mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-25 05:41:12 +00:00
Bug 473837, Import NSS_3_12_3_BETA1
r=wtc
This commit is contained in:
parent
3d3cb0e36b
commit
e61b3c01be
@ -1,53 +0,0 @@
|
||||
#
|
||||
# ***** BEGIN LICENSE BLOCK *****
|
||||
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
#
|
||||
# The contents of this file are subject to the Mozilla Public License Version
|
||||
# 1.1 (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
# http://www.mozilla.org/MPL/
|
||||
#
|
||||
# Software distributed under the License is distributed on an "AS IS" basis,
|
||||
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
# for the specific language governing rights and limitations under the
|
||||
# License.
|
||||
#
|
||||
# The Original Code is mozilla.org code.
|
||||
#
|
||||
# The Initial Developer of the Original Code is
|
||||
# Netscape Communications Corporation.
|
||||
# Portions created by the Initial Developer are Copyright (C) 1998
|
||||
# the Initial Developer. All Rights Reserved.
|
||||
#
|
||||
# Contributor(s):
|
||||
#
|
||||
# Alternatively, the contents of this file may be used under the terms of
|
||||
# either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
# of those above. If you wish to allow use of your version of this file only
|
||||
# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
# use your version of this file under the terms of the MPL, indicate your
|
||||
# decision by deleting the provisions above and replace them with the notice
|
||||
# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
# the provisions above, a recipient may use your version of this file under
|
||||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
|
||||
DEPTH = ..
|
||||
topsrcdir = @top_srcdir@
|
||||
srcdir = @srcdir@
|
||||
VPATH = @srcdir@
|
||||
|
||||
include $(DEPTH)/config/autoconf.mk
|
||||
|
||||
MODULE = dbm
|
||||
DIRS = include src
|
||||
|
||||
ifdef ENABLE_TESTS
|
||||
DIRS += tests
|
||||
endif
|
||||
|
||||
include $(topsrcdir)/config/rules.mk
|
||||
|
@ -156,7 +156,7 @@
|
||||
#define LITTLE_ENDIAN 1234
|
||||
#endif
|
||||
|
||||
#if defined(_WINDOWS) || defined(XP_OS2_VACPP)
|
||||
#ifdef _WINDOWS
|
||||
#ifdef BYTE_ORDER
|
||||
#undef BYTE_ORDER
|
||||
#endif
|
||||
@ -188,14 +188,6 @@
|
||||
#define MAXPATHLEN 1024
|
||||
#endif
|
||||
|
||||
#ifdef XP_OS2_VACPP
|
||||
#include <os2.h>
|
||||
#define MAXPATHLEN CCHMAXPATH
|
||||
#define EPERM EINVAL
|
||||
#define ENOTDIR EBADPOS
|
||||
#define S_ISDIR(s) ((s) & S_IFDIR)
|
||||
#endif
|
||||
|
||||
#define EFTYPE EINVAL /* POSIX 1003.1 format errno. */
|
||||
|
||||
#ifndef STDERR_FILENO
|
||||
|
@ -56,7 +56,7 @@ static char sccsid[] = "@(#)hash_bigkey.c 8.3 (Berkeley) 5/31/94";
|
||||
* collect_data
|
||||
*/
|
||||
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
|
||||
#include <sys/param.h>
|
||||
#endif
|
||||
|
||||
|
@ -78,7 +78,7 @@ static char sccsid[] = "@(#)hash_page.c 8.7 (Berkeley) 8/16/94";
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
|
||||
|
@ -38,12 +38,12 @@ static char sccsid[] = "@(#)hash.c 8.9 (Berkeley) 6/16/94";
|
||||
|
||||
#include "watcomfx.h"
|
||||
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
|
||||
#include <sys/param.h>
|
||||
#endif
|
||||
|
||||
#if !defined(macintosh)
|
||||
#ifdef XP_OS2_EMX
|
||||
#ifdef XP_OS2
|
||||
#include <sys/types.h>
|
||||
#endif
|
||||
#include <sys/stat.h>
|
||||
@ -60,7 +60,7 @@ static char sccsid[] = "@(#)hash.c 8.9 (Berkeley) 6/16/94";
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
#if defined(_WIN32) || defined(_WINDOWS)
|
||||
|
@ -53,7 +53,7 @@ static char sccsid[] = "@(#)hash_buf.c 8.5 (Berkeley) 7/15/94";
|
||||
* Internal
|
||||
* newbuf
|
||||
*/
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP)
|
||||
#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
|
||||
#include <sys/param.h>
|
||||
#endif
|
||||
|
||||
|
@ -47,14 +47,10 @@ static char sccsid[] = "@(#)mktemp.c 8.1 (Berkeley) 6/4/93";
|
||||
#include <ctype.h>
|
||||
#include "mcom_db.h"
|
||||
|
||||
#if !defined(_WINDOWS) && !defined(XP_OS2_VACPP)
|
||||
#ifndef _WINDOWS
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
|
||||
#ifdef XP_OS2_VACPP
|
||||
#include <process.h>
|
||||
#endif
|
||||
|
||||
#ifdef _WINDOWS
|
||||
#include <process.h>
|
||||
#include "winfile.h"
|
||||
|
@ -15,15 +15,14 @@
|
||||
|
||||
#include <ncompat.h>
|
||||
|
||||
/* The OS/2 VAC compiler doesn't appear to define __STDC__ and won't let us define it either */
|
||||
#if defined(__STDC__) || defined(XP_OS2_VACPP)
|
||||
#ifdef __STDC__
|
||||
#include <stdarg.h>
|
||||
#else
|
||||
#include <varargs.h>
|
||||
#endif
|
||||
|
||||
int
|
||||
#if defined(__STDC__) || defined(XP_OS2_VACPP)
|
||||
#ifdef __STDC__
|
||||
snprintf(char *str, size_t n, const char *fmt, ...)
|
||||
#else
|
||||
snprintf(str, n, fmt, va_alist)
|
||||
@ -39,7 +38,7 @@ snprintf(str, n, fmt, va_alist)
|
||||
#else
|
||||
int rval;
|
||||
#endif
|
||||
#if defined(__STDC__) || defined(XP_OS2_VACPP)
|
||||
#ifdef __STDC__
|
||||
va_start(ap, fmt);
|
||||
#else
|
||||
va_start(ap);
|
||||
|
@ -44,6 +44,8 @@ include $(DEPTH)/config/autoconf.mk
|
||||
|
||||
MODULE = dbm
|
||||
|
||||
PACKAGE_FILE = dbmtest.pkg
|
||||
|
||||
PROGRAM = lots$(BIN_SUFFIX)
|
||||
|
||||
CSRCS = lots.c
|
||||
|
2
dbm/tests/dbmtest.pkg
Normal file
2
dbm/tests/dbmtest.pkg
Normal file
@ -0,0 +1,2 @@
|
||||
[gecko-tests]
|
||||
dist/bin/lots@BINS@
|
@ -81,6 +81,7 @@ GARBAGE += $(OBJDIR)/vc20.pdb $(OBJDIR)/vc40.pdb
|
||||
XP_DEFINE += -DXP_PC
|
||||
LIB_SUFFIX = lib
|
||||
DLL_SUFFIX = dll
|
||||
OS_DLLFLAGS += -DLL
|
||||
|
||||
ifdef BUILD_OPT
|
||||
# OS_CFLAGS += -MD
|
||||
|
@ -1,107 +0,0 @@
|
||||
#
|
||||
# ***** BEGIN LICENSE BLOCK *****
|
||||
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
#
|
||||
# The contents of this file are subject to the Mozilla Public License Version
|
||||
# 1.1 (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
# http://www.mozilla.org/MPL/
|
||||
#
|
||||
# Software distributed under the License is distributed on an "AS IS" basis,
|
||||
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
# for the specific language governing rights and limitations under the
|
||||
# License.
|
||||
#
|
||||
# The Original Code is the Netscape security libraries.
|
||||
#
|
||||
# The Initial Developer of the Original Code is
|
||||
# Netscape Communications Corporation.
|
||||
# Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
# the Initial Developer. All Rights Reserved.
|
||||
#
|
||||
# Contributor(s):
|
||||
#
|
||||
# Alternatively, the contents of this file may be used under the terms of
|
||||
# either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
# of those above. If you wish to allow use of your version of this file only
|
||||
# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
# use your version of this file under the terms of the MPL, indicate your
|
||||
# decision by deleting the provisions above and replace them with the notice
|
||||
# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
# the provisions above, a recipient may use your version of this file under
|
||||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
|
||||
#
|
||||
# Config stuff for WINCE 3.0 (MS Pocket PC 2002)
|
||||
#
|
||||
# CPU_ARCH must already be defined to one of:
|
||||
# x86, ARM
|
||||
#
|
||||
# This makefile defines the following variables:
|
||||
# OS_CFLAGS, and OS_DLLFLAGS.
|
||||
|
||||
include $(CORE_DEPTH)/coreconf/WINCE.mk
|
||||
|
||||
CEVersion = 300
|
||||
CePlatform = WIN32_PLATFORM_PSPC=310
|
||||
|
||||
ifeq ($(CPU_ARCH), x86)
|
||||
DEFINES += -D_X86_ -D_i386_ -Di_386_ -Dx86
|
||||
OS_CFLAGS += -Gs8192 -GF
|
||||
OS_DLLFLAGS += -machine:IX86
|
||||
else
|
||||
ifeq ($(CPU_ARCH), ARM)
|
||||
DEFINES += -DARM -D_ARM_
|
||||
OS_DLLFLAGS += -machine:ARM
|
||||
else
|
||||
include CPU_ARCH_is_undefined
|
||||
endif
|
||||
endif
|
||||
|
||||
DEFINES += -D_WIN32_WCE=300 -DUNDER_CE=300
|
||||
DEFINES += -DWIN32_PLATFORM_PSPC=310
|
||||
DEFINES += -DUNICODE -D_UNICODE
|
||||
OS_CFLAGS += -W3 -nologo
|
||||
|
||||
OS_DLLFLAGS += -DLL
|
||||
|
||||
LINKFLAGS = -nologo -subsystem:windowsce,3.00 \
|
||||
-nodefaultlib:libc.lib \
|
||||
-nodefaultlib:libcd.lib \
|
||||
-nodefaultlib:libcmt.lib \
|
||||
-nodefaultlib:libcmtd.lib \
|
||||
-nodefaultlib:msvcrt.lib \
|
||||
-nodefaultlib:msvcrtd.lib \
|
||||
-nodefaultlib:oldnames.lib \
|
||||
$(NULL)
|
||||
|
||||
ifndef MOZ_DEBUG_SYMBOLS
|
||||
LINKFLAGS += -PDB:NONE
|
||||
endif
|
||||
|
||||
LINK += $(LINKFLAGS)
|
||||
LDFLAGS += $(LINKFLAGS)
|
||||
|
||||
OS_LIBS= coredll.lib corelibc.lib
|
||||
|
||||
#DLLBASE = -base:"0x00100000" -stack:0x10000,0x1000 -entry:"_DllMainCRTStartup"
|
||||
DLLBASE += -align:"4096"
|
||||
|
||||
#SUB_SHLOBJS =
|
||||
#EXTRA_LIBS =
|
||||
#EXTRA_SHARED_LIBS =
|
||||
#OS_LIBS=
|
||||
#LD_LIBS=
|
||||
|
||||
#
|
||||
# Win NT needs -GT so that fibers can work
|
||||
#
|
||||
#OS_CFLAGS += -GT
|
||||
#DEFINES += -DWINNT
|
||||
|
||||
# WINNT uses the lib prefix, Win95 and WinCE don't
|
||||
NSPR31_LIB_PREFIX = $(NULL)
|
@ -63,7 +63,7 @@ endif
|
||||
#######################################################################
|
||||
|
||||
TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS OpenBSD \
|
||||
OpenVMS AIX RISCOS
|
||||
OpenVMS AIX RISCOS WINCE
|
||||
|
||||
ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET)))
|
||||
include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk
|
||||
@ -190,6 +190,10 @@ ifdef BUILD_LIBPKIX_TESTS
|
||||
DEFINES += -DBUILD_LIBPKIX_TESTS
|
||||
endif
|
||||
|
||||
ifdef NSS_DISABLE_DBM
|
||||
DEFINES += -DNSS_DISABLE_DBM
|
||||
endif
|
||||
|
||||
# Avoid building object leak test code for optimized library
|
||||
ifndef BUILD_OPT
|
||||
ifdef PKIX_OBJECT_LEAK_TEST
|
||||
|
@ -42,6 +42,10 @@
|
||||
|
||||
include manifest.mn
|
||||
|
||||
ifdef NSS_DISABLE_DBM
|
||||
DIRS = dummy
|
||||
endif
|
||||
|
||||
#######################################################################
|
||||
# (2) Include "global" configuration information. (OPTIONAL) #
|
||||
#######################################################################
|
||||
|
@ -147,7 +147,11 @@ clobber_nspr: $(NSPR_CONFIG_STATUS)
|
||||
cd $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) ; $(MAKE) clobber
|
||||
|
||||
build_dbm:
|
||||
ifndef NSS_DISABLE_DBM
|
||||
cd $(CORE_DEPTH)/dbm ; $(MAKE) export libs
|
||||
else
|
||||
echo "skipping the build of DBM"
|
||||
endif
|
||||
|
||||
clobber_dbm:
|
||||
cd $(CORE_DEPTH)/dbm ; $(MAKE) clobber
|
||||
|
@ -673,6 +673,8 @@ typedef enum {
|
||||
bltestAES_CBC, /* . */
|
||||
bltestCAMELLIA_ECB, /* . */
|
||||
bltestCAMELLIA_CBC, /* . */
|
||||
bltestSEED_ECB, /* SEED algorithm */
|
||||
bltestSEED_CBC, /* SEED algorithm */
|
||||
bltestRSA, /* Public Key Ciphers */
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
bltestECDSA, /* . (Public Key Sig.) */
|
||||
@ -702,6 +704,8 @@ static char *mode_strings[] =
|
||||
"aes_cbc",
|
||||
"camellia_ecb",
|
||||
"camellia_cbc",
|
||||
"seed_ecb",
|
||||
"seed_cbc",
|
||||
"rsa",
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
"ecdsa",
|
||||
@ -817,7 +821,7 @@ PRBool
|
||||
is_symmkeyCipher(bltestCipherMode mode)
|
||||
{
|
||||
/* change as needed! */
|
||||
if (mode >= bltestDES_ECB && mode <= bltestCAMELLIA_CBC)
|
||||
if (mode >= bltestDES_ECB && mode <= bltestSEED_CBC)
|
||||
return PR_TRUE;
|
||||
return PR_FALSE;
|
||||
}
|
||||
@ -859,7 +863,8 @@ cipher_requires_IV(bltestCipherMode mode)
|
||||
/* change as needed! */
|
||||
if (mode == bltestDES_CBC || mode == bltestDES_EDE_CBC ||
|
||||
mode == bltestRC2_CBC || mode == bltestRC5_CBC ||
|
||||
mode == bltestAES_CBC || mode == bltestCAMELLIA_CBC)
|
||||
mode == bltestAES_CBC || mode == bltestCAMELLIA_CBC||
|
||||
mode == bltestSEED_CBC)
|
||||
return PR_TRUE;
|
||||
return PR_FALSE;
|
||||
}
|
||||
@ -1113,6 +1118,24 @@ camellia_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
|
||||
input, inputLen);
|
||||
}
|
||||
|
||||
SECStatus
|
||||
seed_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen,
|
||||
unsigned int maxOutputLen, const unsigned char *input,
|
||||
unsigned int inputLen)
|
||||
{
|
||||
return SEED_Encrypt((SEEDContext *)cx, output, outputLen, maxOutputLen,
|
||||
input, inputLen);
|
||||
}
|
||||
|
||||
SECStatus
|
||||
seed_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
|
||||
unsigned int maxOutputLen, const unsigned char *input,
|
||||
unsigned int inputLen)
|
||||
{
|
||||
return SEED_Decrypt((SEEDContext *)cx, output, outputLen, maxOutputLen,
|
||||
input, inputLen);
|
||||
}
|
||||
|
||||
SECStatus
|
||||
rsa_PublicKeyOp(void *key, SECItem *output, const SECItem *input)
|
||||
{
|
||||
@ -1376,6 +1399,46 @@ bltest_camellia_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
SECStatus
|
||||
bltest_seed_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
|
||||
{
|
||||
PRIntervalTime time1, time2;
|
||||
bltestSymmKeyParams *seedp = &cipherInfo->params.sk;
|
||||
int minorMode;
|
||||
int i;
|
||||
|
||||
switch (cipherInfo->mode) {
|
||||
case bltestSEED_ECB: minorMode = NSS_SEED; break;
|
||||
case bltestSEED_CBC: minorMode = NSS_SEED_CBC; break;
|
||||
default:
|
||||
return SECFailure;
|
||||
}
|
||||
cipherInfo->cx = (void*)SEED_CreateContext(seedp->key.buf.data,
|
||||
seedp->iv.buf.data,
|
||||
minorMode, encrypt);
|
||||
if (cipherInfo->cxreps > 0) {
|
||||
SEEDContext **dummycx;
|
||||
dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(SEEDContext *));
|
||||
TIMESTART();
|
||||
for (i=0; i<cipherInfo->cxreps; i++) {
|
||||
dummycx[i] = (void*)SEED_CreateContext(seedp->key.buf.data,
|
||||
seedp->iv.buf.data,
|
||||
minorMode, encrypt);
|
||||
}
|
||||
TIMEFINISH(cipherInfo->cxtime, 1.0);
|
||||
for (i=0; i<cipherInfo->cxreps; i++) {
|
||||
SEED_DestroyContext(dummycx[i], PR_TRUE);
|
||||
}
|
||||
PORT_Free(dummycx);
|
||||
}
|
||||
if (encrypt)
|
||||
cipherInfo->cipher.symmkeyCipher = seed_Encrypt;
|
||||
else
|
||||
cipherInfo->cipher.symmkeyCipher = seed_Decrypt;
|
||||
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
SECStatus
|
||||
bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
|
||||
{
|
||||
@ -1936,6 +1999,12 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt)
|
||||
cipherInfo->input.pBuf.len);
|
||||
return bltest_camellia_init(cipherInfo, encrypt);
|
||||
break;
|
||||
case bltestSEED_ECB:
|
||||
case bltestSEED_CBC:
|
||||
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
|
||||
cipherInfo->input.pBuf.len);
|
||||
return bltest_seed_init(cipherInfo, encrypt);
|
||||
break;
|
||||
case bltestRSA:
|
||||
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
|
||||
cipherInfo->input.pBuf.len);
|
||||
@ -2390,6 +2459,10 @@ cipherFinish(bltestCipherInfo *cipherInfo)
|
||||
case bltestCAMELLIA_CBC:
|
||||
Camellia_DestroyContext((CamelliaContext *)cipherInfo->cx, PR_TRUE);
|
||||
break;
|
||||
case bltestSEED_ECB:
|
||||
case bltestSEED_CBC:
|
||||
SEED_DestroyContext((SEEDContext *)cipherInfo->cx, PR_TRUE);
|
||||
break;
|
||||
case bltestRC2_ECB:
|
||||
case bltestRC2_CBC:
|
||||
RC2_DestroyContext((RC2Context *)cipherInfo->cx, PR_TRUE);
|
||||
@ -2540,6 +2613,8 @@ print_td:
|
||||
case bltestAES_CBC:
|
||||
case bltestCAMELLIA_ECB:
|
||||
case bltestCAMELLIA_CBC:
|
||||
case bltestSEED_ECB:
|
||||
case bltestSEED_CBC:
|
||||
case bltestRC2_ECB:
|
||||
case bltestRC2_CBC:
|
||||
case bltestRC4:
|
||||
@ -2683,6 +2758,7 @@ get_params(PRArenaPool *arena, bltestParams *params,
|
||||
case bltestRC2_CBC:
|
||||
case bltestAES_CBC:
|
||||
case bltestCAMELLIA_CBC:
|
||||
case bltestSEED_CBC:
|
||||
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j);
|
||||
load_file_data(arena, ¶ms->sk.iv, filename, bltestBinary);
|
||||
case bltestDES_ECB:
|
||||
@ -2691,6 +2767,7 @@ get_params(PRArenaPool *arena, bltestParams *params,
|
||||
case bltestRC4:
|
||||
case bltestAES_ECB:
|
||||
case bltestCAMELLIA_ECB:
|
||||
case bltestSEED_ECB:
|
||||
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
|
||||
load_file_data(arena, ¶ms->sk.key, filename, bltestBinary);
|
||||
break;
|
||||
|
1
security/nss/cmd/bltest/tests/seed_cbc/ciphertext0
Normal file
1
security/nss/cmd/bltest/tests/seed_cbc/ciphertext0
Normal file
@ -0,0 +1 @@
|
||||
JVdzim3if1YIcpGABasoCQ==
|
1
security/nss/cmd/bltest/tests/seed_cbc/iv0
Normal file
1
security/nss/cmd/bltest/tests/seed_cbc/iv0
Normal file
@ -0,0 +1 @@
|
||||
1234567890123456
|
1
security/nss/cmd/bltest/tests/seed_cbc/key0
Normal file
1
security/nss/cmd/bltest/tests/seed_cbc/key0
Normal file
@ -0,0 +1 @@
|
||||
fedcba9876543210
|
1
security/nss/cmd/bltest/tests/seed_cbc/numtests
Normal file
1
security/nss/cmd/bltest/tests/seed_cbc/numtests
Normal file
@ -0,0 +1 @@
|
||||
1
|
1
security/nss/cmd/bltest/tests/seed_cbc/plaintext0
Normal file
1
security/nss/cmd/bltest/tests/seed_cbc/plaintext0
Normal file
@ -0,0 +1 @@
|
||||
0123456789abcdef
|
1
security/nss/cmd/bltest/tests/seed_ecb/ciphertext0
Normal file
1
security/nss/cmd/bltest/tests/seed_ecb/ciphertext0
Normal file
@ -0,0 +1 @@
|
||||
GX8KY3uUhAQnL6XbQhXjEw==
|
1
security/nss/cmd/bltest/tests/seed_ecb/iv0
Normal file
1
security/nss/cmd/bltest/tests/seed_ecb/iv0
Normal file
@ -0,0 +1 @@
|
||||
1234567890123456
|
1
security/nss/cmd/bltest/tests/seed_ecb/key0
Normal file
1
security/nss/cmd/bltest/tests/seed_ecb/key0
Normal file
@ -0,0 +1 @@
|
||||
fedcba9876543210
|
1
security/nss/cmd/bltest/tests/seed_ecb/numtests
Normal file
1
security/nss/cmd/bltest/tests/seed_ecb/numtests
Normal file
@ -0,0 +1 @@
|
||||
1
|
1
security/nss/cmd/bltest/tests/seed_ecb/plaintext0
Normal file
1
security/nss/cmd/bltest/tests/seed_ecb/plaintext0
Normal file
@ -0,0 +1 @@
|
||||
0123456789abcdef
|
@ -803,7 +803,7 @@ ListKeysInSlot(PK11SlotInfo *slot, const char *nickName, KeyType keyType,
|
||||
keyName = NULL;
|
||||
cert = PK11_GetCertFromPrivateKey(node->key);
|
||||
if (cert) {
|
||||
if (cert->nickname && !cert->nickname[0]) {
|
||||
if (cert->nickname && cert->nickname[0]) {
|
||||
keyName = PORT_Strdup(cert->nickname);
|
||||
} else if (cert->emailAddr && cert->emailAddr[0]) {
|
||||
keyName = PORT_Strdup(cert->emailAddr);
|
||||
|
@ -49,6 +49,15 @@
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#if defined(XP_UNIX) && !defined(NO_FORK_CHECK)
|
||||
#include <unistd.h>
|
||||
#include <sys/wait.h>
|
||||
#else
|
||||
#ifndef NO_FORK_CHECK
|
||||
#define NO_FORK_CHECK
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef _WIN32
|
||||
#include <windows.h>
|
||||
#define LIB_NAME "softokn3.dll"
|
||||
@ -544,6 +553,9 @@ CK_RV PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
|
||||
CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
|
||||
CK_MECHANISM *signMech, const CK_BYTE * pData,
|
||||
CK_ULONG pDataLen);
|
||||
CK_RV PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList,
|
||||
PRBool forkAssert, CK_C_INITIALIZE_ARGS_NSS *initArgs);
|
||||
|
||||
void PKM_Help();
|
||||
void PKM_CheckPath(char *string);
|
||||
char *PKM_FilePasswd(char *pwFile);
|
||||
@ -565,14 +577,18 @@ int main(int argc, char **argv)
|
||||
char *configDir = NULL;
|
||||
char *dbPrefix = NULL;
|
||||
char *disableUnload = NULL;
|
||||
PRBool doForkTests = PR_TRUE;
|
||||
|
||||
PLOptStatus os;
|
||||
PLOptState *opt = PL_CreateOptState(argc, argv, "nvhf:d:p:");
|
||||
PLOptState *opt = PL_CreateOptState(argc, argv, "nvhf:Fd:p:");
|
||||
while (PL_OPT_EOL != (os = PL_GetNextOpt(opt)))
|
||||
{
|
||||
if (PL_OPT_BAD == os) continue;
|
||||
if (PL_OPT_BAD == os) continue;
|
||||
switch (opt->option)
|
||||
{
|
||||
case 'F': /* disable fork tests */
|
||||
doForkTests = PR_FALSE;
|
||||
break;
|
||||
case 'n': /* non fips mode */
|
||||
MODE = NONFIPSMODE;
|
||||
slotID = 1;
|
||||
@ -612,6 +628,16 @@ int main(int argc, char **argv)
|
||||
dbPrefix = strdup("");
|
||||
}
|
||||
|
||||
if (doForkTests)
|
||||
{
|
||||
/* first, try to fork without softoken loaded to make sure
|
||||
* everything is OK */
|
||||
crv = PKM_ForkCheck(123, NULL, PR_FALSE, NULL);
|
||||
if (crv != CKR_OK)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
|
||||
#ifdef _WIN32
|
||||
hModule = LoadLibrary(LIB_NAME);
|
||||
if (hModule == NULL) {
|
||||
@ -665,6 +691,16 @@ int main(int argc, char **argv)
|
||||
crv = (*pC_GetFunctionList)(&pFunctionList);
|
||||
assert(crv == CKR_OK);
|
||||
|
||||
|
||||
if (doForkTests)
|
||||
{
|
||||
/* now, try to fork with softoken loaded, but not initialized */
|
||||
crv = PKM_ForkCheck(CKR_CRYPTOKI_NOT_INITIALIZED, pFunctionList,
|
||||
PR_TRUE, NULL);
|
||||
if (crv != CKR_OK)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
initArgs.CreateMutex = NULL;
|
||||
initArgs.DestroyMutex = NULL;
|
||||
initArgs.LockMutex = NULL;
|
||||
@ -690,6 +726,21 @@ int main(int argc, char **argv)
|
||||
PKM_CK_RVtoStr(crv));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (doForkTests)
|
||||
{
|
||||
/* Disable core on fork for this test, since we are testing the
|
||||
* pathological case, and if enabled, the child process would dump
|
||||
* core in C_GetTokenInfo .
|
||||
* We can still differentiate the correct from incorrect behavior
|
||||
* by the PKCS#11 return code.
|
||||
*/
|
||||
/* try to fork with softoken both loaded and initialized */
|
||||
crv = PKM_ForkCheck(CKR_DEVICE_ERROR, pFunctionList, PR_FALSE, NULL);
|
||||
if (crv != CKR_OK)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
crv = PKM_ShowInfo(pFunctionList, slotID);
|
||||
if (crv == CKR_OK) {
|
||||
PKM_LogIt("PKM_ShowInfo succeeded\n");
|
||||
@ -868,9 +919,18 @@ int main(int argc, char **argv)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (doForkTests)
|
||||
{
|
||||
/* try to fork with softoken still loaded, but de-initialized */
|
||||
crv = PKM_ForkCheck(CKR_CRYPTOKI_NOT_INITIALIZED, pFunctionList,
|
||||
PR_TRUE, NULL);
|
||||
if (crv != CKR_OK)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (pSlotList) free(pSlotList);
|
||||
|
||||
/* demostrate how an application can be in Hybrid mode */
|
||||
/* demonstrate how an application can be in Hybrid mode */
|
||||
/* PKM_HybridMode shows how to switch between NONFIPS */
|
||||
/* mode to FIPS mode */
|
||||
|
||||
@ -884,9 +944,29 @@ int main(int argc, char **argv)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
printf("**** Total number of TESTS ran in %s is %d. ****\n",
|
||||
((MODE == FIPSMODE) ? "FIPS MODE" : "NON FIPS MODE"), (int) NUMTESTS);
|
||||
printf("**** ALL TESTS PASSED ****\n");
|
||||
if (doForkTests) {
|
||||
/* testing one more C_Initialize / C_Finalize to exercise getpid()
|
||||
* fork check code */
|
||||
crv = pFunctionList->C_Initialize(&initArgs);
|
||||
if (crv == CKR_OK) {
|
||||
PKM_LogIt("C_Initialize succeeded\n");
|
||||
} else {
|
||||
PKM_Error( "C_Initialize failed with 0x%08X, %-26s\n", crv,
|
||||
PKM_CK_RVtoStr(crv));
|
||||
goto cleanup;
|
||||
}
|
||||
crv = pFunctionList->C_Finalize(NULL);
|
||||
if (crv == CKR_OK) {
|
||||
PKM_LogIt("C_Finalize succeeded\n");
|
||||
} else {
|
||||
PKM_Error( "C_Finalize failed with 0x%08X, %-26s\n", crv,
|
||||
PKM_CK_RVtoStr(crv));
|
||||
goto cleanup;
|
||||
}
|
||||
/* try to C_Initialize / C_Finalize in child. This should succeed */
|
||||
crv = PKM_ForkCheck(CKR_OK, pFunctionList, PR_TRUE, &initArgs);
|
||||
}
|
||||
|
||||
PKM_LogIt("unloading NSS PKCS # 11 softoken and exiting\n");
|
||||
|
||||
cleanup:
|
||||
@ -912,6 +992,16 @@ cleanup:
|
||||
PR_UnloadLibrary(lib);
|
||||
}
|
||||
#endif
|
||||
if (CKR_OK == crv && doForkTests && !disableUnload) {
|
||||
/* try to fork with softoken both de-initialized and unloaded */
|
||||
crv = PKM_ForkCheck(123, NULL, PR_TRUE, NULL);
|
||||
}
|
||||
|
||||
printf("**** Total number of TESTS ran in %s is %d. ****\n",
|
||||
((MODE == FIPSMODE) ? "FIPS MODE" : "NON FIPS MODE"), (int) NUMTESTS);
|
||||
if (CKR_OK == crv) {
|
||||
printf("**** ALL TESTS PASSED ****\n");
|
||||
}
|
||||
|
||||
return crv;
|
||||
}
|
||||
@ -5315,9 +5405,11 @@ void PKM_Help()
|
||||
PRFileDesc *debug_out = PR_GetSpecialFD(PR_StandardError);
|
||||
PR_fprintf(debug_out, "pk11mode test program usage:\n");
|
||||
PR_fprintf(debug_out, "\t-f <file> Password File : echo pw > file \n");
|
||||
PR_fprintf(debug_out, "\t-F Disable Unix fork tests\n");
|
||||
PR_fprintf(debug_out, "\t-n Non Fips Mode \n");
|
||||
PR_fprintf(debug_out, "\t-d <path> Database path location\n");
|
||||
PR_fprintf(debug_out, "\t-p <prefix> DataBase prefix\n");
|
||||
PR_fprintf(debug_out, "\t-v verbose\n");
|
||||
PR_fprintf(debug_out, "\t-h this help message\n");
|
||||
exit(1);
|
||||
}
|
||||
@ -5342,3 +5434,69 @@ void PKM_CheckPath(char *string)
|
||||
*dest = 0;
|
||||
|
||||
}
|
||||
|
||||
CK_RV PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList,
|
||||
PRBool forkAssert, CK_C_INITIALIZE_ARGS_NSS *initArgs)
|
||||
{
|
||||
CK_RV crv = CKR_OK;
|
||||
#ifndef NO_FORK_CHECK
|
||||
int rc = -1;
|
||||
int retStatus = 0;
|
||||
NUMTESTS++; /* increment NUMTESTS */
|
||||
if (forkAssert) {
|
||||
putenv("NSS_STRICT_NOFORK=1");
|
||||
} else {
|
||||
putenv("NSS_STRICT_NOFORK=0");
|
||||
}
|
||||
pid_t child = fork();
|
||||
switch (child) {
|
||||
case -1:
|
||||
PKM_Error("Fork failed.\n");
|
||||
crv = CKR_DEVICE_ERROR;
|
||||
break;
|
||||
case 0:
|
||||
if (fList) {
|
||||
if (!initArgs) {
|
||||
/* If softoken is loaded, make a PKCS#11 call to C_GetTokenInfo
|
||||
* in the child. This call should always fail.
|
||||
* If softoken is uninitialized,
|
||||
* it fails with CKR_CRYPTOKI_NOT_INITIALIZED.
|
||||
* If it was initialized in the parent, the fork check should
|
||||
* kick in, and make it return CKR_DEVICE_ERROR.
|
||||
*/
|
||||
CK_RV child_crv = fList->C_GetTokenInfo(NULL, NULL);
|
||||
exit(child_crv & 255);
|
||||
} else {
|
||||
/* If softoken is loaded, make a PKCS#11 call to C_Initialize
|
||||
* in the child. This call should always fail.
|
||||
* If softoken is uninitialized, this should succeed.
|
||||
* If it was initialized in the parent, the fork check should
|
||||
* kick in, and make it return CKR_DEVICE_ERROR.
|
||||
*/
|
||||
CK_RV child_crv = fList->C_Initialize(initArgs);
|
||||
if (CKR_OK == child_crv) {
|
||||
child_crv = fList->C_Finalize(NULL);
|
||||
}
|
||||
exit(child_crv & 255);
|
||||
}
|
||||
}
|
||||
exit(expected & 255);
|
||||
default:
|
||||
PKM_LogIt("Fork succeeded.\n");
|
||||
pid_t ret = wait(&rc);
|
||||
if (ret != child || (!WIFEXITED(rc)) ||
|
||||
( (expected & 255) != (WEXITSTATUS(rc) & 255)) ) {
|
||||
int retstatus = -1;
|
||||
if (WIFEXITED(rc)) {
|
||||
retStatus = WEXITSTATUS(rc);
|
||||
}
|
||||
PKM_Error("Child misbehaved.\n");
|
||||
printf("Child return status : %d.\n", retStatus & 255);
|
||||
crv = CKR_DEVICE_ERROR;
|
||||
}
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
return crv;
|
||||
}
|
||||
|
||||
|
@ -74,6 +74,12 @@ endif
|
||||
|
||||
SQLITE=-lsqlite3
|
||||
|
||||
ifdef NSS_DISABLE_DBM
|
||||
DBMLIB = $(NULL)
|
||||
else
|
||||
DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX)
|
||||
endif
|
||||
|
||||
ifdef USE_STATIC_LIBS
|
||||
|
||||
# can't do this in manifest.mn because OS_ARCH isn't defined there.
|
||||
@ -117,13 +123,13 @@ EXTRA_LIBS += \
|
||||
$(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
|
||||
$(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX) \
|
||||
$(CRYPTOLIB) \
|
||||
$(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \
|
||||
$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
|
||||
$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
|
||||
$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
|
||||
$(PKIXLIB) \
|
||||
$(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \
|
||||
$(DBMLIB) \
|
||||
$(DIST)/lib/$(LIB_PREFIX)sqlite3.$(LIB_SUFFIX) \
|
||||
$(DIST)/lib/$(LIB_PREFIX)nssutil3.$(LIB_SUFFIX) \
|
||||
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \
|
||||
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \
|
||||
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \
|
||||
@ -180,8 +186,7 @@ EXTRA_LIBS += \
|
||||
$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
|
||||
$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
|
||||
$(CRYPTOLIB) \
|
||||
$(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \
|
||||
$(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \
|
||||
$(DBMLIB) \
|
||||
$(PKIXLIB) \
|
||||
$(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
|
||||
$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
|
||||
@ -197,6 +202,7 @@ endif
|
||||
EXTRA_SHARED_LIBS += \
|
||||
-L$(DIST)/lib \
|
||||
$(SQLITE) \
|
||||
-lnssutil3 \
|
||||
-L$(NSPR_LIB_DIR) \
|
||||
-lplc4 \
|
||||
-lplds4 \
|
||||
|
@ -56,7 +56,25 @@ include $(CORE_DEPTH)/coreconf/config.mk
|
||||
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
|
||||
#######################################################################
|
||||
|
||||
include ../platlibs.mk
|
||||
ifeq ($(OS_ARCH), WINNT)
|
||||
|
||||
EXTRA_LIBS += \
|
||||
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \
|
||||
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \
|
||||
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \
|
||||
$(NULL)
|
||||
|
||||
else
|
||||
|
||||
EXTRA_SHARED_LIBS += \
|
||||
-L$(NSPR_LIB_DIR) \
|
||||
-lplc4 \
|
||||
-lplds4 \
|
||||
-lnspr4 \
|
||||
$(NULL)
|
||||
|
||||
endif
|
||||
|
||||
|
||||
# sign any and all shared libraries that contain the word freebl
|
||||
|
||||
|
@ -56,7 +56,25 @@ include $(CORE_DEPTH)/coreconf/config.mk
|
||||
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
|
||||
#######################################################################
|
||||
|
||||
include ../../platlibs.mk
|
||||
ifeq ($(OS_ARCH), WINNT)
|
||||
|
||||
EXTRA_LIBS += \
|
||||
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \
|
||||
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \
|
||||
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \
|
||||
$(NULL)
|
||||
|
||||
else
|
||||
|
||||
EXTRA_SHARED_LIBS += \
|
||||
-L$(NSPR_LIB_DIR) \
|
||||
-lplc4 \
|
||||
-lplds4 \
|
||||
-lnspr4 \
|
||||
$(NULL)
|
||||
|
||||
endif
|
||||
|
||||
|
||||
|
||||
#######################################################################
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -85,12 +85,12 @@ ListCerts(char *key, int list_certs)
|
||||
|
||||
num_trav_certs = 0;
|
||||
|
||||
/* Traverse non-internal DBs */
|
||||
/* Traverse ALL tokens in all slots, authenticating to them all */
|
||||
rv = PK11_TraverseSlotCerts(cert_trav_callback, (void * )&list_certs,
|
||||
&pwdata);
|
||||
|
||||
if (rv) {
|
||||
PR_fprintf(outputFD, "**Traverse of non-internal DBs failed**\n");
|
||||
PR_fprintf(outputFD, "**Traverse of ALL slots & tokens failed**\n");
|
||||
return - 1;
|
||||
}
|
||||
|
||||
@ -180,96 +180,67 @@ ListCerts(char *key, int list_certs)
|
||||
static SECStatus
|
||||
cert_trav_callback(CERTCertificate *cert, SECItem *k, void *data)
|
||||
{
|
||||
int isSigningCert;
|
||||
int list_certs = 1;
|
||||
|
||||
char *name, *issuerCN, *expires;
|
||||
CERTCertificate * issuerCert = NULL;
|
||||
char *name;
|
||||
|
||||
if (data) {
|
||||
list_certs = *((int * )data);
|
||||
}
|
||||
|
||||
if (cert->nickname) {
|
||||
name = cert->nickname;
|
||||
#define LISTING_USER_SIGNING_CERTS (list_certs == 1)
|
||||
#define LISTING_ALL_CERTS (list_certs == 2)
|
||||
|
||||
name = cert->nickname;
|
||||
if (name) {
|
||||
int isSigningCert;
|
||||
|
||||
isSigningCert = cert->nsCertType & NS_CERT_TYPE_OBJECT_SIGNING;
|
||||
issuerCert = CERT_FindCertIssuer (cert, PR_Now(), certUsageObjectSigner);
|
||||
issuerCN = CERT_GetCommonName (&cert->issuer);
|
||||
|
||||
if (!isSigningCert && list_certs == 1)
|
||||
if (!isSigningCert && LISTING_USER_SIGNING_CERTS)
|
||||
return (SECSuccess);
|
||||
|
||||
/* Add this name or email to list */
|
||||
/* Display this name or email address */
|
||||
num_trav_certs++;
|
||||
|
||||
if (name) {
|
||||
int rv;
|
||||
if (LISTING_ALL_CERTS) {
|
||||
PR_fprintf(outputFD, "%s ", isSigningCert ? "*" : " ");
|
||||
}
|
||||
PR_fprintf(outputFD, "%s\n", name);
|
||||
|
||||
num_trav_certs++;
|
||||
if (list_certs == 2) {
|
||||
PR_fprintf(outputFD, "%s ", isSigningCert ? "*" : " ");
|
||||
if (LISTING_USER_SIGNING_CERTS) {
|
||||
int rv = SECFailure;
|
||||
if (rv) {
|
||||
CERTCertificate * issuerCert;
|
||||
issuerCert = CERT_FindCertIssuer(cert, PR_Now(),
|
||||
certUsageObjectSigner);
|
||||
if (issuerCert) {
|
||||
if (issuerCert->nickname && issuerCert->nickname[0]) {
|
||||
PR_fprintf(outputFD, " Issued by: %s\n",
|
||||
issuerCert->nickname);
|
||||
rv = SECSuccess;
|
||||
}
|
||||
CERT_DestroyCertificate(issuerCert);
|
||||
}
|
||||
}
|
||||
PR_fprintf(outputFD, "%s\n", name);
|
||||
|
||||
if (list_certs == 1) {
|
||||
if (issuerCert == NULL) {
|
||||
PR_fprintf(outputFD,
|
||||
"\t++ Error ++ Unable to find issuer certificate\n");
|
||||
return SECSuccess;
|
||||
/*function was a success even if cert is bogus*/
|
||||
}
|
||||
if (issuerCN == NULL)
|
||||
PR_fprintf(outputFD, " Issued by: %s\n",
|
||||
issuerCert->nickname);
|
||||
else
|
||||
PR_fprintf(outputFD,
|
||||
" Issued by: %s (%s)\n", issuerCert->nickname,
|
||||
issuerCN);
|
||||
|
||||
if (rv && cert->issuerName && cert->issuerName[0]) {
|
||||
PR_fprintf(outputFD, " Issued by: %s \n", cert->issuerName);
|
||||
}
|
||||
{
|
||||
char *expires;
|
||||
expires = DER_TimeChoiceDayToAscii(&cert->validity.notAfter);
|
||||
|
||||
if (expires)
|
||||
if (expires) {
|
||||
PR_fprintf(outputFD, " Expires: %s\n", expires);
|
||||
|
||||
rv = CERT_CertTimesValid (cert);
|
||||
|
||||
if (rv != SECSuccess)
|
||||
PR_fprintf(outputFD,
|
||||
" ++ Error ++ THIS CERTIFICATE IS EXPIRED\n");
|
||||
|
||||
if (rv == SECSuccess) {
|
||||
rv = CERT_VerifyCertNow (cert->dbhandle, cert,
|
||||
PR_TRUE, certUsageObjectSigner, &pwdata);
|
||||
|
||||
if (rv != SECSuccess) {
|
||||
rv = PORT_GetError();
|
||||
PR_fprintf(outputFD,
|
||||
" ++ Error ++ THIS CERTIFICATE IS NOT VALID (%s)\n",
|
||||
secErrorString(rv));
|
||||
}
|
||||
PORT_Free(expires);
|
||||
}
|
||||
}
|
||||
|
||||
expires = DER_TimeChoiceDayToAscii(&issuerCert->validity.notAfter);
|
||||
if (expires == NULL)
|
||||
expires = "(unknown)";
|
||||
rv = CERT_VerifyCertNow (cert->dbhandle, cert,
|
||||
PR_TRUE, certUsageObjectSigner, &pwdata);
|
||||
|
||||
rv = CERT_CertTimesValid (issuerCert);
|
||||
|
||||
if (rv != SECSuccess)
|
||||
PR_fprintf(outputFD,
|
||||
" ++ Error ++ ISSUER CERT \"%s\" EXPIRED ON %s\n",
|
||||
issuerCert->nickname, expires);
|
||||
|
||||
if (rv == SECSuccess) {
|
||||
rv = CERT_VerifyCertNow (issuerCert->dbhandle, issuerCert,
|
||||
PR_TRUE, certUsageVerifyCA, &pwdata);
|
||||
if (rv != SECSuccess) {
|
||||
rv = PORT_GetError();
|
||||
PR_fprintf(outputFD,
|
||||
" ++ Error ++ ISSUER CERT \"%s\" IS NOT VALID (%s)\n",
|
||||
issuerCert->nickname, secErrorString(rv));
|
||||
}
|
||||
}
|
||||
if (rv != SECSuccess) {
|
||||
rv = PORT_GetError();
|
||||
PR_fprintf(outputFD,
|
||||
" ++ Error ++ THIS CERTIFICATE IS NOT VALID (%s)\n",
|
||||
secErrorString(rv));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1035,18 +1035,23 @@ main(int argc, char **argv)
|
||||
/* loop over all the slots */
|
||||
PK11SlotList *slotList = PK11_GetAllTokens(CKM_INVALID_MECHANISM,
|
||||
PR_FALSE, PR_FALSE, &pwdata);
|
||||
PK11SlotListElement *se;
|
||||
|
||||
if (slotList == NULL) {
|
||||
PR_fprintf(PR_STDERR, "%s: No tokens found\n",progName);
|
||||
}
|
||||
for (se = PK11_GetFirstSafe(slotList); se;
|
||||
se=PK11_GetNextSafe(slotList,se, PR_FALSE)) {
|
||||
rv = ListKeys(se->slot,&printLabel,&pwdata);
|
||||
if (rv !=SECSuccess) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
PK11SlotListElement *se;
|
||||
for (se = PK11_GetFirstSafe(slotList); se;
|
||||
se=PK11_GetNextSafe(slotList,se, PR_FALSE)) {
|
||||
rv = ListKeys(se->slot,&printLabel,&pwdata);
|
||||
if (rv !=SECSuccess) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (se) {
|
||||
SECStatus rv2 = PK11_FreeSlotListElement(slotList, se);
|
||||
PORT_Assert(SECSuccess == rv2);
|
||||
}
|
||||
PK11_FreeSlotList(slotList);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -81,7 +81,8 @@ static void
|
||||
Usage(const char *progName)
|
||||
{
|
||||
fprintf(stderr,
|
||||
"Usage: %s [options] certfile [[options] certfile] ...\n"
|
||||
"Usage: %s [options] [revocation options] certfile "
|
||||
"[[options] certfile] ...\n"
|
||||
"\tWhere options are:\n"
|
||||
"\t-a\t\t Following certfile is base64 encoded\n"
|
||||
"\t-b YYMMDDHHMMZ\t Validate date (default: now)\n"
|
||||
@ -92,19 +93,29 @@ Usage(const char *progName)
|
||||
"\t\t\t * CERT_VerifyCertificate if specified once,\n"
|
||||
"\t\t\t * CERT_PKIXVerifyCert if specified twice and more.\n"
|
||||
"\t-r\t\t Following certfile is raw binary DER (default)\n"
|
||||
"\t-s\t\t Status checking, following a configuration description.\n"
|
||||
"\t\t\t Implemented as of today are:\n"
|
||||
"\t\t\t * allow-crl (default)\n"
|
||||
"\t\t\t * allow-crl-and-ocsp\n"
|
||||
"\t-t\t\t Following cert is explicitly trusted (overrides db trust).\n"
|
||||
"\t-u usage \t 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA,\n"
|
||||
"\t\t\t 4=Email signer, 5=Email recipient, 6=Object signer,\n"
|
||||
"\t\t\t 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA\n"
|
||||
"\t-v\t\t Verbose mode. Prints root cert subject(double the\n"
|
||||
"\t\t\t argument for whole root cert info)\n"
|
||||
"\t-w password\t Database password.\n",
|
||||
"\t-W pwfile\t Password file.\n",
|
||||
progName);
|
||||
"\t-w password\t Database password.\n"
|
||||
"\t-W pwfile\t Password file.\n\n"
|
||||
"\tRevocation options for PKIX API(invoked with -pp options) is a\n"
|
||||
"\tcollection of the following flags:\n"
|
||||
"\t\t[-g type [-h flags] [-m type [-s flags]] ...] ...\n"
|
||||
"\tWhere:\n"
|
||||
"\t-g test type\t Sets status checking test type. Possible values\n"
|
||||
"\t\t\tare \"leaf\" or \"chain\"\n"
|
||||
"\t-h test flags\t Sets revocation flags for the test type it\n"
|
||||
"\t\t\tfollows. Possible flags: \"testLocalInfoFirst\" and\n"
|
||||
"\t\t\t\"requireFreshInfo\".\n"
|
||||
"\t-m method type\t Sets method type for the test type it follows.\n"
|
||||
"\t\t\tPossible types are \"crl\" and \"ocsp\".\n"
|
||||
"\t-s method flags\t Sets revocation flags for the method it follows.\n"
|
||||
"\t\t\tPossible types are \"doNotUse\", \"forbidFetching\",\n"
|
||||
"\t\t\t\"ignoreDefaultSrc\", \"requireInfo\" and \"failInNoInfo\".\n",
|
||||
progName);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
@ -229,18 +240,194 @@ getCert(const char *name, PRBool isAscii, const char * progName)
|
||||
return cert;
|
||||
}
|
||||
|
||||
#define REVCONFIG_ALLOW_CRL "allow-crl"
|
||||
#define REVCONFIG_ALLOW_CRL_OCSP "allow-crl-and-ocsp"
|
||||
|
||||
#define REVCONFIG_TEST_UNDEFINED 0
|
||||
#define REVCONFIG_TEST_LEAF 1
|
||||
#define REVCONFIG_TEST_CHAIN 2
|
||||
#define REVCONFIG_METHOD_CRL 1
|
||||
#define REVCONFIG_METHOD_OCSP 2
|
||||
|
||||
#define REVCONFIG_TEST_LEAF_STR "leaf"
|
||||
#define REVCONFIG_TEST_CHAIN_STR "chain"
|
||||
#define REVCONFIG_METHOD_CRL_STR "crl"
|
||||
#define REVCONFIG_METHOD_OCSP_STR "ocsp"
|
||||
|
||||
#define REVCONFIG_TEST_TESTLOCALINFOFIRST_STR "testLocalInfoFirst"
|
||||
#define REVCONFIG_TEST_REQUIREFRESHINFO_STR "requireFreshInfo"
|
||||
#define REVCONFIG_METHOD_DONOTUSEMETHOD_STR "doNotUse"
|
||||
#define REVCONFIG_METHOD_FORBIDNETWORKFETCHIN_STR "forbidFetching"
|
||||
#define REVCONFIG_METHOD_IGNOREDEFAULTSRC_STR "ignoreDefaultSrc"
|
||||
#define REVCONFIG_METHOD_REQUIREINFO_STR "requireInfo"
|
||||
#define REVCONFIG_METHOD_FAILIFNOINFO_STR "failInNoInfo"
|
||||
|
||||
#define REV_METHOD_INDEX_MAX 4
|
||||
|
||||
typedef struct RevMethodsStruct {
|
||||
uint testType;
|
||||
char *testTypeStr;
|
||||
uint testFlags;
|
||||
char *testFlagsStr;
|
||||
uint methodType;
|
||||
char *methodTypeStr;
|
||||
uint methodFlags;
|
||||
char *methodFlagsStr;
|
||||
} RevMethods;
|
||||
|
||||
RevMethods revMethodsData[REV_METHOD_INDEX_MAX];
|
||||
|
||||
SECStatus
|
||||
parseRevMethodsAndFlags()
|
||||
{
|
||||
int i;
|
||||
uint testType = 0;
|
||||
|
||||
for(i = 0;i < REV_METHOD_INDEX_MAX;i++) {
|
||||
/* testType */
|
||||
if (revMethodsData[i].testTypeStr) {
|
||||
char *typeStr = revMethodsData[i].testTypeStr;
|
||||
|
||||
testType = 0;
|
||||
if (!PORT_Strcmp(typeStr, REVCONFIG_TEST_LEAF_STR)) {
|
||||
testType = REVCONFIG_TEST_LEAF;
|
||||
} else if (!PORT_Strcmp(typeStr, REVCONFIG_TEST_CHAIN_STR)) {
|
||||
testType = REVCONFIG_TEST_CHAIN;
|
||||
}
|
||||
}
|
||||
if (!testType) {
|
||||
return SECFailure;
|
||||
}
|
||||
revMethodsData[i].testType = testType;
|
||||
/* testFlags */
|
||||
if (revMethodsData[i].testFlagsStr) {
|
||||
char *flagStr = revMethodsData[i].testFlagsStr;
|
||||
uint testFlags = 0;
|
||||
|
||||
if (PORT_Strstr(flagStr, REVCONFIG_TEST_TESTLOCALINFOFIRST_STR)) {
|
||||
testFlags |= CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST;
|
||||
}
|
||||
if (PORT_Strstr(flagStr, REVCONFIG_TEST_REQUIREFRESHINFO_STR)) {
|
||||
testFlags |= CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE;
|
||||
}
|
||||
revMethodsData[i].testFlags = testFlags;
|
||||
}
|
||||
/* method type */
|
||||
if (revMethodsData[i].methodTypeStr) {
|
||||
char *methodStr = revMethodsData[i].methodTypeStr;
|
||||
uint methodType = 0;
|
||||
|
||||
if (!PORT_Strcmp(methodStr, REVCONFIG_METHOD_CRL_STR)) {
|
||||
methodType = REVCONFIG_METHOD_CRL;
|
||||
} else if (!PORT_Strcmp(methodStr, REVCONFIG_METHOD_OCSP_STR)) {
|
||||
methodType = REVCONFIG_METHOD_OCSP;
|
||||
}
|
||||
if (!methodType) {
|
||||
return SECFailure;
|
||||
}
|
||||
revMethodsData[i].methodType = methodType;
|
||||
}
|
||||
if (!revMethodsData[i].methodType) {
|
||||
revMethodsData[i].testType = REVCONFIG_TEST_UNDEFINED;
|
||||
continue;
|
||||
}
|
||||
/* method flags */
|
||||
if (revMethodsData[i].methodFlagsStr) {
|
||||
char *flagStr = revMethodsData[i].methodFlagsStr;
|
||||
uint methodFlags = 0;
|
||||
|
||||
if (!PORT_Strstr(flagStr, REVCONFIG_METHOD_DONOTUSEMETHOD_STR)) {
|
||||
methodFlags |= CERT_REV_M_TEST_USING_THIS_METHOD;
|
||||
}
|
||||
if (PORT_Strstr(flagStr,
|
||||
REVCONFIG_METHOD_FORBIDNETWORKFETCHIN_STR)) {
|
||||
methodFlags |= CERT_REV_M_FORBID_NETWORK_FETCHING;
|
||||
}
|
||||
if (PORT_Strstr(flagStr, REVCONFIG_METHOD_IGNOREDEFAULTSRC_STR)) {
|
||||
methodFlags |= CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE;
|
||||
}
|
||||
if (PORT_Strstr(flagStr, REVCONFIG_METHOD_REQUIREINFO_STR)) {
|
||||
methodFlags |= CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE;
|
||||
}
|
||||
if (PORT_Strstr(flagStr, REVCONFIG_METHOD_FAILIFNOINFO_STR)) {
|
||||
methodFlags |= CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO;
|
||||
}
|
||||
revMethodsData[i].methodFlags = methodFlags;
|
||||
} else {
|
||||
revMethodsData[i].methodFlags |= CERT_REV_M_TEST_USING_THIS_METHOD;
|
||||
}
|
||||
}
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
SECStatus
|
||||
configureRevocationParams(CERTRevocationFlags *flags)
|
||||
{
|
||||
int i;
|
||||
uint testType = REVCONFIG_TEST_UNDEFINED;
|
||||
static CERTRevocationTests *revTests = NULL;
|
||||
PRUint64 *revFlags;
|
||||
|
||||
for(i = 0;i < REV_METHOD_INDEX_MAX;i++) {
|
||||
if (revMethodsData[i].testType == REVCONFIG_TEST_UNDEFINED) {
|
||||
continue;
|
||||
}
|
||||
if (revMethodsData[i].testType != testType) {
|
||||
testType = revMethodsData[i].testType;
|
||||
if (testType == REVCONFIG_TEST_CHAIN) {
|
||||
revTests = &flags->chainTests;
|
||||
} else {
|
||||
revTests = &flags->leafTests;
|
||||
}
|
||||
revTests->number_of_preferred_methods = 0;
|
||||
revTests->preferred_methods = 0;
|
||||
revFlags = revTests->cert_rev_flags_per_method;
|
||||
}
|
||||
/* Set the number of the methods independently to the max number of
|
||||
* methods. If method flags are not set it will be ignored due to
|
||||
* default DO_NOT_USE flag. */
|
||||
revTests->number_of_defined_methods = cert_revocation_method_count;
|
||||
revTests->cert_rev_method_independent_flags |=
|
||||
revMethodsData[i].testFlags;
|
||||
if (revMethodsData[i].methodType == REVCONFIG_METHOD_CRL) {
|
||||
revFlags[cert_revocation_method_crl] =
|
||||
revMethodsData[i].methodFlags;
|
||||
} else if (revMethodsData[i].methodType == REVCONFIG_METHOD_OCSP) {
|
||||
revFlags[cert_revocation_method_ocsp] =
|
||||
revMethodsData[i].methodFlags;
|
||||
}
|
||||
}
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
void
|
||||
freeRevocationMethodData()
|
||||
{
|
||||
int i = 0;
|
||||
for(;i < REV_METHOD_INDEX_MAX;i++) {
|
||||
if (revMethodsData[i].testTypeStr) {
|
||||
PORT_Free(revMethodsData[i].testTypeStr);
|
||||
}
|
||||
if (revMethodsData[i].testFlagsStr) {
|
||||
PORT_Free(revMethodsData[i].testFlagsStr);
|
||||
}
|
||||
if (revMethodsData[i].methodTypeStr) {
|
||||
PORT_Free(revMethodsData[i].methodTypeStr);
|
||||
}
|
||||
if (revMethodsData[i].methodFlagsStr) {
|
||||
PORT_Free(revMethodsData[i].methodFlagsStr);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
PRBool
|
||||
isAllowedRevConfig(const char *name)
|
||||
isOCSPEnabled()
|
||||
{
|
||||
if (strcmp(REVCONFIG_ALLOW_CRL, name) == 0)
|
||||
return PR_TRUE;
|
||||
|
||||
if (strcmp(REVCONFIG_ALLOW_CRL_OCSP, name) == 0)
|
||||
return PR_TRUE;
|
||||
int i;
|
||||
|
||||
for(i = 0;i < REV_METHOD_INDEX_MAX;i++) {
|
||||
if (revMethodsData[i].methodType == REVCONFIG_METHOD_OCSP) {
|
||||
return PR_TRUE;
|
||||
}
|
||||
}
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
||||
@ -266,14 +453,16 @@ main(int argc, char *argv[], char *envp[])
|
||||
int usage;
|
||||
CERTVerifyLog log;
|
||||
CERTCertList *builtChain = NULL;
|
||||
char * revConfig = NULL;
|
||||
PRBool certFetching = PR_FALSE;
|
||||
int revDataIndex = 0;
|
||||
PRBool ocsp_fetchingFailureIsAFailure = PR_TRUE;
|
||||
PRBool useDefaultRevFlags = PR_TRUE;
|
||||
|
||||
PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
|
||||
|
||||
progName = PL_strdup(argv[0]);
|
||||
|
||||
optstate = PL_CreateOptState(argc, argv, "ab:d:fo:prs:tu:vw:W:");
|
||||
optstate = PL_CreateOptState(argc, argv, "ab:c:d:efg:h:m:o:prs:tu:vw:W:");
|
||||
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
|
||||
switch(optstate->option) {
|
||||
case 0 : /* positional parameter */ goto breakout;
|
||||
@ -281,11 +470,44 @@ main(int argc, char *argv[], char *envp[])
|
||||
case 'b' : secStatus = DER_AsciiToTime(&time, optstate->value);
|
||||
if (secStatus != SECSuccess) Usage(progName); break;
|
||||
case 'd' : certDir = PL_strdup(optstate->value); break;
|
||||
case 'e' : ocsp_fetchingFailureIsAFailure = PR_FALSE; break;
|
||||
case 'f' : certFetching = PR_TRUE; break;
|
||||
case 'g' :
|
||||
if (revMethodsData[revDataIndex].testTypeStr ||
|
||||
revMethodsData[revDataIndex].methodTypeStr) {
|
||||
revDataIndex += 1;
|
||||
if (revDataIndex == REV_METHOD_INDEX_MAX) {
|
||||
fprintf(stderr, "Invalid revocation configuration"
|
||||
"specified.\n");
|
||||
secStatus = SECFailure;
|
||||
break;
|
||||
}
|
||||
}
|
||||
useDefaultRevFlags = PR_FALSE;
|
||||
revMethodsData[revDataIndex].
|
||||
testTypeStr = PL_strdup(optstate->value); break;
|
||||
case 'h' :
|
||||
revMethodsData[revDataIndex].
|
||||
testFlagsStr = PL_strdup(optstate->value);break;
|
||||
case 'm' :
|
||||
if (revMethodsData[revDataIndex].methodTypeStr) {
|
||||
revDataIndex += 1;
|
||||
if (revDataIndex == REV_METHOD_INDEX_MAX) {
|
||||
fprintf(stderr, "Invalid revocation configuration"
|
||||
"specified.\n");
|
||||
secStatus = SECFailure;
|
||||
break;
|
||||
}
|
||||
}
|
||||
useDefaultRevFlags = PR_FALSE;
|
||||
revMethodsData[revDataIndex].
|
||||
methodTypeStr = PL_strdup(optstate->value); break;
|
||||
case 'o' : oidStr = PL_strdup(optstate->value); break;
|
||||
case 'p' : usePkix += 1; break;
|
||||
case 'r' : isAscii = PR_FALSE; break;
|
||||
case 's' : revConfig = PL_strdup(optstate->value); break;
|
||||
case 's' :
|
||||
revMethodsData[revDataIndex].
|
||||
methodFlagsStr = PL_strdup(optstate->value); break;
|
||||
case 't' : trusted = PR_TRUE; break;
|
||||
case 'u' : usage = PORT_Atoi(optstate->value);
|
||||
if (usage < 0 || usage > 62) Usage(progName);
|
||||
@ -322,7 +544,7 @@ breakout:
|
||||
}
|
||||
}
|
||||
|
||||
if (revConfig && !isAllowedRevConfig(revConfig)) {
|
||||
if (!useDefaultRevFlags && parseRevMethodsAndFlags()) {
|
||||
fprintf(stderr, "Invalid revocation configuration specified.\n");
|
||||
goto punt;
|
||||
}
|
||||
@ -343,9 +565,12 @@ breakout:
|
||||
exitErr("NSS_Init");
|
||||
}
|
||||
SECU_RegisterDynamicOids();
|
||||
if (revConfig && strcmp(REVCONFIG_ALLOW_CRL_OCSP, revConfig) == 0) {
|
||||
if (isOCSPEnabled()) {
|
||||
CERT_EnableOCSPChecking(CERT_GetDefaultCertDB());
|
||||
CERT_DisableOCSPDefaultResponder(CERT_GetDefaultCertDB());
|
||||
if (!ocsp_fetchingFailureIsAFailure) {
|
||||
CERT_SetOCSPFailureMode(ocspMode_FailureIsNotAVerificationFailure);
|
||||
}
|
||||
}
|
||||
|
||||
while (status == PL_OPT_OK) {
|
||||
@ -401,8 +626,9 @@ breakout:
|
||||
static CERTValInParam cvin[6];
|
||||
SECOidTag oidTag;
|
||||
int inParamIndex = 0;
|
||||
static PRUint64 revFlagsLeaf[2];
|
||||
static PRUint64 revFlagsChain[2];
|
||||
static CERTRevocationFlags rev;
|
||||
static PRUint64 revFlags[2];
|
||||
|
||||
if (oidStr) {
|
||||
PRArenaPool *arena;
|
||||
@ -458,32 +684,14 @@ breakout:
|
||||
cvin[inParamIndex].value.scalar.time = time;
|
||||
inParamIndex++;
|
||||
|
||||
revFlags[cert_revocation_method_crl] =
|
||||
CERT_REV_M_TEST_USING_THIS_METHOD;
|
||||
rev.leafTests.number_of_defined_methods =
|
||||
cert_revocation_method_crl +1;
|
||||
rev.chainTests.number_of_defined_methods =
|
||||
cert_revocation_method_crl +1;
|
||||
|
||||
if (revConfig && strcmp(REVCONFIG_ALLOW_CRL_OCSP, revConfig) == 0) {
|
||||
revFlags[cert_revocation_method_ocsp] =
|
||||
CERT_REV_M_TEST_USING_THIS_METHOD;
|
||||
rev.leafTests.number_of_defined_methods =
|
||||
cert_revocation_method_ocsp +1;
|
||||
rev.chainTests.number_of_defined_methods =
|
||||
cert_revocation_method_ocsp +1;
|
||||
rev.leafTests.cert_rev_flags_per_method = revFlagsLeaf;
|
||||
rev.chainTests.cert_rev_flags_per_method = revFlagsChain;
|
||||
secStatus = configureRevocationParams(&rev);
|
||||
if (secStatus) {
|
||||
fprintf(stderr, "Can not config revocation parameters ");
|
||||
break;
|
||||
}
|
||||
|
||||
rev.leafTests.cert_rev_flags_per_method = revFlags;
|
||||
rev.leafTests.number_of_preferred_methods = 0;
|
||||
rev.leafTests.preferred_methods = 0;
|
||||
rev.leafTests.cert_rev_method_independent_flags = 0;
|
||||
|
||||
rev.chainTests.cert_rev_flags_per_method = revFlags;
|
||||
rev.chainTests.number_of_preferred_methods = 0;
|
||||
rev.chainTests.preferred_methods = 0;
|
||||
rev.chainTests.cert_rev_method_independent_flags = 0;
|
||||
|
||||
cvin[inParamIndex].type = cert_pi_revocationFlags;
|
||||
cvin[inParamIndex].value.pointer.revocation = &rev;
|
||||
inParamIndex++;
|
||||
@ -569,7 +777,7 @@ punt:
|
||||
PORT_Free(progName);
|
||||
PORT_Free(certDir);
|
||||
PORT_Free(oidStr);
|
||||
PORT_Free(revConfig);
|
||||
freeRevocationMethodData();
|
||||
if (pwdata.data) {
|
||||
PORT_Free(pwdata.data);
|
||||
}
|
||||
|
@ -37,7 +37,7 @@
|
||||
/*
|
||||
* cert.h - public data structures and prototypes for the certificate library
|
||||
*
|
||||
* $Id: cert.h,v 1.74 2008/08/04 22:31:54 nelson%bolyard.com Exp $
|
||||
* $Id: cert.h,v 1.75 2008/11/21 21:02:38 wtc%google.com Exp $
|
||||
*/
|
||||
|
||||
#ifndef _CERT_H_
|
||||
@ -1108,7 +1108,7 @@ char *CERT_FixupEmailAddr(const char *emailAddr);
|
||||
|
||||
/* decode string representation of trust flags into trust struct */
|
||||
SECStatus
|
||||
CERT_DecodeTrustString(CERTCertTrust *trust, char *trusts);
|
||||
CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts);
|
||||
|
||||
/* encode trust struct into string representation of trust flags */
|
||||
char *
|
||||
|
@ -38,7 +38,7 @@
|
||||
/*
|
||||
* Certificate handling code
|
||||
*
|
||||
* $Id: certdb.c,v 1.92 2008/05/16 03:38:39 nelson%bolyard.com Exp $
|
||||
* $Id: certdb.c,v 1.95 2008/12/02 23:24:48 nelson%bolyard.com Exp $
|
||||
*/
|
||||
|
||||
#include "nssilock.h"
|
||||
@ -52,7 +52,6 @@
|
||||
#include "genname.h"
|
||||
#include "keyhi.h"
|
||||
#include "secitem.h"
|
||||
#include "mcom_db.h"
|
||||
#include "certdb.h"
|
||||
#include "prprf.h"
|
||||
#include "sechash.h"
|
||||
@ -2107,7 +2106,56 @@ CERT_DestroyCrl (CERTSignedCrl *crl)
|
||||
SEC_DestroyCrl (crl);
|
||||
}
|
||||
|
||||
static int
|
||||
cert_Version(CERTCertificate *cert)
|
||||
{
|
||||
int version = 0;
|
||||
if (cert && cert->version.data && cert->version.len) {
|
||||
version = DER_GetInteger(&cert->version);
|
||||
if (version < 0)
|
||||
version = 0;
|
||||
}
|
||||
return version;
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
cert_ComputeTrustOverrides(CERTCertificate *cert, unsigned int cType)
|
||||
{
|
||||
CERTCertTrust *trust = cert->trust;
|
||||
|
||||
if (trust && (trust->sslFlags |
|
||||
trust->emailFlags |
|
||||
trust->objectSigningFlags)) {
|
||||
|
||||
if (trust->sslFlags & (CERTDB_VALID_PEER|CERTDB_TRUSTED))
|
||||
cType |= NS_CERT_TYPE_SSL_SERVER|NS_CERT_TYPE_SSL_CLIENT;
|
||||
if (trust->sslFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA))
|
||||
cType |= NS_CERT_TYPE_SSL_CA;
|
||||
#if defined(CERTDB_NOT_TRUSTED)
|
||||
if (trust->sslFlags & CERTDB_NOT_TRUSTED)
|
||||
cType &= ~(NS_CERT_TYPE_SSL_SERVER|NS_CERT_TYPE_SSL_CLIENT|
|
||||
NS_CERT_TYPE_SSL_CA);
|
||||
#endif
|
||||
if (trust->emailFlags & (CERTDB_VALID_PEER|CERTDB_TRUSTED))
|
||||
cType |= NS_CERT_TYPE_EMAIL;
|
||||
if (trust->emailFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA))
|
||||
cType |= NS_CERT_TYPE_EMAIL_CA;
|
||||
#if defined(CERTDB_NOT_TRUSTED)
|
||||
if (trust->emailFlags & CERTDB_NOT_TRUSTED)
|
||||
cType &= ~(NS_CERT_TYPE_EMAIL|NS_CERT_TYPE_EMAIL_CA);
|
||||
#endif
|
||||
if (trust->objectSigningFlags & (CERTDB_VALID_PEER|CERTDB_TRUSTED))
|
||||
cType |= NS_CERT_TYPE_OBJECT_SIGNING;
|
||||
if (trust->objectSigningFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED_CA))
|
||||
cType |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
|
||||
#if defined(CERTDB_NOT_TRUSTED)
|
||||
if (trust->objectSigningFlags & CERTDB_NOT_TRUSTED)
|
||||
cType &= ~(NS_CERT_TYPE_OBJECT_SIGNING|
|
||||
NS_CERT_TYPE_OBJECT_SIGNING_CA);
|
||||
#endif
|
||||
}
|
||||
return cType;
|
||||
}
|
||||
|
||||
/*
|
||||
* Does a cert belong to a CA? We decide based on perm database trust
|
||||
@ -2116,74 +2164,39 @@ CERT_DestroyCrl (CERTSignedCrl *crl)
|
||||
PRBool
|
||||
CERT_IsCACert(CERTCertificate *cert, unsigned int *rettype)
|
||||
{
|
||||
CERTCertTrust *trust;
|
||||
SECStatus rv;
|
||||
unsigned int type;
|
||||
PRBool ret;
|
||||
unsigned int cType = cert->nsCertType;
|
||||
PRBool ret = PR_FALSE;
|
||||
|
||||
ret = PR_FALSE;
|
||||
type = 0;
|
||||
|
||||
if ( cert->trust && (cert->trust->sslFlags|cert->trust->emailFlags|
|
||||
cert->trust->objectSigningFlags)) {
|
||||
trust = cert->trust;
|
||||
if ( ( ( trust->sslFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA ) ||
|
||||
( ( trust->sslFlags & CERTDB_TRUSTED_CA ) == CERTDB_TRUSTED_CA ) ) {
|
||||
ret = PR_TRUE;
|
||||
type |= NS_CERT_TYPE_SSL_CA;
|
||||
}
|
||||
|
||||
if ( ( ( trust->emailFlags & CERTDB_VALID_CA ) == CERTDB_VALID_CA ) ||
|
||||
( ( trust->emailFlags & CERTDB_TRUSTED_CA ) == CERTDB_TRUSTED_CA ) ) {
|
||||
ret = PR_TRUE;
|
||||
type |= NS_CERT_TYPE_EMAIL_CA;
|
||||
}
|
||||
|
||||
if ( ( ( trust->objectSigningFlags & CERTDB_VALID_CA )
|
||||
== CERTDB_VALID_CA ) ||
|
||||
( ( trust->objectSigningFlags & CERTDB_TRUSTED_CA )
|
||||
== CERTDB_TRUSTED_CA ) ) {
|
||||
ret = PR_TRUE;
|
||||
type |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
|
||||
}
|
||||
if (cType & (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA |
|
||||
NS_CERT_TYPE_OBJECT_SIGNING_CA)) {
|
||||
ret = PR_TRUE;
|
||||
} else {
|
||||
if ( cert->nsCertType &
|
||||
( NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA |
|
||||
NS_CERT_TYPE_OBJECT_SIGNING_CA ) ) {
|
||||
SECStatus rv;
|
||||
CERTBasicConstraints constraints;
|
||||
|
||||
rv = CERT_FindBasicConstraintExten(cert, &constraints);
|
||||
if (rv == SECSuccess && constraints.isCA) {
|
||||
ret = PR_TRUE;
|
||||
type = (cert->nsCertType & NS_CERT_TYPE_CA);
|
||||
} else {
|
||||
CERTBasicConstraints constraints;
|
||||
rv = CERT_FindBasicConstraintExten(cert, &constraints);
|
||||
if ( rv == SECSuccess ) {
|
||||
if ( constraints.isCA ) {
|
||||
ret = PR_TRUE;
|
||||
type = (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA);
|
||||
}
|
||||
}
|
||||
cType |= (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA);
|
||||
}
|
||||
|
||||
/* finally check if it's a FORTEZZA V1 CA */
|
||||
if (ret == PR_FALSE) {
|
||||
if (fortezzaIsCA(cert)) {
|
||||
ret = PR_TRUE;
|
||||
type = (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* the isRoot flag trumps all */
|
||||
if (cert->isRoot) {
|
||||
/* finally check if it's an X.509 v1 root or FORTEZZA V1 CA */
|
||||
if (!ret &&
|
||||
((cert->isRoot && cert_Version(cert) < SEC_CERTIFICATE_VERSION_3) ||
|
||||
fortezzaIsCA(cert) )) {
|
||||
ret = PR_TRUE;
|
||||
/* set only these by default, same as above */
|
||||
type = (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA);
|
||||
cType |= (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA);
|
||||
}
|
||||
/* Now apply trust overrides, if any */
|
||||
cType = cert_ComputeTrustOverrides(cert, cType);
|
||||
ret = (cType & (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA |
|
||||
NS_CERT_TYPE_OBJECT_SIGNING_CA)) ? PR_TRUE : PR_FALSE;
|
||||
|
||||
if ( rettype != NULL ) {
|
||||
*rettype = type;
|
||||
if (rettype != NULL) {
|
||||
*rettype = cType;
|
||||
}
|
||||
|
||||
return(ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
PRBool
|
||||
@ -2360,7 +2373,7 @@ CERT_FixupEmailAddr(const char *emailAddr)
|
||||
* NOTE - don't allow encode of govt-approved or invisible bits
|
||||
*/
|
||||
SECStatus
|
||||
CERT_DecodeTrustString(CERTCertTrust *trust, char *trusts)
|
||||
CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts)
|
||||
{
|
||||
unsigned int i;
|
||||
unsigned int *pflags;
|
||||
|
@ -36,7 +36,7 @@
|
||||
/*
|
||||
* certi.h - private data structures for the certificate library
|
||||
*
|
||||
* $Id: certi.h,v 1.26 2008/06/18 01:00:40 wtc%google.com Exp $
|
||||
* $Id: certi.h,v 1.27 2008/10/31 23:02:36 alexei.volkov.bugs%sun.com Exp $
|
||||
*/
|
||||
#ifndef _CERTI_H_
|
||||
#define _CERTI_H_
|
||||
@ -257,6 +257,10 @@ SECStatus AcquireDPCache(CERTCertificate* issuer, SECItem* subject,
|
||||
SECItem* dp, int64 t, void* wincx,
|
||||
CRLDPCache** dpcache, PRBool* writeLocked);
|
||||
|
||||
/* check if a particular SN is in the CRL cache and return its entry */
|
||||
SECStatus DPCache_Lookup(CRLDPCache* cache, SECItem* sn,
|
||||
CERTCrlEntry** returned);
|
||||
|
||||
/* release a DPCache object that was previously acquired */
|
||||
void ReleaseDPCache(CRLDPCache* dpcache, PRBool writeLocked);
|
||||
|
||||
|
@ -36,7 +36,7 @@
|
||||
/*
|
||||
* certt.h - public data structures for the certificate library
|
||||
*
|
||||
* $Id: certt.h,v 1.47 2008/06/20 16:57:03 nelson%bolyard.com Exp $
|
||||
* $Id: certt.h,v 1.48 2008/10/31 23:02:36 alexei.volkov.bugs%sun.com Exp $
|
||||
*/
|
||||
#ifndef _CERTT_H_
|
||||
#define _CERTT_H_
|
||||
@ -1059,7 +1059,7 @@ typedef enum {
|
||||
/*
|
||||
* Defines the behavior if we are unable to obtain fresh information.
|
||||
* INGORE means:
|
||||
* Return "test succeded, not revoked"
|
||||
* Return "cert status unknown"
|
||||
* FAIL means:
|
||||
* Return "cert revoked".
|
||||
*/
|
||||
|
@ -37,7 +37,7 @@
|
||||
/*
|
||||
* Moved from secpkcs7.c
|
||||
*
|
||||
* $Id: crl.c,v 1.59 2008/03/25 05:02:22 julien.pierre.boogz%sun.com Exp $
|
||||
* $Id: crl.c,v 1.60 2008/10/31 23:02:36 alexei.volkov.bugs%sun.com Exp $
|
||||
*/
|
||||
|
||||
#include "cert.h"
|
||||
@ -946,10 +946,6 @@ static SECStatus DPCache_AddCRL(CRLDPCache* cache, CachedCrl* crl,
|
||||
static SECStatus DPCache_FetchFromTokens(CRLDPCache* cache, PRTime vfdate,
|
||||
void* wincx);
|
||||
|
||||
/* check if a particular SN is in the CRL cache and return its entry */
|
||||
static SECStatus DPCache_Lookup(CRLDPCache* cache, SECItem* sn,
|
||||
CERTCrlEntry** returned);
|
||||
|
||||
/* update the content of the CRL cache, including fetching of CRLs, and
|
||||
reprocessing with specified issuer and date */
|
||||
static SECStatus DPCache_GetUpToDate(CRLDPCache* cache, CERTCertificate* issuer,
|
||||
@ -1713,7 +1709,7 @@ static SECStatus CachedCrl_GetEntry(CachedCrl* crl, SECItem* sn,
|
||||
}
|
||||
|
||||
/* check if a particular SN is in the CRL cache and return its entry */
|
||||
static SECStatus DPCache_Lookup(CRLDPCache* cache, SECItem* sn,
|
||||
SECStatus DPCache_Lookup(CRLDPCache* cache, SECItem* sn,
|
||||
CERTCrlEntry** returned)
|
||||
{
|
||||
if (!cache || !sn || !returned)
|
||||
|
@ -38,7 +38,6 @@
|
||||
#include "seccomon.h"
|
||||
#include "secitem.h"
|
||||
#include "secoidt.h"
|
||||
#include "mcom_db.h"
|
||||
#include "secasn1.h"
|
||||
#include "secder.h"
|
||||
#include "certt.h"
|
||||
|
@ -37,7 +37,6 @@
|
||||
#include "prtime.h"
|
||||
|
||||
#include "cert.h"
|
||||
#include "mcom_db.h"
|
||||
#include "certdb.h"
|
||||
#include "secitem.h"
|
||||
#include "secder.h"
|
||||
|
@ -40,7 +40,6 @@
|
||||
*/
|
||||
|
||||
#include "prtypes.h"
|
||||
#include "mcom_db.h"
|
||||
#include "seccomon.h"
|
||||
#include "secdert.h"
|
||||
#include "secoidt.h"
|
||||
|
@ -39,7 +39,7 @@
|
||||
*/
|
||||
|
||||
#include "prtypes.h"
|
||||
#include "mcom_db.h"
|
||||
#include <limits.h> /* for LONG_MAX */
|
||||
#include "seccomon.h"
|
||||
#include "secdert.h"
|
||||
#include "secoidt.h"
|
||||
|
@ -39,7 +39,6 @@
|
||||
*/
|
||||
|
||||
#include "prtypes.h"
|
||||
#include "mcom_db.h"
|
||||
#include "seccomon.h"
|
||||
#include "secdert.h"
|
||||
#include "secoidt.h"
|
||||
|
@ -57,7 +57,6 @@
|
||||
#include "pkit.h"
|
||||
|
||||
#include "pkix_pl_common.h"
|
||||
#include "pkix_pl_ekuchecker.h"
|
||||
|
||||
extern PRLogModuleInfo *pkixLog;
|
||||
|
||||
@ -418,10 +417,6 @@ cert_ProcessingParamsSetKuAndEku(
|
||||
plContext),
|
||||
PKIX_COMCERTSELPARAMSSETEXTKEYUSAGEFAILED);
|
||||
|
||||
PKIX_CHECK(
|
||||
PKIX_PL_EkuChecker_Create(procParams, plContext),
|
||||
PKIX_EKUCHECKERINITIALIZEFAILED);
|
||||
|
||||
cleanup:
|
||||
PKIX_DECREF(extKeyUsage);
|
||||
PKIX_DECREF(certSelector);
|
||||
@ -479,9 +474,7 @@ cert_CreatePkixProcessingParams(
|
||||
PRTime time,
|
||||
void *wincx,
|
||||
PRBool useArena,
|
||||
#ifdef DEBUG_volkov
|
||||
PRBool checkAllCertsOCSP,
|
||||
#endif
|
||||
PRBool disableOCSPRemoteFetching,
|
||||
PKIX_ProcessingParams **pprocParams,
|
||||
void **pplContext)
|
||||
{
|
||||
@ -493,9 +486,8 @@ cert_CreatePkixProcessingParams(
|
||||
PKIX_ComCertSelParams *certSelParams = NULL;
|
||||
PKIX_CertStore *certStore = NULL;
|
||||
PKIX_List *certStores = NULL;
|
||||
#ifdef DEBUG_volkov
|
||||
PKIX_RevocationChecker *ocspChecker = NULL;
|
||||
#endif
|
||||
PKIX_RevocationChecker *revChecker = NULL;
|
||||
PKIX_UInt32 methodFlags = 0;
|
||||
void *plContext = NULL;
|
||||
|
||||
PKIX_ENTER(CERTVFYPKIX, "cert_CreatePkixProcessingParams");
|
||||
@ -572,28 +564,71 @@ cert_CreatePkixProcessingParams(
|
||||
PKIX_CHECK(
|
||||
PKIX_ProcessingParams_SetDate(procParams, date, plContext),
|
||||
PKIX_PROCESSINGPARAMSSETDATEFAILED);
|
||||
|
||||
PKIX_CHECK(
|
||||
PKIX_ProcessingParams_SetNISTRevocationPolicyEnabled(procParams,
|
||||
PKIX_FALSE,
|
||||
plContext),
|
||||
PKIX_PROCESSINGPARAMSSETNISTREVOCATIONENABLEDFAILED);
|
||||
|
||||
#ifdef DEBUG_volkov1
|
||||
/* Enables ocsp rev checking of the chain cert through pkix OCSP
|
||||
* implementation. */
|
||||
if (checkAllCertsOCSP) {
|
||||
PKIX_CHECK(
|
||||
PKIX_OcspChecker_Initialize(date, NULL, NULL,
|
||||
&ocspChecker, plContext),
|
||||
PKIX_PROCESSINGPARAMSSETDATEFAILED);
|
||||
|
||||
PKIX_CHECK(
|
||||
PKIX_ProcessingParams_AddRevocationChecker(procParams,
|
||||
ocspChecker, plContext),
|
||||
PKIX_PROCESSINGPARAMSSETDATEFAILED);
|
||||
PKIX_CHECK(
|
||||
PKIX_RevocationChecker_Create(date,
|
||||
PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
|
||||
PKIX_REV_MI_NO_OVERALL_INFO_REQUIREMENT,
|
||||
PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
|
||||
PKIX_REV_MI_NO_OVERALL_INFO_REQUIREMENT,
|
||||
&revChecker, plContext),
|
||||
PKIX_REVOCATIONCHECKERCREATEFAILED);
|
||||
|
||||
PKIX_CHECK(
|
||||
PKIX_ProcessingParams_SetRevocationChecker(procParams, revChecker,
|
||||
plContext),
|
||||
PKIX_PROCESSINGPARAMSSETREVOCATIONCHECKERFAILED);
|
||||
|
||||
/* CRL method flags */
|
||||
methodFlags =
|
||||
PKIX_REV_M_TEST_USING_THIS_METHOD |
|
||||
PKIX_REV_M_FORBID_NETWORK_FETCHING |
|
||||
PKIX_REV_M_SKIP_TEST_ON_MISSING_SOURCE | /* 0 */
|
||||
PKIX_REV_M_IGNORE_MISSING_FRESH_INFO | /* 0 */
|
||||
PKIX_REV_M_CONTINUE_TESTING_ON_FRESH_INFO;
|
||||
|
||||
/* add CRL revocation method to check the leaf certificate */
|
||||
PKIX_CHECK(
|
||||
PKIX_RevocationChecker_CreateAndAddMethod(revChecker, procParams,
|
||||
PKIX_RevocationMethod_CRL, methodFlags,
|
||||
0, NULL, PKIX_TRUE, plContext),
|
||||
PKIX_REVOCATIONCHECKERADDMETHODFAILED);
|
||||
|
||||
/* add CRL revocation method for other certs in the chain. */
|
||||
PKIX_CHECK(
|
||||
PKIX_RevocationChecker_CreateAndAddMethod(revChecker, procParams,
|
||||
PKIX_RevocationMethod_CRL, methodFlags,
|
||||
0, NULL, PKIX_FALSE, plContext),
|
||||
PKIX_REVOCATIONCHECKERADDMETHODFAILED);
|
||||
|
||||
/* OCSP method flags */
|
||||
methodFlags =
|
||||
PKIX_REV_M_TEST_USING_THIS_METHOD |
|
||||
PKIX_REV_M_ALLOW_NETWORK_FETCHING | /* 0 */
|
||||
PKIX_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE | /* 0 */
|
||||
PKIX_REV_M_SKIP_TEST_ON_MISSING_SOURCE | /* 0 */
|
||||
PKIX_REV_M_IGNORE_MISSING_FRESH_INFO | /* 0 */
|
||||
PKIX_REV_M_CONTINUE_TESTING_ON_FRESH_INFO;
|
||||
|
||||
/* Disabling ocsp fetching when checking the status
|
||||
* of ocsp response signer. Here and in the next if,
|
||||
* adjust flags for ocsp signer cert validation case. */
|
||||
if (disableOCSPRemoteFetching) {
|
||||
methodFlags |= PKIX_REV_M_FORBID_NETWORK_FETCHING;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ocsp_FetchingFailureIsVerificationFailure()
|
||||
&& !disableOCSPRemoteFetching) {
|
||||
methodFlags |=
|
||||
PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO;
|
||||
}
|
||||
|
||||
/* add OCSP revocation method to check only the leaf certificate.*/
|
||||
PKIX_CHECK(
|
||||
PKIX_RevocationChecker_CreateAndAddMethod(revChecker, procParams,
|
||||
PKIX_RevocationMethod_OCSP, methodFlags,
|
||||
1, NULL, PKIX_TRUE, plContext),
|
||||
PKIX_REVOCATIONCHECKERADDMETHODFAILED);
|
||||
|
||||
PKIX_CHECK(
|
||||
PKIX_ProcessingParams_SetAnyPolicyInhibited(procParams, PR_FALSE,
|
||||
@ -622,9 +657,7 @@ cleanup:
|
||||
PKIX_DECREF(certStore);
|
||||
PKIX_DECREF(certStores);
|
||||
PKIX_DECREF(procParams);
|
||||
#ifdef DEBUG_volkov
|
||||
PKIX_DECREF(ocspChecker);
|
||||
#endif
|
||||
PKIX_DECREF(revChecker);
|
||||
|
||||
PKIX_RETURN(CERTVFYPKIX);
|
||||
}
|
||||
@ -845,8 +878,13 @@ cert_PkixErrorToNssCode(
|
||||
if (!pkixLog) break;
|
||||
}
|
||||
if (pkixLog) {
|
||||
#ifdef PKIX_ERROR_DESCRIPTION
|
||||
PR_LOG(pkixLog, 2, ("Error at level %d: %s\n", errLevel,
|
||||
PKIX_ErrorText[errPtr->errCode]));
|
||||
#else
|
||||
PR_LOG(pkixLog, 2, ("Error at level %d: Error code %d\n", errLevel,
|
||||
errPtr->errCode));
|
||||
#endif /* PKIX_ERROR_DESCRIPTION */
|
||||
}
|
||||
errPtr = errPtr->cause;
|
||||
errLevel += 1;
|
||||
@ -1198,21 +1236,14 @@ do {
|
||||
if (leakedObjNum) {
|
||||
pkix_pl_lifecycle_ObjectTableUpdate(objCountTable);
|
||||
}
|
||||
|
||||
PR_LOG(pkixLog, 1, ("Memory leak test: Loop %d\n", memLeakLoopCount++));
|
||||
memLeakLoopCount += 1;
|
||||
#endif /* PKIX_OBJECT_LEAK_TEST */
|
||||
|
||||
error =
|
||||
cert_CreatePkixProcessingParams(cert, checkSig, time, wincx,
|
||||
PR_FALSE/*use arena*/,
|
||||
#ifdef DEBUG_volkov
|
||||
/* If in DEBUG_volkov, then enable OCSP
|
||||
* check for all certs in the chain
|
||||
* using libpkix ocsp code.
|
||||
* (except for certUsageStatusResponder). */
|
||||
requiredUsage != certUsageStatusResponder,
|
||||
#endif
|
||||
&procParams, &plContext);
|
||||
PR_FALSE/*use arena*/,
|
||||
requiredUsage == certUsageStatusResponder,
|
||||
&procParams, &plContext);
|
||||
if (error) {
|
||||
goto cleanup;
|
||||
}
|
||||
@ -1276,8 +1307,8 @@ cleanup:
|
||||
pkix_pl_lifecycle_ObjectLeakCheck(leakedObjNum ? objCountTable : NULL);
|
||||
|
||||
if (pkixLog && leakedObjNum) {
|
||||
PR_LOG(pkixLog, 1, ("The generated error caused an object leaks. "
|
||||
"Stack %s\n", errorFnStackString));
|
||||
PR_LOG(pkixLog, 1, ("The generated error caused an object leaks. Loop %d."
|
||||
"Stack %s\n", memLeakLoopCount, errorFnStackString));
|
||||
}
|
||||
PR_Free(errorFnStackString);
|
||||
errorFnStackString = NULL;
|
||||
@ -1495,6 +1526,46 @@ cert_pkix_FindOutputParam(CERTValOutParam *params, const CERTValParamOutType t)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
static PKIX_Error*
|
||||
setRevocationMethod(PKIX_RevocationChecker *revChecker,
|
||||
PKIX_ProcessingParams *procParams,
|
||||
const CERTRevocationTests *revTest,
|
||||
CERTRevocationMethodIndex certRevMethod,
|
||||
PKIX_RevocationMethodType pkixRevMethod,
|
||||
PKIX_Boolean verifyResponderUsages,
|
||||
PKIX_Boolean isLeafTest,
|
||||
void *plContext)
|
||||
{
|
||||
PKIX_UInt32 methodFlags = 0;
|
||||
PKIX_Error *error = NULL;
|
||||
int priority = 0;
|
||||
|
||||
if (revTest->number_of_defined_methods < certRevMethod) {
|
||||
return NULL;
|
||||
}
|
||||
if (revTest->preferred_methods) {
|
||||
int i = 0;
|
||||
for (;i < revTest->number_of_preferred_methods;i++) {
|
||||
if (revTest->preferred_methods[i] == certRevMethod)
|
||||
break;
|
||||
}
|
||||
priority = i;
|
||||
}
|
||||
methodFlags = revTest->cert_rev_flags_per_method[certRevMethod];
|
||||
if (verifyResponderUsages &&
|
||||
pkixRevMethod == PKIX_RevocationMethod_OCSP) {
|
||||
methodFlags |= PKIX_REV_M_FORBID_NETWORK_FETCHING;
|
||||
}
|
||||
error =
|
||||
PKIX_RevocationChecker_CreateAndAddMethod(revChecker, procParams,
|
||||
pkixRevMethod, methodFlags,
|
||||
priority, NULL,
|
||||
isLeafTest, plContext);
|
||||
return error;
|
||||
}
|
||||
|
||||
|
||||
SECStatus
|
||||
cert_pkixSetParam(PKIX_ProcessingParams *procParams,
|
||||
const CERTValInParam *param, void *plContext)
|
||||
@ -1503,7 +1574,6 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
|
||||
SECStatus r=SECSuccess;
|
||||
PKIX_PL_Date *date = NULL;
|
||||
PKIX_List *policyOIDList = NULL;
|
||||
PKIX_RevocationChecker *ocspChecker = NULL;
|
||||
PKIX_List *certListPkix = NULL;
|
||||
const CERTRevocationFlags *flags;
|
||||
SECErrorCodes errCode = SEC_ERROR_INVALID_ARGS;
|
||||
@ -1511,6 +1581,8 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
|
||||
CERTCertListNode *node;
|
||||
PKIX_PL_Cert *certPkix = NULL;
|
||||
PKIX_TrustAnchor *trustAnchor = NULL;
|
||||
PKIX_PL_Date *revDate = NULL;
|
||||
PKIX_RevocationChecker *revChecker = NULL;
|
||||
|
||||
/* XXX we need a way to map generic PKIX error to generic NSS errors */
|
||||
|
||||
@ -1562,11 +1634,9 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
|
||||
|
||||
case cert_pi_revocationFlags:
|
||||
{
|
||||
PRBool ocspTurnedOnForLeaf = PR_FALSE;
|
||||
PRBool ocspTurnedOnForChain = PR_FALSE;
|
||||
PRBool crlTurnedOnForLeaf = PR_FALSE;
|
||||
PRBool crlTurnedOnForChain = PR_FALSE;
|
||||
PRBool crlHardFailure = PR_FALSE;
|
||||
PKIX_UInt32 leafIMFlags = 0;
|
||||
PKIX_UInt32 chainIMFlags = 0;
|
||||
PKIX_Boolean validatingResponderCert = PKIX_FALSE;
|
||||
|
||||
flags = param->value.pointer.revocation;
|
||||
if (!flags) {
|
||||
@ -1575,138 +1645,75 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
|
||||
break;
|
||||
}
|
||||
|
||||
if (
|
||||
/* caller did define OCSP leaf behavior */
|
||||
(flags->leafTests.number_of_defined_methods >
|
||||
cert_revocation_method_ocsp)
|
||||
&&
|
||||
/* caller allows OCSP testing for the leaf */
|
||||
(flags->leafTests.cert_rev_flags_per_method
|
||||
[cert_revocation_method_ocsp]
|
||||
& CERT_REV_M_TEST_USING_THIS_METHOD)) {
|
||||
ocspTurnedOnForLeaf = PR_TRUE;
|
||||
}
|
||||
leafIMFlags =
|
||||
flags->leafTests.cert_rev_method_independent_flags;
|
||||
chainIMFlags =
|
||||
flags->chainTests.cert_rev_method_independent_flags;
|
||||
|
||||
if (
|
||||
/* caller did define OCSP chain behavior */
|
||||
(flags->chainTests.number_of_defined_methods >
|
||||
cert_revocation_method_ocsp)
|
||||
&&
|
||||
/* caller allows OCSP testing for the chain */
|
||||
(flags->chainTests.cert_rev_flags_per_method
|
||||
[cert_revocation_method_ocsp]
|
||||
& CERT_REV_M_TEST_USING_THIS_METHOD)) {
|
||||
ocspTurnedOnForChain = PR_TRUE;
|
||||
}
|
||||
|
||||
if (
|
||||
/* caller did define CRL leaf behavior */
|
||||
(flags->leafTests.number_of_defined_methods >
|
||||
cert_revocation_method_crl)
|
||||
&&
|
||||
/* caller allows CRL testing for the chain */
|
||||
(flags->leafTests.cert_rev_flags_per_method
|
||||
[cert_revocation_method_crl]
|
||||
& CERT_REV_M_TEST_USING_THIS_METHOD)) {
|
||||
crlTurnedOnForLeaf = PR_TRUE;
|
||||
}
|
||||
|
||||
if (
|
||||
/* caller did define CRL chain behavior */
|
||||
(flags->chainTests.number_of_defined_methods >
|
||||
cert_revocation_method_crl)
|
||||
&&
|
||||
/* caller allows CRL testing for the chain */
|
||||
(flags->chainTests.cert_rev_flags_per_method
|
||||
[cert_revocation_method_crl]
|
||||
& CERT_REV_M_TEST_USING_THIS_METHOD)) {
|
||||
crlTurnedOnForChain = PR_TRUE;
|
||||
}
|
||||
|
||||
if (
|
||||
/* caller did define CRL chain behavior */
|
||||
(flags->chainTests.number_of_defined_methods >
|
||||
cert_revocation_method_crl)
|
||||
&&
|
||||
/* caller requests hard failure on missing (fresh) CRL */
|
||||
(flags->chainTests.cert_rev_flags_per_method
|
||||
[cert_revocation_method_crl]
|
||||
& CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO)) {
|
||||
/* FIXME: should also consider flag
|
||||
* CERT_REV_M_SKIP_TEST_ON_MISSING_SOURCE
|
||||
*/
|
||||
crlHardFailure = PR_TRUE;
|
||||
}
|
||||
|
||||
if (!ocspTurnedOnForChain) {
|
||||
/* OCSP off either because:
|
||||
* 1) we didn't turn ocsp on, or
|
||||
* 2) we are only checking ocsp on the leaf cert only.
|
||||
* The caller needs to handle the leaf case once we add leaf
|
||||
* checking there */
|
||||
|
||||
/* currently OCSP is the only external revocation checker */
|
||||
error = PKIX_ProcessingParams_SetRevocationCheckers(procParams,
|
||||
NULL, plContext);
|
||||
} else {
|
||||
/* FIXME: What should be done if !ocspTurnedOnForLeaf ? */
|
||||
|
||||
/* OCSP is on for the whole chain */
|
||||
if (date == NULL) {
|
||||
error = PKIX_ProcessingParams_GetDate
|
||||
(procParams, &date, plContext );
|
||||
if (error != NULL) {
|
||||
errCode = SEC_ERROR_INVALID_TIME;
|
||||
break;
|
||||
}
|
||||
}
|
||||
error = PKIX_OcspChecker_Initialize(date, NULL, NULL,
|
||||
&ocspChecker, plContext);
|
||||
if (error != NULL) {
|
||||
break;
|
||||
}
|
||||
|
||||
error = PKIX_ProcessingParams_AddRevocationChecker(procParams,
|
||||
ocspChecker, plContext);
|
||||
PKIX_PL_Object_DecRef((PKIX_PL_Object *)ocspChecker, plContext);
|
||||
ocspChecker=NULL;
|
||||
|
||||
/* FIXME: add support for other revocation flags when underlying
|
||||
* pkix supports it */
|
||||
}
|
||||
error = PKIX_ProcessingParams_GetDate(procParams, &date, plContext);
|
||||
if (error != NULL) {
|
||||
errCode = SEC_ERROR_INVALID_TIME;
|
||||
}
|
||||
|
||||
error =
|
||||
PKIX_RevocationChecker_Create(date, leafIMFlags, chainIMFlags,
|
||||
&revChecker, plContext);
|
||||
if (error) {
|
||||
break;
|
||||
}
|
||||
if (!crlTurnedOnForChain) {
|
||||
/* CRL checking is off either because:
|
||||
* 1) we didn't turn crl checking on, or
|
||||
* 2) we are only checking crls on the leaf cert only.
|
||||
* The caller needs to handle the leaf case once we add leaf
|
||||
* checking there */
|
||||
|
||||
/* this function only affects the built-in CRL checker */
|
||||
error = PKIX_ProcessingParams_SetRevocationEnabled(procParams,
|
||||
PKIX_FALSE, plContext);
|
||||
if (error != NULL) {
|
||||
break;
|
||||
}
|
||||
/* make sure NIST Revocation Policy is off as well */
|
||||
error = PKIX_ProcessingParams_SetNISTRevocationPolicyEnabled
|
||||
(procParams, PKIX_FALSE, plContext);
|
||||
} else {
|
||||
/* FIXME: What should be done if !crlTurnedOnForLeaf ? */
|
||||
|
||||
/* CRL checking is on for the whole chain */
|
||||
error = PKIX_ProcessingParams_SetRevocationEnabled(procParams,
|
||||
PKIX_TRUE, plContext);
|
||||
if (error != NULL) {
|
||||
break;
|
||||
}
|
||||
error = PKIX_ProcessingParams_SetNISTRevocationPolicyEnabled
|
||||
(procParams,
|
||||
crlHardFailure ? PKIX_TRUE : PKIX_FALSE,
|
||||
plContext);
|
||||
error =
|
||||
PKIX_ProcessingParams_SetRevocationChecker(procParams,
|
||||
revChecker, plContext);
|
||||
if (error) {
|
||||
break;
|
||||
}
|
||||
|
||||
if (((PKIX_PL_NssContext*)plContext)->certificateUsage &
|
||||
certificateUsageStatusResponder) {
|
||||
validatingResponderCert = PKIX_TRUE;
|
||||
}
|
||||
|
||||
error = setRevocationMethod(revChecker,
|
||||
procParams, &flags->leafTests,
|
||||
cert_revocation_method_crl,
|
||||
PKIX_RevocationMethod_CRL,
|
||||
validatingResponderCert,
|
||||
PKIX_TRUE, plContext);
|
||||
if (error) {
|
||||
break;
|
||||
}
|
||||
|
||||
error = setRevocationMethod(revChecker,
|
||||
procParams, &flags->leafTests,
|
||||
cert_revocation_method_ocsp,
|
||||
PKIX_RevocationMethod_OCSP,
|
||||
validatingResponderCert,
|
||||
PKIX_TRUE, plContext);
|
||||
if (error) {
|
||||
break;
|
||||
}
|
||||
|
||||
error = setRevocationMethod(revChecker,
|
||||
procParams, &flags->chainTests,
|
||||
cert_revocation_method_crl,
|
||||
PKIX_RevocationMethod_CRL,
|
||||
validatingResponderCert,
|
||||
PKIX_FALSE, plContext);
|
||||
if (error) {
|
||||
break;
|
||||
}
|
||||
|
||||
error = setRevocationMethod(revChecker,
|
||||
procParams, &flags->chainTests,
|
||||
cert_revocation_method_ocsp,
|
||||
PKIX_RevocationMethod_OCSP,
|
||||
validatingResponderCert,
|
||||
PKIX_FALSE, plContext);
|
||||
if (error) {
|
||||
break;
|
||||
}
|
||||
|
||||
}
|
||||
break;
|
||||
|
||||
@ -1762,8 +1769,11 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
|
||||
if (date != NULL)
|
||||
PKIX_PL_Object_DecRef((PKIX_PL_Object *)date, plContext);
|
||||
|
||||
if (ocspChecker != NULL)
|
||||
PKIX_PL_Object_DecRef((PKIX_PL_Object *)ocspChecker, plContext);
|
||||
if (revDate != NULL)
|
||||
PKIX_PL_Object_DecRef((PKIX_PL_Object *)revDate, plContext);
|
||||
|
||||
if (revChecker != NULL)
|
||||
PKIX_PL_Object_DecRef((PKIX_PL_Object *)revChecker, plContext);
|
||||
|
||||
if (certListPkix)
|
||||
PKIX_PL_Object_DecRef((PKIX_PL_Object *)certListPkix, plContext);
|
||||
@ -2090,8 +2100,7 @@ do {
|
||||
if (leakedObjNum) {
|
||||
pkix_pl_lifecycle_ObjectTableUpdate(objCountTable);
|
||||
}
|
||||
|
||||
PR_LOG(pkixLog, 1, ("Memory leak test: Loop %d\n", memLeakLoopCount++));
|
||||
memLeakLoopCount += 1;
|
||||
#endif /* PKIX_OBJECT_LEAK_TEST */
|
||||
|
||||
error = PKIX_PL_NssContext_Create(
|
||||
@ -2113,6 +2122,17 @@ do {
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* local cert store should be set into procParams before
|
||||
* filling in revocation settings. */
|
||||
certStores = cert_GetCertStores(plContext);
|
||||
if (certStores == NULL) {
|
||||
goto cleanup;
|
||||
}
|
||||
error = PKIX_ProcessingParams_SetCertStores
|
||||
(procParams, certStores, plContext);
|
||||
if (error != NULL) {
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* now process the extensible input parameters structure */
|
||||
if (paramsIn != NULL) {
|
||||
@ -2131,7 +2151,6 @@ do {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
certSelector = cert_GetTargetCertConstraints(cert, plContext);
|
||||
if (certSelector == NULL) {
|
||||
goto cleanup;
|
||||
@ -2142,16 +2161,6 @@ do {
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
certStores = cert_GetCertStores(plContext);
|
||||
if (certStores == NULL) {
|
||||
goto cleanup;
|
||||
}
|
||||
error = PKIX_ProcessingParams_SetCertStores
|
||||
(procParams, certStores, plContext);
|
||||
if (error != NULL) {
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
error = PKIX_BuildChain( procParams, &nbioContext,
|
||||
&buildState, &buildResult, &verifyNode,
|
||||
plContext);
|
||||
@ -2178,7 +2187,9 @@ do {
|
||||
}
|
||||
|
||||
#ifdef PKIX_OBJECT_LEAK_TEST
|
||||
PORT_Assert(!errorGenerated);
|
||||
/* Can not continue if error was generated but not returned.
|
||||
* Jumping to cleanup. */
|
||||
if (errorGenerated) goto cleanup;
|
||||
#endif /* PKIX_OBJECT_LEAK_TEST */
|
||||
|
||||
oparam = cert_pkix_FindOutputParam(paramsOut, cert_po_trustAnchor);
|
||||
@ -2261,8 +2272,8 @@ cleanup:
|
||||
pkix_pl_lifecycle_ObjectLeakCheck(leakedObjNum ? objCountTable : NULL);
|
||||
|
||||
if (pkixLog && leakedObjNum) {
|
||||
PR_LOG(pkixLog, 1, ("The generated error caused an object leaks. "
|
||||
"Stack %s\n", errorFnStackString));
|
||||
PR_LOG(pkixLog, 1, ("The generated error caused an object leaks. Loop %d."
|
||||
"Stack %s\n", memLeakLoopCount, errorFnStackString));
|
||||
}
|
||||
PR_Free(errorFnStackString);
|
||||
errorFnStackString = NULL;
|
||||
|
@ -147,10 +147,10 @@ pkix_Cert2ASCII(PKIX_PL_Cert *cert)
|
||||
PR_snprintf
|
||||
(asciiString,
|
||||
200,
|
||||
"Ref: %d Issuer=%s\nSubject=%s\n",
|
||||
"Ref: %d Subject=%s\nIssuer=%s\n",
|
||||
refCount,
|
||||
issuerAscii,
|
||||
subjectAscii);
|
||||
subjectAscii,
|
||||
issuerAscii);
|
||||
|
||||
if (!numChars) goto cleanup;
|
||||
|
||||
|
@ -39,7 +39,7 @@
|
||||
* Implementation of OCSP services, for both client and server.
|
||||
* (XXX, really, mostly just for client right now, but intended to do both.)
|
||||
*
|
||||
* $Id: ocsp.c,v 1.55 2008/10/06 23:37:55 julien.pierre.boogz%sun.com Exp $
|
||||
* $Id: ocsp.c,v 1.56 2008/10/31 23:02:37 alexei.volkov.bugs%sun.com Exp $
|
||||
*/
|
||||
|
||||
#include "prerror.h"
|
||||
@ -4473,7 +4473,8 @@ loser:
|
||||
|
||||
/*
|
||||
* Figure out where we should go to find out the status of the given cert
|
||||
* via OCSP. If a default responder is set up, that is our answer.
|
||||
* via OCSP. If allowed to use a default responder uri and a default
|
||||
* responder is set up, then that is our answer.
|
||||
* If not, see if the certificate has an Authority Information Access (AIA)
|
||||
* extension for OCSP, and return the value of that. Otherwise return NULL.
|
||||
* We also let our caller know whether or not the responder chosen was
|
||||
@ -4485,11 +4486,13 @@ loser:
|
||||
*/
|
||||
char *
|
||||
ocsp_GetResponderLocation(CERTCertDBHandle *handle, CERTCertificate *cert,
|
||||
PRBool *isDefault)
|
||||
PRBool canUseDefault, PRBool *isDefault)
|
||||
{
|
||||
ocspCheckingContext *ocspcx;
|
||||
ocspCheckingContext *ocspcx = NULL;
|
||||
|
||||
ocspcx = ocsp_GetCheckingContext(handle);
|
||||
if (canUseDefault) {
|
||||
ocspcx = ocsp_GetCheckingContext(handle);
|
||||
}
|
||||
if (ocspcx != NULL && ocspcx->useDefaultResponder) {
|
||||
/*
|
||||
* A default responder wins out, if specified.
|
||||
@ -4624,6 +4627,18 @@ ocsp_GetCachedOCSPResponseStatusIfFresh(CERTOCSPCertID *certID,
|
||||
return rv;
|
||||
}
|
||||
|
||||
PRBool
|
||||
ocsp_FetchingFailureIsVerificationFailure()
|
||||
{
|
||||
PRBool isFailure;
|
||||
|
||||
PR_EnterMonitor(OCSP_Global.monitor);
|
||||
isFailure =
|
||||
OCSP_Global.ocspFailureMode == ocspMode_FailureIsVerificationFailure;
|
||||
PR_ExitMonitor(OCSP_Global.monitor);
|
||||
return isFailure;
|
||||
}
|
||||
|
||||
/*
|
||||
* FUNCTION: CERT_CheckOCSPStatus
|
||||
* Checks the status of a certificate via OCSP. Will only check status for
|
||||
@ -4701,12 +4716,10 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
|
||||
&certIDWasConsumed,
|
||||
&rvOcsp);
|
||||
if (rv != SECSuccess) {
|
||||
/* we were unable to obtain ocsp status */
|
||||
PR_EnterMonitor(OCSP_Global.monitor);
|
||||
rvOcsp = (OCSP_Global.ocspFailureMode
|
||||
== ocspMode_FailureIsVerificationFailure)
|
||||
? SECFailure : SECSuccess;
|
||||
PR_ExitMonitor(OCSP_Global.monitor);
|
||||
/* we were unable to obtain ocsp status. Check if we should
|
||||
* return cert status revoked. */
|
||||
rvOcsp = ocsp_FetchingFailureIsVerificationFailure() ?
|
||||
SECFailure : SECSuccess;
|
||||
}
|
||||
if (!certIDWasConsumed) {
|
||||
CERT_DestroyOCSPCertID(certID);
|
||||
@ -4755,7 +4768,8 @@ ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle,
|
||||
* a true failure that we unfortunately have to treat as an overall
|
||||
* failure here.
|
||||
*/
|
||||
location = ocsp_GetResponderLocation(handle, cert, &locationIsDefault);
|
||||
location = ocsp_GetResponderLocation(handle, cert, PR_TRUE,
|
||||
&locationIsDefault);
|
||||
if (location == NULL) {
|
||||
int err = PORT_GetError();
|
||||
if (err == SEC_ERROR_EXTENSION_NOT_FOUND ||
|
||||
|
@ -36,7 +36,7 @@
|
||||
/*
|
||||
* ocspi.h - NSS internal interfaces to OCSP code
|
||||
*
|
||||
* $Id: ocspi.h,v 1.10 2008/07/08 21:34:32 alexei.volkov.bugs%sun.com Exp $
|
||||
* $Id: ocspi.h,v 1.11 2008/10/31 23:02:37 alexei.volkov.bugs%sun.com Exp $
|
||||
*/
|
||||
|
||||
#ifndef _OCSPI_H_
|
||||
@ -156,7 +156,17 @@ cert_RememberOCSPProcessingFailure(CERTOCSPCertID *certID,
|
||||
char *
|
||||
ocsp_GetResponderLocation(CERTCertDBHandle *handle,
|
||||
CERTCertificate *cert,
|
||||
PRBool canUseDefaultLocation,
|
||||
PRBool *isDefault);
|
||||
|
||||
/* FUNCTION: ocsp_FetchingFailureIsVerificationFailure
|
||||
* The function checks the global ocsp settings and
|
||||
* tells how to treat an ocsp response fetching failure.
|
||||
* RETURNS:
|
||||
* if PR_TRUE is returned, then treat fetching as a
|
||||
* revoked cert status.
|
||||
*/
|
||||
PRBool
|
||||
ocsp_FetchingFailureIsVerificationFailure();
|
||||
|
||||
#endif /* _OCSPI_H_ */
|
||||
|
@ -34,7 +34,7 @@
|
||||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
MAKEFILE_CVS_ID = "@(#) $RCSfile: Makefile,v $ $Revision: 1.14 $ $Date: 2007/06/19 08:03:45 $"
|
||||
MAKEFILE_CVS_ID = "@(#) $RCSfile: Makefile,v $ $Revision: 1.16 $ $Date: 2008/12/03 18:44:24 $"
|
||||
|
||||
include manifest.mn
|
||||
include $(CORE_DEPTH)/coreconf/config.mk
|
||||
@ -61,7 +61,7 @@ endif
|
||||
export:: private_export
|
||||
|
||||
# can't do this in manifest.mn because OS_TARGET isn't defined there.
|
||||
ifeq (,$(filter-out WIN%,$(OS_TARGET)))
|
||||
ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET))) # list omits WINCE
|
||||
ifdef NSS_BUILD_CAPI
|
||||
DIRS += capi
|
||||
endif
|
||||
|
@ -35,7 +35,7 @@
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.52 $ $Date: 2009/01/15 22:35:15 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.52 $ $Date: 2009/01/15 22:35:15 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef BUILTINS_H
|
||||
@ -51,6 +51,7 @@ static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILT
|
||||
static const CK_OBJECT_CLASS cko_netscape_trust = CKO_NETSCAPE_TRUST;
|
||||
static const CK_TRUST ckt_netscape_trust_unknown = CKT_NETSCAPE_TRUST_UNKNOWN;
|
||||
static const CK_TRUST ckt_netscape_trusted_delegator = CKT_NETSCAPE_TRUSTED_DELEGATOR;
|
||||
static const CK_TRUST ckt_netscape_untrusted = CKT_NETSCAPE_UNTRUSTED;
|
||||
#ifdef DEBUG
|
||||
static const CK_ATTRIBUTE_TYPE nss_builtins_types_0 [] = {
|
||||
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_APPLICATION, CKA_VALUE
|
||||
@ -809,6 +810,12 @@ static const CK_ATTRIBUTE_TYPE nss_builtins_types_250 [] = {
|
||||
static const CK_ATTRIBUTE_TYPE nss_builtins_types_251 [] = {
|
||||
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
|
||||
};
|
||||
static const CK_ATTRIBUTE_TYPE nss_builtins_types_252 [] = {
|
||||
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE
|
||||
};
|
||||
static const CK_ATTRIBUTE_TYPE nss_builtins_types_253 [] = {
|
||||
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
|
||||
};
|
||||
#ifdef DEBUG
|
||||
static const NSSItem nss_builtins_items_0 [] = {
|
||||
{ (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
|
||||
@ -817,7 +824,7 @@ static const NSSItem nss_builtins_items_0 [] = {
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)"CVS ID", (PRUint32)7 },
|
||||
{ (void *)"NSS", (PRUint32)4 },
|
||||
{ (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $", (PRUint32)160 }
|
||||
{ (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.52 $ $Date: 2009/01/15 22:35:15 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.52 $ $Date: 2009/01/15 22:35:15 $", (PRUint32)160 }
|
||||
};
|
||||
#endif /* DEBUG */
|
||||
static const NSSItem nss_builtins_items_1 [] = {
|
||||
@ -16977,6 +16984,123 @@ static const NSSItem nss_builtins_items_251 [] = {
|
||||
{ (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
|
||||
};
|
||||
static const NSSItem nss_builtins_items_252 [] = {
|
||||
{ (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
|
||||
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)"MD5 Collisions Forged Rogue CA 25c3", (PRUint32)36 },
|
||||
{ (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
|
||||
{ (void *)"\060\074\061\072\060\070\006\003\125\004\003\023\061\115\104\065"
|
||||
"\040\103\157\154\154\151\163\151\157\156\163\040\111\156\143\056"
|
||||
"\040\050\150\164\164\160\072\057\057\167\167\167\056\160\150\162"
|
||||
"\145\145\144\157\155\056\157\162\147\057\155\144\065\051"
|
||||
, (PRUint32)62 },
|
||||
{ (void *)"0", (PRUint32)2 },
|
||||
{ (void *)"\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
|
||||
"\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141"
|
||||
"\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060"
|
||||
"\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040"
|
||||
"\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102"
|
||||
"\165\163\151\156\145\163\163\040\103\101\055\061"
|
||||
, (PRUint32)92 },
|
||||
{ (void *)"\002\001\102"
|
||||
, (PRUint32)3 },
|
||||
{ (void *)"\060\202\004\062\060\202\003\233\240\003\002\001\002\002\001\102"
|
||||
"\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060"
|
||||
"\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061\034"
|
||||
"\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141\170"
|
||||
"\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060\053"
|
||||
"\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040\123"
|
||||
"\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102\165"
|
||||
"\163\151\156\145\163\163\040\103\101\055\061\060\036\027\015\060"
|
||||
"\064\060\067\063\061\060\060\060\060\060\061\132\027\015\060\064"
|
||||
"\060\071\060\062\060\060\060\060\060\061\132\060\074\061\072\060"
|
||||
"\070\006\003\125\004\003\023\061\115\104\065\040\103\157\154\154"
|
||||
"\151\163\151\157\156\163\040\111\156\143\056\040\050\150\164\164"
|
||||
"\160\072\057\057\167\167\167\056\160\150\162\145\145\144\157\155"
|
||||
"\056\157\162\147\057\155\144\065\051\060\201\237\060\015\006\011"
|
||||
"\052\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060"
|
||||
"\201\211\002\201\201\000\272\246\131\311\054\050\326\052\260\370"
|
||||
"\355\237\106\244\244\067\356\016\031\150\131\321\263\003\231\121"
|
||||
"\326\026\232\136\067\153\025\340\016\113\365\204\144\370\243\333"
|
||||
"\101\157\065\325\233\025\037\333\304\070\122\160\201\227\136\217"
|
||||
"\240\265\367\176\071\360\062\254\036\255\104\322\263\372\110\303"
|
||||
"\316\221\233\354\364\234\174\341\132\365\310\067\153\232\203\336"
|
||||
"\347\312\040\227\061\102\163\025\221\150\364\210\257\371\050\050"
|
||||
"\305\351\017\163\260\027\113\023\114\231\165\320\104\346\176\010"
|
||||
"\154\032\362\117\033\101\002\003\001\000\001\243\202\002\044\060"
|
||||
"\202\002\040\060\013\006\003\125\035\017\004\004\003\002\001\306"
|
||||
"\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001"
|
||||
"\377\060\035\006\003\125\035\016\004\026\004\024\247\004\140\037"
|
||||
"\253\162\103\010\305\177\010\220\125\126\034\326\316\346\070\353"
|
||||
"\060\037\006\003\125\035\043\004\030\060\026\200\024\276\250\240"
|
||||
"\164\162\120\153\104\267\311\043\330\373\250\377\263\127\153\150"
|
||||
"\154\060\202\001\276\006\011\140\206\110\001\206\370\102\001\015"
|
||||
"\004\202\001\257\026\202\001\253\063\000\000\000\047\136\071\340"
|
||||
"\211\141\017\116\243\305\105\013\066\273\001\321\123\252\303\010"
|
||||
"\217\157\370\117\076\207\207\104\021\334\140\340\337\222\125\371"
|
||||
"\270\163\033\124\223\305\237\320\106\304\140\266\065\142\315\271"
|
||||
"\257\034\250\151\032\311\133\074\226\067\300\355\147\357\273\376"
|
||||
"\300\213\234\120\057\051\275\203\042\236\216\010\372\254\023\160"
|
||||
"\242\130\177\142\142\212\021\367\211\366\337\266\147\131\163\026"
|
||||
"\373\143\026\212\264\221\070\316\056\365\266\276\114\244\224\111"
|
||||
"\344\145\021\012\102\025\311\301\060\342\151\325\105\175\245\046"
|
||||
"\273\271\141\354\142\144\360\071\341\347\274\150\330\120\121\236"
|
||||
"\035\140\323\321\243\247\012\370\003\040\241\160\001\027\221\066"
|
||||
"\117\002\160\061\206\203\335\367\017\330\007\035\021\263\023\004"
|
||||
"\245\334\360\256\120\261\050\016\143\151\052\014\202\157\217\107"
|
||||
"\063\337\154\242\006\222\361\117\105\276\331\060\066\243\053\214"
|
||||
"\326\167\256\065\143\177\116\114\232\223\110\066\331\237\002\003"
|
||||
"\001\000\001\243\201\275\060\201\272\060\016\006\003\125\035\017"
|
||||
"\001\001\377\004\004\003\002\004\360\060\035\006\003\125\035\016"
|
||||
"\004\026\004\024\315\246\203\372\245\140\067\367\226\067\027\051"
|
||||
"\336\101\170\361\207\211\125\347\060\073\006\003\125\035\037\004"
|
||||
"\064\060\062\060\060\240\056\240\054\206\052\150\164\164\160\072"
|
||||
"\057\057\143\162\154\056\147\145\157\164\162\165\163\164\056\143"
|
||||
"\157\155\057\143\162\154\163\057\147\154\157\142\141\154\143\141"
|
||||
"\061\056\143\162\154\060\037\006\003\125\035\043\004\030\060\026"
|
||||
"\200\024\276\250\240\164\162\120\153\104\267\311\043\330\373\250"
|
||||
"\377\263\127\153\150\154\060\035\006\003\125\035\045\004\026\060"
|
||||
"\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001"
|
||||
"\005\005\007\003\002\060\014\006\003\125\035\023\001\001\377\004"
|
||||
"\002\060\000\060\015\006\011\052\206\110\206\367\015\001\001\004"
|
||||
"\005\000\003\201\201\000\247\041\002\215\321\016\242\200\167\045"
|
||||
"\375\103\140\025\217\354\357\220\107\324\204\102\025\046\021\034"
|
||||
"\315\302\074\020\051\251\266\337\253\127\165\221\332\345\053\263"
|
||||
"\220\105\034\060\143\126\077\212\331\120\372\355\130\154\300\145"
|
||||
"\254\146\127\336\034\306\166\073\365\000\016\216\105\316\177\114"
|
||||
"\220\354\053\306\315\263\264\217\142\320\376\267\305\046\162\104"
|
||||
"\355\366\230\133\256\313\321\225\365\332\010\276\150\106\261\165"
|
||||
"\310\354\035\217\036\172\224\361\252\123\170\242\105\256\124\352"
|
||||
"\321\236\164\310\166\147"
|
||||
, (PRUint32)1078 }
|
||||
};
|
||||
static const NSSItem nss_builtins_items_253 [] = {
|
||||
{ (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
|
||||
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)"MD5 Collisions Forged Rogue CA 25c3", (PRUint32)36 },
|
||||
{ (void *)"\144\043\023\176\134\123\326\112\246\144\205\355\066\124\365\253"
|
||||
"\005\132\213\212"
|
||||
, (PRUint32)20 },
|
||||
{ (void *)"\026\172\023\025\271\027\071\243\361\005\152\346\076\331\072\070"
|
||||
, (PRUint32)16 },
|
||||
{ (void *)"\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
|
||||
"\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141"
|
||||
"\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060"
|
||||
"\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040"
|
||||
"\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102"
|
||||
"\165\163\151\156\145\163\163\040\103\101\055\061"
|
||||
, (PRUint32)92 },
|
||||
{ (void *)"\002\001\102"
|
||||
, (PRUint32)3 },
|
||||
{ (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
|
||||
{ (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
|
||||
{ (void *)&ckt_netscape_untrusted, (PRUint32)sizeof(CK_TRUST) },
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
|
||||
};
|
||||
|
||||
builtinsInternalObject
|
||||
nss_builtins_data[] = {
|
||||
@ -17233,11 +17357,13 @@ nss_builtins_data[] = {
|
||||
{ 11, nss_builtins_types_248, nss_builtins_items_248, {NULL} },
|
||||
{ 13, nss_builtins_types_249, nss_builtins_items_249, {NULL} },
|
||||
{ 11, nss_builtins_types_250, nss_builtins_items_250, {NULL} },
|
||||
{ 13, nss_builtins_types_251, nss_builtins_items_251, {NULL} }
|
||||
{ 13, nss_builtins_types_251, nss_builtins_items_251, {NULL} },
|
||||
{ 11, nss_builtins_types_252, nss_builtins_items_252, {NULL} },
|
||||
{ 13, nss_builtins_types_253, nss_builtins_items_253, {NULL} }
|
||||
};
|
||||
const PRUint32
|
||||
#ifdef DEBUG
|
||||
nss_builtins_nObjects = 251+1;
|
||||
nss_builtins_nObjects = 253+1;
|
||||
#else
|
||||
nss_builtins_nObjects = 251;
|
||||
nss_builtins_nObjects = 253;
|
||||
#endif /* DEBUG */
|
||||
|
@ -34,7 +34,7 @@
|
||||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.50 $ $Date: 2008/10/17 23:06:48 $"
|
||||
CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.51 $ $Date: 2009/01/15 22:35:15 $"
|
||||
|
||||
#
|
||||
# certdata.txt
|
||||
@ -17501,3 +17501,130 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "MD5 Collisions Forged Rogue CA 25c3"
|
||||
#
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3"
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
\060\074\061\072\060\070\006\003\125\004\003\023\061\115\104\065
|
||||
\040\103\157\154\154\151\163\151\157\156\163\040\111\156\143\056
|
||||
\040\050\150\164\164\160\072\057\057\167\167\167\056\160\150\162
|
||||
\145\145\144\157\155\056\157\162\147\057\155\144\065\051
|
||||
END
|
||||
CKA_ID UTF8 "0"
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
|
||||
\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141
|
||||
\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060
|
||||
\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040
|
||||
\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102
|
||||
\165\163\151\156\145\163\163\040\103\101\055\061
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\001\102
|
||||
END
|
||||
CKA_VALUE MULTILINE_OCTAL
|
||||
\060\202\004\062\060\202\003\233\240\003\002\001\002\002\001\102
|
||||
\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060
|
||||
\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061\034
|
||||
\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141\170
|
||||
\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060\053
|
||||
\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040\123
|
||||
\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102\165
|
||||
\163\151\156\145\163\163\040\103\101\055\061\060\036\027\015\060
|
||||
\064\060\067\063\061\060\060\060\060\060\061\132\027\015\060\064
|
||||
\060\071\060\062\060\060\060\060\060\061\132\060\074\061\072\060
|
||||
\070\006\003\125\004\003\023\061\115\104\065\040\103\157\154\154
|
||||
\151\163\151\157\156\163\040\111\156\143\056\040\050\150\164\164
|
||||
\160\072\057\057\167\167\167\056\160\150\162\145\145\144\157\155
|
||||
\056\157\162\147\057\155\144\065\051\060\201\237\060\015\006\011
|
||||
\052\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060
|
||||
\201\211\002\201\201\000\272\246\131\311\054\050\326\052\260\370
|
||||
\355\237\106\244\244\067\356\016\031\150\131\321\263\003\231\121
|
||||
\326\026\232\136\067\153\025\340\016\113\365\204\144\370\243\333
|
||||
\101\157\065\325\233\025\037\333\304\070\122\160\201\227\136\217
|
||||
\240\265\367\176\071\360\062\254\036\255\104\322\263\372\110\303
|
||||
\316\221\233\354\364\234\174\341\132\365\310\067\153\232\203\336
|
||||
\347\312\040\227\061\102\163\025\221\150\364\210\257\371\050\050
|
||||
\305\351\017\163\260\027\113\023\114\231\165\320\104\346\176\010
|
||||
\154\032\362\117\033\101\002\003\001\000\001\243\202\002\044\060
|
||||
\202\002\040\060\013\006\003\125\035\017\004\004\003\002\001\306
|
||||
\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
|
||||
\377\060\035\006\003\125\035\016\004\026\004\024\247\004\140\037
|
||||
\253\162\103\010\305\177\010\220\125\126\034\326\316\346\070\353
|
||||
\060\037\006\003\125\035\043\004\030\060\026\200\024\276\250\240
|
||||
\164\162\120\153\104\267\311\043\330\373\250\377\263\127\153\150
|
||||
\154\060\202\001\276\006\011\140\206\110\001\206\370\102\001\015
|
||||
\004\202\001\257\026\202\001\253\063\000\000\000\047\136\071\340
|
||||
\211\141\017\116\243\305\105\013\066\273\001\321\123\252\303\010
|
||||
\217\157\370\117\076\207\207\104\021\334\140\340\337\222\125\371
|
||||
\270\163\033\124\223\305\237\320\106\304\140\266\065\142\315\271
|
||||
\257\034\250\151\032\311\133\074\226\067\300\355\147\357\273\376
|
||||
\300\213\234\120\057\051\275\203\042\236\216\010\372\254\023\160
|
||||
\242\130\177\142\142\212\021\367\211\366\337\266\147\131\163\026
|
||||
\373\143\026\212\264\221\070\316\056\365\266\276\114\244\224\111
|
||||
\344\145\021\012\102\025\311\301\060\342\151\325\105\175\245\046
|
||||
\273\271\141\354\142\144\360\071\341\347\274\150\330\120\121\236
|
||||
\035\140\323\321\243\247\012\370\003\040\241\160\001\027\221\066
|
||||
\117\002\160\061\206\203\335\367\017\330\007\035\021\263\023\004
|
||||
\245\334\360\256\120\261\050\016\143\151\052\014\202\157\217\107
|
||||
\063\337\154\242\006\222\361\117\105\276\331\060\066\243\053\214
|
||||
\326\167\256\065\143\177\116\114\232\223\110\066\331\237\002\003
|
||||
\001\000\001\243\201\275\060\201\272\060\016\006\003\125\035\017
|
||||
\001\001\377\004\004\003\002\004\360\060\035\006\003\125\035\016
|
||||
\004\026\004\024\315\246\203\372\245\140\067\367\226\067\027\051
|
||||
\336\101\170\361\207\211\125\347\060\073\006\003\125\035\037\004
|
||||
\064\060\062\060\060\240\056\240\054\206\052\150\164\164\160\072
|
||||
\057\057\143\162\154\056\147\145\157\164\162\165\163\164\056\143
|
||||
\157\155\057\143\162\154\163\057\147\154\157\142\141\154\143\141
|
||||
\061\056\143\162\154\060\037\006\003\125\035\043\004\030\060\026
|
||||
\200\024\276\250\240\164\162\120\153\104\267\311\043\330\373\250
|
||||
\377\263\127\153\150\154\060\035\006\003\125\035\045\004\026\060
|
||||
\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
|
||||
\005\005\007\003\002\060\014\006\003\125\035\023\001\001\377\004
|
||||
\002\060\000\060\015\006\011\052\206\110\206\367\015\001\001\004
|
||||
\005\000\003\201\201\000\247\041\002\215\321\016\242\200\167\045
|
||||
\375\103\140\025\217\354\357\220\107\324\204\102\025\046\021\034
|
||||
\315\302\074\020\051\251\266\337\253\127\165\221\332\345\053\263
|
||||
\220\105\034\060\143\126\077\212\331\120\372\355\130\154\300\145
|
||||
\254\146\127\336\034\306\166\073\365\000\016\216\105\316\177\114
|
||||
\220\354\053\306\315\263\264\217\142\320\376\267\305\046\162\104
|
||||
\355\366\230\133\256\313\321\225\365\332\010\276\150\106\261\165
|
||||
\310\354\035\217\036\172\224\361\252\123\170\242\105\256\124\352
|
||||
\321\236\164\310\166\147
|
||||
END
|
||||
|
||||
# Trust for Certificate "MD5 Collisions Forged Rogue CA 25c3"
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3"
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\144\043\023\176\134\123\326\112\246\144\205\355\066\124\365\253
|
||||
\005\132\213\212
|
||||
END
|
||||
CKA_CERT_MD5_HASH MULTILINE_OCTAL
|
||||
\026\172\023\025\271\027\071\243\361\005\152\346\076\331\072\070
|
||||
END
|
||||
CKA_ISSUER MULTILINE_OCTAL
|
||||
\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
|
||||
\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141
|
||||
\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060
|
||||
\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040
|
||||
\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102
|
||||
\165\163\151\156\145\163\163\040\103\101\055\061
|
||||
END
|
||||
CKA_SERIAL_NUMBER MULTILINE_OCTAL
|
||||
\002\001\102
|
||||
END
|
||||
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_UNTRUSTED
|
||||
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_UNTRUSTED
|
||||
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_UNTRUSTED
|
||||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
@ -34,7 +34,7 @@
|
||||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
CONFIG_CVS_ID = "@(#) $RCSfile: config.mk,v $ $Revision: 1.11 $ $Date: 2005/01/20 02:25:46 $"
|
||||
CONFIG_CVS_ID = "@(#) $RCSfile: config.mk,v $ $Revision: 1.12 $ $Date: 2008/11/19 20:09:37 $"
|
||||
|
||||
#
|
||||
# Override TARGETS variable so that only shared libraries
|
||||
@ -69,3 +69,11 @@ ifeq ($(OS_TARGET),SunOS)
|
||||
MKSHLIB += -R '$$ORIGIN'
|
||||
endif
|
||||
|
||||
ifeq ($(OS_ARCH), HP-UX)
|
||||
ifneq ($(OS_TEST), ia64)
|
||||
# pa-risc
|
||||
ifeq ($(USE_64), 1)
|
||||
MKSHLIB += +b '$$ORIGIN'
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
|
@ -75,8 +75,8 @@
|
||||
* of the comment in the CK_VERSION type definition.
|
||||
*/
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 72
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION "1.72"
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 73
|
||||
#define NSS_BUILTINS_LIBRARY_VERSION "1.73"
|
||||
|
||||
/* These version numbers detail the semantic changes to the ckfw engine. */
|
||||
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
|
||||
|
@ -40,7 +40,7 @@
|
||||
*/
|
||||
|
||||
/*
|
||||
* Use this functionto create the CRMFSinglePubInfo* variables that will
|
||||
* Use this function to create the CRMFSinglePubInfo* variables that will
|
||||
* populate the inPubInfoArray paramter for the funciton
|
||||
* CRMF_CreatePKIPublicationInfo.
|
||||
*
|
||||
|
@ -202,13 +202,10 @@ struct SECKEYPublicKeyStr {
|
||||
};
|
||||
typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
|
||||
|
||||
#define CachedAttribute(attribute,setbit) \
|
||||
static const PRUint32 SECKEY_##attribute = 1 << setbit;
|
||||
|
||||
/* bit flag definitions for staticflags */
|
||||
#define SECKEY_Attributes_Cached 0x1 /* bit 0 states
|
||||
whether attributes are cached */
|
||||
CachedAttribute(CKA_PRIVATE,1) /* bit 1 is the value of CKA_PRIVATE */
|
||||
#define SECKEY_CKA_PRIVATE (1U << 1) /* bit 1 is the value of CKA_PRIVATE */
|
||||
|
||||
#define SECKEY_ATTRIBUTES_CACHED(key) \
|
||||
(0 != (key->staticflags & SECKEY_Attributes_Cached))
|
||||
|
@ -45,12 +45,10 @@ LIBRARY_NAME = cryptohi
|
||||
EXPORTS = \
|
||||
cryptohi.h \
|
||||
cryptoht.h \
|
||||
hasht.h \
|
||||
key.h \
|
||||
keyhi.h \
|
||||
keyt.h \
|
||||
keythi.h \
|
||||
sechash.h \
|
||||
$(NULL)
|
||||
|
||||
PRIVATE_EXPORTS = \
|
||||
|
@ -35,7 +35,7 @@
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: devslot.c,v $ $Revision: 1.24 $ $Date: 2008/08/09 01:25:58 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: devslot.c,v $ $Revision: 1.25 $ $Date: 2008/11/20 04:53:44 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef NSSCKEPV_H
|
||||
@ -219,6 +219,7 @@ nssSlot_IsTokenPresent (
|
||||
*/
|
||||
session = nssToken_GetDefaultSession(slot->token);
|
||||
if (session) {
|
||||
PRBool isPresent = PR_FALSE;
|
||||
nssSession_EnterMonitor(session);
|
||||
if (session->handle != CK_INVALID_SESSION) {
|
||||
CK_SESSION_INFO sessionInfo;
|
||||
@ -229,9 +230,10 @@ nssSlot_IsTokenPresent (
|
||||
session->handle = CK_INVALID_SESSION;
|
||||
}
|
||||
}
|
||||
isPresent = session->handle != CK_INVALID_SESSION;
|
||||
nssSession_ExitMonitor(session);
|
||||
/* token not removed, finished */
|
||||
if (session->handle != CK_INVALID_SESSION)
|
||||
if (isPresent)
|
||||
return PR_TRUE;
|
||||
}
|
||||
/* the token has been removed, and reinserted, or the slot contains
|
||||
|
@ -35,7 +35,7 @@
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: devutil.c,v $ $Revision: 1.32 $ $Date: 2008/09/30 04:09:02 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: devutil.c,v $ $Revision: 1.33 $ $Date: 2008/11/19 20:44:35 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef DEVM_H
|
||||
@ -148,9 +148,7 @@ nssSlotArray_Clone (
|
||||
if (count > 0) {
|
||||
rvSlots = nss_ZNEWARRAY(NULL, NSSSlot *, count + 1);
|
||||
if (rvSlots) {
|
||||
sp = slots;
|
||||
count = 0;
|
||||
for (sp = slots; *sp; sp++) {
|
||||
for (sp = slots, count = 0; *sp; sp++) {
|
||||
rvSlots[count++] = nssSlot_AddRef(*sp);
|
||||
}
|
||||
}
|
||||
@ -376,7 +374,7 @@ create_object (
|
||||
)
|
||||
{
|
||||
PRUint32 j;
|
||||
NSSArena *arena;
|
||||
NSSArena *arena = NULL;
|
||||
NSSSlot *slot = NULL;
|
||||
nssSession *session = NULL;
|
||||
nssCryptokiObjectAndAttributes *rvCachedObject = NULL;
|
||||
|
@ -74,9 +74,12 @@ ifdef USE_ABI32_FPU
|
||||
DEFINES += -DNSS_USE_ABI32_FPU
|
||||
endif
|
||||
|
||||
# des.c wants _X86_ defined for intel CPUs.
|
||||
ifdef FREEBL_NO_DEPEND
|
||||
DEFINES += -DFREEBL_NO_DEPEND
|
||||
endif
|
||||
# some codes want _X86_ defined for intel CPUs.
|
||||
# coreconf does this for windows, but not for Linux, FreeBSD, etc.
|
||||
ifeq ($(CPU_ARCH),x86)
|
||||
ifeq (,$(filter-out x86 x86_64,$(CPU_ARCH)))
|
||||
ifneq (,$(filter-out WIN%,$(OS_TARGET)))
|
||||
OS_REL_CFLAGS += -D_X86_
|
||||
endif
|
||||
@ -135,6 +138,9 @@ ifeq ($(CPU_ARCH),x86_64)
|
||||
DEFINES += -DNSS_USE_COMBA
|
||||
DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
|
||||
# DEFINES += -DMPI_AMD64_ADD
|
||||
# comment the next two lines to turn off intel HW accelleration
|
||||
DEFINES += -DUSE_HW_AES
|
||||
ASFILES += intel-aes.s
|
||||
MPI_SRCS += mpi_amd64.c mp_comba.c
|
||||
endif
|
||||
ifeq ($(CPU_ARCH),x86)
|
||||
@ -382,6 +388,9 @@ else
|
||||
endif
|
||||
DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
|
||||
DEFINES += -DNSS_USE_COMBA -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
|
||||
# comment the next two lines to turn off intel HW accelleration
|
||||
DEFINES += -DUSE_HW_AES
|
||||
ASFILES += intel-aes.s
|
||||
MPI_SRCS += mpi_amd64.c
|
||||
else
|
||||
# Solaris x86
|
||||
|
@ -36,9 +36,13 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: aeskeywrap.c,v 1.4 2005/08/06 07:24:21 nelsonb%netscape.com Exp $ */
|
||||
/* $Id: aeskeywrap.c,v 1.5 2008/11/18 19:48:21 rrelyea%redhat.com Exp $ */
|
||||
|
||||
/* $Id: aeskeywrap.c,v 1.4 2005/08/06 07:24:21 nelsonb%netscape.com Exp $ */
|
||||
/* $Id: aeskeywrap.c,v 1.5 2008/11/18 19:48:21 rrelyea%redhat.com Exp $ */
|
||||
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
#include "prcpucfg.h"
|
||||
#if defined(IS_LITTLE_ENDIAN) || defined(SHA_NO_LONG_LONG)
|
||||
|
@ -37,7 +37,11 @@
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
/* $Id: alg2268.c,v 1.7 2005/08/06 07:24:21 nelsonb%netscape.com Exp $ */
|
||||
/* $Id: alg2268.c,v 1.8 2008/11/18 19:48:21 rrelyea%redhat.com Exp $ */
|
||||
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
#include "blapi.h"
|
||||
#include "secerr.h"
|
||||
|
@ -34,6 +34,10 @@
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
#include "secport.h"
|
||||
#include "hasht.h"
|
||||
#include "blapit.h"
|
||||
|
@ -36,7 +36,11 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: arcfive.c,v 1.5 2004/04/27 23:04:36 gerv%gerv.net Exp $ */
|
||||
/* $Id: arcfive.c,v 1.6 2008/11/18 19:48:21 rrelyea%redhat.com Exp $ */
|
||||
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
#include "blapi.h"
|
||||
#include "prerror.h"
|
||||
|
@ -38,6 +38,10 @@
|
||||
|
||||
/* See NOTES ON UMRs, Unititialized Memory Reads, below. */
|
||||
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
#include "prerr.h"
|
||||
#include "secerr.h"
|
||||
|
||||
|
@ -37,7 +37,7 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: blapi.h,v 1.27 2007/11/09 18:49:32 wtc%google.com Exp $ */
|
||||
/* $Id: blapi.h,v 1.28 2008/12/17 06:09:12 nelson%bolyard.com Exp $ */
|
||||
|
||||
#ifndef _BLAPI_H_
|
||||
#define _BLAPI_H_
|
||||
@ -516,6 +516,30 @@ extern SECStatus DES_Decrypt(DESContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen, unsigned int maxOutputLen,
|
||||
const unsigned char *input, unsigned int inputLen);
|
||||
|
||||
/******************************************/
|
||||
/*
|
||||
** SEED symmetric block cypher
|
||||
*/
|
||||
extern SEEDContext *
|
||||
SEED_CreateContext(const unsigned char *key, const unsigned char *iv,
|
||||
int mode, PRBool encrypt);
|
||||
extern SEEDContext *SEED_AllocateContext(void);
|
||||
extern SECStatus SEED_InitContext(SEEDContext *cx,
|
||||
const unsigned char *key,
|
||||
unsigned int keylen,
|
||||
const unsigned char *iv,
|
||||
int mode, unsigned int encrypt,
|
||||
unsigned int );
|
||||
extern void SEED_DestroyContext(SEEDContext *cx, PRBool freeit);
|
||||
extern SECStatus
|
||||
SEED_Encrypt(SEEDContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen, unsigned int maxOutputLen,
|
||||
const unsigned char *input, unsigned int inputLen);
|
||||
extern SECStatus
|
||||
SEED_Decrypt(SEEDContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen, unsigned int maxOutputLen,
|
||||
const unsigned char *input, unsigned int inputLen);
|
||||
|
||||
/******************************************/
|
||||
/*
|
||||
** AES symmetric block cypher (Rijndael)
|
||||
|
@ -38,7 +38,7 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: blapit.h,v 1.21 2008/06/14 14:20:07 wtc%google.com Exp $ */
|
||||
/* $Id: blapit.h,v 1.22 2008/12/17 06:09:12 nelson%bolyard.com Exp $ */
|
||||
|
||||
#ifndef _BLAPIT_H_
|
||||
#define _BLAPIT_H_
|
||||
@ -73,6 +73,10 @@
|
||||
#define NSS_CAMELLIA 0
|
||||
#define NSS_CAMELLIA_CBC 1
|
||||
|
||||
/* SEED operation modes */
|
||||
#define NSS_SEED 0
|
||||
#define NSS_SEED_CBC 1
|
||||
|
||||
#define DSA_SIGNATURE_LEN 40 /* Bytes */
|
||||
#define DSA_SUBPRIME_LEN 20 /* Bytes */
|
||||
|
||||
@ -113,6 +117,9 @@
|
||||
|
||||
#define CAMELLIA_BLOCK_SIZE 16 /* bytes */
|
||||
|
||||
#define SEED_BLOCK_SIZE 16 /* bytes */
|
||||
#define SEED_KEY_LENGTH 16 /* bytes */
|
||||
|
||||
#define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048
|
||||
|
||||
/*
|
||||
@ -183,6 +190,7 @@ struct SHA1ContextStr ;
|
||||
struct SHA256ContextStr ;
|
||||
struct SHA512ContextStr ;
|
||||
struct AESKeyWrapContextStr ;
|
||||
struct SEEDContextStr ;
|
||||
|
||||
typedef struct DESContextStr DESContext;
|
||||
typedef struct RC2ContextStr RC2Context;
|
||||
@ -198,6 +206,7 @@ typedef struct SHA512ContextStr SHA512Context;
|
||||
/* SHA384Context is really a SHA512ContextStr. This is not a mistake. */
|
||||
typedef struct SHA512ContextStr SHA384Context;
|
||||
typedef struct AESKeyWrapContextStr AESKeyWrapContext;
|
||||
typedef struct SEEDContextStr SEEDContext;
|
||||
|
||||
/***************************************************************************
|
||||
** RSA Public and Private Key structures
|
||||
|
@ -36,9 +36,13 @@
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
/*
|
||||
* $Id: camellia.c,v 1.1 2007/02/28 19:47:37 rrelyea%redhat.com Exp $
|
||||
* $Id: camellia.c,v 1.2 2008/11/18 19:48:22 rrelyea%redhat.com Exp $
|
||||
*/
|
||||
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
#include "prinit.h"
|
||||
#include "prerr.h"
|
||||
#include "secerr.h"
|
||||
|
@ -101,13 +101,17 @@ endif # NS_USE_GCC
|
||||
|
||||
else
|
||||
|
||||
ifndef FREEBL_NO_DEPEND
|
||||
EXTRA_SHARED_LIBS += \
|
||||
-L$(DIST)/lib \
|
||||
-lnssutil3 \
|
||||
-L$(NSPR_LIB_DIR) \
|
||||
-lnspr4 \
|
||||
$(NULL)
|
||||
|
||||
else
|
||||
#drop pthreads as well
|
||||
OS_PTHREAD=
|
||||
endif
|
||||
endif
|
||||
|
||||
ifeq ($(OS_ARCH), Darwin)
|
||||
|
@ -400,10 +400,15 @@ static const HALF PC2[8][64] = {
|
||||
temp = (word ^ (word >> 9)) & 0x00550055; \
|
||||
word ^= temp | (temp << 9);
|
||||
|
||||
#if defined(__GNUC__) && defined(_X86_)
|
||||
#define BYTESWAP(word, temp) \
|
||||
__asm("bswap %0" : "+r" (word));
|
||||
#else
|
||||
#define BYTESWAP(word, temp) \
|
||||
word = (word >> 16) | (word << 16); \
|
||||
temp = 0x00ff00ff; \
|
||||
word = ((word & temp) << 8) | ((word >> 8) & temp);
|
||||
#endif
|
||||
|
||||
#define PC1(left, right, c0, d0, temp) \
|
||||
right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \
|
||||
|
@ -41,6 +41,10 @@
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
#include "des.h"
|
||||
#include <stddef.h>
|
||||
#include "secerr.h"
|
||||
|
@ -38,8 +38,11 @@
|
||||
* Diffie-Hellman parameter generation, key generation, and secret derivation.
|
||||
* KEA secret generation and verification.
|
||||
*
|
||||
* $Id: dh.c,v 1.7 2004/04/25 15:03:08 gerv%gerv.net Exp $
|
||||
* $Id: dh.c,v 1.8 2008/11/18 19:48:22 rrelyea%redhat.com Exp $
|
||||
*/
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
#include "prerr.h"
|
||||
#include "secerr.h"
|
||||
|
@ -35,7 +35,11 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: dsa.c,v 1.18 2005/10/12 00:48:25 wtchang%redhat.com Exp $ */
|
||||
/* $Id: dsa.c,v 1.19 2008/11/18 19:48:23 rrelyea%redhat.com Exp $ */
|
||||
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
#include "secerr.h"
|
||||
|
||||
|
@ -37,6 +37,11 @@
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
|
||||
#include "blapi.h"
|
||||
#include "prerr.h"
|
||||
#include "secerr.h"
|
||||
@ -117,6 +122,7 @@ ec_points_mul(const ECParams *params, const mp_int *k1, const mp_int *k2,
|
||||
if (pointP != NULL) {
|
||||
if ((pointP->data[0] != EC_POINT_FORM_UNCOMPRESSED) ||
|
||||
(pointP->len != (2 * len + 1))) {
|
||||
PORT_SetError(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM);
|
||||
return SECFailure;
|
||||
};
|
||||
}
|
||||
@ -591,9 +597,12 @@ ECDH_Derive(SECItem *publicValue,
|
||||
}
|
||||
|
||||
/* Multiply our private key and peer's public point */
|
||||
if ((ec_points_mul(ecParams, NULL, &k, publicValue, &pointQ) != SECSuccess) ||
|
||||
ec_point_at_infinity(&pointQ))
|
||||
if (ec_points_mul(ecParams, NULL, &k, publicValue, &pointQ) != SECSuccess)
|
||||
goto cleanup;
|
||||
if (ec_point_at_infinity(&pointQ)) {
|
||||
PORT_SetError(SEC_ERROR_BAD_KEY); /* XXX better error code? */
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* Allocate memory for the derived secret and copy
|
||||
* the x co-ordinate of pointQ into it.
|
||||
@ -613,6 +622,10 @@ ECDH_Derive(SECItem *publicValue,
|
||||
cleanup:
|
||||
mp_clear(&k);
|
||||
|
||||
if (err) {
|
||||
MP_TO_SEC_ERROR(err);
|
||||
}
|
||||
|
||||
if (pointQ.data) {
|
||||
PORT_ZFree(pointQ.data, 2*len + 1);
|
||||
}
|
||||
|
71
security/nss/lib/freebl/freebl_hash.def
Normal file
71
security/nss/lib/freebl/freebl_hash.def
Normal file
@ -0,0 +1,71 @@
|
||||
;+#
|
||||
;+# ***** BEGIN LICENSE BLOCK *****
|
||||
;+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
;+#
|
||||
;+# The contents of this file are subject to the Mozilla Public License Version
|
||||
;+# 1.1 (the "License"); you may not use this file except in compliance with
|
||||
;+# the License. You may obtain a copy of the License at
|
||||
;+# http://www.mozilla.org/MPL/
|
||||
;+#
|
||||
;+# Software distributed under the License is distributed on an "AS IS" basis,
|
||||
;+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
;+# for the specific language governing rights and limitations under the
|
||||
;+# License.
|
||||
;+#
|
||||
;+# The Original Code is the Netscape security libraries.
|
||||
;+#
|
||||
;+# The Initial Developer of the Original Code is
|
||||
;+# Netscape Communications Corporation.
|
||||
;+# Portions created by the Initial Developer are Copyright (C) 2000
|
||||
;+# the Initial Developer. All Rights Reserved.
|
||||
;+#
|
||||
;+# Contributor(s):
|
||||
;+#
|
||||
;+# Alternatively, the contents of this file may be used under the terms of
|
||||
;+# either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
;+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
;+# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
;+# of those above. If you wish to allow use of your version of this file only
|
||||
;+# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
;+# use your version of this file under the terms of the MPL, indicate your
|
||||
;+# decision by deleting the provisions above and replace them with the notice
|
||||
;+# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
;+# the provisions above, a recipient may use your version of this file under
|
||||
;+# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
;+#
|
||||
;+# ***** END LICENSE BLOCK *****
|
||||
;+#
|
||||
;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
|
||||
;+# 1. For all unix platforms, the string ";-" means "remove this line"
|
||||
;+# 2. For all unix platforms, the string " DATA " will be removed from any
|
||||
;+# line on which it occurs.
|
||||
;+# 3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
|
||||
;+# On AIX, lines containing ";+" will be removed.
|
||||
;+# 4. For all unix platforms, the string ";;" will thave the ";;" removed.
|
||||
;+# 5. For all unix platforms, after the above processing has taken place,
|
||||
;+# all characters after the first ";" on the line will be removed.
|
||||
;+# And for AIX, the first ";" will also be removed.
|
||||
;+# This file is passed directly to windows. Since ';' is a comment, all UNIX
|
||||
;+# directives are hidden behind ";", ";+", and ";-"
|
||||
;+
|
||||
;+NSSprivate_3.11 { # NSS 3.11 release
|
||||
;+ global:
|
||||
LIBRARY freebl3 ;-
|
||||
EXPORTS ;-
|
||||
FREEBL_GetVector;
|
||||
;+ local:
|
||||
;+ *;
|
||||
;+};
|
||||
;+NSSRAWHASH_3.12.3 { # NSS 3.12.3 release
|
||||
;+ global:
|
||||
NSSLOW_Init;
|
||||
NSSLOW_Shutdown;
|
||||
NSSLOWHASH_Length;
|
||||
NSSLOWHASH_Begin;
|
||||
NSSLOWHASH_Destroy;
|
||||
NSSLOWHASH_End;
|
||||
NSSLOWHASH_NewContext;
|
||||
NSSLOWHASH_Update;
|
||||
;+ local:
|
||||
;+ *;
|
||||
;+};
|
@ -33,7 +33,7 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: hasht.h,v 1.7 2005/11/07 18:44:20 wtchang%redhat.com Exp $ */
|
||||
/* $Id: hasht.h,v 1.7 2008/12/10 22:48:03 wtchang%redhat.com Exp $ */
|
||||
|
||||
#ifndef _HASHT_H_
|
||||
#define _HASHT_H_
|
151
security/nss/lib/freebl/intel-aes.h
Normal file
151
security/nss/lib/freebl/intel-aes.h
Normal file
@ -0,0 +1,151 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Initial Developer of the Original Code is Red Hat, Inc, 2008.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Ulrich Drepper <drepper@redhat.com>
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
/* Prototypes of the functions defined in the assembler file. */
|
||||
void intel_aes_encrypt_init_128(const unsigned char *key, PRUint32 *expanded);
|
||||
void intel_aes_encrypt_init_192(const unsigned char *key, PRUint32 *expanded);
|
||||
void intel_aes_encrypt_init_256(const unsigned char *key, PRUint32 *expanded);
|
||||
void intel_aes_decrypt_init_128(const unsigned char *key, PRUint32 *expanded);
|
||||
void intel_aes_decrypt_init_192(const unsigned char *key, PRUint32 *expanded);
|
||||
void intel_aes_decrypt_init_256(const unsigned char *key, PRUint32 *expanded);
|
||||
SECStatus intel_aes_encrypt_ecb_128(AESContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen,
|
||||
unsigned int maxOutputLen,
|
||||
const unsigned char *input,
|
||||
unsigned int inputLen,
|
||||
unsigned int blocksize);
|
||||
SECStatus intel_aes_decrypt_ecb_128(AESContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen,
|
||||
unsigned int maxOutputLen,
|
||||
const unsigned char *input,
|
||||
unsigned int inputLen,
|
||||
unsigned int blocksize);
|
||||
SECStatus intel_aes_encrypt_cbc_128(AESContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen,
|
||||
unsigned int maxOutputLen,
|
||||
const unsigned char *input,
|
||||
unsigned int inputLen,
|
||||
unsigned int blocksize);
|
||||
SECStatus intel_aes_decrypt_cbc_128(AESContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen,
|
||||
unsigned int maxOutputLen,
|
||||
const unsigned char *input,
|
||||
unsigned int inputLen,
|
||||
unsigned int blocksize);
|
||||
SECStatus intel_aes_encrypt_ecb_192(AESContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen,
|
||||
unsigned int maxOutputLen,
|
||||
const unsigned char *input,
|
||||
unsigned int inputLen,
|
||||
unsigned int blocksize);
|
||||
SECStatus intel_aes_decrypt_ecb_192(AESContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen,
|
||||
unsigned int maxOutputLen,
|
||||
const unsigned char *input,
|
||||
unsigned int inputLen,
|
||||
unsigned int blocksize);
|
||||
SECStatus intel_aes_encrypt_cbc_192(AESContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen,
|
||||
unsigned int maxOutputLen,
|
||||
const unsigned char *input,
|
||||
unsigned int inputLen,
|
||||
unsigned int blocksize);
|
||||
SECStatus intel_aes_decrypt_cbc_192(AESContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen,
|
||||
unsigned int maxOutputLen,
|
||||
const unsigned char *input,
|
||||
unsigned int inputLen,
|
||||
unsigned int blocksize);
|
||||
SECStatus intel_aes_encrypt_ecb_256(AESContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen,
|
||||
unsigned int maxOutputLen,
|
||||
const unsigned char *input,
|
||||
unsigned int inputLen,
|
||||
unsigned int blocksize);
|
||||
SECStatus intel_aes_decrypt_ecb_256(AESContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen,
|
||||
unsigned int maxOutputLen,
|
||||
const unsigned char *input,
|
||||
unsigned int inputLen,
|
||||
unsigned int blocksize);
|
||||
SECStatus intel_aes_encrypt_cbc_256(AESContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen,
|
||||
unsigned int maxOutputLen,
|
||||
const unsigned char *input,
|
||||
unsigned int inputLen,
|
||||
unsigned int blocksize);
|
||||
SECStatus intel_aes_decrypt_cbc_256(AESContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen,
|
||||
unsigned int maxOutputLen,
|
||||
const unsigned char *input,
|
||||
unsigned int inputLen,
|
||||
unsigned int blocksize);
|
||||
|
||||
|
||||
#define intel_aes_ecb_worker(encrypt, keysize) \
|
||||
((encrypt) \
|
||||
? ((keysize) == 16 ? intel_aes_encrypt_ecb_128 : \
|
||||
(keysize) == 24 ? intel_aes_encrypt_ecb_192 : \
|
||||
intel_aes_encrypt_ecb_256) \
|
||||
: ((keysize) == 16 ? intel_aes_decrypt_ecb_128 : \
|
||||
(keysize) == 24 ? intel_aes_decrypt_ecb_192 : \
|
||||
intel_aes_decrypt_ecb_256))
|
||||
|
||||
|
||||
#define intel_aes_cbc_worker(encrypt, keysize) \
|
||||
((encrypt) \
|
||||
? ((keysize) == 16 ? intel_aes_encrypt_cbc_128 : \
|
||||
(keysize) == 24 ? intel_aes_encrypt_cbc_192 : \
|
||||
intel_aes_encrypt_cbc_256) \
|
||||
: ((keysize) == 16 ? intel_aes_decrypt_cbc_128 : \
|
||||
(keysize) == 24 ? intel_aes_decrypt_cbc_192 : \
|
||||
intel_aes_decrypt_cbc_256))
|
||||
|
||||
|
||||
#define intel_aes_init(encrypt, keysize) \
|
||||
do { \
|
||||
if (encrypt) { \
|
||||
if (keysize == 16) \
|
||||
intel_aes_encrypt_init_128(key, cx->expandedKey); \
|
||||
else if (keysize == 24) \
|
||||
intel_aes_encrypt_init_192(key, cx->expandedKey); \
|
||||
else \
|
||||
intel_aes_encrypt_init_256(key, cx->expandedKey); \
|
||||
} else { \
|
||||
if (keysize == 16) \
|
||||
intel_aes_decrypt_init_128(key, cx->expandedKey); \
|
||||
else if (keysize == 24) \
|
||||
intel_aes_decrypt_init_192(key, cx->expandedKey); \
|
||||
else \
|
||||
intel_aes_decrypt_init_256(key, cx->expandedKey); \
|
||||
} \
|
||||
} while (0)
|
1631
security/nss/lib/freebl/intel-aes.s
Normal file
1631
security/nss/lib/freebl/intel-aes.s
Normal file
File diff suppressed because it is too large
Load Diff
@ -37,11 +37,16 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: ldvector.c,v 1.17 2008/05/13 01:19:59 wtc%google.com Exp $ */
|
||||
/* $Id: ldvector.c,v 1.19 2008/12/17 06:09:12 nelson%bolyard.com Exp $ */
|
||||
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
extern int FREEBL_InitStubs(void);
|
||||
#endif
|
||||
|
||||
#include "loader.h"
|
||||
#include "alghmac.h"
|
||||
|
||||
|
||||
static const struct FREEBLVectorStr vector =
|
||||
{
|
||||
|
||||
@ -234,10 +239,20 @@ static const struct FREEBLVectorStr vector =
|
||||
Camellia_Encrypt,
|
||||
Camellia_Decrypt,
|
||||
|
||||
/* End of Version 3.010. */
|
||||
PQG_DestroyParams,
|
||||
PQG_DestroyVerify,
|
||||
|
||||
/* End of Version 3.010. */
|
||||
|
||||
SEED_InitContext,
|
||||
SEED_AllocateContext,
|
||||
SEED_CreateContext,
|
||||
SEED_DestroyContext,
|
||||
SEED_Encrypt,
|
||||
SEED_Decrypt
|
||||
|
||||
/* End of Version 3.011. */
|
||||
|
||||
};
|
||||
|
||||
const FREEBLVector *
|
||||
@ -250,6 +265,9 @@ FREEBL_GetVector(void)
|
||||
volatile char c;
|
||||
|
||||
c = __nss_freebl_rcsid[0] + __nss_freebl_sccsid[0];
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
FREEBL_InitStubs();
|
||||
#endif
|
||||
return &vector;
|
||||
}
|
||||
|
||||
|
@ -37,7 +37,7 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: loader.c,v 1.39 2008/01/22 02:24:03 nelson%bolyard.com Exp $ */
|
||||
/* $Id: loader.c,v 1.40 2008/12/17 06:09:12 nelson%bolyard.com Exp $ */
|
||||
|
||||
#include "loader.h"
|
||||
#include "prmem.h"
|
||||
@ -486,6 +486,44 @@ DES_Decrypt(DESContext *cx, unsigned char *output, unsigned int *outputLen,
|
||||
return (vector->p_DES_Decrypt)(cx, output, outputLen, maxOutputLen, input,
|
||||
inputLen);
|
||||
}
|
||||
SEEDContext *
|
||||
SEED_CreateContext(const unsigned char *key, const unsigned char *iv,
|
||||
int mode, PRBool encrypt)
|
||||
{
|
||||
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
|
||||
return NULL;
|
||||
return (vector->p_SEED_CreateContext)(key, iv, mode, encrypt);
|
||||
}
|
||||
|
||||
void
|
||||
SEED_DestroyContext(SEEDContext *cx, PRBool freeit)
|
||||
{
|
||||
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
|
||||
return;
|
||||
(vector->p_SEED_DestroyContext)(cx, freeit);
|
||||
}
|
||||
|
||||
SECStatus
|
||||
SEED_Encrypt(SEEDContext *cx, unsigned char *output, unsigned int *outputLen,
|
||||
unsigned int maxOutputLen, const unsigned char *input,
|
||||
unsigned int inputLen)
|
||||
{
|
||||
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
|
||||
return SECFailure;
|
||||
return (vector->p_SEED_Encrypt)(cx, output, outputLen, maxOutputLen, input,
|
||||
inputLen);
|
||||
}
|
||||
|
||||
SECStatus
|
||||
SEED_Decrypt(SEEDContext *cx, unsigned char *output, unsigned int *outputLen,
|
||||
unsigned int maxOutputLen, const unsigned char *input,
|
||||
unsigned int inputLen)
|
||||
{
|
||||
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
|
||||
return SECFailure;
|
||||
return (vector->p_SEED_Decrypt)(cx, output, outputLen, maxOutputLen, input,
|
||||
inputLen);
|
||||
}
|
||||
|
||||
AESContext *
|
||||
AES_CreateContext(const unsigned char *key, const unsigned char *iv,
|
||||
@ -1359,6 +1397,16 @@ DES_InitContext(DESContext *cx, const unsigned char *key,
|
||||
return (vector->p_DES_InitContext)(cx, key, keylen, iv, mode, encrypt, xtra);
|
||||
}
|
||||
|
||||
SECStatus
|
||||
SEED_InitContext(SEEDContext *cx, const unsigned char *key,
|
||||
unsigned int keylen, const unsigned char *iv, int mode,
|
||||
unsigned int encrypt, unsigned int xtra)
|
||||
{
|
||||
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
|
||||
return SECFailure;
|
||||
return (vector->p_SEED_InitContext)(cx, key, keylen, iv, mode, encrypt, xtra);
|
||||
}
|
||||
|
||||
SECStatus
|
||||
RC2_InitContext(RC2Context *cx, const unsigned char *key,
|
||||
unsigned int keylen, const unsigned char *iv, int mode,
|
||||
|
@ -37,7 +37,7 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: loader.h,v 1.21 2007/11/13 03:12:48 wtc%google.com Exp $ */
|
||||
/* $Id: loader.h,v 1.22 2008/12/17 06:09:12 nelson%bolyard.com Exp $ */
|
||||
|
||||
#ifndef _LOADER_H_
|
||||
#define _LOADER_H_ 1
|
||||
@ -491,6 +491,33 @@ struct FREEBLVectorStr {
|
||||
void (* p_PQG_DestroyVerify)(PQGVerify *vfy);
|
||||
|
||||
/* Version 3.010 came to here */
|
||||
|
||||
SECStatus (* p_SEED_InitContext)(SEEDContext *cx,
|
||||
const unsigned char *key,
|
||||
unsigned int keylen,
|
||||
const unsigned char *iv,
|
||||
int mode,
|
||||
unsigned int encrypt,
|
||||
unsigned int );
|
||||
|
||||
SEEDContext *(*p_SEED_AllocateContext)(void);
|
||||
|
||||
SEEDContext *(* p_SEED_CreateContext)(const unsigned char *key,
|
||||
const unsigned char *iv,
|
||||
int mode, PRBool encrypt);
|
||||
|
||||
void (* p_SEED_DestroyContext)(SEEDContext *cx, PRBool freeit);
|
||||
|
||||
SECStatus (* p_SEED_Encrypt)(SEEDContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen, unsigned int maxOutputLen,
|
||||
const unsigned char *input, unsigned int inputLen);
|
||||
|
||||
SECStatus (* p_SEED_Decrypt)(SEEDContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen, unsigned int maxOutputLen,
|
||||
const unsigned char *input, unsigned int inputLen);
|
||||
|
||||
/* Version 3.011 came to here */
|
||||
|
||||
};
|
||||
|
||||
typedef struct FREEBLVectorStr FREEBLVector;
|
||||
|
@ -70,7 +70,13 @@ ifneq (,$(findstring _,$(LIBRARY_NAME)))
|
||||
LIBRARY_VERSION := _$(LIBRARY_VERSION)
|
||||
endif
|
||||
|
||||
ifdef FREEBL_NO_DEPEND
|
||||
LOWHASH_SRCS = stubs.c nsslowhash.c
|
||||
LOWHASH_EXPORTS = nsslowhash.h
|
||||
MAPFILE_SOURCE = freebl_hash.def
|
||||
else
|
||||
MAPFILE_SOURCE = freebl.def
|
||||
endif
|
||||
MAPFILE = $(OBJDIR)/$(LIBRARY_NAME).def
|
||||
|
||||
SOFTOKEN_LIBRARY_VERSION = 3
|
||||
@ -85,6 +91,9 @@ EXPORTS = \
|
||||
blapit.h \
|
||||
shsign.h \
|
||||
ecl-exp.h \
|
||||
hasht.h \
|
||||
sechash.h \
|
||||
$(LOWHASH_EXPORTS) \
|
||||
$(NULL)
|
||||
|
||||
PRIVATE_EXPORTS = \
|
||||
@ -143,9 +152,11 @@ CSRCS = \
|
||||
rsa.c \
|
||||
shvfy.c \
|
||||
tlsprfalg.c \
|
||||
seed.c \
|
||||
$(MPI_SRCS) \
|
||||
$(MPCPU_SRCS) \
|
||||
$(ECL_SRCS) \
|
||||
$(LOWHASH_SRCS) \
|
||||
$(NULL)
|
||||
|
||||
ALL_CSRCS := $(CSRCS)
|
||||
@ -164,6 +175,7 @@ ALL_HDRS = \
|
||||
sha256.h \
|
||||
shsign.h \
|
||||
vis_proto.h \
|
||||
seed.h \
|
||||
$(NULL)
|
||||
|
||||
|
||||
|
@ -34,6 +34,10 @@
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
#include "prerr.h"
|
||||
#include "secerr.h"
|
||||
|
||||
|
@ -34,6 +34,10 @@
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
#include "prerr.h"
|
||||
#include "secerr.h"
|
||||
|
||||
|
@ -66,7 +66,7 @@
|
||||
|
||||
#if defined(__GNUC__)
|
||||
|
||||
static void cpuid(unsigned long op, unsigned long *eax,
|
||||
void freebl_cpuid(unsigned long op, unsigned long *eax,
|
||||
unsigned long *ebx, unsigned long *ecx,
|
||||
unsigned long *edx)
|
||||
{
|
||||
@ -82,7 +82,7 @@ static void cpuid(unsigned long op, unsigned long *eax,
|
||||
|
||||
#include <intrin.h>
|
||||
|
||||
static void cpuid(unsigned long op, unsigned long *eax,
|
||||
void freebl_cpuid(unsigned long op, unsigned long *eax,
|
||||
unsigned long *ebx, unsigned long *ecx,
|
||||
unsigned long *edx)
|
||||
{
|
||||
@ -102,7 +102,7 @@ static void cpuid(unsigned long op, unsigned long *eax,
|
||||
/* x86 */
|
||||
|
||||
#if defined(__GNUC__)
|
||||
static void cpuid(unsigned long op, unsigned long *eax,
|
||||
void freebl_cpuid(unsigned long op, unsigned long *eax,
|
||||
unsigned long *ebx, unsigned long *ecx,
|
||||
unsigned long *edx)
|
||||
{
|
||||
@ -148,7 +148,7 @@ static unsigned long changeFlag(unsigned long flag)
|
||||
* windows versions of the above assembler
|
||||
*/
|
||||
#define wcpuid __asm __emit 0fh __asm __emit 0a2h
|
||||
static void cpuid(unsigned long op, unsigned long *Reax,
|
||||
void freebl_cpuid(unsigned long op, unsigned long *Reax,
|
||||
unsigned long *Rebx, unsigned long *Recx, unsigned long *Redx)
|
||||
{
|
||||
unsigned long Leax, Lebx, Lecx, Ledx;
|
||||
@ -572,7 +572,7 @@ getIntelCacheLineSize(int cpuidLevel)
|
||||
* to the getIntelRegisterCacheLineSize code, which breaks the registers
|
||||
* down into their component descriptors. In the end the lineSize of the
|
||||
* lowest level cache data cache is returned. */
|
||||
cpuid(2, &eax, &ebx, &ecx, &edx);
|
||||
freebl_cpuid(2, &eax, &ebx, &ecx, &edx);
|
||||
repeat = eax & 0xf;
|
||||
for (count = 0; count < repeat; count++) {
|
||||
if ((eax & 0x80000000) == 0) {
|
||||
@ -588,7 +588,7 @@ getIntelCacheLineSize(int cpuidLevel)
|
||||
getIntelRegisterCacheLineSize(edx, &level, &lineSize);
|
||||
}
|
||||
if (count+1 != repeat) {
|
||||
cpuid(2, &eax, &ebx, &ecx, &edx);
|
||||
freebl_cpuid(2, &eax, &ebx, &ecx, &edx);
|
||||
}
|
||||
}
|
||||
return lineSize;
|
||||
@ -608,11 +608,11 @@ getOtherCacheLineSize(unsigned long cpuidLevel)
|
||||
unsigned long eax, ebx, ecx, edx;
|
||||
|
||||
/* get the Extended CPUID level */
|
||||
cpuid(0x80000000, &eax, &ebx, &ecx, &edx);
|
||||
freebl_cpuid(0x80000000, &eax, &ebx, &ecx, &edx);
|
||||
cpuidLevel = eax;
|
||||
|
||||
if (cpuidLevel >= 0x80000005) {
|
||||
cpuid(0x80000005, &eax, &ebx, &ecx, &edx);
|
||||
freebl_cpuid(0x80000005, &eax, &ebx, &ecx, &edx);
|
||||
lineSize = ecx & 0xff; /* line Size, L1 Data Cache */
|
||||
}
|
||||
return lineSize;
|
||||
@ -659,7 +659,7 @@ s_mpi_is_sse2()
|
||||
if (is386() || is486()) {
|
||||
return 0;
|
||||
}
|
||||
cpuid(0, &eax, &ebx, &ecx, &edx);
|
||||
freebl_cpuid(0, &eax, &ebx, &ecx, &edx);
|
||||
*(int *)string = ebx;
|
||||
*(int *)&string[4] = edx;
|
||||
*(int *)&string[8] = ecx;
|
||||
@ -682,7 +682,7 @@ s_mpi_is_sse2()
|
||||
return 0;
|
||||
}
|
||||
|
||||
cpuid(1,&eax,&ebx,&ecx,&edx);
|
||||
freebl_cpuid(1,&eax,&ebx,&ecx,&edx);
|
||||
return (edx & SSE2_FLAG) == SSE2_FLAG;
|
||||
}
|
||||
#endif
|
||||
@ -706,7 +706,7 @@ s_mpi_getProcessorLineSize()
|
||||
#endif
|
||||
|
||||
/* Pentium, cpuid command is available */
|
||||
cpuid(0, &eax, &ebx, &ecx, &edx);
|
||||
freebl_cpuid(0, &eax, &ebx, &ecx, &edx);
|
||||
cpuidLevel = eax;
|
||||
*(int *)string = ebx;
|
||||
*(int *)&string[4] = edx;
|
||||
|
@ -592,8 +592,9 @@ CacheMap:
|
||||
.byte 0
|
||||
.text
|
||||
.align 16
|
||||
.type cpuid, @function
|
||||
cpuid:
|
||||
.globl freebl_cpuid
|
||||
.type freebl_cpuid, @function
|
||||
freebl_cpuid:
|
||||
.LFB2:
|
||||
movq %rdx, %r10
|
||||
pushq %rbx
|
||||
@ -611,7 +612,7 @@ cpuid:
|
||||
movq %rdx, (%r8)
|
||||
ret
|
||||
.LFE2:
|
||||
.size cpuid, .-cpuid
|
||||
.size freebl_cpuid, .-freebl_cpuid
|
||||
.align 16
|
||||
.type getIntelCacheEntryLineSize, @function
|
||||
getIntelCacheEntryLineSize:
|
||||
@ -743,7 +744,7 @@ s_mpi_getProcessorLineSize:
|
||||
xorl %ebx, %ebx
|
||||
subq $200, %rsp
|
||||
.LCFI14:
|
||||
call cpuid
|
||||
call freebl_cpuid
|
||||
movq -152(%rbp), %rax
|
||||
movq -160(%rbp), %r15
|
||||
movb $0, -116(%rbp)
|
||||
@ -776,7 +777,7 @@ s_mpi_getProcessorLineSize:
|
||||
leaq -192(%rbp), %rsi
|
||||
movl $2, %edi
|
||||
xorl %ebx, %ebx
|
||||
call cpuid
|
||||
call freebl_cpuid
|
||||
movq -192(%rbp), %rdi
|
||||
movl %edi, %r12d
|
||||
andl $15, %r12d
|
||||
@ -805,7 +806,7 @@ s_mpi_getProcessorLineSize:
|
||||
leaq -184(%rbp), %rdx
|
||||
leaq -192(%rbp), %rsi
|
||||
movl $2, %edi
|
||||
call cpuid
|
||||
call freebl_cpuid
|
||||
.L24:
|
||||
cmpl %r12d, %ebx
|
||||
jge .L38
|
||||
@ -862,7 +863,7 @@ s_mpi_getProcessorLineSize:
|
||||
leaq -240(%rbp), %rsi
|
||||
movl $2147483648, %edi
|
||||
xorl %ebx, %ebx
|
||||
call cpuid
|
||||
call freebl_cpuid
|
||||
movl $2147483652, %eax
|
||||
cmpq %rax, -240(%rbp)
|
||||
ja .L43
|
||||
@ -886,7 +887,7 @@ s_mpi_getProcessorLineSize:
|
||||
leaq -232(%rbp), %rdx
|
||||
leaq -240(%rbp), %rsi
|
||||
movl $2147483653, %edi
|
||||
call cpuid
|
||||
call freebl_cpuid
|
||||
movzbq -224(%rbp), %rbx
|
||||
jmp .L32
|
||||
.LFE7:
|
||||
|
@ -592,8 +592,9 @@ CacheMap:
|
||||
.byte 0
|
||||
.text
|
||||
.align 4
|
||||
.type cpuid, @function
|
||||
cpuid:
|
||||
.globl freebl_cpuid
|
||||
.type freebl_cpuid, @function
|
||||
freebl_cpuid:
|
||||
pushl %ebp
|
||||
pushl %edi
|
||||
pushl %esi
|
||||
@ -618,7 +619,7 @@ cpuid:
|
||||
popl %edi
|
||||
popl %ebp
|
||||
ret
|
||||
.size cpuid, .-cpuid
|
||||
.size freebl_cpuid, .-freebl_cpuid
|
||||
.align 4
|
||||
.type changeFlag, @function
|
||||
changeFlag:
|
||||
@ -780,7 +781,7 @@ s_mpi_getProcessorLineSize:
|
||||
pushl %eax
|
||||
leal -120(%ebp), %edx
|
||||
xorl %eax, %eax
|
||||
call cpuid
|
||||
call freebl_cpuid
|
||||
movl -120(%ebp), %eax
|
||||
movl %eax, -164(%ebp)
|
||||
movl -116(%ebp), %eax
|
||||
@ -826,7 +827,7 @@ s_mpi_getProcessorLineSize:
|
||||
movl $2, %eax
|
||||
pushl %edx
|
||||
leal -136(%ebp), %edx
|
||||
call cpuid
|
||||
call freebl_cpuid
|
||||
movl -136(%ebp), %eax
|
||||
movl %eax, %edi
|
||||
andl $15, %edi
|
||||
@ -881,7 +882,7 @@ s_mpi_getProcessorLineSize:
|
||||
pushl -180(%ebp)
|
||||
leal -136(%ebp), %edx
|
||||
movl $2, %eax
|
||||
call cpuid
|
||||
call freebl_cpuid
|
||||
addl $12, %esp
|
||||
.L34:
|
||||
cmpl %edi, %esi
|
||||
@ -912,7 +913,7 @@ s_mpi_getProcessorLineSize:
|
||||
pushl %esi
|
||||
leal -160(%ebp), %edx
|
||||
movl $-2147483648, %eax
|
||||
call cpuid
|
||||
call freebl_cpuid
|
||||
addl $12, %esp
|
||||
cmpl $-2147483644, -160(%ebp)
|
||||
ja .L51
|
||||
@ -925,7 +926,7 @@ s_mpi_getProcessorLineSize:
|
||||
pushl %esi
|
||||
leal -160(%ebp), %edx
|
||||
movl $-2147483643, %eax
|
||||
call cpuid
|
||||
call freebl_cpuid
|
||||
movzbl -152(%ebp), %edx
|
||||
addl $12, %esp
|
||||
movl %edx, -172(%ebp)
|
||||
|
@ -39,7 +39,7 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: mpi.h,v 1.22 2004/04/27 23:04:36 gerv%gerv.net Exp $ */
|
||||
/* $Id: mpi.h,v 1.23 2008/12/04 18:16:34 rrelyea%redhat.com Exp $ */
|
||||
|
||||
#ifndef _H_MPI_
|
||||
#define _H_MPI_
|
||||
@ -305,6 +305,10 @@ mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size len);
|
||||
|
||||
/* Miscellaneous */
|
||||
mp_size mp_trailing_zeros(const mp_int *mp);
|
||||
void freebl_cpuid(unsigned long op, unsigned long *eax,
|
||||
unsigned long *ebx, unsigned long *ecx,
|
||||
unsigned long *edx);
|
||||
|
||||
|
||||
#define MP_CHECKOK(x) if (MP_OKAY > (res = (x))) goto CLEANUP
|
||||
#define MP_CHECKERR(x) if (MP_OKAY > (res = (x))) goto CLEANUP
|
||||
|
@ -329,10 +329,14 @@ mp_err mpp_pprime(mp_int *a, int nt)
|
||||
/* Do the test nt times... */
|
||||
for(iter = 0; iter < nt; iter++) {
|
||||
|
||||
/* Choose a random value for x < a */
|
||||
/* Choose a random value for 1 < x < a */
|
||||
s_mp_pad(&x, USED(a));
|
||||
mpp_random(&x);
|
||||
MP_CHECKOK( mp_mod(&x, a, &x) );
|
||||
if(mp_cmp_d(&x, 1) <= 0) {
|
||||
iter--; /* don't count this iteration */
|
||||
continue; /* choose a new x */
|
||||
}
|
||||
|
||||
/* Compute z = (x ** m) mod a */
|
||||
MP_CHECKOK( mp_exptmod(&x, &m, a, &z) );
|
||||
|
365
security/nss/lib/freebl/nsslowhash.c
Normal file
365
security/nss/lib/freebl/nsslowhash.c
Normal file
@ -0,0 +1,365 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Netscape security libraries.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Netscape Communications Corporation.
|
||||
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: nsslowhash.c,v 1.2 2008/11/27 15:20:44 wtc%google.com Exp $ */
|
||||
|
||||
#include "stubs.h"
|
||||
#include "prtypes.h"
|
||||
#include "secerr.h"
|
||||
#include "pkcs11t.h"
|
||||
#include "blapi.h"
|
||||
#include "sechash.h"
|
||||
#include "nsslowhash.h"
|
||||
|
||||
/* FIPS preprocessor directives for message digests */
|
||||
#define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */
|
||||
|
||||
/* Known Hash Message (512-bits). Used for all hashes (incl. SHA-N [N>1]). */
|
||||
static const PRUint8 known_hash_message[] = {
|
||||
"The test message for the MD2, MD5, and SHA-1 hashing algorithms." };
|
||||
|
||||
static CK_RV
|
||||
freebl_fips_MD2_PowerUpSelfTest( void )
|
||||
{
|
||||
/* MD2 Known Digest Message (128-bits). */
|
||||
static const PRUint8 md2_known_digest[] = {
|
||||
0x41,0x5a,0x12,0xb2,0x3f,0x28,0x97,0x17,
|
||||
0x0c,0x71,0x4e,0xcc,0x40,0xc8,0x1d,0x1b};
|
||||
|
||||
/* MD2 variables. */
|
||||
MD2Context * md2_context;
|
||||
unsigned int md2_bytes_hashed;
|
||||
PRUint8 md2_computed_digest[MD2_LENGTH];
|
||||
|
||||
|
||||
/***********************************************/
|
||||
/* MD2 Single-Round Known Answer Hashing Test. */
|
||||
/***********************************************/
|
||||
|
||||
md2_context = MD2_NewContext();
|
||||
|
||||
if( md2_context == NULL )
|
||||
return( CKR_HOST_MEMORY );
|
||||
|
||||
MD2_Begin( md2_context );
|
||||
|
||||
MD2_Update( md2_context, known_hash_message,
|
||||
FIPS_KNOWN_HASH_MESSAGE_LENGTH );
|
||||
|
||||
MD2_End( md2_context, md2_computed_digest, &md2_bytes_hashed, MD2_LENGTH );
|
||||
|
||||
MD2_DestroyContext( md2_context , PR_TRUE );
|
||||
|
||||
if( ( md2_bytes_hashed != MD2_LENGTH ) ||
|
||||
( PORT_Memcmp( md2_computed_digest, md2_known_digest,
|
||||
MD2_LENGTH ) != 0 ) )
|
||||
return( CKR_DEVICE_ERROR );
|
||||
|
||||
return( CKR_OK );
|
||||
}
|
||||
|
||||
|
||||
|
||||
static CK_RV
|
||||
freebl_fips_MD5_PowerUpSelfTest( void )
|
||||
{
|
||||
/* MD5 Known Digest Message (128-bits). */
|
||||
static const PRUint8 md5_known_digest[] = {
|
||||
0x25,0xc8,0xc0,0x10,0xc5,0x6e,0x68,0x28,
|
||||
0x28,0xa4,0xa5,0xd2,0x98,0x9a,0xea,0x2d};
|
||||
|
||||
/* MD5 variables. */
|
||||
PRUint8 md5_computed_digest[MD5_LENGTH];
|
||||
SECStatus md5_status;
|
||||
|
||||
|
||||
/***********************************************/
|
||||
/* MD5 Single-Round Known Answer Hashing Test. */
|
||||
/***********************************************/
|
||||
|
||||
md5_status = MD5_HashBuf( md5_computed_digest, known_hash_message,
|
||||
FIPS_KNOWN_HASH_MESSAGE_LENGTH );
|
||||
|
||||
if( ( md5_status != SECSuccess ) ||
|
||||
( PORT_Memcmp( md5_computed_digest, md5_known_digest,
|
||||
MD5_LENGTH ) != 0 ) )
|
||||
return( CKR_DEVICE_ERROR );
|
||||
|
||||
return( CKR_OK );
|
||||
}
|
||||
|
||||
static CK_RV
|
||||
freebl_fips_SHA_PowerUpSelfTest( void )
|
||||
{
|
||||
/* SHA-1 Known Digest Message (160-bits). */
|
||||
static const PRUint8 sha1_known_digest[] = {
|
||||
0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b,
|
||||
0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
|
||||
0xe0,0x68,0x47,0x7a};
|
||||
|
||||
/* SHA-256 Known Digest Message (256-bits). */
|
||||
static const PRUint8 sha256_known_digest[] = {
|
||||
0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61,
|
||||
0x11,0xd4,0x0b,0xdc,0xce,0x35,0x14,0x8d,
|
||||
0xf2,0xdd,0xaf,0xaf,0xcf,0xb7,0x87,0xe9,
|
||||
0x96,0xa5,0xd2,0x83,0x62,0x46,0x56,0x79};
|
||||
|
||||
/* SHA-384 Known Digest Message (384-bits). */
|
||||
static const PRUint8 sha384_known_digest[] = {
|
||||
0x11,0xfe,0x1c,0x00,0x89,0x48,0xde,0xb3,
|
||||
0x99,0xee,0x1c,0x18,0xb4,0x10,0xfb,0xfe,
|
||||
0xe3,0xa8,0x2c,0xf3,0x04,0xb0,0x2f,0xc8,
|
||||
0xa3,0xc4,0x5e,0xea,0x7e,0x60,0x48,0x7b,
|
||||
0xce,0x2c,0x62,0xf7,0xbc,0xa7,0xe8,0xa3,
|
||||
0xcf,0x24,0xce,0x9c,0xe2,0x8b,0x09,0x72};
|
||||
|
||||
/* SHA-512 Known Digest Message (512-bits). */
|
||||
static const PRUint8 sha512_known_digest[] = {
|
||||
0xc8,0xb3,0x27,0xf9,0x0b,0x24,0xc8,0xbf,
|
||||
0x4c,0xba,0x33,0x54,0xf2,0x31,0xbf,0xdb,
|
||||
0xab,0xfd,0xb3,0x15,0xd7,0xfa,0x48,0x99,
|
||||
0x07,0x60,0x0f,0x57,0x41,0x1a,0xdd,0x28,
|
||||
0x12,0x55,0x25,0xac,0xba,0x3a,0x99,0x12,
|
||||
0x2c,0x7a,0x8f,0x75,0x3a,0xe1,0x06,0x6f,
|
||||
0x30,0x31,0xc9,0x33,0xc6,0x1b,0x90,0x1a,
|
||||
0x6c,0x98,0x9a,0x87,0xd0,0xb2,0xf8,0x07};
|
||||
|
||||
/* SHA-X variables. */
|
||||
PRUint8 sha_computed_digest[HASH_LENGTH_MAX];
|
||||
SECStatus sha_status;
|
||||
|
||||
/*************************************************/
|
||||
/* SHA-1 Single-Round Known Answer Hashing Test. */
|
||||
/*************************************************/
|
||||
|
||||
sha_status = SHA1_HashBuf( sha_computed_digest, known_hash_message,
|
||||
FIPS_KNOWN_HASH_MESSAGE_LENGTH );
|
||||
|
||||
if( ( sha_status != SECSuccess ) ||
|
||||
( PORT_Memcmp( sha_computed_digest, sha1_known_digest,
|
||||
SHA1_LENGTH ) != 0 ) )
|
||||
return( CKR_DEVICE_ERROR );
|
||||
|
||||
/***************************************************/
|
||||
/* SHA-256 Single-Round Known Answer Hashing Test. */
|
||||
/***************************************************/
|
||||
|
||||
sha_status = SHA256_HashBuf( sha_computed_digest, known_hash_message,
|
||||
FIPS_KNOWN_HASH_MESSAGE_LENGTH );
|
||||
|
||||
if( ( sha_status != SECSuccess ) ||
|
||||
( PORT_Memcmp( sha_computed_digest, sha256_known_digest,
|
||||
SHA256_LENGTH ) != 0 ) )
|
||||
return( CKR_DEVICE_ERROR );
|
||||
|
||||
/***************************************************/
|
||||
/* SHA-384 Single-Round Known Answer Hashing Test. */
|
||||
/***************************************************/
|
||||
|
||||
sha_status = SHA384_HashBuf( sha_computed_digest, known_hash_message,
|
||||
FIPS_KNOWN_HASH_MESSAGE_LENGTH );
|
||||
|
||||
if( ( sha_status != SECSuccess ) ||
|
||||
( PORT_Memcmp( sha_computed_digest, sha384_known_digest,
|
||||
SHA384_LENGTH ) != 0 ) )
|
||||
return( CKR_DEVICE_ERROR );
|
||||
|
||||
/***************************************************/
|
||||
/* SHA-512 Single-Round Known Answer Hashing Test. */
|
||||
/***************************************************/
|
||||
|
||||
sha_status = SHA512_HashBuf( sha_computed_digest, known_hash_message,
|
||||
FIPS_KNOWN_HASH_MESSAGE_LENGTH );
|
||||
|
||||
if( ( sha_status != SECSuccess ) ||
|
||||
( PORT_Memcmp( sha_computed_digest, sha512_known_digest,
|
||||
SHA512_LENGTH ) != 0 ) )
|
||||
return( CKR_DEVICE_ERROR );
|
||||
|
||||
return( CKR_OK );
|
||||
}
|
||||
|
||||
|
||||
static CK_RV
|
||||
freebl_fipsSoftwareIntegrityTest(void)
|
||||
{
|
||||
CK_RV crv = CKR_OK;
|
||||
|
||||
/* make sure that our check file signatures are OK */
|
||||
if (!BLAPI_VerifySelf(SHLIB_PREFIX"freebl"SHLIB_VERSION"."SHLIB_SUFFIX)) {
|
||||
crv = CKR_DEVICE_ERROR; /* better error code? checksum error? */
|
||||
}
|
||||
return crv;
|
||||
}
|
||||
|
||||
CK_RV
|
||||
freebl_fipsPowerUpSelfTest( void )
|
||||
{
|
||||
CK_RV rv;
|
||||
|
||||
/* MD2 Power-Up SelfTest(s). */
|
||||
rv = freebl_fips_MD2_PowerUpSelfTest();
|
||||
|
||||
if( rv != CKR_OK )
|
||||
return rv;
|
||||
|
||||
/* MD5 Power-Up SelfTest(s). */
|
||||
rv = freebl_fips_MD5_PowerUpSelfTest();
|
||||
|
||||
if( rv != CKR_OK )
|
||||
return rv;
|
||||
|
||||
/* SHA-X Power-Up SelfTest(s). */
|
||||
rv = freebl_fips_SHA_PowerUpSelfTest();
|
||||
|
||||
if( rv != CKR_OK )
|
||||
return rv;
|
||||
|
||||
/* Software/Firmware Integrity Test. */
|
||||
rv = freebl_fipsSoftwareIntegrityTest();
|
||||
|
||||
if( rv != CKR_OK )
|
||||
return rv;
|
||||
|
||||
/* Passed Power-Up SelfTest(s). */
|
||||
return( CKR_OK );
|
||||
}
|
||||
|
||||
struct NSSLOWInitContextStr {
|
||||
int count;
|
||||
};
|
||||
|
||||
struct NSSLOWHASHContextStr {
|
||||
const SECHashObject *hashObj;
|
||||
void *hashCtxt;
|
||||
|
||||
};
|
||||
|
||||
static int post = 0;
|
||||
|
||||
static NSSLOWInitContext dummyContext = { 0 };
|
||||
|
||||
NSSLOWInitContext *
|
||||
NSSLOW_Init(void)
|
||||
{
|
||||
SECStatus rv;
|
||||
CK_RV crv;
|
||||
PRBool nsprAvailable = PR_FALSE;
|
||||
|
||||
|
||||
rv = FREEBL_InitStubs();
|
||||
nsprAvailable = (rv == SECSuccess ) ? PR_TRUE : PR_FALSE;
|
||||
|
||||
|
||||
if (!post) {
|
||||
crv = freebl_fipsPowerUpSelfTest();
|
||||
if (crv != CKR_OK) {
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
post = 1;
|
||||
|
||||
|
||||
return &dummyContext;
|
||||
}
|
||||
|
||||
void
|
||||
NSSLOW_Shutdown(NSSLOWInitContext *context)
|
||||
{
|
||||
PORT_Assert(context == &dummyContext);
|
||||
return;
|
||||
}
|
||||
|
||||
NSSLOWHASHContext *
|
||||
NSSLOWHASH_NewContext(NSSLOWInitContext *initContext,
|
||||
HASH_HashType hashType)
|
||||
{
|
||||
NSSLOWHASHContext *context;
|
||||
|
||||
if (initContext != &dummyContext) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
context = PORT_ZNew(NSSLOWHASHContext);
|
||||
if (!context) {
|
||||
return NULL;
|
||||
}
|
||||
context->hashObj = HASH_GetRawHashObject(hashType);
|
||||
if (!context->hashObj) {
|
||||
PORT_Free(context);
|
||||
return NULL;
|
||||
}
|
||||
context->hashCtxt = context->hashObj->create();
|
||||
if (!context->hashCtxt) {
|
||||
PORT_Free(context);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return context;
|
||||
}
|
||||
|
||||
void
|
||||
NSSLOWHASH_Begin(NSSLOWHASHContext *context)
|
||||
{
|
||||
return context->hashObj->begin(context->hashCtxt);
|
||||
}
|
||||
|
||||
void
|
||||
NSSLOWHASH_Update(NSSLOWHASHContext *context, const unsigned char *buf,
|
||||
unsigned int len)
|
||||
{
|
||||
return context->hashObj->update(context->hashCtxt, buf, len);
|
||||
}
|
||||
|
||||
void
|
||||
NSSLOWHASH_End(NSSLOWHASHContext *context, unsigned char *buf,
|
||||
unsigned int *ret, unsigned int len)
|
||||
{
|
||||
return context->hashObj->end(context->hashCtxt, buf, ret, len);
|
||||
}
|
||||
|
||||
void
|
||||
NSSLOWHASH_Destroy(NSSLOWHASHContext *context)
|
||||
{
|
||||
context->hashObj->destroy(context->hashCtxt, PR_TRUE);
|
||||
PORT_Free(context);
|
||||
}
|
||||
|
||||
unsigned int
|
||||
NSSLOWHASH_Length(NSSLOWHASHContext *context)
|
||||
{
|
||||
return context->hashObj->length;
|
||||
}
|
56
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ekuchecker.h → security/nss/lib/freebl/nsslowhash.h
Executable file → Normal file
56
security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ekuchecker.h → security/nss/lib/freebl/nsslowhash.h
Executable file → Normal file
@ -11,15 +11,14 @@
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the PKIX-C library.
|
||||
* The Original Code is Red Hat, Inc.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Sun Microsystems, Inc.
|
||||
* Portions created by the Initial Developer are
|
||||
* Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* Red Hat, Inc.
|
||||
* Portions created by the Initial Developer are Copyright (C) 2008
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Sun Microsystems, Inc.
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
@ -34,34 +33,27 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
/*
|
||||
* pkix_pl_ekuchecker.h
|
||||
*
|
||||
* User Defined Object Type Extended Key Usage Definition
|
||||
*
|
||||
* Provide FIPS validated hashing for applications that only need hashing.
|
||||
* NOTE: mac'ing requires keys and will not work in this interface.
|
||||
* Also NOTE: this only works with Hashing. Only the FIPS interface is enabled.
|
||||
*/
|
||||
|
||||
#ifndef _PKIX_PL_EKUCHECKER_H
|
||||
#define _PKIX_PL_EKUCHECKER_H
|
||||
typedef struct NSSLOWInitContextStr NSSLOWInitContext;
|
||||
typedef struct NSSLOWHASHContextStr NSSLOWHASHContext;
|
||||
|
||||
#include "pkix_pl_common.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef struct pkix_pl_EkuChecker pkix_pl_EkuChecker;
|
||||
|
||||
struct pkix_pl_EkuChecker {
|
||||
PKIX_UInt32 requiredExtKeyUsage;
|
||||
PKIX_PL_OID *ekuOID;
|
||||
};
|
||||
|
||||
/* see source file for function documentation */
|
||||
PKIX_Error *pkix_pl_EkuChecker_RegisterSelf(void *plContext);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* _PKIX_PL_EKUCHECKER_H */
|
||||
NSSLOWInitContext *NSSLOW_Init(void);
|
||||
void NSSLOW_Shutdown(NSSLOWInitContext *context);
|
||||
NSSLOWHASHContext *NSSLOWHASH_NewContext(
|
||||
NSSLOWInitContext *initContext,
|
||||
HASH_HashType hashType);
|
||||
void NSSLOWHASH_Begin(NSSLOWHASHContext *context);
|
||||
void NSSLOWHASH_Update(NSSLOWHASHContext *context,
|
||||
const unsigned char *buf,
|
||||
unsigned int len);
|
||||
void NSSLOWHASH_End(NSSLOWHASHContext *context,
|
||||
unsigned char *buf,
|
||||
unsigned int *ret, unsigned int len);
|
||||
void NSSLOWHASH_Destroy(NSSLOWHASHContext *context);
|
||||
unsigned int NSSLOWHASH_Length(NSSLOWHASHContext *context);
|
@ -37,8 +37,11 @@
|
||||
/*
|
||||
* PQG parameter generation/verification. Based on FIPS 186-1.
|
||||
*
|
||||
* $Id: pqg.c,v 1.15 2007/11/09 18:49:32 wtc%google.com Exp $
|
||||
* $Id: pqg.c,v 1.16 2008/11/18 19:48:23 rrelyea%redhat.com Exp $
|
||||
*/
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
#include "prerr.h"
|
||||
#include "secerr.h"
|
||||
|
@ -35,7 +35,11 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: prng_fips1861.c,v 1.27 2006/10/13 16:54:04 wtchang%redhat.com Exp $ */
|
||||
/* $Id: prng_fips1861.c,v 1.28 2008/11/18 19:48:23 rrelyea%redhat.com Exp $ */
|
||||
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
#include "prerr.h"
|
||||
#include "secerr.h"
|
||||
|
@ -34,6 +34,10 @@
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
#include "nspr.h"
|
||||
#include "sechash.h"
|
||||
#include "blapi.h" /* below the line */
|
||||
|
@ -33,7 +33,11 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: rijndael.c,v 1.20 2005/08/09 03:09:38 nelsonb%netscape.com Exp $ */
|
||||
/* $Id: rijndael.c,v 1.24 2008/12/04 18:16:31 rrelyea%redhat.com Exp $ */
|
||||
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
#include "prinit.h"
|
||||
#include "prerr.h"
|
||||
@ -43,6 +47,11 @@
|
||||
#include "blapi.h"
|
||||
#include "rijndael.h"
|
||||
|
||||
#if USE_HW_AES
|
||||
#include "intel-aes.h"
|
||||
#include "mpi.h"
|
||||
#endif
|
||||
|
||||
/*
|
||||
* There are currently five ways to build this code, varying in performance
|
||||
* and code size.
|
||||
@ -845,6 +854,8 @@ rijndael_encryptECB(AESContext *cx, unsigned char *output,
|
||||
{
|
||||
SECStatus rv;
|
||||
AESBlockFunc *encryptor;
|
||||
|
||||
|
||||
encryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE)
|
||||
? &rijndael_encryptBlock128
|
||||
: &rijndael_encryptBlock;
|
||||
@ -903,6 +914,7 @@ rijndael_decryptECB(AESContext *cx, unsigned char *output,
|
||||
{
|
||||
SECStatus rv;
|
||||
AESBlockFunc *decryptor;
|
||||
|
||||
decryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE)
|
||||
? &rijndael_decryptBlock128
|
||||
: &rijndael_decryptBlock;
|
||||
@ -930,6 +942,7 @@ rijndael_decryptCBC(AESContext *cx, unsigned char *output,
|
||||
unsigned int j;
|
||||
unsigned char newIV[RIJNDAEL_MAX_BLOCKSIZE];
|
||||
|
||||
|
||||
if (!inputLen)
|
||||
return SECSuccess;
|
||||
PORT_Assert(output - input >= 0 || input - output >= (int)inputLen );
|
||||
@ -974,11 +987,16 @@ AESContext * AES_AllocateContext(void)
|
||||
return PORT_ZNew(AESContext);
|
||||
}
|
||||
|
||||
|
||||
SECStatus
|
||||
AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
|
||||
const unsigned char *iv, int mode, unsigned int encrypt,
|
||||
unsigned int blocksize)
|
||||
{
|
||||
#if USE_HW_AES
|
||||
static int has_intel_aes;
|
||||
PRBool use_hw_aes = PR_FALSE;
|
||||
#endif
|
||||
unsigned int Nk;
|
||||
/* According to Rijndael AES Proposal, section 12.1, block and key
|
||||
* lengths between 128 and 256 bits are supported, as long as the
|
||||
@ -1006,6 +1024,16 @@ AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
#if USE_HW_AES
|
||||
if (has_intel_aes == 0) {
|
||||
unsigned long eax, ebx, ecx, edx;
|
||||
|
||||
freebl_cpuid(1, &eax, &ebx, &ecx, &edx);
|
||||
has_intel_aes = (ecx & (1 << 25)) != 0 ? 1 : -1;
|
||||
}
|
||||
use_hw_aes = (PRBool)
|
||||
(has_intel_aes > 0 && (keysize % 8) == 0 && blocksize == 16);
|
||||
#endif
|
||||
/* Nb = (block size in bits) / 32 */
|
||||
cx->Nb = blocksize / 4;
|
||||
/* Nk = (key size in bits) / 32 */
|
||||
@ -1015,22 +1043,51 @@ AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
|
||||
/* copy in the iv, if neccessary */
|
||||
if (mode == NSS_AES_CBC) {
|
||||
memcpy(cx->iv, iv, blocksize);
|
||||
cx->worker = (encrypt) ? &rijndael_encryptCBC : &rijndael_decryptCBC;
|
||||
#if USE_HW_AES
|
||||
if (use_hw_aes) {
|
||||
cx->worker = intel_aes_cbc_worker(encrypt, keysize);
|
||||
} else
|
||||
#endif
|
||||
cx->worker = (encrypt
|
||||
? &rijndael_encryptCBC : &rijndael_decryptCBC);
|
||||
} else {
|
||||
cx->worker = (encrypt) ? &rijndael_encryptECB : &rijndael_decryptECB;
|
||||
#if USE_HW_AES
|
||||
if (use_hw_aes) {
|
||||
cx->worker = intel_aes_ecb_worker(encrypt, keysize);
|
||||
} else
|
||||
#endif
|
||||
cx->worker = (encrypt
|
||||
? &rijndael_encryptECB : &rijndael_decryptECB);
|
||||
}
|
||||
PORT_Assert((cx->Nb * (cx->Nr + 1)) <= RIJNDAEL_MAX_EXP_KEY_SIZE);
|
||||
if ((cx->Nb * (cx->Nr + 1)) > RIJNDAEL_MAX_EXP_KEY_SIZE) {
|
||||
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
||||
goto cleanup;
|
||||
}
|
||||
/* Generate expanded key */
|
||||
if (encrypt) {
|
||||
if (rijndael_key_expansion(cx, key, Nk) != SECSuccess)
|
||||
goto cleanup;
|
||||
} else {
|
||||
if (rijndael_invkey_expansion(cx, key, Nk) != SECSuccess)
|
||||
goto cleanup;
|
||||
#ifdef USE_HW_AES
|
||||
if (use_hw_aes) {
|
||||
intel_aes_init(encrypt, keysize);
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
|
||||
#if defined(RIJNDAEL_GENERATE_TABLES) || \
|
||||
defined(RIJNDAEL_GENERATE_TABLES_MACRO)
|
||||
if (rijndaelTables == NULL) {
|
||||
if (PR_CallOnce(&coRTInit, init_rijndael_tables)
|
||||
!= PR_SUCCESS) {
|
||||
return SecFailure;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
/* Generate expanded key */
|
||||
if (encrypt) {
|
||||
if (rijndael_key_expansion(cx, key, Nk) != SECSuccess)
|
||||
goto cleanup;
|
||||
} else {
|
||||
if (rijndael_invkey_expansion(cx, key, Nk) != SECSuccess)
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
return SECSuccess;
|
||||
cleanup:
|
||||
@ -1100,15 +1157,6 @@ AES_Encrypt(AESContext *cx, unsigned char *output,
|
||||
return SECFailure;
|
||||
}
|
||||
*outputLen = inputLen;
|
||||
#if defined(RIJNDAEL_GENERATE_TABLES) || \
|
||||
defined(RIJNDAEL_GENERATE_TABLES_MACRO)
|
||||
if (rijndaelTables == NULL) {
|
||||
if (PR_CallOnce(&coRTInit, init_rijndael_tables)
|
||||
!= PR_SUCCESS) {
|
||||
return PR_FAILURE;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
return (*cx->worker)(cx, output, outputLen, maxOutputLen,
|
||||
input, inputLen, blocksize);
|
||||
}
|
||||
@ -1140,16 +1188,6 @@ AES_Decrypt(AESContext *cx, unsigned char *output,
|
||||
return SECFailure;
|
||||
}
|
||||
*outputLen = inputLen;
|
||||
#if defined(RIJNDAEL_GENERATE_TABLES) || \
|
||||
defined(RIJNDAEL_GENERATE_TABLES_MACRO)
|
||||
if (rijndaelTables == NULL) {
|
||||
if (PR_CallOnce(&coRTInit, init_rijndael_tables)
|
||||
!= PR_SUCCESS) {
|
||||
return PR_FAILURE;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
return (*cx->worker)(cx, output, outputLen, maxOutputLen,
|
||||
input, inputLen, blocksize);
|
||||
}
|
||||
|
||||
|
@ -37,8 +37,11 @@
|
||||
/*
|
||||
* RSA key generation, public key op, private key op.
|
||||
*
|
||||
* $Id: rsa.c,v 1.37 2006/05/22 22:10:40 wtchang%redhat.com Exp $
|
||||
* $Id: rsa.c,v 1.38 2008/11/18 19:48:24 rrelyea%redhat.com Exp $
|
||||
*/
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
#include "secerr.h"
|
||||
|
||||
|
@ -35,7 +35,7 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: sechash.h,v 1.8 2008/02/22 21:14:20 nelson%bolyard.com Exp $ */
|
||||
/* $Id: sechash.h,v 1.8 2008/12/10 22:48:04 nelson%bolyard.com Exp $ */
|
||||
|
||||
#include "seccomon.h"
|
||||
#include "hasht.h"
|
676
security/nss/lib/freebl/seed.c
Normal file
676
security/nss/lib/freebl/seed.c
Normal file
@ -0,0 +1,676 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the SEED code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* KISA(Korea Information Security Agency).
|
||||
*
|
||||
* Portions created by the Initial Developer are Copyright (C) 2008
|
||||
* the Initial Developer.
|
||||
* Contributor(s):
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <stddef.h>
|
||||
#ifdef WIN32
|
||||
#include <memory.h>
|
||||
#endif
|
||||
|
||||
#include "seed.h"
|
||||
#include "secerr.h"
|
||||
|
||||
static const seed_word SS[4][256] = {
|
||||
{
|
||||
0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0,
|
||||
0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
|
||||
0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c,
|
||||
0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
|
||||
0x28082028, 0x04444044, 0x20002020, 0x1d8d919c,
|
||||
0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
|
||||
0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378,
|
||||
0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,
|
||||
0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8,
|
||||
0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,
|
||||
0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354,
|
||||
0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
|
||||
0x24042024, 0x1c0c101c, 0x33437370, 0x18889098,
|
||||
0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,
|
||||
0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380,
|
||||
0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,
|
||||
0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8,
|
||||
0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
|
||||
0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078,
|
||||
0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,
|
||||
0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140,
|
||||
0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,
|
||||
0x1f0f131c, 0x19899198, 0x00000000, 0x19091118,
|
||||
0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
|
||||
0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324,
|
||||
0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,
|
||||
0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c,
|
||||
0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,
|
||||
0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4,
|
||||
0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
|
||||
0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218,
|
||||
0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,
|
||||
0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288,
|
||||
0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,
|
||||
0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4,
|
||||
0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
|
||||
0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac,
|
||||
0x36063234, 0x15051114, 0x22022220, 0x38083038,
|
||||
0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c,
|
||||
0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,
|
||||
0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c,
|
||||
0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
|
||||
0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8,
|
||||
0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,
|
||||
0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364,
|
||||
0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,
|
||||
0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320,
|
||||
0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
|
||||
0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0,
|
||||
0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,
|
||||
0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0,
|
||||
0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,
|
||||
0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c,
|
||||
0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
|
||||
0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244,
|
||||
0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,
|
||||
0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c,
|
||||
0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,
|
||||
0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c,
|
||||
0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
|
||||
0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4,
|
||||
0x22426260, 0x29092128, 0x07070304, 0x33033330,
|
||||
0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178,
|
||||
0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298
|
||||
},
|
||||
{
|
||||
0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2,
|
||||
0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,
|
||||
0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3,
|
||||
0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,
|
||||
0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1,
|
||||
0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
|
||||
0xd013c3d3, 0x90118191, 0x10110111, 0x04060602,
|
||||
0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,
|
||||
0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0,
|
||||
0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,
|
||||
0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2,
|
||||
0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
|
||||
0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32,
|
||||
0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,
|
||||
0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72,
|
||||
0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,
|
||||
0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0,
|
||||
0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
|
||||
0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13,
|
||||
0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,
|
||||
0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1,
|
||||
0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,
|
||||
0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1,
|
||||
0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
|
||||
0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131,
|
||||
0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,
|
||||
0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202,
|
||||
0x20220222, 0x04040400, 0x68284860, 0x70314171,
|
||||
0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991,
|
||||
0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
|
||||
0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0,
|
||||
0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,
|
||||
0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12,
|
||||
0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,
|
||||
0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2,
|
||||
0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
|
||||
0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32,
|
||||
0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,
|
||||
0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292,
|
||||
0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,
|
||||
0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571,
|
||||
0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
|
||||
0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470,
|
||||
0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,
|
||||
0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040,
|
||||
0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,
|
||||
0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22,
|
||||
0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
|
||||
0x84058581, 0x14140410, 0x88098981, 0x981b8b93,
|
||||
0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,
|
||||
0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282,
|
||||
0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,
|
||||
0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11,
|
||||
0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
|
||||
0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3,
|
||||
0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,
|
||||
0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30,
|
||||
0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,
|
||||
0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622,
|
||||
0x30320232, 0x84048480, 0x68294961, 0x90138393,
|
||||
0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0,
|
||||
0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,
|
||||
0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83,
|
||||
0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3
|
||||
},
|
||||
{
|
||||
0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3,
|
||||
0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,
|
||||
0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e,
|
||||
0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,
|
||||
0x20282808, 0x40440444, 0x20202000, 0x919c1d8d,
|
||||
0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
|
||||
0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b,
|
||||
0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,
|
||||
0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888,
|
||||
0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,
|
||||
0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747,
|
||||
0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
|
||||
0x20242404, 0x101c1c0c, 0x73703343, 0x90981888,
|
||||
0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,
|
||||
0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383,
|
||||
0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,
|
||||
0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb,
|
||||
0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
|
||||
0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848,
|
||||
0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,
|
||||
0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141,
|
||||
0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,
|
||||
0x131c1f0f, 0x91981989, 0x00000000, 0x11181909,
|
||||
0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
|
||||
0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707,
|
||||
0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,
|
||||
0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d,
|
||||
0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,
|
||||
0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5,
|
||||
0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
|
||||
0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a,
|
||||
0x02040606, 0x21202101, 0x63682b4b, 0x62642646,
|
||||
0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a,
|
||||
0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,
|
||||
0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5,
|
||||
0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
|
||||
0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e,
|
||||
0x32343606, 0x11141505, 0x22202202, 0x30383808,
|
||||
0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c,
|
||||
0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,
|
||||
0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c,
|
||||
0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
|
||||
0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8,
|
||||
0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,
|
||||
0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747,
|
||||
0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,
|
||||
0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303,
|
||||
0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
|
||||
0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2,
|
||||
0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,
|
||||
0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1,
|
||||
0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,
|
||||
0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f,
|
||||
0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
|
||||
0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646,
|
||||
0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,
|
||||
0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f,
|
||||
0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,
|
||||
0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f,
|
||||
0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
|
||||
0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4,
|
||||
0x62602242, 0x21282909, 0x03040707, 0x33303303,
|
||||
0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949,
|
||||
0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a
|
||||
},
|
||||
{
|
||||
0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426,
|
||||
0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
|
||||
0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407,
|
||||
0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
|
||||
0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435,
|
||||
0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
|
||||
0xc3d3d013, 0x81919011, 0x01111011, 0x06020406,
|
||||
0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
|
||||
0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828,
|
||||
0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
|
||||
0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416,
|
||||
0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
|
||||
0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e,
|
||||
0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
|
||||
0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a,
|
||||
0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
|
||||
0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000,
|
||||
0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
|
||||
0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f,
|
||||
0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
|
||||
0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829,
|
||||
0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
|
||||
0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405,
|
||||
0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
|
||||
0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031,
|
||||
0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
|
||||
0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002,
|
||||
0x02222022, 0x04000404, 0x48606828, 0x41717031,
|
||||
0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819,
|
||||
0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
|
||||
0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c,
|
||||
0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
|
||||
0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a,
|
||||
0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
|
||||
0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022,
|
||||
0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
|
||||
0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a,
|
||||
0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
|
||||
0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012,
|
||||
0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
|
||||
0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435,
|
||||
0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
|
||||
0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434,
|
||||
0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
|
||||
0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000,
|
||||
0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
|
||||
0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a,
|
||||
0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
|
||||
0x85818405, 0x04101414, 0x89818809, 0x8b93981b,
|
||||
0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
|
||||
0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002,
|
||||
0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
|
||||
0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d,
|
||||
0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
|
||||
0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b,
|
||||
0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
|
||||
0x00303030, 0x85919415, 0x45616425, 0x0c303c3c,
|
||||
0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
|
||||
0x0e020c0e, 0x40505010, 0x09313839, 0x06222426,
|
||||
0x02323032, 0x84808404, 0x49616829, 0x83939013,
|
||||
0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424,
|
||||
0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
|
||||
0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f,
|
||||
0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437
|
||||
}
|
||||
};
|
||||
|
||||
/* key schedule constants - golden ratio */
|
||||
#define KC0 0x9e3779b9
|
||||
#define KC1 0x3c6ef373
|
||||
#define KC2 0x78dde6e6
|
||||
#define KC3 0xf1bbcdcc
|
||||
#define KC4 0xe3779b99
|
||||
#define KC5 0xc6ef3733
|
||||
#define KC6 0x8dde6e67
|
||||
#define KC7 0x1bbcdccf
|
||||
#define KC8 0x3779b99e
|
||||
#define KC9 0x6ef3733c
|
||||
#define KC10 0xdde6e678
|
||||
#define KC11 0xbbcdccf1
|
||||
#define KC12 0x779b99e3
|
||||
#define KC13 0xef3733c6
|
||||
#define KC14 0xde6e678d
|
||||
#define KC15 0xbcdccf1b
|
||||
|
||||
|
||||
void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
|
||||
SEED_KEY_SCHEDULE *ks)
|
||||
{
|
||||
seed_word K0, K1, K2, K3;
|
||||
seed_word t0, t1;
|
||||
|
||||
char2word(rawkey , K0);
|
||||
char2word(rawkey+4 , K1);
|
||||
char2word(rawkey+8 , K2);
|
||||
char2word(rawkey+12, K3);
|
||||
|
||||
t0 = (K0 + K2 - KC0);
|
||||
t1 = (K1 - K3 + KC0);
|
||||
KEYUPDATE_TEMP(t0, t1, &ks->data[0]);
|
||||
KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC1);
|
||||
KEYUPDATE_TEMP(t0, t1, &ks->data[2]);
|
||||
KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC2);
|
||||
KEYUPDATE_TEMP(t0, t1, &ks->data[4]);
|
||||
KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC3);
|
||||
KEYUPDATE_TEMP(t0, t1, &ks->data[6]);
|
||||
KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC4);
|
||||
KEYUPDATE_TEMP(t0, t1, &ks->data[8]);
|
||||
KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC5);
|
||||
KEYUPDATE_TEMP(t0, t1, &ks->data[10]);
|
||||
KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC6);
|
||||
KEYUPDATE_TEMP(t0, t1, &ks->data[12]);
|
||||
KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC7);
|
||||
KEYUPDATE_TEMP(t0, t1, &ks->data[14]);
|
||||
KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC8);
|
||||
KEYUPDATE_TEMP(t0, t1, &ks->data[16]);
|
||||
KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC9);
|
||||
KEYUPDATE_TEMP(t0, t1, &ks->data[18]);
|
||||
KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC10);
|
||||
KEYUPDATE_TEMP(t0, t1, &ks->data[20]);
|
||||
KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC11);
|
||||
KEYUPDATE_TEMP(t0, t1, &ks->data[22]);
|
||||
KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC12);
|
||||
KEYUPDATE_TEMP(t0, t1, &ks->data[24]);
|
||||
KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC13);
|
||||
KEYUPDATE_TEMP(t0, t1, &ks->data[26]);
|
||||
KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC14);
|
||||
KEYUPDATE_TEMP(t0, t1, &ks->data[28]);
|
||||
KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC15);
|
||||
KEYUPDATE_TEMP(t0, t1, &ks->data[30]);
|
||||
}
|
||||
|
||||
void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
|
||||
unsigned char d[SEED_BLOCK_SIZE],
|
||||
const SEED_KEY_SCHEDULE *ks)
|
||||
{
|
||||
seed_word L0, L1, R0, R1;
|
||||
seed_word t0, t1;
|
||||
|
||||
char2word(s, L0);
|
||||
char2word(s+4, L1);
|
||||
char2word(s+8, R0);
|
||||
char2word(s+12, R1);
|
||||
|
||||
E_SEED(t0, t1, L0, L1, R0, R1, 0);
|
||||
E_SEED(t0, t1, R0, R1, L0, L1, 2);
|
||||
E_SEED(t0, t1, L0, L1, R0, R1, 4);
|
||||
E_SEED(t0, t1, R0, R1, L0, L1, 6);
|
||||
E_SEED(t0, t1, L0, L1, R0, R1, 8);
|
||||
E_SEED(t0, t1, R0, R1, L0, L1, 10);
|
||||
E_SEED(t0, t1, L0, L1, R0, R1, 12);
|
||||
E_SEED(t0, t1, R0, R1, L0, L1, 14);
|
||||
E_SEED(t0, t1, L0, L1, R0, R1, 16);
|
||||
E_SEED(t0, t1, R0, R1, L0, L1, 18);
|
||||
E_SEED(t0, t1, L0, L1, R0, R1, 20);
|
||||
E_SEED(t0, t1, R0, R1, L0, L1, 22);
|
||||
E_SEED(t0, t1, L0, L1, R0, R1, 24);
|
||||
E_SEED(t0, t1, R0, R1, L0, L1, 26);
|
||||
E_SEED(t0, t1, L0, L1, R0, R1, 28);
|
||||
E_SEED(t0, t1, R0, R1, L0, L1, 30);
|
||||
|
||||
word2char(R0, d);
|
||||
word2char(R1, d+4);
|
||||
word2char(L0, d+8);
|
||||
word2char(L1, d+12);
|
||||
}
|
||||
|
||||
void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
|
||||
unsigned char d[SEED_BLOCK_SIZE],
|
||||
const SEED_KEY_SCHEDULE *ks)
|
||||
{
|
||||
seed_word L0, L1, R0, R1;
|
||||
seed_word t0, t1;
|
||||
|
||||
char2word(s, L0);
|
||||
char2word(s+4, L1);
|
||||
char2word(s+8, R0);
|
||||
char2word(s+12, R1);
|
||||
|
||||
E_SEED(t0, t1, L0, L1, R0, R1, 30);
|
||||
E_SEED(t0, t1, R0, R1, L0, L1, 28);
|
||||
E_SEED(t0, t1, L0, L1, R0, R1, 26);
|
||||
E_SEED(t0, t1, R0, R1, L0, L1, 24);
|
||||
E_SEED(t0, t1, L0, L1, R0, R1, 22);
|
||||
E_SEED(t0, t1, R0, R1, L0, L1, 20);
|
||||
E_SEED(t0, t1, L0, L1, R0, R1, 18);
|
||||
E_SEED(t0, t1, R0, R1, L0, L1, 16);
|
||||
E_SEED(t0, t1, L0, L1, R0, R1, 14);
|
||||
E_SEED(t0, t1, R0, R1, L0, L1, 12);
|
||||
E_SEED(t0, t1, L0, L1, R0, R1, 10);
|
||||
E_SEED(t0, t1, R0, R1, L0, L1, 8);
|
||||
E_SEED(t0, t1, L0, L1, R0, R1, 6);
|
||||
E_SEED(t0, t1, R0, R1, L0, L1, 4);
|
||||
E_SEED(t0, t1, L0, L1, R0, R1, 2);
|
||||
E_SEED(t0, t1, R0, R1, L0, L1, 0);
|
||||
|
||||
word2char(R0, d);
|
||||
word2char(R1, d+4);
|
||||
word2char(L0, d+8);
|
||||
word2char(L1, d+12);
|
||||
}
|
||||
|
||||
void SEED_ecb_encrypt(const unsigned char *in,
|
||||
unsigned char *out,
|
||||
const SEED_KEY_SCHEDULE *ks, int enc)
|
||||
{
|
||||
if (enc) {
|
||||
SEED_encrypt(in, out, ks);
|
||||
} else {
|
||||
SEED_decrypt(in, out, ks);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
|
||||
size_t len, const SEED_KEY_SCHEDULE *ks,
|
||||
unsigned char ivec[SEED_BLOCK_SIZE], int enc)
|
||||
{
|
||||
size_t n;
|
||||
unsigned char tmp[SEED_BLOCK_SIZE];
|
||||
const unsigned char *iv = ivec;
|
||||
|
||||
if (enc) {
|
||||
while (len >= SEED_BLOCK_SIZE) {
|
||||
for (n = 0; n < SEED_BLOCK_SIZE; ++n)
|
||||
out[n] = in[n] ^ iv[n];
|
||||
|
||||
SEED_encrypt(out, out, ks);
|
||||
iv = out;
|
||||
len -= SEED_BLOCK_SIZE;
|
||||
in += SEED_BLOCK_SIZE;
|
||||
out += SEED_BLOCK_SIZE;
|
||||
}
|
||||
|
||||
if (len) {
|
||||
for (n = 0; n < len; ++n)
|
||||
out[n] = in[n] ^ iv[n];
|
||||
|
||||
for (n = len; n < SEED_BLOCK_SIZE; ++n)
|
||||
out[n] = iv[n];
|
||||
|
||||
SEED_encrypt(out, out, ks);
|
||||
iv = out;
|
||||
}
|
||||
|
||||
memcpy(ivec, iv, SEED_BLOCK_SIZE);
|
||||
} else if (in != out) {
|
||||
while (len >= SEED_BLOCK_SIZE) {
|
||||
SEED_decrypt(in, out, ks);
|
||||
|
||||
for (n = 0; n < SEED_BLOCK_SIZE; ++n)
|
||||
out[n] ^= iv[n];
|
||||
|
||||
iv = in;
|
||||
len -= SEED_BLOCK_SIZE;
|
||||
in += SEED_BLOCK_SIZE;
|
||||
out += SEED_BLOCK_SIZE;
|
||||
}
|
||||
|
||||
if (len) {
|
||||
SEED_decrypt(in, tmp, ks);
|
||||
|
||||
for (n = 0; n < len; ++n)
|
||||
out[n] = tmp[n] ^ iv[n];
|
||||
|
||||
iv = in;
|
||||
}
|
||||
|
||||
memcpy(ivec, iv, SEED_BLOCK_SIZE);
|
||||
} else {
|
||||
while (len >= SEED_BLOCK_SIZE) {
|
||||
memcpy(tmp, in, SEED_BLOCK_SIZE);
|
||||
SEED_decrypt(in, out, ks);
|
||||
|
||||
for (n = 0; n < SEED_BLOCK_SIZE; ++n)
|
||||
out[n] ^= ivec[n];
|
||||
|
||||
memcpy(ivec, tmp, SEED_BLOCK_SIZE);
|
||||
len -= SEED_BLOCK_SIZE;
|
||||
in += SEED_BLOCK_SIZE;
|
||||
out += SEED_BLOCK_SIZE;
|
||||
}
|
||||
|
||||
if (len) {
|
||||
memcpy(tmp, in, SEED_BLOCK_SIZE);
|
||||
SEED_decrypt(tmp, tmp, ks);
|
||||
|
||||
for (n = 0; n < len; ++n)
|
||||
out[n] = tmp[n] ^ ivec[n];
|
||||
|
||||
memcpy(ivec, tmp, SEED_BLOCK_SIZE);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
SEEDContext *
|
||||
SEED_AllocateContext(void)
|
||||
{
|
||||
return PORT_ZNew(SEEDContext);
|
||||
}
|
||||
|
||||
SECStatus
|
||||
SEED_InitContext(SEEDContext *cx, const unsigned char *key,
|
||||
unsigned int keylen, const unsigned char *iv,
|
||||
int mode, unsigned int encrypt,unsigned int unused)
|
||||
{
|
||||
if (!cx) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
switch (mode) {
|
||||
case NSS_SEED:
|
||||
SEED_set_key(key, &cx->ks);
|
||||
cx->mode = NSS_SEED;
|
||||
cx->encrypt = encrypt;
|
||||
break;
|
||||
|
||||
case NSS_SEED_CBC:
|
||||
memcpy(cx->iv, iv, 16);
|
||||
SEED_set_key(key, &cx->ks);
|
||||
cx->mode = NSS_SEED_CBC;
|
||||
cx->encrypt = encrypt;
|
||||
break;
|
||||
|
||||
default:
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
SEEDContext *
|
||||
SEED_CreateContext(const unsigned char * key, const unsigned char *iv,
|
||||
int mode, PRBool encrypt)
|
||||
{
|
||||
SEEDContext *cx = PORT_ZNew(SEEDContext);
|
||||
SECStatus rv = SEED_InitContext(cx, key, SEED_KEY_LENGTH, iv, mode,
|
||||
encrypt, 0);
|
||||
|
||||
if (rv != SECSuccess) {
|
||||
PORT_ZFree(cx, sizeof *cx);
|
||||
cx = NULL;
|
||||
}
|
||||
|
||||
return cx;
|
||||
}
|
||||
|
||||
void
|
||||
SEED_DestroyContext(SEEDContext *cx, PRBool freeit)
|
||||
{
|
||||
if (cx) {
|
||||
memset(cx, 0, sizeof *cx);
|
||||
|
||||
if (freeit)
|
||||
PORT_Free(cx);
|
||||
}
|
||||
}
|
||||
|
||||
SECStatus
|
||||
SEED_Encrypt(SEEDContext *cx, unsigned char *out, unsigned int *outLen,
|
||||
unsigned int maxOutLen, const unsigned char *in,
|
||||
unsigned int inLen)
|
||||
{
|
||||
int num = 0;
|
||||
if (!cx) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
if (!cx->encrypt) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
switch (cx->mode) {
|
||||
case NSS_SEED:
|
||||
SEED_ecb_encrypt(in, out, &cx->ks, 1);
|
||||
*outLen = inLen;
|
||||
break;
|
||||
|
||||
case NSS_SEED_CBC:
|
||||
SEED_cbc_encrypt(in, out, inLen, &cx->ks, cx->iv, 1);
|
||||
*outLen = inLen;
|
||||
break;
|
||||
|
||||
default:
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
SECStatus
|
||||
SEED_Decrypt(SEEDContext *cx, unsigned char *out, unsigned int *outLen,
|
||||
unsigned int maxOutLen, const unsigned char *in,
|
||||
unsigned int inLen)
|
||||
{
|
||||
int num = 0;
|
||||
if (!cx) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
if (cx->encrypt) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
switch (cx->mode) {
|
||||
case NSS_SEED:
|
||||
SEED_ecb_encrypt(in, out, &cx->ks, 0);
|
||||
*outLen = inLen;
|
||||
break;
|
||||
|
||||
case NSS_SEED_CBC:
|
||||
SEED_cbc_encrypt(in, out, inLen, &cx->ks, cx->iv, 0);
|
||||
*outLen = inLen;
|
||||
break;
|
||||
|
||||
default:
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
return SECSuccess;
|
||||
}
|
160
security/nss/lib/freebl/seed.h
Normal file
160
security/nss/lib/freebl/seed.h
Normal file
@ -0,0 +1,160 @@
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the SEED code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* KISA(Korea Information Security Agency).
|
||||
*
|
||||
* Portions created by the Initial Developer are Copyright (C) 2008
|
||||
* the Initial Developer.
|
||||
* Contributor(s):
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifndef HEADER_SEED_H
|
||||
#define HEADER_SEED_H
|
||||
|
||||
#include <string.h>
|
||||
#include "blapi.h"
|
||||
|
||||
#if !defined(NO_SYS_TYPES_H)
|
||||
# include <sys/types.h>
|
||||
#endif
|
||||
|
||||
typedef PRUint32 seed_word;
|
||||
|
||||
#define G_FUNC(v) \
|
||||
SS[0][((v) & 0xff)] ^ \
|
||||
SS[1][((v)>> 8 & 0xff)] ^ \
|
||||
SS[2][((v)>>16 & 0xff)] ^ \
|
||||
SS[3][((v)>>24 & 0xff)]
|
||||
|
||||
#define char2word(c, i) \
|
||||
(i) = ((((seed_word)((c)[0])) << 24) | \
|
||||
(((seed_word)((c)[1])) << 16) | \
|
||||
(((seed_word)((c)[2])) << 8) | \
|
||||
((seed_word)((c)[3])))
|
||||
|
||||
#define word2char(l, c) \
|
||||
*((c)+0) = (unsigned char)((l)>>24); \
|
||||
*((c)+1) = (unsigned char)((l)>>16); \
|
||||
*((c)+2) = (unsigned char)((l)>> 8); \
|
||||
*((c)+3) = (unsigned char)((l) )
|
||||
|
||||
#define KEYSCHEDULE_UPDATE0(T0, T1, K0, K1, K2, K3, KC) \
|
||||
(T0) = (K2); \
|
||||
(K2) = (((K2)<<8) ^ ((K3)>>24)); \
|
||||
(K3) = (((K3)<<8) ^ ((T0)>>24)); \
|
||||
(T0) = ((K0) + (K2) - (KC)); \
|
||||
(T1) = ((K1) + (KC) - (K3))
|
||||
|
||||
#define KEYSCHEDULE_UPDATE1(T0, T1, K0, K1, K2, K3, KC) \
|
||||
(T0) = (K0); \
|
||||
(K0) = (((K0)>>8) ^ ((K1)<<24)); \
|
||||
(K1) = (((K1)>>8) ^ ((T0)<<24)); \
|
||||
(T0) = ((K0) + (K2) - (KC)); \
|
||||
(T1) = ((K1) + (KC) - (K3))
|
||||
|
||||
#define KEYUPDATE_TEMP(T0, T1, K) \
|
||||
(K)[0] = G_FUNC((T0)); \
|
||||
(K)[1] = G_FUNC((T1))
|
||||
|
||||
#define XOR_SEEDBLOCK(DST, SRC) \
|
||||
(DST)[0] ^= (SRC)[0]; \
|
||||
(DST)[1] ^= (SRC)[1]; \
|
||||
(DST)[2] ^= (SRC)[2]; \
|
||||
(DST)[3] ^= (SRC)[3]
|
||||
|
||||
#define MOV_SEEDBLOCK(DST, SRC) \
|
||||
(DST)[0] = (SRC)[0]; \
|
||||
(DST)[1] = (SRC)[1]; \
|
||||
(DST)[2] = (SRC)[2]; \
|
||||
(DST)[3] = (SRC)[3]
|
||||
|
||||
# define CHAR2WORD(C, I) \
|
||||
char2word((C), (I)[0]); \
|
||||
char2word((C)+4, (I)[1]); \
|
||||
char2word((C)+8, (I)[2]); \
|
||||
char2word((C)+12, (I)[3])
|
||||
|
||||
# define WORD2CHAR(I, C) \
|
||||
word2char((I)[0], (C)); \
|
||||
word2char((I)[1], (C+4)); \
|
||||
word2char((I)[2], (C+8)); \
|
||||
word2char((I)[3], (C+12))
|
||||
|
||||
# define E_SEED(T0, T1, X1, X2, X3, X4, rbase) \
|
||||
(T0) = (X3) ^ (ks->data)[(rbase)]; \
|
||||
(T1) = (X4) ^ (ks->data)[(rbase)+1]; \
|
||||
(T1) ^= (T0); \
|
||||
(T1) = G_FUNC(T1); \
|
||||
(T0) += (T1); \
|
||||
(T0) = G_FUNC(T0); \
|
||||
(T1) += (T0); \
|
||||
(T1) = G_FUNC(T1); \
|
||||
(T0) += (T1); \
|
||||
(X1) ^= (T0); \
|
||||
(X2) ^= (T1)
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef struct seed_key_st {
|
||||
PRUint32 data[32];
|
||||
} SEED_KEY_SCHEDULE;
|
||||
|
||||
|
||||
|
||||
struct SEEDContextStr {
|
||||
unsigned char iv[SEED_BLOCK_SIZE];
|
||||
SEED_KEY_SCHEDULE ks;
|
||||
int mode;
|
||||
unsigned int encrypt;
|
||||
};
|
||||
|
||||
void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
|
||||
SEED_KEY_SCHEDULE *ks);
|
||||
|
||||
void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
|
||||
unsigned char d[SEED_BLOCK_SIZE],
|
||||
const SEED_KEY_SCHEDULE *ks);
|
||||
void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
|
||||
unsigned char d[SEED_BLOCK_SIZE],
|
||||
const SEED_KEY_SCHEDULE *ks);
|
||||
|
||||
void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const SEED_KEY_SCHEDULE *ks, int enc);
|
||||
void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
|
||||
size_t len, const SEED_KEY_SCHEDULE *ks,
|
||||
unsigned char ivec[SEED_BLOCK_SIZE], int enc);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* HEADER_SEED_H */
|
@ -36,9 +36,14 @@
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: sha512.c,v 1.11 2008/02/16 02:24:48 wtc%google.com Exp $ */
|
||||
/* $Id: sha512.c,v 1.13 2008/11/19 21:10:52 nelson%bolyard.com Exp $ */
|
||||
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
#include "prcpucfg.h"
|
||||
#if defined(_X86_) || defined(SHA_NO_LONG_LONG)
|
||||
#if (defined(_X86_) && !defined(__x86_64__)) || defined(SHA_NO_LONG_LONG)
|
||||
#define NOUNROLL512 1
|
||||
#undef HAVE_LONG_LONG
|
||||
#endif
|
||||
@ -120,13 +125,13 @@ swap4b(PRUint32 dwd)
|
||||
#define SHA_HTONL(x) swap4b(x)
|
||||
#define BYTESWAP4(x) x = SHA_HTONL(x)
|
||||
|
||||
#elif defined(LINUX) && defined(_X86_)
|
||||
#undef __OPTIMIZE__
|
||||
#define __OPTIMIZE__ 1
|
||||
#undef __pentium__
|
||||
#define __pentium__ 1
|
||||
#include <byteswap.h>
|
||||
#define SHA_HTONL(x) bswap_32(x)
|
||||
#elif defined(__GNUC__) && defined(_X86_)
|
||||
static __inline__ PRUint32 swap4b(PRUint32 value)
|
||||
{
|
||||
__asm__("bswap %0" : "+r" (value));
|
||||
return (value);
|
||||
}
|
||||
#define SHA_HTONL(x) swap4b(x)
|
||||
#define BYTESWAP4(x) x = SHA_HTONL(x)
|
||||
|
||||
#else /* neither windows nor Linux PC */
|
||||
@ -136,7 +141,7 @@ swap4b(PRUint32 dwd)
|
||||
#define BYTESWAP4(x) x = SHA_HTONL(x)
|
||||
#endif
|
||||
|
||||
#if defined(_MSC_VER) && defined(_X86_)
|
||||
#if defined(_MSC_VER)
|
||||
#pragma intrinsic (_lrotr, _lrotl)
|
||||
#define ROTR32(x,n) _lrotr(x,n)
|
||||
#define ROTL32(x,n) _lrotl(x,n)
|
||||
@ -522,8 +527,14 @@ void SHA256_Clone(SHA256Context *dest, SHA256Context *src)
|
||||
|
||||
/* common #defines for SHA512 and SHA384 */
|
||||
#if defined(HAVE_LONG_LONG)
|
||||
#if defined(_MSC_VER)
|
||||
#pragma intrinsic(_rotr64,_rotl64)
|
||||
#define ROTR64(x,n) _rotr64(x,n)
|
||||
#define ROTL64(x,n) _rotl64(x,n)
|
||||
#else
|
||||
#define ROTR64(x,n) ((x >> n) | (x << (64 - n)))
|
||||
#define ROTL64(x,n) ((x << n) | (x >> (64 - n)))
|
||||
#endif
|
||||
|
||||
#define S0(x) (ROTR64(x,28) ^ ROTR64(x,34) ^ ROTR64(x,39))
|
||||
#define S1(x) (ROTR64(x,14) ^ ROTR64(x,18) ^ ROTR64(x,41))
|
||||
@ -538,12 +549,26 @@ void SHA256_Clone(SHA256Context *dest, SHA256Context *src)
|
||||
#define ULLC(hi,lo) 0x ## hi ## lo ## ULL
|
||||
#endif
|
||||
|
||||
#if defined(_MSC_VER)
|
||||
#pragma intrinsic(_byteswap_uint64)
|
||||
#define SHA_HTONLL(x) _byteswap_uint64(x)
|
||||
|
||||
#elif defined(__GNUC__) && (defined(__x86_64__) || defined(__x86_64))
|
||||
static __inline__ PRUint64 swap8b(PRUint64 value)
|
||||
{
|
||||
__asm__("bswapq %0" : "+r" (value));
|
||||
return (value);
|
||||
}
|
||||
#define SHA_HTONLL(x) swap8b(x)
|
||||
|
||||
#else
|
||||
#define SHA_MASK16 ULLC(0000FFFF,0000FFFF)
|
||||
#define SHA_MASK8 ULLC(00FF00FF,00FF00FF)
|
||||
#define SHA_HTONLL(x) (t1 = x, \
|
||||
t1 = ((t1 & SHA_MASK8 ) << 8) | ((t1 >> 8) & SHA_MASK8 ), \
|
||||
t1 = ((t1 & SHA_MASK16) << 16) | ((t1 >> 16) & SHA_MASK16), \
|
||||
(t1 >> 32) | (t1 << 32))
|
||||
#endif
|
||||
#define BYTESWAP8(x) x = SHA_HTONLL(x)
|
||||
|
||||
#else /* no long long */
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user