable.\n",
"ERROR: Directory \"%s\" is not writeable.\n",
"\"%s\" is not a recognized value.\n",
"ERROR: Failed to add module \"%s\".\n",
"ERROR: Failed to add module \"%s\". Probable cause : \"%s\".\n",
"Unused error string",
"ERROR: Out of memory.\n",
"ERROR: Cannot delete internal module.\n",
"ERROR: Failed to delete module \"%s\".\n",

4
security/nss/cmd/modutil/pk11.c
View File

@ -297,12 +297,12 @@ AddModule(char *moduleName, char *libFile, char *cipherString,
copied = PR_GetErrorText(errtxt);
}
if (copied && errtxt) {
PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_STATUS_ERR],
PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_ERR],
moduleName, errtxt);
PR_Free(errtxt);
} else {
PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_ERR],
moduleName);
moduleName, SECU_Strerror(PORT_GetError()));
}
return ADD_MODULE_FAILED_ERR;
} else {

8
security/nss/cmd/pk12util/pk12util.c
View File

@ -67,8 +67,8 @@ Usage(char *progName)
FPS "Usage: %s -o exportfile -n certname [-d certdir] [-P dbprefix] [-v]\n",
progName);
FPS "\t\t [-c key_cipher] [-C cert_cipher] [-k key_leng]\n");
FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filepw]\n");
FPS "\t\t [-c key_cipher] [-C cert_cipher] [-m | --key_len keyLen] [-n | --cert_key_len certKeyLen]\n");
FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filefilepw]\n");
exit(PK12UERR_USAGE);
}
@ -953,8 +953,8 @@ static secuCommandFlag pk12util_options[] =
{ /* opt_Debug */ 'v', PR_FALSE, 0, PR_FALSE },
{ /* opt_Cipher */ 'c', PR_TRUE, 0, PR_FALSE },
{ /* opt_CertCipher */ 'C', PR_TRUE, 0, PR_FALSE },
{ /* opt_KeyLength */ 'k', PR_TRUE, 0, PR_FALSE },
{ /* opt_CertKeyLength */ 'K', PR_TRUE, 0, PR_FALSE }
{ /* opt_KeyLength */ 'm', PR_TRUE, 0, PR_FALSE, "key_len" },
{ /* opt_CertKeyLength */ 'n', PR_TRUE, 0, PR_FALSE, "cert_key_len" }
};
int

20
security/nss/cmd/platlibs.mk
View File

@ -240,26 +240,6 @@ ifeq ($(OS_ARCH), AIX)
EXTRA_SHARED_LIBS += -brtl
endif
# If GNU ld is used, we must use the -rpath-link option to tell
# the linker where to find libsoftokn3.so, an implicit dependency
# of libnss3.so.
ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD, $(OS_ARCH)))
EXTRA_SHARED_LIBS += -Wl,-rpath-link,$(DIST)/lib
endif
ifeq ($(OS_ARCH), SunOS)
ifdef NS_USE_GCC
ifdef GCC_USE_GNU_LD
EXTRA_SHARED_LIBS += -Wl,-rpath-link,$(DIST)/lib
endif
endif
endif
ifeq ($(OS_ARCH), Darwin)
EXTRA_SHARED_LIBS += -dylib_file @executable_path/libsoftokn3.dylib:$(DIST)/lib/libsoftokn3.dylib
endif
# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
EXTRA_SHARED_LIBS += \

32
security/nss/cmd/selfserv/selfserv.c
View File

@ -1766,35 +1766,6 @@ beAGoodParent(int argc, char **argv, int maxProcs, PRFileDesc * listen_sock)
exit(0);
}
#ifdef DEBUG_nelsonb
#if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
#define SSL_GETPID getpid
#elif defined(_WIN32_WCE)
#define SSL_GETPID GetCurrentProcessId
#elif defined(WIN32)
extern int __cdecl _getpid(void);
#define SSL_GETPID _getpid
#else
#define SSL_GETPID() 0
#endif
void
WaitForDebugger(void)
{
int waiting = 12;
int myPid = SSL_GETPID();
PRIntervalTime nrval = PR_SecondsToInterval(5);
while (waiting) {
printf("child %d is waiting to be debugged!\n", myPid);
PR_Sleep(nrval);
--waiting;
}
}
#endif
#define HEXCHAR_TO_INT(c, i) \
if (((c) >= '0') && ((c) <= '9')) { \
i = (c) - '0'; \
@ -2060,9 +2031,6 @@ main(int argc, char **argv)
prStatus = PR_SetFDInheritable(listen_sock, PR_FALSE);
if (prStatus != PR_SUCCESS)
errExit("PR_SetFDInheritable");
#endif
#ifdef DEBUG_nelsonb
WaitForDebugger();
#endif
rv = SSL_InheritMPServerSIDCache(envString);
if (rv != SECSuccess)

108
security/nss/cmd/shlibsign/shlibsign.c
View File

@ -37,7 +37,7 @@
/*
* Test program for SDR (Secret Decoder Ring) functions.
*
* $Id: shlibsign.c,v 1.16 2008/08/08 23:48:04 julien.pierre.boogz%sun.com Exp $
* $Id: shlibsign.c,v 1.17 2008/09/30 04:32:43 nelson%bolyard.com Exp $
*/
#ifdef XP_UNIX
@ -130,6 +130,100 @@ writeItem(PRFileDesc *fd, SECItem *item, char *file)
return SECSuccess;
}
static const unsigned char prime[] = { 0x00,
0x97, 0x44, 0x1d, 0xcc, 0x0d, 0x39, 0x0d, 0x8d,
0xcb, 0x75, 0xdc, 0x24, 0x25, 0x6f, 0x01, 0x92,
0xa1, 0x11, 0x07, 0x6b, 0x70, 0xac, 0x73, 0xd7,
0x82, 0x28, 0xdf, 0xab, 0x82, 0x0c, 0x41, 0x0c,
0x95, 0xb3, 0x3c, 0x3d, 0xea, 0x8a, 0xe6, 0x44,
0x0a, 0xb8, 0xab, 0x90, 0x15, 0x41, 0x11, 0xe8,
0x48, 0x7b, 0x8d, 0xb0, 0x9c, 0xd3, 0xf2, 0x69,
0x66, 0xff, 0x66, 0x4b, 0x70, 0x2b, 0xbf, 0xfb,
0xd6, 0x68, 0x85, 0x76, 0x1e, 0x34, 0xaa, 0xc5,
0x57, 0x6e, 0x23, 0x02, 0x08, 0x60, 0x6e, 0xfd,
0x67, 0x76, 0xe1, 0x7c, 0xc8, 0xcb, 0x51, 0x77,
0xcf, 0xb1, 0x3b, 0x00, 0x2e, 0xfa, 0x21, 0xcd,
0x34, 0x76, 0x75, 0x01, 0x19, 0xfe, 0xf8, 0x5d,
0x43, 0xc5, 0x34, 0xf3, 0x7a, 0x95, 0xdc, 0xc2,
0x58, 0x07, 0x19, 0x2f, 0x1d, 0x6f, 0x9a, 0x77,
0x7e, 0x55, 0xaa, 0xe7, 0x5a, 0x50, 0x43, 0xd3 };
static const unsigned char subprime[] = { 0x0,
0xd8, 0x16, 0x23, 0x34, 0x8a, 0x9e, 0x3a, 0xf5,
0xd9, 0x10, 0x13, 0x35, 0xaa, 0xf3, 0xf3, 0x54,
0x0b, 0x31, 0x24, 0xf1 };
static const unsigned char base[] = {
0x03, 0x3a, 0xad, 0xfa, 0x3a, 0x0c, 0xea, 0x0a,
0x4e, 0x43, 0x32, 0x92, 0xbb, 0x87, 0xf1, 0x11,
0xc0, 0xad, 0x39, 0x38, 0x56, 0x1a, 0xdb, 0x23,
0x66, 0xb1, 0x08, 0xda, 0xb6, 0x19, 0x51, 0x42,
0x93, 0x4f, 0xc3, 0x44, 0x43, 0xa8, 0x05, 0xc1,
0xf8, 0x71, 0x62, 0x6f, 0x3d, 0xe2, 0xab, 0x6f,
0xd7, 0x80, 0x22, 0x6f, 0xca, 0x0d, 0xf6, 0x9f,
0x45, 0x27, 0x83, 0xec, 0x86, 0x0c, 0xda, 0xaa,
0xd6, 0xe0, 0xd0, 0x84, 0xfd, 0xb1, 0x4f, 0xdc,
0x08, 0xcd, 0x68, 0x3a, 0x77, 0xc2, 0xc5, 0xf1,
0x99, 0x0f, 0x15, 0x1b, 0x6a, 0x8c, 0x3d, 0x18,
0x2b, 0x6f, 0xdc, 0x2b, 0xd8, 0xb5, 0x9b, 0xb8,
0x2d, 0x57, 0x92, 0x1c, 0x46, 0x27, 0xaf, 0x6d,
0xe1, 0x45, 0xcf, 0x0b, 0x3f, 0xfa, 0x07, 0xcc,
0x14, 0x8e, 0xe7, 0xb8, 0xaa, 0xd5, 0xd1, 0x36,
0x1d, 0x7e, 0x5e, 0x7d, 0xfa, 0x5b, 0x77, 0x1f };
static const unsigned char h[] = {
0x41, 0x87, 0x47, 0x79, 0xd8, 0xba, 0x4e, 0xac,
0x44, 0x4f, 0x6b, 0xd2, 0x16, 0x5e, 0x04, 0xc6,
0xc2, 0x29, 0x93, 0x5e, 0xbd, 0xc7, 0xa9, 0x8f,
0x23, 0xa1, 0xc8, 0xee, 0x80, 0x64, 0xd5, 0x67,
0x3c, 0xba, 0x59, 0x9a, 0x06, 0x0c, 0xcc, 0x29,
0x56, 0xc0, 0xb2, 0x21, 0xe0, 0x5b, 0x52, 0xcd,
0x84, 0x73, 0x57, 0xfd, 0xd8, 0xc3, 0x5b, 0x13,
0x54, 0xd7, 0x4a, 0x06, 0x86, 0x63, 0x09, 0xa5,
0xb0, 0x59, 0xe2, 0x32, 0x9e, 0x09, 0xa3, 0x9f,
0x49, 0x62, 0xcc, 0xa6, 0xf9, 0x54, 0xd5, 0xb2,
0xc3, 0x08, 0x71, 0x7e, 0xe3, 0x37, 0x50, 0xd6,
0x7b, 0xa7, 0xc2, 0x60, 0xc1, 0xeb, 0x51, 0x32,
0xfa, 0xad, 0x35, 0x25, 0x17, 0xf0, 0x7f, 0x23,
0xe5, 0xa8, 0x01, 0x52, 0xcf, 0x2f, 0xd9, 0xa9,
0xf6, 0x00, 0x21, 0x15, 0xf1, 0xf7, 0x70, 0xb7,
0x57, 0x8a, 0xd0, 0x59, 0x6a, 0x82, 0xdc, 0x9c };
static const unsigned char seed[] = { 0x00,
0xcc, 0x4c, 0x69, 0x74, 0xf6, 0x72, 0x24, 0x68,
0x24, 0x4f, 0xd7, 0x50, 0x11, 0x40, 0x81, 0xed,
0x19, 0x3c, 0x8a, 0x25, 0xbc, 0x78, 0x0a, 0x85,
0x82, 0x53, 0x70, 0x20, 0xf6, 0x54, 0xa5, 0x1b,
0xf4, 0x15, 0xcd, 0xff, 0xc4, 0x88, 0xa7, 0x9d,
0xf3, 0x47, 0x1c, 0x0a, 0xbe, 0x10, 0x29, 0x83,
0xb9, 0x0f, 0x4c, 0xdf, 0x90, 0x16, 0x83, 0xa2,
0xb3, 0xe3, 0x2e, 0xc1, 0xc2, 0x24, 0x6a, 0xc4,
0x9d, 0x57, 0xba, 0xcb, 0x0f, 0x18, 0x75, 0x00,
0x33, 0x46, 0x82, 0xec, 0xd6, 0x94, 0x77, 0xc3,
0x4f, 0x4c, 0x58, 0x1c, 0x7f, 0x61, 0x3c, 0x36,
0xd5, 0x2f, 0xa5, 0x66, 0xd8, 0x2f, 0xce, 0x6e,
0x8e, 0x20, 0x48, 0x4a, 0xbb, 0xe3, 0xe0, 0xb2,
0x50, 0x33, 0x63, 0x8a, 0x5b, 0x2d, 0x6a, 0xbe,
0x4c, 0x28, 0x81, 0x53, 0x5b, 0xe4, 0xf6, 0xfc,
0x64, 0x06, 0x13, 0x51, 0xeb, 0x4a, 0x91, 0x9c };
#define MK_SECITEM(bb) { siBuffer, (unsigned char *)(bb), sizeof(bb) }
static PQGParams pqgParams = {
NULL, /* arena */
MK_SECITEM(prime), /* P */
MK_SECITEM(subprime), /* Q */
MK_SECITEM(base) /* G */
};
static PQGVerify pqgVerify = {
NULL, /* arena */
1496, /* counter */
MK_SECITEM(seed), /* seed */
MK_SECITEM(h) /* h */
};
int
main (int argc, char **argv)
@ -152,10 +246,8 @@ main (int argc, char **argv)
unsigned char sign_buf[40]; /* DSA_LENGTH */
SECItem hash,sign;
PK11Context *hashcx = NULL;
int ks, count=0;
int count=0;
int keySize = 1024;
PQGParams *pqgParams = NULL;
PQGVerify *pqgVerify = NULL;
const char *nssDir = NULL;
secuPWData pwdata = { PW_NONE, 0 };
#ifdef USES_LINKS
@ -249,13 +341,7 @@ main (int argc, char **argv)
}
printf("Generating DSA Key Pair...."); fflush(stdout);
ks = PQG_PBITS_TO_INDEX(keySize);
rv = PK11_PQG_ParamGen(ks,&pqgParams, &pqgVerify);
if (rv != SECSuccess) {
lperror("Generating PQG Params");
goto loser;
}
privk = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, &pubk,
privk = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, &pqgParams, &pubk,
PR_FALSE, PR_TRUE, &pwdata);
if (privk == NULL) {
lperror("Generating DSA Key");

2
security/nss/cmd/signtool/signtool.c
View File

@ -185,7 +185,7 @@ ProcessCommandFile()
return - 1;
}
while (pr_fgets(buf, CMD_FILE_BUFSIZE, fd), buf && *buf != '\0') {
while (pr_fgets(buf, CMD_FILE_BUFSIZE, fd)) {
char *eol;
linenum++;

5
security/nss/cmd/signtool/util.c
View File

@ -1109,10 +1109,13 @@ pr_fgets(char *buf, int size, PRFileDesc *file)
i = 0;
while (i < size - 1) {
status = PR_Read(file, (void * ) &c, 1);
status = PR_Read(file, &c, 1);
if (status == -1) {
return NULL;
} else if (status == 0) {
if (i == 0) {
return NULL;
}
break;
}
buf[i++] = c;

2
security/nss/cmd/signver/manifest.mn
View File

@ -54,5 +54,3 @@ PACKAGE_FILES += signver
endif
ARCHIVE_NAME = signver
USE_STATIC_LIBS = 1

22
security/nss/cmd/signver/pk7print.c
View File

@ -119,11 +119,12 @@ sv_PrintTime(FILE *out, SECItem *t, char *m)
/* Convert to local time */
PR_ExplodeTime(time, PR_LocalTimeParameters, &printableTime);
timeString = (char *)PORT_Alloc(100);
timeString = (char *)PORT_Alloc(256);
if ( timeString ) {
PR_FormatTime( timeString, 100, "%a %b %d %H:%M:%S %Y", &printableTime );
fprintf(out, "%s%s\n", m, timeString);
if (PR_FormatTime( timeString, 256, "%a %b %d %H:%M:%S %Y", &printableTime )) {
fprintf(out, "%s%s\n", m, timeString);
}
PORT_Free(timeString);
return 0;
}
@ -361,14 +362,16 @@ sv_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena,
DER_ConvertBitString(&i->subjectPublicKey);
switch(SECOID_FindOIDTag(&i->algorithm.algorithm)) {
case SEC_OID_PKCS1_RSA_ENCRYPTION:
rv = SEC_ASN1DecodeItem(arena, pk, SECKEY_RSAPublicKeyTemplate,
rv = SEC_ASN1DecodeItem(arena, pk,
SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate),
&i->subjectPublicKey);
if (rv) return rv;
sprintf(mm, "%s.rsaPublicKey.", msg);
sv_PrintRSAPublicKey(out, pk, mm);
break;
case SEC_OID_ANSIX9_DSA_SIGNATURE:
rv = SEC_ASN1DecodeItem(arena, pk, SECKEY_DSAPublicKeyTemplate,
rv = SEC_ASN1DecodeItem(arena, pk,
SEC_ASN1_GET(SECKEY_DSAPublicKeyTemplate),
&i->subjectPublicKey);
if (rv) return rv;
sprintf(mm, "%s.dsaPublicKey.", msg);
@ -391,7 +394,8 @@ sv_PrintInvalidDateExten (FILE *out, SECItem *value, char *msg)
char *formattedTime = NULL;
decodedValue.data = NULL;
rv = SEC_ASN1DecodeItem (NULL, &decodedValue, SEC_GeneralizedTimeTemplate,
rv = SEC_ASN1DecodeItem (NULL, &decodedValue,
SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
value);
if (rv == SECSuccess) {
rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue);
@ -495,7 +499,8 @@ sv_PrintCertificate(FILE *out, SECItem *der, char *m, int level)
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena) return SEC_ERROR_NO_MEMORY;
rv = SEC_ASN1DecodeItem(arena, c, CERT_CertificateTemplate, der);
rv = SEC_ASN1DecodeItem(arena, c, SEC_ASN1_GET(CERT_CertificateTemplate),
der);
if (rv) {
PORT_FreeArena(arena, PR_FALSE);
return rv;
@ -541,7 +546,8 @@ sv_PrintSignedData(FILE *out, SECItem *der, char *m, SECU_PPFunc inner)
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (!arena) return SEC_ERROR_NO_MEMORY;
rv = SEC_ASN1DecodeItem(arena, sd, CERT_SignedDataTemplate, der);
rv = SEC_ASN1DecodeItem(arena, sd, SEC_ASN1_GET(CERT_SignedDataTemplate),
der);
if (rv) {
PORT_FreeArena(arena, PR_FALSE);
return rv;

58
security/nss/cmd/tests/conflict.c Normal file
View File

@ -0,0 +1,58 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 2008
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* This test verifies that NSS public headers don't conflict with common
* identifier names.
*/
#include "nssilckt.h"
/*
* Bug 455424: nssilckt.h used to define the enumeration constant 'Lock',
* which conflicts with C++ code that defines a Lock class. This is a
* reduced test case in C for that name conflict.
*/
typedef struct {
int dummy;
} Lock;
Lock lock;
int main()
{
return 0;
}

1
security/nss/cmd/tests/manifest.mn
View File

@ -41,6 +41,7 @@ CORE_DEPTH = ../../..
MODULE = nss
CSRCS = \
conflict.c \
nonspr10.c \
remtest.c \
$(NULL)

49
security/nss/cmd/tstclnt/tstclnt.c
View File

@ -38,7 +38,7 @@
/*
**
** Sample client side test program that uses SSL and libsec
** Sample client side test program that uses SSL and NSS
**
*/
@ -126,20 +126,7 @@ int renegotiate = 0;
static char *progName;
/* This exists only for the automated test suite. It allows us to
* pass in a password on the command line.
*/
char *password = NULL;
char * ownPasswd( PK11SlotInfo *slot, PRBool retry, void *arg)
{
char *passwd = NULL;
if ( (!retry) && arg ) {
passwd = PL_strdup((char *)arg);
}
return passwd;
}
secuPWData pwdata = { PW_NONE, 0 };
void printSecurityInfo(PRFileDesc *fd)
{
@ -203,7 +190,7 @@ static void Usage(const char *progName)
{
fprintf(stderr,
"Usage: %s -h host [-p port] [-d certdir] [-n nickname] [-23BTfosvxr] \n"
" [-c ciphers] [-w passwd] [-q]\n", progName);
" [-c ciphers] [-w passwd] [-W pwfile] [-q]\n", progName);
fprintf(stderr, "%-20s Hostname to connect with\n", "-h host");
fprintf(stderr, "%-20s Port number for SSL server\n", "-p port");
fprintf(stderr,
@ -523,7 +510,6 @@ int main(int argc, char **argv)
PRSocketOptionData opt;
PRNetAddr addr;
PRPollDesc pollset[2];
PRBool useCommandLinePassword = PR_FALSE;
PRBool pingServerFirst = PR_FALSE;
PRBool clientSpeaksFirst = PR_FALSE;
PRBool wrStarted = PR_FALSE;
@ -548,7 +534,7 @@ int main(int argc, char **argv)
}
}
optstate = PL_CreateOptState(argc, argv, "23BTSfc:h:p:d:m:n:oqr:suvw:x");
optstate = PL_CreateOptState(argc, argv, "23BTSfc:h:p:d:m:n:oqr:suvw:xW:");
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case '?':
@ -594,11 +580,16 @@ int main(int argc, char **argv)
case 'r': renegotiate = atoi(optstate->value); break;
case 'w':
password = PORT_Strdup(optstate->value);
useCommandLinePassword = PR_TRUE;
case 'w':
pwdata.source = PW_PLAINTEXT;
pwdata.data = PORT_Strdup(optstate->value);
break;
case 'W':
pwdata.source = PW_FROMFILE;
pwdata.data = PORT_Strdup(optstate->value);
break;
case 'x': useExportPolicy = 1; break;
}
}
@ -613,12 +604,7 @@ int main(int argc, char **argv)
PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
/* set our password function */
if ( useCommandLinePassword ) {
PK11_SetPasswordFunc(ownPasswd);
} else {
PK11_SetPasswordFunc(SECU_GetModulePassword);
}
PK11_SetPasswordFunc(SECU_GetModulePassword);
/* open the cert DB, the key DB, and the secmod DB. */
if (!certDir) {
@ -843,9 +829,7 @@ int main(int argc, char **argv)
return 1;
}
if (useCommandLinePassword) {
SSL_SetPKCS11PinArg(s, password);
}
SSL_SetPKCS11PinArg(s, &pwdata);
SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle);
if (override) {
@ -1064,8 +1048,8 @@ int main(int argc, char **argv)
if (nickname) {
PORT_Free(nickname);
}
if (password) {
PORT_Free(password);
if (pwdata.data) {
PORT_Free(pwdata.data);
}
PORT_Free(host);
@ -1075,6 +1059,7 @@ int main(int argc, char **argv)
exit(1);
}
FPRINTF(stderr, "tstclnt: exiting with return code %d\n", error);
PR_Cleanup();
return error;
}

10
security/nss/lib/base/nssbaset.h
View File

@ -38,7 +38,7 @@
#define NSSBASET_H
#ifdef DEBUG
static const char NSSBASET_CVS_ID[] = "@(#) $RCSfile: nssbaset.h,v $ $Revision: 1.6 $ $Date: 2005/01/20 02:25:45 $";
static const char NSSBASET_CVS_ID[] = "@(#) $RCSfile: nssbaset.h,v $ $Revision: 1.7 $ $Date: 2008/10/05 20:59:16 $";
#endif /* DEBUG */
/*
@ -61,10 +61,10 @@ static const char NSSBASET_CVS_ID[] = "@(#) $RCSfile: nssbaset.h,v $ $Revision:
*/
#define DUMMY /* dummy */
#define NSS_EXTERN PR_EXTERN(DUMMY)
#define NSS_IMPLEMENT PR_IMPLEMENT(DUMMY)
#define NSS_EXTERN_DATA PR_EXTERN_DATA(DUMMY)
#define NSS_IMPLEMENT_DATA PR_IMPLEMENT_DATA(DUMMY)
#define NSS_EXTERN extern
#define NSS_EXTERN_DATA extern
#define NSS_IMPLEMENT
#define NSS_IMPLEMENT_DATA
PR_BEGIN_EXTERN_C

4
security/nss/lib/certdb/stanpcertdb.c
View File

@ -996,6 +996,7 @@ CERT_OpenCertDBFilename(CERTCertDBHandle *handle, char *certdbname,
PRBool readOnly)
{
PORT_Assert("CERT_OpenCertDBFilename is Deprecated" == NULL);
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return SECFailure;
}
@ -1003,6 +1004,7 @@ SECItem *
SECKEY_HashPassword(char *pw, SECItem *salt)
{
PORT_Assert("SECKEY_HashPassword is Deprecated" == NULL);
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return NULL;
}
@ -1012,6 +1014,7 @@ __CERT_TraversePermCertsForSubject(CERTCertDBHandle *handle,
void *cb, void *cbarg)
{
PORT_Assert("CERT_TraversePermCertsForSubject is Deprecated" == NULL);
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return SECFailure;
}
@ -1021,6 +1024,7 @@ __CERT_TraversePermCertsForNickname(CERTCertDBHandle *handle, char *nickname,
void *cb, void *cbarg)
{
PORT_Assert("CERT_TraversePermCertsForNickname is Deprecated" == NULL);
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return SECFailure;
}

20
security/nss/lib/certhigh/ocsp.c
View File

@ -39,7 +39,7 @@
* Implementation of OCSP services, for both client and server.
* (XXX, really, mostly just for client right now, but intended to do both.)
*
* $Id: ocsp.c,v 1.54 2008/07/08 21:34:32 alexei.volkov.bugs%sun.com Exp $
* $Id: ocsp.c,v 1.55 2008/10/06 23:37:55 julien.pierre.boogz%sun.com Exp $
*/
#include "prerror.h"
@ -205,14 +205,14 @@ static void
ocsp_dumpStringWithTime(const char *str, int64 time)
{
PRExplodedTime timePrintable;
char timestr[100];
char timestr[256];
if (!wantOcspTrace())
return;
PR_ExplodeTime(time, PR_GMTParameters, &timePrintable);
PR_FormatTime(timestr, 100, "%a %b %d %H:%M:%S %Y",
&timePrintable);
ocsp_Trace("OCSP %s %s\n", str, timestr);
if (PR_FormatTime(timestr, 256, "%a %b %d %H:%M:%S %Y", &timePrintable)) {
ocsp_Trace("OCSP %s %s\n", str, timestr);
}
}
static void
@ -245,16 +245,18 @@ dumpCertificate(CERTCertificate *cert)
{
int64 timeBefore, timeAfter;
PRExplodedTime beforePrintable, afterPrintable;
char beforestr[100], afterstr[100];
char beforestr[256], afterstr[256];
PRStatus rv1, rv2;
DER_DecodeTimeChoice(&timeBefore, &cert->validity.notBefore);
DER_DecodeTimeChoice(&timeAfter, &cert->validity.notAfter);
PR_ExplodeTime(timeBefore, PR_GMTParameters, &beforePrintable);
PR_ExplodeTime(timeAfter, PR_GMTParameters, &afterPrintable);
PR_FormatTime(beforestr, 100, "%a %b %d %H:%M:%S %Y",
rv1 = PR_FormatTime(beforestr, 256, "%a %b %d %H:%M:%S %Y",
&beforePrintable);
PR_FormatTime(afterstr, 100, "%a %b %d %H:%M:%S %Y",
rv2 = PR_FormatTime(afterstr, 256, "%a %b %d %H:%M:%S %Y",
&afterPrintable);
ocsp_Trace("OCSP ## VALIDITY: %s to %s\n", beforestr, afterstr);
ocsp_Trace("OCSP ## VALIDITY: %s to %s\n", rv1 ? beforestr : "",
rv2 ? afterstr : "");
}
ocsp_Trace("OCSP ## ISSUER: %s\n", cert->issuerName);
printHexString("OCSP ## SERIAL NUMBER:", &cert->serialNumber);

121
security/nss/lib/ckfw/builtins/certdata.c
View File

@ -35,7 +35,7 @@
*
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.50 $ $Date: 2008/08/14 18:15:56 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.50 $ $Date: 2008/08/14 18:15:56 $";
static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $";
#endif /* DEBUG */
#ifndef BUILTINS_H
@ -803,6 +803,12 @@ static const CK_ATTRIBUTE_TYPE nss_builtins_types_248 [] = {
static const CK_ATTRIBUTE_TYPE nss_builtins_types_249 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_250 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
};
static const CK_ATTRIBUTE_TYPE nss_builtins_types_251 [] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
};
#ifdef DEBUG
static const NSSItem nss_builtins_items_0 [] = {
{ (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
@ -811,7 +817,7 @@ static const NSSItem nss_builtins_items_0 [] = {
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)"CVS ID", (PRUint32)7 },
{ (void *)"NSS", (PRUint32)4 },
{ (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.50 $ $Date: 2008/08/14 18:15:56 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.50 $ $Date: 2008/08/14 18:15:56 $", (PRUint32)160 }
{ (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $", (PRUint32)160 }
};
#endif /* DEBUG */
static const NSSItem nss_builtins_items_1 [] = {
@ -16868,6 +16874,109 @@ static const NSSItem nss_builtins_items_249 [] = {
{ (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
static const NSSItem nss_builtins_items_250 [] = {
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)"COMODO ECC Certification Authority", (PRUint32)35 },
{ (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
{ (void *)"\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102"
"\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164"
"\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060"
"\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061"
"\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117"
"\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006"
"\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103"
"\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101"
"\165\164\150\157\162\151\164\171"
, (PRUint32)136 },
{ (void *)"0", (PRUint32)2 },
{ (void *)"\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102"
"\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164"
"\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060"
"\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061"
"\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117"
"\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006"
"\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103"
"\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101"
"\165\164\150\157\162\151\164\171"
, (PRUint32)136 },
{ (void *)"\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143"
"\231\052"
, (PRUint32)18 },
{ (void *)"\060\202\002\211\060\202\002\017\240\003\002\001\002\002\020\037"
"\107\257\252\142\000\160\120\124\114\001\236\233\143\231\052\060"
"\012\006\010\052\206\110\316\075\004\003\003\060\201\205\061\013"
"\060\011\006\003\125\004\006\023\002\107\102\061\033\060\031\006"
"\003\125\004\010\023\022\107\162\145\141\164\145\162\040\115\141"
"\156\143\150\145\163\164\145\162\061\020\060\016\006\003\125\004"
"\007\023\007\123\141\154\146\157\162\144\061\032\060\030\006\003"
"\125\004\012\023\021\103\117\115\117\104\117\040\103\101\040\114"
"\151\155\151\164\145\144\061\053\060\051\006\003\125\004\003\023"
"\042\103\117\115\117\104\117\040\105\103\103\040\103\145\162\164"
"\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162"
"\151\164\171\060\036\027\015\060\070\060\063\060\066\060\060\060"
"\060\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071"
"\065\071\132\060\201\205\061\013\060\011\006\003\125\004\006\023"
"\002\107\102\061\033\060\031\006\003\125\004\010\023\022\107\162"
"\145\141\164\145\162\040\115\141\156\143\150\145\163\164\145\162"
"\061\020\060\016\006\003\125\004\007\023\007\123\141\154\146\157"
"\162\144\061\032\060\030\006\003\125\004\012\023\021\103\117\115"
"\117\104\117\040\103\101\040\114\151\155\151\164\145\144\061\053"
"\060\051\006\003\125\004\003\023\042\103\117\115\117\104\117\040"
"\105\103\103\040\103\145\162\164\151\146\151\143\141\164\151\157"
"\156\040\101\165\164\150\157\162\151\164\171\060\166\060\020\006"
"\007\052\206\110\316\075\002\001\006\005\053\201\004\000\042\003"
"\142\000\004\003\107\173\057\165\311\202\025\205\373\165\344\221"
"\026\324\253\142\231\365\076\122\013\006\316\101\000\177\227\341"
"\012\044\074\035\001\004\356\075\322\215\011\227\014\340\165\344"
"\372\373\167\212\052\365\003\140\113\066\213\026\043\026\255\011"
"\161\364\112\364\050\120\264\376\210\034\156\077\154\057\057\011"
"\131\133\245\133\013\063\231\342\303\075\211\371\152\054\357\262"
"\323\006\351\243\102\060\100\060\035\006\003\125\035\016\004\026"
"\004\024\165\161\247\031\110\031\274\235\235\352\101\107\337\224"
"\304\110\167\231\323\171\060\016\006\003\125\035\017\001\001\377"
"\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377"
"\004\005\060\003\001\001\377\060\012\006\010\052\206\110\316\075"
"\004\003\003\003\150\000\060\145\002\061\000\357\003\133\172\254"
"\267\170\012\162\267\210\337\377\265\106\024\011\012\372\240\346"
"\175\010\306\032\207\275\030\250\163\275\046\312\140\014\235\316"
"\231\237\317\134\017\060\341\276\024\061\352\002\060\024\364\223"
"\074\111\247\063\172\220\106\107\263\143\175\023\233\116\267\157"
"\030\067\200\123\376\335\040\340\065\232\066\321\307\001\271\346"
"\334\335\363\377\035\054\072\026\127\331\222\071\326"
, (PRUint32)653 }
};
static const NSSItem nss_builtins_items_251 [] = {
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
{ (void *)"COMODO ECC Certification Authority", (PRUint32)35 },
{ (void *)"\237\164\116\237\053\115\272\354\017\061\054\120\266\126\073\216"
"\055\223\303\021"
, (PRUint32)20 },
{ (void *)"\174\142\377\164\235\061\123\136\150\112\325\170\252\036\277\043"
, (PRUint32)16 },
{ (void *)"\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102"
"\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164"
"\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060"
"\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061"
"\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117"
"\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006"
"\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103"
"\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101"
"\165\164\150\157\162\151\164\171"
, (PRUint32)136 },
{ (void *)"\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143"
"\231\052"
, (PRUint32)18 },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
};
builtinsInternalObject
nss_builtins_data[] = {
@ -17122,11 +17231,13 @@ nss_builtins_data[] = {
{ 11, nss_builtins_types_246, nss_builtins_items_246, {NULL} },
{ 13, nss_builtins_types_247, nss_builtins_items_247, {NULL} },
{ 11, nss_builtins_types_248, nss_builtins_items_248, {NULL} },
{ 13, nss_builtins_types_249, nss_builtins_items_249, {NULL} }
{ 13, nss_builtins_types_249, nss_builtins_items_249, {NULL} },
{ 11, nss_builtins_types_250, nss_builtins_items_250, {NULL} },
{ 13, nss_builtins_types_251, nss_builtins_items_251, {NULL} }
};
const PRUint32
#ifdef DEBUG
nss_builtins_nObjects = 249+1;
nss_builtins_nObjects = 251+1;
#else
nss_builtins_nObjects = 249;
nss_builtins_nObjects = 251;
#endif /* DEBUG */

115
security/nss/lib/ckfw/builtins/certdata.txt
View File

@ -34,7 +34,7 @@
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.49 $ $Date: 2008/08/14 18:15:56 $"
CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.50 $ $Date: 2008/10/17 23:06:48 $"
#
# certdata.txt
@ -17388,3 +17388,116 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
#
# Certificate "COMODO ECC Certification Authority"
#
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "COMODO ECC Certification Authority"
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
CKA_SUBJECT MULTILINE_OCTAL
\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102
\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006
\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103
\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
\165\164\150\157\162\151\164\171
END
CKA_ID UTF8 "0"
CKA_ISSUER MULTILINE_OCTAL
\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102
\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006
\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103
\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
\165\164\150\157\162\151\164\171
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143
\231\052
END
CKA_VALUE MULTILINE_OCTAL
\060\202\002\211\060\202\002\017\240\003\002\001\002\002\020\037
\107\257\252\142\000\160\120\124\114\001\236\233\143\231\052\060
\012\006\010\052\206\110\316\075\004\003\003\060\201\205\061\013
\060\011\006\003\125\004\006\023\002\107\102\061\033\060\031\006
\003\125\004\010\023\022\107\162\145\141\164\145\162\040\115\141
\156\143\150\145\163\164\145\162\061\020\060\016\006\003\125\004
\007\023\007\123\141\154\146\157\162\144\061\032\060\030\006\003
\125\004\012\023\021\103\117\115\117\104\117\040\103\101\040\114
\151\155\151\164\145\144\061\053\060\051\006\003\125\004\003\023
\042\103\117\115\117\104\117\040\105\103\103\040\103\145\162\164
\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162
\151\164\171\060\036\027\015\060\070\060\063\060\066\060\060\060
\060\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071
\065\071\132\060\201\205\061\013\060\011\006\003\125\004\006\023
\002\107\102\061\033\060\031\006\003\125\004\010\023\022\107\162
\145\141\164\145\162\040\115\141\156\143\150\145\163\164\145\162
\061\020\060\016\006\003\125\004\007\023\007\123\141\154\146\157
\162\144\061\032\060\030\006\003\125\004\012\023\021\103\117\115
\117\104\117\040\103\101\040\114\151\155\151\164\145\144\061\053
\060\051\006\003\125\004\003\023\042\103\117\115\117\104\117\040
\105\103\103\040\103\145\162\164\151\146\151\143\141\164\151\157
\156\040\101\165\164\150\157\162\151\164\171\060\166\060\020\006
\007\052\206\110\316\075\002\001\006\005\053\201\004\000\042\003
\142\000\004\003\107\173\057\165\311\202\025\205\373\165\344\221
\026\324\253\142\231\365\076\122\013\006\316\101\000\177\227\341
\012\044\074\035\001\004\356\075\322\215\011\227\014\340\165\344
\372\373\167\212\052\365\003\140\113\066\213\026\043\026\255\011
\161\364\112\364\050\120\264\376\210\034\156\077\154\057\057\011
\131\133\245\133\013\063\231\342\303\075\211\371\152\054\357\262
\323\006\351\243\102\060\100\060\035\006\003\125\035\016\004\026
\004\024\165\161\247\031\110\031\274\235\235\352\101\107\337\224
\304\110\167\231\323\171\060\016\006\003\125\035\017\001\001\377
\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377
\004\005\060\003\001\001\377\060\012\006\010\052\206\110\316\075
\004\003\003\003\150\000\060\145\002\061\000\357\003\133\172\254
\267\170\012\162\267\210\337\377\265\106\024\011\012\372\240\346
\175\010\306\032\207\275\030\250\163\275\046\312\140\014\235\316
\231\237\317\134\017\060\341\276\024\061\352\002\060\024\364\223
\074\111\247\063\172\220\106\107\263\143\175\023\233\116\267\157
\030\067\200\123\376\335\040\340\065\232\066\321\307\001\271\346
\334\335\363\377\035\054\072\026\127\331\222\071\326
END
# Trust for Certificate "COMODO ECC Certification Authority"
CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "COMODO ECC Certification Authority"
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
\237\164\116\237\053\115\272\354\017\061\054\120\266\126\073\216
\055\223\303\021
END
CKA_CERT_MD5_HASH MULTILINE_OCTAL
\174\142\377\164\235\061\123\136\150\112\325\170\252\036\277\043
END
CKA_ISSUER MULTILINE_OCTAL
\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102
\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006
\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103
\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
\165\164\150\157\162\151\164\171
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143
\231\052
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE

4
security/nss/lib/ckfw/builtins/nssckbi.h
View File

@ -75,8 +75,8 @@
* of the comment in the CK_VERSION type definition.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 71
#define NSS_BUILTINS_LIBRARY_VERSION "1.71"
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 72
#define NSS_BUILTINS_LIBRARY_VERSION "1.72"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1

6
security/nss/lib/ckfw/capi/staticobj.c
View File

@ -37,7 +37,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: staticobj.c,v $ $Revision: 1.1 $ $Date: 2005/11/04 02:05:04 $""; @(#) $RCSfile: staticobj.c,v $ $Revision: 1.1 $ $Date: 2005/11/04 02:05:04 $";
static const char CVS_ID[] = "@(#) $RCSfile: staticobj.c,v $ $Revision: 1.2 $ $Date: 2008/10/05 20:59:19 $""; @(#) $RCSfile: staticobj.c,v $ $Revision: 1.2 $ $Date: 2008/10/05 20:59:19 $";
#endif /* DEBUG */
#ifndef CKCAPI_H
@ -67,8 +67,8 @@ static const NSSItem nss_ckcapi_items_1 [] = {
{ (void *)"Mozilla CAPI Access", (PRUint32)20 }
};
PR_IMPLEMENT_DATA(ckcapiInternalObject) nss_ckcapi_data[] = {
ckcapiInternalObject nss_ckcapi_data[] = {
{ ckcapiRaw, { 5, nss_ckcapi_types_1, nss_ckcapi_items_1} , {NULL} },
};
PR_IMPLEMENT_DATA(const PRUint32) nss_ckcapi_nObjects = 1;
const PRUint32 nss_ckcapi_nObjects = 1;

6
security/nss/lib/ckfw/nssmkey/staticobj.c
View File

@ -37,7 +37,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: staticobj.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $""; @(#) $RCSfile: staticobj.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $";
static const char CVS_ID[] = "@(#) $RCSfile: staticobj.c,v $ $Revision: 1.2 $ $Date: 2008/10/05 20:59:22 $""; @(#) $RCSfile: staticobj.c,v $ $Revision: 1.2 $ $Date: 2008/10/05 20:59:22 $";
#endif /* DEBUG */
#ifndef CKMK_H
@ -67,8 +67,8 @@ static const NSSItem nss_ckmk_items_1 [] = {
{ (void *)"Mozilla Mac Key Ring Access", (PRUint32)28 }
};
PR_IMPLEMENT_DATA(ckmkInternalObject) nss_ckmk_data[] = {
ckmkInternalObject nss_ckmk_data[] = {
{ ckmkRaw, {{ 5, nss_ckmk_types_1, nss_ckmk_items_1}} , CKO_DATA, {NULL} },
};
PR_IMPLEMENT_DATA(const PRUint32) nss_ckmk_nObjects = 1;
const PRUint32 nss_ckmk_nObjects = 1;

13
security/nss/lib/ckfw/wrap.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: wrap.c,v $ $Revision: 1.16 $ $Date: 2008/02/25 20:35:23 $";
static const char CVS_ID[] = "@(#) $RCSfile: wrap.c,v $ $Revision: 1.17 $ $Date: 2008/08/25 22:47:32 $";
#endif /* DEBUG */
/*
@ -274,6 +274,17 @@ NSSCKFWC_Finalize
break;
}
/*
* A thread's error stack is automatically destroyed when the thread
* terminates or, for the primordial thread, by PR_Cleanup. On
* Windows with MinGW, the thread private data destructor PR_Free
* registered by this module is actually a thunk for PR_Free defined
* in this module. When the thread that unloads this module terminates
* or calls PR_Cleanup, the thunk for PR_Free is already gone with the
* module. Therefore we need to destroy the error stack before the
* module is unloaded.
*/
nss_DestroyErrorStack();
return error;
}

21
security/nss/lib/dev/ckhelper.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.37 $ $Date: 2008/05/29 17:24:15 $";
static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.38 $ $Date: 2008/09/30 04:09:02 $";
#endif /* DEBUG */
#ifndef NSSCKEPV_H
@ -359,6 +359,10 @@ nssCryptokiCertificate_GetAttributes (
session = sessionOpt ?
sessionOpt :
nssToken_GetDefaultSession(certObject->token);
if (!session) {
nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
return PR_FAILURE;
}
slot = nssToken_GetSlot(certObject->token);
status = nssCKObject_GetAttributes(certObject->handle,
@ -457,6 +461,10 @@ nssCryptokiTrust_GetAttributes (
session = sessionOpt ?
sessionOpt :
nssToken_GetDefaultSession(trustObject->token);
if (!session) {
nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
return PR_FAILURE;
}
slot = nssToken_GetSlot(trustObject->token);
status = nssCKObject_GetAttributes(trustObject->handle,
@ -522,6 +530,10 @@ nssCryptokiCRL_GetAttributes (
session = sessionOpt ?
sessionOpt :
nssToken_GetDefaultSession(crlObject->token);
if (session == NULL) {
nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
return PR_FAILURE;
}
slot = nssToken_GetSlot(crlObject->token);
status = nssCKObject_GetAttributes(crlObject->handle,
@ -580,10 +592,9 @@ nssCryptokiPrivateKey_SetCertificate (
if (sessionOpt) {
if (!nssSession_IsReadWrite(sessionOpt)) {
return PR_FAILURE;
} else {
session = sessionOpt;
}
} else if (nssSession_IsReadWrite(defaultSession)) {
}
session = sessionOpt;
} else if (defaultSession && nssSession_IsReadWrite(defaultSession)) {
session = defaultSession;
} else {
NSSSlot *slot = nssToken_GetSlot(token);

77
security/nss/lib/dev/devtoken.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.50 $ $Date: 2008/08/09 01:25:58 $";
static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.51 $ $Date: 2008/09/30 04:09:02 $";
#endif /* DEBUG */
#ifndef NSSCKEPV_H
@ -182,7 +182,8 @@ nssToken_DeleteStoredObject (
nssTokenObjectCache_RemoveObject(token->cache, instance);
}
if (instance->isTokenObject) {
if (nssSession_IsReadWrite(token->defaultSession)) {
if (token->defaultSession &&
nssSession_IsReadWrite(token->defaultSession)) {
session = token->defaultSession;
} else {
session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE);
@ -227,10 +228,10 @@ import_object (
if (!nssSession_IsReadWrite(sessionOpt)) {
nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
return NULL;
} else {
session = sessionOpt;
}
} else if (nssSession_IsReadWrite(tok->defaultSession)) {
session = sessionOpt;
} else if (tok->defaultSession &&
nssSession_IsReadWrite(tok->defaultSession)) {
session = tok->defaultSession;
} else {
session = nssSlot_CreateSession(tok->slot, NULL, PR_TRUE);
@ -307,8 +308,7 @@ find_objects (
nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
/* Don't ask the module to use an invalid session handle. */
PORT_Assert(session->handle != CK_INVALID_SESSION);
if (session->handle == CK_INVALID_SESSION) {
if (!session || session->handle == CK_INVALID_SESSION) {
ckrv = CKR_SESSION_HANDLE_INVALID;
goto loser;
}
@ -1147,7 +1147,13 @@ nssToken_FindTrustForCertificate (
CK_ATTRIBUTE tobj_template[5];
CK_ULONG tobj_size;
nssSession *session = sessionOpt ? sessionOpt : token->defaultSession;
nssCryptokiObject *object, **objects;
nssCryptokiObject *object = NULL, **objects;
/* Don't ask the module to use an invalid session handle. */
if (!session || session->handle == CK_INVALID_SESSION) {
PORT_SetError(SEC_ERROR_NO_TOKEN);
return object;
}
NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size);
if (searchType == nssTokenSearchType_SessionOnly) {
@ -1159,7 +1165,6 @@ nssToken_FindTrustForCertificate (
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, certIssuer);
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER , certSerial);
NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size);
object = NULL;
objects = find_objects_by_template(token, session,
tobj_template, tobj_size,
1, NULL);
@ -1227,9 +1232,15 @@ nssToken_FindCRLsBySubject (
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE crlobj_template[3];
CK_ULONG crlobj_size;
nssCryptokiObject **objects;
nssCryptokiObject **objects = NULL;
nssSession *session = sessionOpt ? sessionOpt : token->defaultSession;
/* Don't ask the module to use an invalid session handle. */
if (!session || session->handle == CK_INVALID_SESSION) {
PORT_SetError(SEC_ERROR_NO_TOKEN);
return objects;
}
NSS_CK_TEMPLATE_START(crlobj_template, attr, crlobj_size);
if (searchType == nssTokenSearchType_SessionOnly) {
NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
@ -1280,8 +1291,14 @@ nssToken_Digest (
CK_BYTE_PTR digest;
NSSItem *rvItem = NULL;
void *epv = nssToken_GetCryptokiEPV(tok);
nssSession *session;
session = (sessionOpt) ? sessionOpt : tok->defaultSession;
nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
/* Don't ask the module to use an invalid session handle. */
if (!session || session->handle == CK_INVALID_SESSION) {
PORT_SetError(SEC_ERROR_NO_TOKEN);
return rvItem;
}
nssSession_EnterMonitor(session);
ckrv = CKAPI(epv)->C_DigestInit(session->handle, &ap->mechanism);
if (ckrv != CKR_OK) {
@ -1340,9 +1357,15 @@ nssToken_BeginDigest (
)
{
CK_RV ckrv;
nssSession *session;
void *epv = nssToken_GetCryptokiEPV(tok);
session = (sessionOpt) ? sessionOpt : tok->defaultSession;
nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
/* Don't ask the module to use an invalid session handle. */
if (!session || session->handle == CK_INVALID_SESSION) {
PORT_SetError(SEC_ERROR_NO_TOKEN);
return PR_FAILURE;
}
nssSession_EnterMonitor(session);
ckrv = CKAPI(epv)->C_DigestInit(session->handle, &ap->mechanism);
nssSession_ExitMonitor(session);
@ -1357,9 +1380,15 @@ nssToken_ContinueDigest (
)
{
CK_RV ckrv;
nssSession *session;
void *epv = nssToken_GetCryptokiEPV(tok);
session = (sessionOpt) ? sessionOpt : tok->defaultSession;
nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
/* Don't ask the module to use an invalid session handle. */
if (!session || session->handle == CK_INVALID_SESSION) {
PORT_SetError(SEC_ERROR_NO_TOKEN);
return PR_FAILURE;
}
nssSession_EnterMonitor(session);
ckrv = CKAPI(epv)->C_DigestUpdate(session->handle,
(CK_BYTE_PTR)item->data,
@ -1381,8 +1410,14 @@ nssToken_FinishDigest (
CK_BYTE_PTR digest;
NSSItem *rvItem = NULL;
void *epv = nssToken_GetCryptokiEPV(tok);
nssSession *session;
session = (sessionOpt) ? sessionOpt : tok->defaultSession;
nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
/* Don't ask the module to use an invalid session handle. */
if (!session || session->handle == CK_INVALID_SESSION) {
PORT_SetError(SEC_ERROR_NO_TOKEN);
return NULL;
}
nssSession_EnterMonitor(session);
ckrv = CKAPI(epv)->C_DigestFinal(session->handle, NULL, &digestLen);
if (ckrv != CKR_OK || digestLen == 0) {
@ -1459,6 +1494,12 @@ nssToken_TraverseCertificates (
void *epv = nssToken_GetCryptokiEPV(token);
nssSession *session = (sessionOpt) ? sessionOpt : token->defaultSession;
/* Don't ask the module to use an invalid session handle. */
if (!session || session->handle == CK_INVALID_SESSION) {
PORT_SetError(SEC_ERROR_NO_TOKEN);
return PR_FAILURE;
}
/* template for all certs */
NSS_CK_TEMPLATE_START(cert_template, attr, ctsize);
if (searchType == nssTokenSearchType_SessionOnly) {

7
security/nss/lib/dev/devutil.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: devutil.c,v $ $Revision: 1.31 $ $Date: 2008/05/18 01:51:45 $";
static const char CVS_ID[] = "@(#) $RCSfile: devutil.c,v $ $Revision: 1.32 $ $Date: 2008/09/30 04:09:02 $";
#endif /* DEBUG */
#ifndef DEVM_H
@ -387,7 +387,10 @@ create_object (
goto loser;
}
session = nssToken_GetDefaultSession(object->token);
if (!session) {
nss_SetError(NSS_ERROR_INVALID_POINTER);
goto loser;
}
arena = nssArena_Create();
if (!arena) {
goto loser;

2
security/nss/lib/freebl/Makefile
View File

@ -455,7 +455,7 @@ $(ECL_OBJS): $(ECL_HDRS)
$(OBJDIR)/sysrand$(OBJ_SUFFIX): sysrand.c unix_rand.c win_rand.c mac_rand.c os2_rand.c
$(OBJDIR)/sysrand$(OBJ_SUFFIX): sysrand.c unix_rand.c win_rand.c os2_rand.c
$(OBJDIR)/$(PROG_PREFIX)mpprime$(OBJ_SUFFIX): primes.c

10
security/nss/lib/freebl/config.mk
View File

@ -90,15 +90,11 @@ EXTRA_SHARED_LIBS += \
-L$(DIST)/lib \
-lnssutil3 \
-L$(NSPR_LIB_DIR) \
-lplc4 \
-lplds4 \
-lnspr4 \
$(NULL)
else # ! NS_USE_GCC
EXTRA_SHARED_LIBS += \
$(DIST)/lib/nssutil3.lib \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
$(NULL)
endif # NS_USE_GCC
@ -109,11 +105,13 @@ EXTRA_SHARED_LIBS += \
-L$(DIST)/lib \
-lnssutil3 \
-L$(NSPR_LIB_DIR) \
-lplc4 \
-lplds4 \
-lnspr4 \
$(NULL)
endif
ifeq ($(OS_ARCH), Darwin)
EXTRA_SHARED_LIBS += -dylib_file @executable_path/libplc4.dylib:$(DIST)/lib/libplc4.dylib -dylib_file @executable_path/libplds4.dylib:$(DIST)/lib/libplds4.dylib
endif
endif

318
security/nss/lib/freebl/mac_rand.c
View File

@ -1,318 +0,0 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifdef notdef
#include "xp_core.h"
#include "xp_file.h"
#endif
#include "secrng.h"
#include "mcom_db.h"
#ifdef XP_MAC
#include <Events.h>
#include <OSUtils.h>
#include <QDOffscreen.h>
#include <PPCToolbox.h>
#include <Processes.h>
#include <LowMem.h>
#include <Scrap.h>
/* Static prototypes */
static size_t CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen);
void FE_ReadScreen();
static size_t CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen)
{
union endianness {
int32 i;
char c[4];
} u;
if (srclen <= dstlen) {
memcpy(dst, src, srclen);
return srclen;
}
u.i = 0x01020304;
if (u.c[0] == 0x01) {
/* big-endian case */
memcpy(dst, (char*)src + (srclen - dstlen), dstlen);
} else {
/* little-endian case */
memcpy(dst, src, dstlen);
}
return dstlen;
}
size_t RNG_GetNoise(void *buf, size_t maxbytes)
{
UnsignedWide microTickCount;
Microseconds(&microTickCount);
return CopyLowBits(buf, maxbytes, &microTickCount, sizeof(microTickCount));
}
void RNG_FileForRNG(const char *filename)
{
unsigned char buffer[BUFSIZ];
size_t bytes;
#ifdef notdef /*sigh*/
XP_File file;
unsigned long totalFileBytes = 0;
if (filename == NULL) /* For now, read in global history if filename is null */
file = XP_FileOpen(NULL, xpGlobalHistory,XP_FILE_READ_BIN);
else
file = XP_FileOpen(NULL, xpURL,XP_FILE_READ_BIN);
if (file != NULL) {
for (;;) {
bytes = XP_FileRead(buffer, sizeof(buffer), file);
if (bytes == 0) break;
RNG_RandomUpdate( buffer, bytes);
totalFileBytes += bytes;
if (totalFileBytes > 100*1024) break; /* No more than 100 K */
}
XP_FileClose(file);
}
#endif
/*
* Pass yet another snapshot of our highest resolution clock into
* the hash function.
*/
bytes = RNG_GetNoise(buffer, sizeof(buffer));
RNG_RandomUpdate(buffer, sizeof(buffer));
}
void RNG_SystemInfoForRNG()
{
/* Time */
{
unsigned long sec;
size_t bytes;
GetDateTime(&sec); /* Current time since 1970 */
RNG_RandomUpdate( &sec, sizeof(sec));
bytes = RNG_GetNoise(&sec, sizeof(sec));
RNG_RandomUpdate(&sec, bytes);
}
/* User specific variables */
{
MachineLocation loc;
ReadLocation(&loc);
RNG_RandomUpdate( &loc, sizeof(loc));
}
#if !TARGET_CARBON
/* User name */
{
unsigned long userRef;
Str32 userName;
GetDefaultUser(&userRef, userName);
RNG_RandomUpdate( &userRef, sizeof(userRef));
RNG_RandomUpdate( userName, sizeof(userName));
}
#endif
/* Mouse location */
{
Point mouseLoc;
GetMouse(&mouseLoc);
RNG_RandomUpdate( &mouseLoc, sizeof(mouseLoc));
}
/* Keyboard time threshold */
{
SInt16 keyTresh = LMGetKeyThresh();
RNG_RandomUpdate( &keyTresh, sizeof(keyTresh));
}
/* Last key pressed */
{
SInt8 keyLast;
keyLast = LMGetKbdLast();
RNG_RandomUpdate( &keyLast, sizeof(keyLast));
}
/* Volume */
{
UInt8 volume = LMGetSdVolume();
RNG_RandomUpdate( &volume, sizeof(volume));
}
#if !TARGET_CARBON
/* Current directory */
{
SInt32 dir = LMGetCurDirStore();
RNG_RandomUpdate( &dir, sizeof(dir));
}
#endif
/* Process information about all the processes in the machine */
{
ProcessSerialNumber process;
ProcessInfoRec pi;
process.highLongOfPSN = process.lowLongOfPSN = kNoProcess;
while (GetNextProcess(&process) == noErr)
{
FSSpec fileSpec;
pi.processInfoLength = sizeof(ProcessInfoRec);
pi.processName = NULL;
pi.processAppSpec = &fileSpec;
GetProcessInformation(&process, &pi);
RNG_RandomUpdate( &pi, sizeof(pi));
RNG_RandomUpdate( &fileSpec, sizeof(fileSpec));
}
}
#if !TARGET_CARBON
/* Heap */
{
THz zone = LMGetTheZone();
RNG_RandomUpdate( &zone, sizeof(zone));
}
#endif
/* Screen */
{
GDHandle h = GetMainDevice(); /* GDHandle is **GDevice */
RNG_RandomUpdate( *h, sizeof(GDevice));
}
#if !TARGET_CARBON
/* Scrap size */
{
SInt32 scrapSize = LMGetScrapSize();
RNG_RandomUpdate( &scrapSize, sizeof(scrapSize));
}
/* Scrap count */
{
SInt16 scrapCount = LMGetScrapCount();
RNG_RandomUpdate( &scrapCount, sizeof(scrapCount));
}
#else
{
ScrapRef scrap;
if (GetCurrentScrap(&scrap) == noErr) {
UInt32 flavorCount;
if (GetScrapFlavorCount(scrap, &flavorCount) == noErr) {
ScrapFlavorInfo* flavorInfo = (ScrapFlavorInfo*) malloc(flavorCount * sizeof(ScrapFlavorInfo));
if (flavorInfo != NULL) {
if (GetScrapFlavorInfoList(scrap, &flavorCount, flavorInfo) == noErr) {
UInt32 i;
RNG_RandomUpdate(&flavorCount, sizeof(flavorCount));
for (i = 0; i < flavorCount; ++i) {
Size flavorSize;
if (GetScrapFlavorSize(scrap, flavorInfo[i].flavorType, &flavorSize) == noErr)
RNG_RandomUpdate(&flavorSize, sizeof(flavorSize));
}
}
free(flavorInfo);
}
}
}
}
#endif
/* File stuff, last modified, etc. */
{
HParamBlockRec pb;
GetVolParmsInfoBuffer volInfo;
pb.ioParam.ioVRefNum = 0;
pb.ioParam.ioNamePtr = nil;
pb.ioParam.ioBuffer = (Ptr) &volInfo;
pb.ioParam.ioReqCount = sizeof(volInfo);
PBHGetVolParmsSync(&pb);
RNG_RandomUpdate( &volInfo, sizeof(volInfo));
}
#if !TARGET_CARBON
/* Event queue */
{
EvQElPtr eventQ;
for (eventQ = (EvQElPtr) LMGetEventQueue()->qHead;
eventQ;
eventQ = (EvQElPtr)eventQ->qLink)
RNG_RandomUpdate( &eventQ->evtQWhat, sizeof(EventRecord));
}
#endif
FE_ReadScreen();
RNG_FileForRNG(NULL);
}
void FE_ReadScreen()
{
UInt16 coords[4];
PixMapHandle pmap;
GDHandle gh;
UInt16 screenHeight;
UInt16 screenWidth; /* just what they say */
UInt32 bytesToRead; /* number of bytes we're giving */
UInt32 offset; /* offset into the graphics buffer */
UInt16 rowBytes;
UInt32 rowsToRead;
float bytesPerPixel; /* dependent on buffer depth */
Ptr p; /* temporary */
UInt16 x, y, w, h;
gh = LMGetMainDevice();
if ( !gh )
return;
pmap = (**gh).gdPMap;
if ( !pmap )
return;
RNG_GenerateGlobalRandomBytes( coords, sizeof( coords ) );
/* make x and y inside the screen rect */
screenHeight = (**pmap).bounds.bottom - (**pmap).bounds.top;
screenWidth = (**pmap).bounds.right - (**pmap).bounds.left;
x = coords[0] % screenWidth;
y = coords[1] % screenHeight;
w = ( coords[2] & 0x7F ) | 0x40; /* Make sure that w is in the range 64..128 */
h = ( coords[3] & 0x7F ) | 0x40; /* same for h */
bytesPerPixel = (**pmap).pixelSize / 8;
rowBytes = (**pmap).rowBytes & 0x7FFF;
/* starting address */
offset = ( rowBytes * y ) + (UInt32)( (float)x * bytesPerPixel );
/* don't read past the end of the pixmap's rowbytes */
bytesToRead = PR_MIN( (UInt32)( w * bytesPerPixel ),
(UInt32)( rowBytes - ( x * bytesPerPixel ) ) );
/* don't read past the end of the graphics device pixmap */
rowsToRead = PR_MIN( h,
( screenHeight - y ) );
p = GetPixBaseAddr( pmap ) + offset;
while ( rowsToRead-- )
{
RNG_RandomUpdate( p, bytesToRead );
p += rowBytes;
}
}
#endif

2
security/nss/lib/freebl/md2.c
View File

@ -100,7 +100,7 @@ MD2_Hash(unsigned char *dest, const char *src)
return SECFailure;
}
MD2_Begin(cx);
MD2_Update(cx, (unsigned char *)src, PL_strlen(src));
MD2_Update(cx, (const unsigned char *)src, PORT_Strlen(src));
MD2_End(cx, dest, &len, MD2_DIGEST_LEN);
MD2_DestroyContext(cx, PR_TRUE);
return SECSuccess;

2
security/nss/lib/freebl/md5.c
View File

@ -222,7 +222,7 @@ struct MD5ContextStr {
SECStatus
MD5_Hash(unsigned char *dest, const char *src)
{
return MD5_HashBuf(dest, (unsigned char *)src, PL_strlen(src));
return MD5_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
}
SECStatus

3
security/nss/lib/freebl/sysrand.c
View File

@ -41,9 +41,6 @@
#ifdef XP_WIN
#include "win_rand.c"
#endif
#ifdef XP_MAC
#include "mac_rand.c"
#endif
#ifdef XP_OS2
#include "os2_rand.c"
#endif

24
security/nss/lib/jar/jarfile.c
View File

@ -360,7 +360,8 @@ static int jar_physical_inflate
unsigned long prev_total, ochunk, tin;
if ((inbuf = (char *) PORT_ZAlloc (ICHUNK)) == NULL)
/* Raw inflate in zlib 1.1.4 needs an extra dummy byte at the end */
if ((inbuf = (char *) PORT_ZAlloc (ICHUNK + 1)) == NULL)
return JAR_ERR_MEMORY;
if ((outbuf = (char *) PORT_ZAlloc (OCHUNK)) == NULL)
@ -400,6 +401,12 @@ static int jar_physical_inflate
at += chunk;
if (at == length)
{
/* add an extra dummy byte at the end */
inbuf[chunk++] = 0xDD;
}
zs.next_in = (Bytef *) inbuf;
zs.avail_in = chunk;
zs.avail_out = OCHUNK;
@ -631,7 +638,7 @@ static int jar_extract_mf (JAR *jar, jarArch format, JAR_FILE fp, char *ext)
ZZList *list;
char *fn, *e;
char ZHUGEP *manifest = NULL;
char ZHUGEP *manifest;
long length;
int status, ret = 0, num;
@ -676,17 +683,16 @@ static int jar_extract_mf (JAR *jar, jarArch format, JAR_FILE fp, char *ext)
continue;
}
if (phy->length == 0)
if (phy->length == 0 || phy->length > 0xFFFF)
{
/* manifest files cannot be zero length! */
/* manifest files cannot be zero length or too big! */
/* the 0xFFFF limit is per J2SE SDK */
return JAR_ERR_CORRUPT;
}
/* Read in the manifest and parse it */
/* limit is per J2SE SDK */
if (phy->length <= 0xFFFF) {
manifest = (char ZHUGEP *) PORT_ZAlloc (phy->length + 1);
}
/* Raw inflate in zlib 1.1.4 needs an extra dummy byte at the end */
manifest = (char ZHUGEP *) PORT_ZAlloc (phy->length + 1);
if (manifest)
{
JAR_FSEEK (fp, phy->offset, (PRSeekWhence)0);
@ -702,6 +708,8 @@ static int jar_extract_mf (JAR *jar, jarArch format, JAR_FILE fp, char *ext)
if (phy->compression == 8)
{
length = phy->length;
/* add an extra dummy byte at the end */
manifest[length++] = 0xDD;
status = jar_inflate_memory ((unsigned int) phy->compression, &length, phy->uncompressed_length, &manifest);

16
security/nss/lib/libpkix/pkix/checker/manifest.mn
View File

@ -41,19 +41,35 @@ EXPORTS = \
$(NULL)
PRIVATE_EXPORTS = \
pkix_basicconstraintschecker.h \
pkix_certchainchecker.h \
pkix_defaultcrlchecker.h \
pkix_defaultrevchecker.h \
pkix_expirationchecker.h \
pkix_namechainingchecker.h \
pkix_nameconstraintschecker.h \
pkix_ocspchecker.h \
pkix_policychecker.h \
pkix_revocationchecker.h \
pkix_signaturechecker.h \
pkix_targetcertchecker.h \
$(NULL)
MODULE = nss
CSRCS = \
pkix_basicconstraintschecker.c \
pkix_certchainchecker.c \
pkix_defaultcrlchecker.c \
pkix_defaultrevchecker.c \
pkix_expirationchecker.c \
pkix_namechainingchecker.c \
pkix_nameconstraintschecker.c \
pkix_ocspchecker.c \
pkix_revocationchecker.c \
pkix_policychecker.c \
pkix_signaturechecker.c \
pkix_targetcertchecker.c \
$(NULL)
REQUIRES = dbm

0
security/nss/lib/libpkix/pkix/top/pkix_basicconstraintschecker.c → security/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.c
View File

0
security/nss/lib/libpkix/pkix/top/pkix_basicconstraintschecker.h → security/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.h
View File

0
security/nss/lib/libpkix/pkix/top/pkix_defaultcrlchecker.c → security/nss/lib/libpkix/pkix/checker/pkix_defaultcrlchecker.c
View File

0
security/nss/lib/libpkix/pkix/top/pkix_defaultcrlchecker.h → security/nss/lib/libpkix/pkix/checker/pkix_defaultcrlchecker.h
View File

0
security/nss/lib/libpkix/pkix/top/pkix_expirationchecker.c → security/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.c
View File

0
security/nss/lib/libpkix/pkix/top/pkix_expirationchecker.h → security/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.h
View File

0
security/nss/lib/libpkix/pkix/top/pkix_namechainingchecker.c → security/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.c
View File

0
security/nss/lib/libpkix/pkix/top/pkix_namechainingchecker.h → security/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.h
View File

0
security/nss/lib/libpkix/pkix/top/pkix_nameconstraintschecker.c → security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c
View File

0
security/nss/lib/libpkix/pkix/top/pkix_nameconstraintschecker.h → security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.h
View File

0
security/nss/lib/libpkix/pkix/top/pkix_policychecker.c → security/nss/lib/libpkix/pkix/checker/pkix_policychecker.c
View File

0
security/nss/lib/libpkix/pkix/top/pkix_policychecker.h → security/nss/lib/libpkix/pkix/checker/pkix_policychecker.h
View File

0
security/nss/lib/libpkix/pkix/top/pkix_signaturechecker.c → security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c
View File

0
security/nss/lib/libpkix/pkix/top/pkix_signaturechecker.h → security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.h
View File

0
security/nss/lib/libpkix/pkix/top/pkix_targetcertchecker.c → security/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.c
View File

0
security/nss/lib/libpkix/pkix/top/pkix_targetcertchecker.h → security/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.h
View File

16
security/nss/lib/libpkix/pkix/top/manifest.mn
View File

@ -41,31 +41,15 @@ EXPORTS = \
$(NULL)
PRIVATE_EXPORTS = \
pkix_basicconstraintschecker.h \
pkix_nameconstraintschecker.h \
pkix_build.h \
pkix_policychecker.h \
pkix_defaultcrlchecker.h \
pkix_signaturechecker.h \
pkix_expirationchecker.h \
pkix_targetcertchecker.h \
pkix_lifecycle.h \
pkix_validate.h \
pkix_namechainingchecker.h \
$(NULL)
MODULE = nss
CSRCS = \
pkix_signaturechecker.c \
pkix_expirationchecker.c \
pkix_namechainingchecker.c \
pkix_basicconstraintschecker.c \
pkix_policychecker.c \
pkix_validate.c \
pkix_targetcertchecker.c \
pkix_defaultcrlchecker.c \
pkix_nameconstraintschecker.c \
pkix_lifecycle.c \
pkix_build.c \
$(NULL)

2
security/nss/lib/libpkix/pkix/util/pkix_tools.h
View File

@ -328,7 +328,7 @@ extern PLHashNumber PR_CALLBACK pkix_ErrorGen_Hash (const void *key);
#endif
/* disable to disable ;-) */
#define WANT_TRACE_CHECK_FAILURES
/* #define WANT_TRACE_CHECK_FAILURES */
#ifdef WANT_TRACE_CHECK_FAILURES
#define TRACE_CHECK_FAILURE(what, errorstring) \

9
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c
View File

@ -331,9 +331,6 @@ pkix_pl_AIAMgr_GetHTTPCerts(
&requestSession));
if (rv != SECSuccess) {
if (path != NULL) {
PORT_Free(path);
}
PKIX_ERROR(PKIX_HTTPSERVERERROR);
}
@ -415,6 +412,12 @@ cleanup:
if (locationAscii) {
PORT_Free(locationAscii);
}
if (hostname) {
PORT_Free(hostname);
}
if (path) {
PORT_Free(path);
}
PKIX_RETURN(AIAMGR);
}

30
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c
View File

@ -410,7 +410,7 @@ pkix_pl_HttpDefaultClient_Create(
PKIX_PL_HttpDefaultClient *client = NULL;
PKIX_ENTER(HTTPDEFAULTCLIENT, "PKIX_PL_HttpDefaultClient_Create");
PKIX_NULLCHECK_ONE(pClient);
PKIX_NULLCHECK_TWO(pClient, host);
/* allocate an HttpDefaultClient */
PKIX_CHECK(PKIX_PL_Object_Alloc
@ -439,7 +439,12 @@ pkix_pl_HttpDefaultClient_Create(
client->GETBuf = NULL;
client->POSTBuf = NULL;
client->rcvBuf = NULL;
client->host = host;
/* "host" is a parsing result by CERT_GetURL function that adds
* "end of line" to the value. OK to dup the string. */
client->host = PORT_Strdup(host);
if (!client->host) {
PKIX_ERROR(PKIX_ALLOCERROR);
}
client->path = NULL;
client->rcvContentType = NULL;
client->rcvHeaders = NULL;
@ -495,17 +500,22 @@ pkix_pl_HttpDefaultClient_Destroy(
PR_smprintf_free(client->GETBuf);
client->GETBuf = NULL;
}
if (client->POSTBuf != NULL) {
PKIX_PL_Free(client->POSTBuf, plContext);
client->POSTBuf = NULL;
}
if (client->rcvBuf != NULL) {
PKIX_PL_Free(client->rcvBuf, plContext);
client->rcvBuf = NULL;
}
if (client->host) {
PORT_Free(client->host);
client->host = NULL;
}
if (client->path) {
PORT_Free(client->path);
client->path = NULL;
}
PKIX_DECREF(client->socket);
cleanup:
@ -1254,7 +1264,15 @@ pkix_pl_HttpDefaultClient_RequestCreate(
PKIX_ERROR(PKIX_UNRECOGNIZEDREQUESTMETHOD);
}
client->path = path_and_query_string;
if (path_and_query_string) {
/* "path_and_query_string" is a parsing result by CERT_GetURL
* function that adds "end of line" to the value. OK to dup
* the string. */
client->path = PORT_Strdup(path_and_query_string);
if (!client->path) {
PKIX_ERROR(PKIX_ALLOCERROR);
}
}
client->timeout = timeout;

4
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.h
View File

@ -91,8 +91,8 @@ struct PKIX_PL_HttpDefaultClientStruct {
char *GETBuf;
char *POSTBuf;
char *rcvBuf;
const char *host;
const char *path;
char *host;
char *path;
const char *rcvContentType;
void *rcvHeaders;
HttpMethod send_http_method;

8
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
View File

@ -2903,6 +2903,7 @@ PKIX_PL_Cert_VerifySignature(
SECStatus status;
PKIX_Boolean certEqual = PKIX_FALSE;
PKIX_Boolean certInHash = PKIX_FALSE;
void* wincx = NULL;
PKIX_ENTER(CERT, "PKIX_PL_Cert_VerifySignature");
PKIX_NULLCHECK_THREE(cert, cert->nssCert, pubKey);
@ -2934,7 +2935,12 @@ PKIX_PL_Cert_VerifySignature(
}
PKIX_CERT_DEBUG("\t\tCalling CERT_VerifySignedDataWithPublicKey).\n");
status = CERT_VerifySignedDataWithPublicKey(tbsCert, nssPubKey, NULL);
PKIX_CHECK(pkix_pl_NssContext_GetWincx
((PKIX_PL_NssContext *)plContext, &wincx),
PKIX_NSSCONTEXTGETWINCXFAILED);
status = CERT_VerifySignedDataWithPublicKey(tbsCert, nssPubKey, wincx);
if (status != SECSuccess) {
PKIX_ERROR(PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY);

7
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c
View File

@ -1153,6 +1153,7 @@ PKIX_PL_CRL_VerifySignature(
CERTSignedCrl *nssSignedCrl = NULL;
SECKEYPublicKey *nssPubKey = NULL;
CERTSignedData *tbsCrl = NULL;
void* wincx = NULL;
SECStatus status;
PKIX_ENTER(CRL, "PKIX_PL_CRL_VerifySignature");
@ -1184,8 +1185,12 @@ PKIX_PL_CRL_VerifySignature(
PKIX_ERROR(PKIX_SECKEYEXTRACTPUBLICKEYFAILED);
}
PKIX_CHECK(pkix_pl_NssContext_GetWincx
((PKIX_PL_NssContext *)plContext, &wincx),
PKIX_NSSCONTEXTGETWINCXFAILED);
PKIX_CRL_DEBUG("\t\tCalling CERT_VerifySignedDataWithPublicKey\n");
status = CERT_VerifySignedDataWithPublicKey(tbsCrl, nssPubKey, NULL);
status = CERT_VerifySignedDataWithPublicKey(tbsCrl, nssPubKey, wincx);
if (status != SECSuccess) {
PKIX_ERROR(PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY);

5
security/nss/lib/nss/config.mk
View File

@ -127,11 +127,6 @@ SHARED_LIBRARY_DIRS = \
../libpkix/pkix_pl_nss/module \
$(NULL)
ifeq ($(OS_ARCH), Darwin)
EXTRA_SHARED_LIBS += -dylib_file @executable_path/libsqlite3.dylib:$(DIST)/lib/libsqlite3.dylib
endif
ifeq ($(OS_TARGET),SunOS)
ifeq ($(BUILD_SUN_PKG), 1)
# The -R '$ORIGIN' linker option instructs this library to search for its

6
security/nss/lib/nss/nss.h
View File

@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: nss.h,v 1.58.4.1 2008/09/05 17:02:49 kaie%kuix.de Exp $ */
/* $Id: nss.h,v 1.61 2008/10/21 03:58:14 kaie%kuix.de Exp $ */
#ifndef __nss_h_
#define __nss_h_
@ -70,10 +70,10 @@ SEC_BEGIN_PROTOS
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>][ <ECC>][ <Beta>]"
*/
#define NSS_VERSION "3.12.1.1" _NSS_ECC_STRING _NSS_CUSTOMIZED
#define NSS_VERSION "3.12.2.0" _NSS_ECC_STRING _NSS_CUSTOMIZED
#define NSS_VMAJOR 3
#define NSS_VMINOR 12
#define NSS_VPATCH 1
#define NSS_VPATCH 2
#define NSS_BETA PR_FALSE
/*

12
security/nss/lib/nss/nssinit.c
View File

@ -36,7 +36,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: nssinit.c,v 1.96 2008/05/17 03:44:41 wtc%google.com Exp $ */
/* $Id: nssinit.c,v 1.97 2008/08/22 01:33:03 wtc%google.com Exp $ */
#include <ctype.h>
#include "seccomon.h"
@ -291,11 +291,9 @@ done:
}
#ifndef XP_MAC
/*
* The following code is an attempt to automagically find the external root
* module. NOTE: This code should be checked out on the MAC! There must be
* some cross platform support out there to help out with this?
* module.
* Note: Keep the #if-defined chunks in order. HPUX must select before UNIX.
*/
@ -308,8 +306,6 @@ static const char *dllname =
"libnssckbi.dylib";
#elif defined(XP_UNIX) || defined(XP_BEOS)
"libnssckbi.so";
#elif defined(XP_MAC)
"NSS Builtin Root Certs";
#else
#error "Uh! Oh! I don't know about this platform."
#endif
@ -390,7 +386,6 @@ nss_FindExternalRoot(const char *dbpath, const char* secmodprefix)
nss_FreeExternalRootPaths(oldpath, path);
return;
}
#endif
/*
* OK there are now lots of options here, lets go through them all:
@ -558,14 +553,11 @@ loser:
}
CERT_SetDefaultCertDB((CERTCertDBHandle *)
STAN_GetDefaultTrustDomain());
#ifndef XP_MAC
/* only servers need this. We currently do not have a mac server */
if ((!noModDB) && (!noCertDB) && (!noRootInit)) {
if (!SECMOD_HasRootCerts()) {
nss_FindExternalRoot(configdir, secmodName);
}
}
#endif
pk11sdr_Init();
cert_CreateSubjectKeyIDHashTable();
nss_IsInitted = PR_TRUE;

1701
security/nss/lib/pk11wrap/debug_module.c
View File

File diff suppressed because it is too large Load Diff

11
security/nss/lib/pk11wrap/dev3hack.c
View File

@ -35,7 +35,7 @@
* ***** END LICENSE BLOCK ***** */
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: dev3hack.c,v $ $Revision: 1.24 $ $Date: 2008/08/09 01:26:04 $";
static const char CVS_ID[] = "@(#) $RCSfile: dev3hack.c,v $ $Revision: 1.25 $ $Date: 2008/09/30 04:09:04 $";
#endif /* DEBUG */
#ifndef PKIT_H
@ -195,7 +195,12 @@ nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
nss3slot->session,
nss3slot->sessionLock,
nss3slot->defRWSession);
/* continue, even if rvToken->defaultSession is NULL */
#if 0 /* we should do this instead of blindly continuing. */
if (!rvToken->defaultSession) {
PORT_SetError(SEC_ERROR_NO_TOKEN);
goto loser;
}
#endif
if (!PK11_IsInternal(nss3slot) && PK11_IsHW(nss3slot)) {
rvToken->cache = nssTokenObjectCache_Create(rvToken,
PR_TRUE, PR_TRUE, PR_TRUE);
@ -271,7 +276,7 @@ nssSlot_Refresh
{
PK11SlotInfo *nss3slot = slot->pk11slot;
PRBool doit = PR_FALSE;
if (slot->token->base.name[0] == 0) {
if (slot->token && slot->token->base.name[0] == 0) {
doit = PR_TRUE;
}
if (PK11_InitToken(nss3slot, PR_FALSE) != SECSuccess) {

8
security/nss/lib/pk11wrap/pk11cert.c
View File

@ -257,14 +257,18 @@ static CERTCertificate
CK_ATTRIBUTE *privateLabel, char **nickptr)
{
NSSCertificate *c;
nssCryptokiObject *co;
nssCryptokiObject *co = NULL;
nssPKIObject *pkio;
NSSToken *token;
NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
/* Get the cryptoki object from the handle */
token = PK11Slot_GetNSSToken(slot);
co = nssCryptokiObject_Create(token, token->defaultSession, certID);
if (token->defaultSession) {
co = nssCryptokiObject_Create(token, token->defaultSession, certID);
} else {
PORT_SetError(SEC_ERROR_NO_TOKEN);
}
if (!co) {
return NULL;
}

1
security/nss/lib/pk11wrap/pk11cxt.c
View File

@ -291,6 +291,7 @@ static PK11Context *pk11_CreateNewContextInSlot(CK_MECHANISM_TYPE type,
context->param = (SECItem *)&pk11_null_params;
}
} else {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
context->param = NULL;
}
context->init = PR_FALSE;

4
security/nss/lib/pk11wrap/pk11err.c
View File

@ -72,12 +72,14 @@ PK11_MapError(CK_RV rv) {
MAPERROR(CKR_CANCEL, SEC_ERROR_IO)
MAPERROR(CKR_HOST_MEMORY, SEC_ERROR_NO_MEMORY)
MAPERROR(CKR_SLOT_ID_INVALID, SEC_ERROR_BAD_DATA)
MAPERROR(CKR_ARGUMENTS_BAD, SEC_ERROR_INVALID_ARGS)
MAPERROR(CKR_ATTRIBUTE_READ_ONLY, SEC_ERROR_READ_ONLY)
MAPERROR(CKR_ATTRIBUTE_SENSITIVE, SEC_ERROR_IO) /* XX SENSITIVE */
MAPERROR(CKR_ATTRIBUTE_TYPE_INVALID, SEC_ERROR_BAD_DATA)
MAPERROR(CKR_ATTRIBUTE_VALUE_INVALID, SEC_ERROR_BAD_DATA)
MAPERROR(CKR_BUFFER_TOO_SMALL, SEC_ERROR_OUTPUT_LEN)
MAPERROR(CKR_DATA_INVALID, SEC_ERROR_BAD_DATA)
MAPERROR(CKR_DATA_LEN_RANGE, SEC_ERROR_BAD_DATA)
MAPERROR(CKR_DATA_LEN_RANGE, SEC_ERROR_INPUT_LEN)
MAPERROR(CKR_DEVICE_ERROR, SEC_ERROR_IO)
MAPERROR(CKR_DEVICE_MEMORY, SEC_ERROR_NO_MEMORY)
MAPERROR(CKR_DEVICE_REMOVED, SEC_ERROR_NO_TOKEN)

Some files were not shown because too many files have changed in this diff Show More