diff --git a/dbm/include/mcom_db.h b/dbm/include/mcom_db.h index 45cff2dd783e7..d265f43225688 100644 --- a/dbm/include/mcom_db.h +++ b/dbm/include/mcom_db.h @@ -156,7 +156,7 @@ #define LITTLE_ENDIAN 1234 #endif -#ifdef _WINDOWS +#if defined(_WINDOWS) || defined(XP_OS2_VACPP) #ifdef BYTE_ORDER #undef BYTE_ORDER #endif @@ -188,6 +188,14 @@ #define MAXPATHLEN 1024 #endif +#ifdef XP_OS2_VACPP +#include +#define MAXPATHLEN CCHMAXPATH +#define EPERM EINVAL +#define ENOTDIR EBADPOS +#define S_ISDIR(s) ((s) & S_IFDIR) +#endif + #define EFTYPE EINVAL /* POSIX 1003.1 format errno. */ #ifndef STDERR_FILENO diff --git a/dbm/src/h_bigkey.c b/dbm/src/h_bigkey.c index fb9680d56c09d..5cf7f15db153f 100644 --- a/dbm/src/h_bigkey.c +++ b/dbm/src/h_bigkey.c @@ -56,7 +56,7 @@ static char sccsid[] = "@(#)hash_bigkey.c 8.3 (Berkeley) 5/31/94"; * collect_data */ -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) +#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP) #include #endif diff --git a/dbm/src/h_page.c b/dbm/src/h_page.c index f26cc92e24985..1f06a0a6ad1af 100644 --- a/dbm/src/h_page.c +++ b/dbm/src/h_page.c @@ -78,7 +78,7 @@ static char sccsid[] = "@(#)hash_page.c 8.7 (Berkeley) 8/16/94"; #include #include -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) +#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP) #include #endif diff --git a/dbm/src/hash.c b/dbm/src/hash.c index 4e157e8287ac9..d4c0e073912cf 100644 --- a/dbm/src/hash.c +++ b/dbm/src/hash.c @@ -38,12 +38,12 @@ static char sccsid[] = "@(#)hash.c 8.9 (Berkeley) 6/16/94"; #include "watcomfx.h" -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) +#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP) #include #endif #if !defined(macintosh) -#ifdef XP_OS2 +#ifdef XP_OS2_EMX #include #endif #include @@ -60,7 +60,7 @@ static char sccsid[] = "@(#)hash.c 8.9 (Berkeley) 6/16/94"; #include #include -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) +#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP) #include #endif #if defined(_WIN32) || defined(_WINDOWS) diff --git a/dbm/src/hash_buf.c b/dbm/src/hash_buf.c index 303f35c2cee39..b9d1987fa1a48 100644 --- a/dbm/src/hash_buf.c +++ b/dbm/src/hash_buf.c @@ -53,7 +53,7 @@ static char sccsid[] = "@(#)hash_buf.c 8.5 (Berkeley) 7/15/94"; * Internal * newbuf */ -#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) +#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2_VACPP) #include #endif diff --git a/dbm/src/mktemp.c b/dbm/src/mktemp.c index 592711ad2fdc7..ecd9369788dc2 100644 --- a/dbm/src/mktemp.c +++ b/dbm/src/mktemp.c @@ -47,10 +47,14 @@ static char sccsid[] = "@(#)mktemp.c 8.1 (Berkeley) 6/4/93"; #include #include "mcom_db.h" -#ifndef _WINDOWS +#if !defined(_WINDOWS) && !defined(XP_OS2_VACPP) #include #endif +#ifdef XP_OS2_VACPP +#include +#endif + #ifdef _WINDOWS #include #include "winfile.h" diff --git a/dbm/src/snprintf.c b/dbm/src/snprintf.c index fbf4c4f5d654c..4987785723659 100644 --- a/dbm/src/snprintf.c +++ b/dbm/src/snprintf.c @@ -16,14 +16,14 @@ #include /* The OS/2 VAC compiler doesn't appear to define __STDC__ and won't let us define it either */ -#ifdef __STDC__ +#if defined(__STDC__) || defined(XP_OS2_VACPP) #include #else #include #endif int -#ifdef __STDC__ +#if defined(__STDC__) || defined(XP_OS2_VACPP) snprintf(char *str, size_t n, const char *fmt, ...) #else snprintf(str, n, fmt, va_alist) @@ -39,7 +39,7 @@ snprintf(str, n, fmt, va_alist) #else int rval; #endif -#ifdef __STDC__ +#if defined(__STDC__) || defined(XP_OS2_VACPP) va_start(ap, fmt); #else va_start(ap); diff --git a/nsprpub/pkg/linux/Makefile.in b/nsprpub/pkg/linux/Makefile.in index 5a91b052a227c..401f49260a583 100644 --- a/nsprpub/pkg/linux/Makefile.in +++ b/nsprpub/pkg/linux/Makefile.in @@ -38,7 +38,7 @@ # # ***** END LICENSE BLOCK ***** # -#ident "$Id: Makefile.in,v 1.10 2005/11/18 21:50:20 christophe.ravel.bugs%sun.com Exp $" +#ident "$Id: Makefile.in,v 1.11 2008/10/20 22:38:45 christophe.ravel.bugs%sun.com Exp $" # MOD_DEPTH = ../.. @@ -74,7 +74,7 @@ publish: (cd $(dist_includedir) && tar cphf - .) \ | (mkdir -p opt/sun/private/include/nspr && cd opt/sun/private/include/nspr && tar xvfBp -) (cd opt/sun/private/include/nspr && \ - rm -rf md private obsolete/pralarm.h obsolete/probslet.h obsolete/prsem.h) + rm -rf md) tar czvf SOURCES/$(NAME)-$(VERSION).tar.gz opt echo "%define name $(NAME)" >$(SPECFILE) echo "%define version $(VERSION)" >>$(SPECFILE) @@ -100,6 +100,7 @@ publish: echo "%dir /opt/sun/private/include" >>$(SPECFILE) echo "%dir /opt/sun/private/include/nspr" >>$(SPECFILE) echo "%dir /opt/sun/private/include/nspr/obsolete" >>$(SPECFILE) + echo "%dir /opt/sun/private/include/nspr/private" >>$(SPECFILE) find opt -type f \( -name "*.h" \) \ | sed -e "s-^-/-" >>$(SPECFILE) rpmbuild $(RPMTARGET) -bb $(SPECFILE) diff --git a/nsprpub/pkg/solaris/SUNWprd/prototype b/nsprpub/pkg/solaris/SUNWprd/prototype index ff3356e652c61..6c37bb5c20544 100755 --- a/nsprpub/pkg/solaris/SUNWprd/prototype +++ b/nsprpub/pkg/solaris/SUNWprd/prototype @@ -38,7 +38,7 @@ # # ***** END LICENSE BLOCK ***** # -#ident "$Id: prototype,v 1.4 2006/04/05 20:57:09 wtchang%redhat.com Exp $" +#ident "$Id: prototype,v 1.5 2008/10/20 22:38:46 christophe.ravel.bugs%sun.com Exp $" # # This required package information file contains a list of package contents. # The 'pkgmk' command uses this file to identify the contents of a package @@ -63,7 +63,11 @@ d none usr 0755 root sys d none usr/include 0755 root bin d none usr/include/mps 0755 root bin d none usr/include/mps/obsolete 0755 root bin +d none usr/include/mps/private 0755 root bin +f none usr/include/mps/obsolete/pralarm.h 0644 root bin +f none usr/include/mps/obsolete/probslet.h 0644 root bin f none usr/include/mps/obsolete/protypes.h 0644 root bin +f none usr/include/mps/obsolete/prsem.h 0644 root bin f none usr/include/mps/prcpucfg.h 0644 root bin f none usr/include/mps/nspr.h 0644 root bin f none usr/include/mps/pratom.h 0644 root bin @@ -81,6 +85,9 @@ f none usr/include/mps/prinit.h 0644 root bin f none usr/include/mps/prinrval.h 0644 root bin f none usr/include/mps/prio.h 0644 root bin f none usr/include/mps/pripcsem.h 0644 root bin +f none usr/include/mps/private/pprio.h 0644 root bin +f none usr/include/mps/private/pprthred.h 0644 root bin +f none usr/include/mps/private/prpriv.h 0644 root bin f none usr/include/mps/prlink.h 0644 root bin f none usr/include/mps/prlock.h 0644 root bin f none usr/include/mps/prlog.h 0644 root bin diff --git a/nsprpub/pr/include/prinit.h b/nsprpub/pr/include/prinit.h index bc9eae57cf027..4c1d2c74ca622 100644 --- a/nsprpub/pr/include/prinit.h +++ b/nsprpub/pr/include/prinit.h @@ -63,11 +63,11 @@ PR_BEGIN_EXTERN_C ** The format of the version string is ** ".[.] []" */ -#define PR_VERSION "4.7.2 Beta 4" +#define PR_VERSION "4.7.2" #define PR_VMAJOR 4 #define PR_VMINOR 7 #define PR_VPATCH 2 -#define PR_BETA PR_TRUE +#define PR_BETA PR_FALSE /* ** PRVersionCheck diff --git a/nsprpub/pr/src/misc/prtime.c b/nsprpub/pr/src/misc/prtime.c index d73b08cdeae64..5f05d5ef68e0f 100644 --- a/nsprpub/pr/src/misc/prtime.c +++ b/nsprpub/pr/src/misc/prtime.c @@ -1698,29 +1698,37 @@ PR_FormatTime(char *buf, int buflen, const char *fmt, const PRExplodedTime *tm) { size_t rv; struct tm a; - a.tm_sec = tm->tm_sec; - a.tm_min = tm->tm_min; - a.tm_hour = tm->tm_hour; - a.tm_mday = tm->tm_mday; - a.tm_mon = tm->tm_month; - a.tm_wday = tm->tm_wday; - a.tm_year = tm->tm_year - 1900; - a.tm_yday = tm->tm_yday; - a.tm_isdst = tm->tm_params.tp_dst_offset ? 1 : 0; + struct tm *ap; + + if (tm) { + ap = &a; + a.tm_sec = tm->tm_sec; + a.tm_min = tm->tm_min; + a.tm_hour = tm->tm_hour; + a.tm_mday = tm->tm_mday; + a.tm_mon = tm->tm_month; + a.tm_wday = tm->tm_wday; + a.tm_year = tm->tm_year - 1900; + a.tm_yday = tm->tm_yday; + a.tm_isdst = tm->tm_params.tp_dst_offset ? 1 : 0; -/* - * On some platforms, for example SunOS 4, struct tm has two additional - * fields: tm_zone and tm_gmtoff. - */ + /* + * On some platforms, for example SunOS 4, struct tm has two + * additional fields: tm_zone and tm_gmtoff. + */ #if defined(SUNOS4) || (__GLIBC__ >= 2) || defined(XP_BEOS) \ || defined(NETBSD) || defined(OPENBSD) || defined(FREEBSD) \ || defined(DARWIN) || defined(SYMBIAN) - a.tm_zone = NULL; - a.tm_gmtoff = tm->tm_params.tp_gmt_offset + tm->tm_params.tp_dst_offset; + a.tm_zone = NULL; + a.tm_gmtoff = tm->tm_params.tp_gmt_offset + + tm->tm_params.tp_dst_offset; #endif + } else { + ap = NULL; + } - rv = strftime(buf, buflen, fmt, &a); + rv = strftime(buf, buflen, fmt, ap); if (!rv && buf && buflen > 0) { /* * When strftime fails, the contents of buf are indeterminate. diff --git a/nsprpub/pr/tests/formattm.c b/nsprpub/pr/tests/formattm.c index c3c758b5f28b0..8b04cd3701e9f 100644 --- a/nsprpub/pr/tests/formattm.c +++ b/nsprpub/pr/tests/formattm.c @@ -44,16 +44,39 @@ int main() { char buffer[256]; + char small_buffer[8]; PRTime now; PRExplodedTime tod; now = PR_Now(); PR_ExplodeTime(now, PR_LocalTimeParameters, &tod); - (void)PR_FormatTime(buffer, sizeof(buffer), - "%a %b %d %H:%M:%S %Z %Y", &tod); - printf("%s\n", buffer); + + if (PR_FormatTime(buffer, sizeof(buffer), + "%a %b %d %H:%M:%S %Z %Y", &tod) != 0) { + printf("%s\n", buffer); + } else { + fprintf(stderr, "PR_FormatTime(buffer) failed\n"); + return 1; + } + + small_buffer[0] = '?'; + if (PR_FormatTime(small_buffer, sizeof(small_buffer), + "%a %b %d %H:%M:%S %Z %Y", &tod) == 0) { + if (small_buffer[0] != '\0') { + fprintf(stderr, "PR_FormatTime(small_buffer) did not output " + "an empty string on failure\n"); + return 1; + } + printf("%s\n", small_buffer); + } else { + fprintf(stderr, "PR_FormatTime(small_buffer) succeeded " + "unexpectedly\n"); + return 1; + } + (void)PR_FormatTimeUSEnglish(buffer, sizeof(buffer), "%a %b %d %H:%M:%S %Z %Y", &tod); printf("%s\n", buffer); + return 0; } diff --git a/nsprpub/pr/tests/runtests.pl b/nsprpub/pr/tests/runtests.pl old mode 100644 new mode 100755 diff --git a/security/coreconf/Linux.mk b/security/coreconf/Linux.mk index 18aa1a1adc7be..7725a97cc4b1a 100644 --- a/security/coreconf/Linux.mk +++ b/security/coreconf/Linux.mk @@ -185,3 +185,6 @@ G++INCLUDES = -I/usr/include/g++ # Always set CPU_TAG on Linux, OpenVMS, WINCE. # CPU_TAG = _$(CPU_ARCH) + +USE_SYSTEM_ZLIB = 1 +ZLIB_LIBS = -lz diff --git a/security/coreconf/UNIX.mk b/security/coreconf/UNIX.mk index f51f1ca70b73a..58531709abed2 100644 --- a/security/coreconf/UNIX.mk +++ b/security/coreconf/UNIX.mk @@ -46,7 +46,9 @@ ifdef BUILD_OPT DEFINES += -UDEBUG -DNDEBUG else OPTIMIZER += -g - DEFINES += -DDEBUG -UNDEBUG -DDEBUG_$(shell whoami) + USERNAME := $(shell whoami) + USERNAME := $(subst -,_,$(USERNAME)) + DEFINES += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME) endif ifdef BUILD_TREE diff --git a/security/coreconf/WINNT6.0.mk b/security/coreconf/WINNT6.0.mk index 9c1c34fa89afd..0f4763682137f 100644 --- a/security/coreconf/WINNT6.0.mk +++ b/security/coreconf/WINNT6.0.mk @@ -76,77 +76,3 @@ OS_CFLAGS += -GT DEFINES += -DWINNT NSPR31_LIB_PREFIX = lib -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# Robert Longson -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -# -# Config stuff for WINNT 6.0 (Windows Vista) -# -# This makefile defines the following variables: -# OS_CFLAGS and OS_DLLFLAGS. - -include $(CORE_DEPTH)/coreconf/WIN32.mk - -ifeq ($(CPU_ARCH), x386) - OS_CFLAGS += -W3 -nologo - DEFINES += -D_X86_ -else - ifeq ($(CPU_ARCH), MIPS) - #OS_CFLAGS += -W3 -nologo - #DEFINES += -D_MIPS_ - OS_CFLAGS += -W3 -nologo - else - ifeq ($(CPU_ARCH), ALPHA) - OS_CFLAGS += -W3 -nologo - DEFINES += -D_ALPHA_=1 - endif - endif -endif - -OS_DLLFLAGS += -nologo -DLL -SUBSYSTEM:WINDOWS -ifndef MOZ_DEBUG_SYMBOLS - OS_DLLFLAGS += -PDB:NONE -endif - -# -# Win NT needs -GT so that fibers can work -# -OS_CFLAGS += -GT -DEFINES += -DWINNT - -NSPR31_LIB_PREFIX = lib diff --git a/security/coreconf/nsinstall/nsinstall.c b/security/coreconf/nsinstall/nsinstall.c index cf309ece8faf5..67850411d5f5b 100644 --- a/security/coreconf/nsinstall/nsinstall.c +++ b/security/coreconf/nsinstall/nsinstall.c @@ -359,6 +359,8 @@ main(int argc, char **argv) if (!exists && symlink(name, toname) < 0) { if (errno == EEXIST) { fprintf(stderr, "symlink creation race: %s\n", toname); + fail("symlink was attempted in working directory %s " + "from %s to %s.\n", cwd, name, toname); goto retry; } diagnosePath(toname); diff --git a/security/nss/cmd/SSLsample/Makefile b/security/nss/cmd/SSLsample/Makefile deleted file mode 100644 index f62d2a3d09a61..0000000000000 --- a/security/nss/cmd/SSLsample/Makefile +++ /dev/null @@ -1,48 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -# do these once for each target program -all default export libs program install release_export:: - $(MAKE) -f make.client $@ - $(MAKE) -f make.server $@ - -# only do these things once for the whole directory -depend dependclean clean clobber realclean clobber_all release_classes release_clean release_cpdistdir release_export release_jars release_md release_policy show:: - $(MAKE) -f make.client $@ - - diff --git a/security/nss/cmd/SSLsample/README b/security/nss/cmd/SSLsample/README deleted file mode 100644 index 5672cfac8f0e3..0000000000000 --- a/security/nss/cmd/SSLsample/README +++ /dev/null @@ -1,35 +0,0 @@ -These sample programs can be built in either of two ways: -1) is the NSS source tree, using the coreconf build system, and -2) stand alone (as part of the NSS distribution). - -The following makefiles are used only when building in the NSS source tree -using coreconf. These are NOT part of the distribution. - -Makefile -client.mn -server.mn -config.mk -make.client -make.server - -The following source files are common to both build environments and are -part of the distribution. - -NSPRerrs.h -SECerrs.h -SSLerrs.h -client.c -getopt.c -server.c -sslerror.h - -In the NSS 2.0 distribution, the sample code and makefiles are in a -directory named "samples". The directories relevant to building -in the distributed tree are: - -./samples -./include/dbm -./include/nspr -./include/security -./lib - diff --git a/security/nss/cmd/SSLsample/client.c b/security/nss/cmd/SSLsample/client.c deleted file mode 100644 index d496371e994e0..0000000000000 --- a/security/nss/cmd/SSLsample/client.c +++ /dev/null @@ -1,456 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/**************************************************************************** - * SSL client program that sets up a connection to SSL server, transmits * - * some data and then reads the reply * - ****************************************************************************/ - -#include -#include - -#if defined(XP_UNIX) -#include -#endif - -#include "prerror.h" - -#include "pk11func.h" -#include "secitem.h" - - -#include -#include -#include -#include - -#include "nspr.h" -#include "plgetopt.h" -#include "prio.h" -#include "prnetdb.h" -#include "nss.h" - -#include "sslsample.h" - -#define RD_BUF_SIZE (60 * 1024) - -extern int ssl2CipherSuites[]; -extern int ssl3CipherSuites[]; - -GlobalThreadMgr threadMGR; -char *certNickname = NULL; -char *hostName = NULL; -char *password = NULL; -unsigned short port = 0; - -static void -Usage(const char *progName) -{ - fprintf(stderr, - "Usage: %s [-n rsa_nickname] [-p port] [-d dbdir] [-c connections]\n" - " [-w dbpasswd] [-C cipher(s)] hostname\n", - progName); - exit(1); -} - -PRFileDesc * -setupSSLSocket(PRNetAddr *addr) -{ - PRFileDesc *tcpSocket; - PRFileDesc *sslSocket; - PRSocketOptionData socketOption; - PRStatus prStatus; - SECStatus secStatus; - -#if 0 -retry: -#endif - - tcpSocket = PR_NewTCPSocket(); - if (tcpSocket == NULL) { - errWarn("PR_NewTCPSocket"); - } - - /* Make the socket blocking. */ - socketOption.option = PR_SockOpt_Nonblocking; - socketOption.value.non_blocking = PR_FALSE; - - prStatus = PR_SetSocketOption(tcpSocket, &socketOption); - if (prStatus != PR_SUCCESS) { - errWarn("PR_SetSocketOption"); - goto loser; - } - -#if 0 - /* Verify that a connection can be made to the socket. */ - prStatus = PR_Connect(tcpSocket, addr, PR_INTERVAL_NO_TIMEOUT); - if (prStatus != PR_SUCCESS) { - PRErrorCode err = PR_GetError(); - if (err == PR_CONNECT_REFUSED_ERROR) { - PR_Close(tcpSocket); - PR_Sleep(PR_MillisecondsToInterval(10)); - fprintf(stderr, "Connection to port refused, retrying.\n"); - goto retry; - } - errWarn("PR_Connect"); - goto loser; - } -#endif - - /* Import the socket into the SSL layer. */ - sslSocket = SSL_ImportFD(NULL, tcpSocket); - if (!sslSocket) { - errWarn("SSL_ImportFD"); - goto loser; - } - - /* Set configuration options. */ - secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_SECURITY"); - goto loser; - } - - secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_CLIENT"); - goto loser; - } - - /* Set SSL callback routines. */ - secStatus = SSL_GetClientAuthDataHook(sslSocket, - (SSLGetClientAuthData)myGetClientAuthData, - (void *)certNickname); - if (secStatus != SECSuccess) { - errWarn("SSL_GetClientAuthDataHook"); - goto loser; - } - - secStatus = SSL_AuthCertificateHook(sslSocket, - (SSLAuthCertificate)myAuthCertificate, - (void *)CERT_GetDefaultCertDB()); - if (secStatus != SECSuccess) { - errWarn("SSL_AuthCertificateHook"); - goto loser; - } - - secStatus = SSL_BadCertHook(sslSocket, - (SSLBadCertHandler)myBadCertHandler, NULL); - if (secStatus != SECSuccess) { - errWarn("SSL_BadCertHook"); - goto loser; - } - - secStatus = SSL_HandshakeCallback(sslSocket, - myHandshakeCallback, - NULL); - if (secStatus != SECSuccess) { - errWarn("SSL_HandshakeCallback"); - goto loser; - } - - return sslSocket; - -loser: - - PR_Close(tcpSocket); - return NULL; -} - - -const char requestString[] = {"GET /testfile HTTP/1.0\r\n\r\n" }; - -SECStatus -handle_connection(PRFileDesc *sslSocket, int connection) -{ - int countRead = 0; - PRInt32 numBytes; - char *readBuffer; - - readBuffer = PORT_Alloc(RD_BUF_SIZE); - if (!readBuffer) { - exitErr("PORT_Alloc"); - } - - /* compose the http request here. */ - - numBytes = PR_Write(sslSocket, requestString, strlen(requestString)); - if (numBytes <= 0) { - errWarn("PR_Write"); - PR_Free(readBuffer); - readBuffer = NULL; - return SECFailure; - } - - /* read until EOF */ - while (PR_TRUE) { - numBytes = PR_Read(sslSocket, readBuffer, RD_BUF_SIZE); - if (numBytes == 0) { - break; /* EOF */ - } - if (numBytes < 0) { - errWarn("PR_Read"); - break; - } - countRead += numBytes; - fprintf(stderr, "***** Connection %d read %d bytes (%d total).\n", - connection, numBytes, countRead ); - readBuffer[numBytes] = '\0'; - fprintf(stderr, "************\n%s\n************\n", readBuffer); - } - - printSecurityInfo(sslSocket); - - PR_Free(readBuffer); - readBuffer = NULL; - - /* Caller closes the socket. */ - - fprintf(stderr, - "***** Connection %d read %d bytes total.\n", - connection, countRead); - - return SECSuccess; /* success */ -} - -/* one copy of this function is launched in a separate thread for each -** connection to be made. -*/ -SECStatus -do_connects(void *a, int connection) -{ - PRNetAddr *addr = (PRNetAddr *)a; - PRFileDesc *sslSocket; - PRHostEnt hostEntry; - char buffer[PR_NETDB_BUF_SIZE]; - PRStatus prStatus; - PRIntn hostenum; - SECStatus secStatus; - - /* Set up SSL secure socket. */ - sslSocket = setupSSLSocket(addr); - if (sslSocket == NULL) { - errWarn("setupSSLSocket"); - return SECFailure; - } - - secStatus = SSL_SetPKCS11PinArg(sslSocket, password); - if (secStatus != SECSuccess) { - errWarn("SSL_SetPKCS11PinArg"); - return secStatus; - } - - secStatus = SSL_SetURL(sslSocket, hostName); - if (secStatus != SECSuccess) { - errWarn("SSL_SetURL"); - return secStatus; - } - - /* Prepare and setup network connection. */ - prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry); - if (prStatus != PR_SUCCESS) { - errWarn("PR_GetHostByName"); - return SECFailure; - } - - hostenum = PR_EnumerateHostEnt(0, &hostEntry, port, addr); - if (hostenum == -1) { - errWarn("PR_EnumerateHostEnt"); - return SECFailure; - } - - prStatus = PR_Connect(sslSocket, addr, PR_INTERVAL_NO_TIMEOUT); - if (prStatus != PR_SUCCESS) { - errWarn("PR_Connect"); - return SECFailure; - } - - /* Established SSL connection, ready to send data. */ -#if 0 - secStatus = SSL_ForceHandshake(sslSocket); - if (secStatus != SECSuccess) { - errWarn("SSL_ForceHandshake"); - return secStatus; - } -#endif - - secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_FALSE); - if (secStatus != SECSuccess) { - errWarn("SSL_ResetHandshake"); - prStatus = PR_Close(sslSocket); - if (prStatus != PR_SUCCESS) { - errWarn("PR_Close"); - } - return secStatus; - } - - secStatus = handle_connection(sslSocket, connection); - if (secStatus != SECSuccess) { - errWarn("handle_connection"); - return secStatus; - } - - PR_Close(sslSocket); - return SECSuccess; -} - -void -client_main(unsigned short port, - int connections, - const char * hostName) -{ - int i; - SECStatus secStatus; - PRStatus prStatus; - PRInt32 rv; - PRNetAddr addr; - PRHostEnt hostEntry; - char buffer[256]; - - /* Setup network connection. */ - prStatus = PR_GetHostByName(hostName, buffer, 256, &hostEntry); - if (prStatus != PR_SUCCESS) { - exitErr("PR_GetHostByName"); - } - - rv = PR_EnumerateHostEnt(0, &hostEntry, port, &addr); - if (rv < 0) { - exitErr("PR_EnumerateHostEnt"); - } - - secStatus = launch_thread(&threadMGR, do_connects, &addr, 1); - if (secStatus != SECSuccess) { - exitErr("launch_thread"); - } - - if (connections > 1) { - /* wait for the first connection to terminate, then launch the rest. */ - reap_threads(&threadMGR); - /* Start up the connections */ - for (i = 2; i <= connections; ++i) { - secStatus = launch_thread(&threadMGR, do_connects, &addr, i); - if (secStatus != SECSuccess) { - errWarn("launch_thread"); - } - } - } - - reap_threads(&threadMGR); - destroy_thread_data(&threadMGR); -} - -int -main(int argc, char **argv) -{ - char * certDir = "."; - char * progName = NULL; - int connections = 1; - char * cipherString = NULL; - SECStatus secStatus; - PLOptState * optstate; - PLOptStatus status; - - /* Call the NSPR initialization routines */ - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - - progName = PL_strdup(argv[0]); - - hostName = NULL; - optstate = PL_CreateOptState(argc, argv, "C:c:d:n:p:w:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch(optstate->option) { - case 'C' : cipherString = PL_strdup(optstate->value); break; - case 'c' : connections = PORT_Atoi(optstate->value); break; - case 'd' : certDir = PL_strdup(optstate->value); break; - case 'n' : certNickname = PL_strdup(optstate->value); break; - case 'p' : port = PORT_Atoi(optstate->value); break; - case 'w' : password = PL_strdup(optstate->value); break; - case '\0': hostName = PL_strdup(optstate->value); break; - default : Usage(progName); - } - } - - if (port == 0 || hostName == NULL) - Usage(progName); - - if (certDir == NULL) { - certDir = PR_smprintf("%s/.netscape", getenv("HOME")); - } - - /* Set our password function callback. */ - PK11_SetPasswordFunc(myPasswd); - - /* Initialize the NSS libraries. */ - secStatus = NSS_Init(certDir); - if (secStatus != SECSuccess) { - exitErr("NSS_Init"); - } - - /* All cipher suites except RSA_NULL_MD5 are enabled by Domestic Policy. */ - NSS_SetDomesticPolicy(); - SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE); - - /* all the SSL2 and SSL3 cipher suites are enabled by default. */ - if (cipherString) { - int ndx; - - /* disable all the ciphers, then enable the ones we want. */ - disableAllSSLCiphers(); - - while (0 != (ndx = *cipherString++)) { - int *cptr; - int cipher; - - if (! isalpha(ndx)) - Usage(progName); - cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites; - for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) - /* do nothing */; - if (cipher) { - SSL_CipherPrefSetDefault(cipher, PR_TRUE); - } - } - } - - client_main(port, connections, hostName); - - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - PR_Cleanup(); - return 0; -} - diff --git a/security/nss/cmd/SSLsample/client.mn b/security/nss/cmd/SSLsample/client.mn deleted file mode 100644 index 064b7750ffa73..0000000000000 --- a/security/nss/cmd/SSLsample/client.mn +++ /dev/null @@ -1,50 +0,0 @@ -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -MODULE = nss - -EXPORTS = - -CSRCS = client.c \ - sslsample.c \ - $(NULL) - -PROGRAM = client - -IMPORTS = nss/lib/nss - diff --git a/security/nss/cmd/SSLsample/gencerts b/security/nss/cmd/SSLsample/gencerts deleted file mode 100755 index 61f13e5fabed4..0000000000000 --- a/security/nss/cmd/SSLsample/gencerts +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/sh -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -# Directory for db's, use in all subsequent -d flags. -rm -rf SampleCertDBs -mkdir SampleCertDBs - -# Password to use. -echo sample > passfile - -# Generate the db files, using the above password. -certutil -N -d SampleCertDBs -f passfile - -# Generate the CA cert. This cert is self-signed and only useful for -# test purposes. Set the trust bits to allow it to sign SSL client/server -# certs. -certutil -S -n SampleRootCA -x -t "CTu,CTu,CTu" \ - -s "CN=My Sample Root CA, O=My Organization" \ - -m 25000 -o ./SampleCertDBs/SampleRootCA.crt \ - -d SampleCertDBs -f passfile - -# Generate the server cert. This cert is signed by the CA cert generated -# above. The CN must be hostname.domain.[com|org|net|...]. -certutil -S -n SampleSSLServerCert -c SampleRootCA -t "u,u,u" \ - -s "CN=$HOSTNAME.$MYDOMAIN, O=$HOSTNAME Corp." \ - -m 25001 -o ./SampleCertDBs/SampleSSLServer.crt \ - -d SampleCertDBs -f passfile - -# Generate the client cert. This cert is signed by the CA cert generated -# above. -certutil -S -n SampleSSLClientCert -c SampleRootCA -t "u,u,u" \ - -s "CN=My Client Cert, O=Client Organization" \ - -m 25002 -o ./SampleCertDBs/SampleSSLClient.crt \ - -d SampleCertDBs -f passfile - -# Verify the certificates. -certutil -V -u V -n SampleSSLServerCert -d SampleCertDBs -certutil -V -u C -n SampleSSLClientCert -d SampleCertDBs - -# Remove unneccessary files. -rm -f passfile -rm -f tempcert* - -# You are now ready to run your client/server! Example command lines: -# server -n SampleSSLServerCert -p 8080 -d SampleCertDBs -w sample -c e -R -# client -n SampleSSLClientCert -p 8080 -d SampleCertDBs -w sample -c 2 trane.mcom.com diff --git a/security/nss/cmd/SSLsample/make.client b/security/nss/cmd/SSLsample/make.client deleted file mode 100644 index 4bf4c40cd7e14..0000000000000 --- a/security/nss/cmd/SSLsample/make.client +++ /dev/null @@ -1,81 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include client.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -#include $(CORE_DEPTH)/$(MODULE)/config/config.mk - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -#CC = cc - - diff --git a/security/nss/cmd/SSLsample/make.server b/security/nss/cmd/SSLsample/make.server deleted file mode 100644 index ce90a2f86c685..0000000000000 --- a/security/nss/cmd/SSLsample/make.server +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include server.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -#include $(CORE_DEPTH)/$(MODULE)/config/config.mk - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - diff --git a/security/nss/cmd/SSLsample/server.c b/security/nss/cmd/SSLsample/server.c deleted file mode 100644 index bf4c9075b270e..0000000000000 --- a/security/nss/cmd/SSLsample/server.c +++ /dev/null @@ -1,821 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -/**************************************************************************** - * SSL server program listens on a port, accepts client connection, reads * - * request and responds to it * - ****************************************************************************/ - -/* Generic header files */ - -#include -#include - -/* NSPR header files */ - -#include "nspr.h" -#include "plgetopt.h" -#include "prerror.h" -#include "prnetdb.h" - -/* NSS header files */ - -#include "pk11func.h" -#include "secitem.h" -#include "ssl.h" -#include "certt.h" -#include "nss.h" -#include "secder.h" -#include "key.h" -#include "sslproto.h" - -/* Custom header files */ - -#include "sslsample.h" - -#ifndef PORT_Sprintf -#define PORT_Sprintf sprintf -#endif - -#define REQUEST_CERT_ONCE 1 -#define REQUIRE_CERT_ONCE 2 -#define REQUEST_CERT_ALL 3 -#define REQUIRE_CERT_ALL 4 - -/* Global variables */ -GlobalThreadMgr threadMGR; -char *password = NULL; -CERTCertificate *cert = NULL; -SECKEYPrivateKey *privKey = NULL; -int stopping; - -static void -Usage(const char *progName) -{ - fprintf(stderr, - -"Usage: %s -n rsa_nickname -p port [-3RFrf] [-w password]\n" -" [-c ciphers] [-d dbdir] \n" -"-3 means disable SSL v3\n" -"-r means request certificate on first handshake.\n" -"-f means require certificate on first handshake.\n" -"-R means request certificate on all handshakes.\n" -"-F means require certificate on all handshakes.\n" -"-c ciphers Letter(s) chosen from the following list\n" -"A SSL2 RC4 128 WITH MD5\n" -"B SSL2 RC4 128 EXPORT40 WITH MD5\n" -"C SSL2 RC2 128 CBC WITH MD5\n" -"D SSL2 RC2 128 CBC EXPORT40 WITH MD5\n" -"E SSL2 DES 64 CBC WITH MD5\n" -"F SSL2 DES 192 EDE3 CBC WITH MD5\n" -"\n" -"c SSL3 RSA WITH RC4 128 MD5\n" -"d SSL3 RSA WITH 3DES EDE CBC SHA\n" -"e SSL3 RSA WITH DES CBC SHA\n" -"f SSL3 RSA EXPORT WITH RC4 40 MD5\n" -"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n" -"i SSL3 RSA WITH NULL MD5\n" -"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n" -"k SSL3 RSA FIPS WITH DES CBC SHA\n" -"l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n" -"m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n", - progName); - exit(1); -} - -/* Function: readDataFromSocket() - * - * Purpose: Parse an HTTP request by reading data from a GET or POST. - * - */ -SECStatus -readDataFromSocket(PRFileDesc *sslSocket, DataBuffer *buffer, char **fileName) -{ - char *post; - int numBytes = 0; - int newln = 0; /* # of consecutive newlns */ - - /* Read data while it comes in from the socket. */ - while (PR_TRUE) { - buffer->index = 0; - newln = 0; - - /* Read the buffer. */ - numBytes = PR_Read(sslSocket, &buffer->data[buffer->index], - buffer->remaining); - if (numBytes <= 0) { - errWarn("PR_Read"); - return SECFailure; - } - buffer->dataEnd = buffer->dataStart + numBytes; - - /* Parse the input, starting at the beginning of the buffer. - * Stop when we detect two consecutive \n's (or \r\n's) - * as this signifies the end of the GET or POST portion. - * The posted data follows. - */ - while (buffer->index < buffer->dataEnd && newln < 2) { - int octet = buffer->data[buffer->index++]; - if (octet == '\n') { - newln++; - } else if (octet != '\r') { - newln = 0; - } - } - - /* Came to the end of the buffer, or second newline. - * If we didn't get an empty line ("\r\n\r\n"), then keep on reading. - */ - if (newln < 2) - continue; - - /* we're at the end of the HTTP request. - * If the request is a POST, then there will be one more - * line of data. - * This parsing is a hack, but ok for SSL test purposes. - */ - post = PORT_Strstr(buffer->data, "POST "); - if (!post || *post != 'P') - break; - - /* It's a post, so look for the next and final CR/LF. */ - /* We should parse content length here, but ... */ - while (buffer->index < buffer->dataEnd && newln < 3) { - int octet = buffer->data[buffer->index++]; - if (octet == '\n') { - newln++; - } - } - - if (newln == 3) - break; - } - - /* Have either (a) a complete get, (b) a complete post, (c) EOF */ - - /* Execute a "GET " operation. */ - if (buffer->index > 0 && PORT_Strncmp(buffer->data, "GET ", 4) == 0) { - int fnLength; - - /* File name is the part after "GET ". */ - fnLength = strcspn(buffer->data + 5, " \r\n"); - *fileName = (char *)PORT_Alloc(fnLength + 1); - PORT_Strncpy(*fileName, buffer->data + 5, fnLength); - (*fileName)[fnLength] = '\0'; - } - - return SECSuccess; -} - -/* Function: authenticateSocket() - * - * Purpose: Configure a socket for SSL. - * - * - */ -PRFileDesc * -setupSSLSocket(PRFileDesc *tcpSocket, int requestCert) -{ - PRFileDesc *sslSocket; - SSLKEAType certKEA; - int certErr = 0; - SECStatus secStatus; - - /* Set the appropriate flags. */ - - sslSocket = SSL_ImportFD(NULL, tcpSocket); - if (sslSocket == NULL) { - errWarn("SSL_ImportFD"); - goto loser; - } - - secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet SSL_SECURITY"); - goto loser; - } - - secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_SERVER, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_SERVER"); - goto loser; - } - - secStatus = SSL_OptionSet(sslSocket, SSL_REQUEST_CERTIFICATE, - (requestCert >= REQUEST_CERT_ONCE)); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_REQUEST_CERTIFICATE"); - goto loser; - } - - secStatus = SSL_OptionSet(sslSocket, SSL_REQUIRE_CERTIFICATE, - (requestCert == REQUIRE_CERT_ONCE)); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_REQUIRE_CERTIFICATE"); - goto loser; - } - - /* Set the appropriate callback routines. */ - - secStatus = SSL_AuthCertificateHook(sslSocket, myAuthCertificate, - CERT_GetDefaultCertDB()); - if (secStatus != SECSuccess) { - errWarn("SSL_AuthCertificateHook"); - goto loser; - } - - secStatus = SSL_BadCertHook(sslSocket, - (SSLBadCertHandler)myBadCertHandler, &certErr); - if (secStatus != SECSuccess) { - errWarn("SSL_BadCertHook"); - goto loser; - } - - secStatus = SSL_HandshakeCallback(sslSocket, - myHandshakeCallback, - NULL); - if (secStatus != SECSuccess) { - errWarn("SSL_HandshakeCallback"); - goto loser; - } - - secStatus = SSL_SetPKCS11PinArg(sslSocket, password); - if (secStatus != SECSuccess) { - errWarn("SSL_HandshakeCallback"); - goto loser; - } - - certKEA = NSS_FindCertKEAType(cert); - - secStatus = SSL_ConfigSecureServer(sslSocket, cert, privKey, certKEA); - if (secStatus != SECSuccess) { - errWarn("SSL_ConfigSecureServer"); - goto loser; - } - - return sslSocket; - -loser: - - PR_Close(tcpSocket); - return NULL; -} - -/* Function: authenticateSocket() - * - * Purpose: Perform client authentication on the socket. - * - */ -SECStatus -authenticateSocket(PRFileDesc *sslSocket, PRBool requireCert) -{ - CERTCertificate *cert; - SECStatus secStatus; - - /* Returns NULL if client authentication is not enabled or if the - * client had no certificate. */ - cert = SSL_PeerCertificate(sslSocket); - if (cert) { - /* Client had a certificate, so authentication is through. */ - CERT_DestroyCertificate(cert); - return SECSuccess; - } - - /* Request client to authenticate itself. */ - secStatus = SSL_OptionSet(sslSocket, SSL_REQUEST_CERTIFICATE, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_REQUEST_CERTIFICATE"); - return SECFailure; - } - - /* If desired, require client to authenticate itself. Note - * SSL_REQUEST_CERTIFICATE must also be on, as above. */ - secStatus = SSL_OptionSet(sslSocket, SSL_REQUIRE_CERTIFICATE, requireCert); - if (secStatus != SECSuccess) { - errWarn("SSL_OptionSet:SSL_REQUIRE_CERTIFICATE"); - return SECFailure; - } - - /* Having changed socket configuration parameters, redo handshake. */ - secStatus = SSL_ReHandshake(sslSocket, PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_ReHandshake"); - return SECFailure; - } - - /* Force the handshake to complete before moving on. */ - secStatus = SSL_ForceHandshake(sslSocket); - if (secStatus != SECSuccess) { - errWarn("SSL_ForceHandshake"); - return SECFailure; - } - - return SECSuccess; -} - -/* Function: writeDataToSocket - * - * Purpose: Write the client's request back to the socket. If the client - * requested a file, dump it to the socket. - * - */ -SECStatus -writeDataToSocket(PRFileDesc *sslSocket, DataBuffer *buffer, char *fileName) -{ - int headerLength; - int numBytes; - char messageBuffer[120]; - PRFileDesc *local_file_fd = NULL; - char header[] = "

Sample SSL server



"; - char filehd[] = "

The file you requested:


"; - char reqhd[] = "

This is your request:


"; - char link[] = "Try getting a file
"; - char footer[] = "

End of request.


"; - - headerLength = PORT_Strlen(defaultHeader); - - /* Write a header to the socket. */ - numBytes = PR_Write(sslSocket, header, PORT_Strlen(header)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - - if (fileName) { - PRFileInfo info; - PRStatus prStatus; - - /* Try to open the local file named. - * If successful, then write it to the client. - */ - prStatus = PR_GetFileInfo(fileName, &info); - if (prStatus != PR_SUCCESS || - info.type != PR_FILE_FILE || - info.size < 0) { - PORT_Free(fileName); - /* Maybe a GET not sent from client.c? */ - goto writerequest; - } - - local_file_fd = PR_Open(fileName, PR_RDONLY, 0); - if (local_file_fd == NULL) { - PORT_Free(fileName); - goto writerequest; - } - - /* Write a header to the socket. */ - numBytes = PR_Write(sslSocket, filehd, PORT_Strlen(filehd)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - - /* Transmit the local file prepended by the default header - * across the socket. - */ - numBytes = PR_TransmitFile(sslSocket, local_file_fd, - defaultHeader, headerLength, - PR_TRANSMITFILE_KEEP_OPEN, - PR_INTERVAL_NO_TIMEOUT); - - /* Error in transmission. */ - if (numBytes < 0) { - errWarn("PR_TransmitFile"); - /* - i = PORT_Strlen(errString); - PORT_Memcpy(buf, errString, i); - */ - /* Transmitted bytes successfully. */ - } else { - numBytes -= headerLength; - fprintf(stderr, "PR_TransmitFile wrote %d bytes from %s\n", - numBytes, fileName); - } - - PORT_Free(fileName); - PR_Close(local_file_fd); - } - -writerequest: - - /* Write a header to the socket. */ - numBytes = PR_Write(sslSocket, reqhd, PORT_Strlen(reqhd)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - - /* Write the buffer data to the socket. */ - if (buffer->index <= 0) { - /* Reached the EOF. Report incomplete transaction to socket. */ - PORT_Sprintf(messageBuffer, - "GET or POST incomplete after %d bytes.\r\n", - buffer->dataEnd); - numBytes = PR_Write(sslSocket, messageBuffer, - PORT_Strlen(messageBuffer)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - } else { - /* Display the buffer data. */ - fwrite(buffer->data, 1, buffer->index, stdout); - /* Write the buffer data to the socket. */ - numBytes = PR_Write(sslSocket, buffer->data, buffer->index); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - /* Display security information for the socket. */ - printSecurityInfo(sslSocket); - /* Write any discarded data out to the socket. */ - if (buffer->index < buffer->dataEnd) { - PORT_Sprintf(buffer->data, "Discarded %d characters.\r\n", - buffer->dataEnd - buffer->index); - numBytes = PR_Write(sslSocket, buffer->data, - PORT_Strlen(buffer->data)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - } - } - - /* Write a footer to the socket. */ - numBytes = PR_Write(sslSocket, footer, PORT_Strlen(footer)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - - /* Write a link to the socket. */ - numBytes = PR_Write(sslSocket, link, PORT_Strlen(link)); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - - /* Complete the HTTP transaction. */ - numBytes = PR_Write(sslSocket, "EOF\r\n\r\n\r\n", 9); - if (numBytes < 0) { - errWarn("PR_Write"); - goto loser; - } - - /* Do a nice shutdown if asked. */ - if (!strncmp(buffer->data, stopCmd, strlen(stopCmd))) { - stopping = 1; - } - return SECSuccess; - -loser: - - /* Do a nice shutdown if asked. */ - if (!strncmp(buffer->data, stopCmd, strlen(stopCmd))) { - stopping = 1; - } - return SECFailure; -} - -/* Function: int handle_connection() - * - * Purpose: Thread to handle a connection to a socket. - * - */ -SECStatus -handle_connection(void *tcp_sock, int requestCert) -{ - PRFileDesc * tcpSocket = (PRFileDesc *)tcp_sock; - PRFileDesc * sslSocket = NULL; - SECStatus secStatus = SECFailure; - PRStatus prStatus; - PRSocketOptionData socketOption; - DataBuffer buffer; - char * fileName = NULL; - - /* Initialize the data buffer. */ - memset(buffer.data, 0, BUFFER_SIZE); - buffer.remaining = BUFFER_SIZE; - buffer.index = 0; - buffer.dataStart = 0; - buffer.dataEnd = 0; - - /* Make sure the socket is blocking. */ - socketOption.option = PR_SockOpt_Nonblocking; - socketOption.value.non_blocking = PR_FALSE; - PR_SetSocketOption(tcpSocket, &socketOption); - - sslSocket = setupSSLSocket(tcpSocket, requestCert); - if (sslSocket == NULL) { - errWarn("setupSSLSocket"); - goto cleanup; - } - - secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_TRUE); - if (secStatus != SECSuccess) { - errWarn("SSL_ResetHandshake"); - goto cleanup; - } - - /* Read data from the socket, parse it for HTTP content. - * If the user is requesting/requiring authentication, authenticate - * the socket. Then write the result back to the socket. */ - fprintf(stdout, "\nReading data from socket...\n\n"); - secStatus = readDataFromSocket(sslSocket, &buffer, &fileName); - if (secStatus != SECSuccess) { - goto cleanup; - } - if (requestCert >= REQUEST_CERT_ALL) { - fprintf(stdout, "\nAuthentication requested.\n\n"); - secStatus = authenticateSocket(sslSocket, - (requestCert == REQUIRE_CERT_ALL)); - if (secStatus != SECSuccess) { - goto cleanup; - } - } - - fprintf(stdout, "\nWriting data to socket...\n\n"); - secStatus = writeDataToSocket(sslSocket, &buffer, fileName); - -cleanup: - - /* Close down the socket. */ - prStatus = PR_Close(tcpSocket); - if (prStatus != PR_SUCCESS) { - errWarn("PR_Close"); - } - - return secStatus; -} - -/* Function: int accept_connection() - * - * Purpose: Thread to accept a connection to the socket. - * - */ -SECStatus -accept_connection(void *listener, int requestCert) -{ - PRFileDesc *listenSocket = (PRFileDesc*)listener; - PRNetAddr addr; - PRStatus prStatus; - - /* XXX need an SSL socket here? */ - while (!stopping) { - PRFileDesc *tcpSocket; - SECStatus result; - - fprintf(stderr, "\n\n\nAbout to call accept.\n"); - - /* Accept a connection to the socket. */ - tcpSocket = PR_Accept(listenSocket, &addr, PR_INTERVAL_NO_TIMEOUT); - if (tcpSocket == NULL) { - errWarn("PR_Accept"); - break; - } - - /* Accepted the connection, now handle it. */ - result = launch_thread(&threadMGR, handle_connection, - tcpSocket, requestCert); - - if (result != SECSuccess) { - prStatus = PR_Close(tcpSocket); - if (prStatus != PR_SUCCESS) { - exitErr("PR_Close"); - } - break; - } - } - - fprintf(stderr, "Closing listen socket.\n"); - - prStatus = PR_Close(listenSocket); - if (prStatus != PR_SUCCESS) { - exitErr("PR_Close"); - } - return SECSuccess; -} - -/* Function: void server_main() - * - * Purpose: This is the server's main function. It configures a socket - * and listens to it. - * - */ -void -server_main( - unsigned short port, - int requestCert, - SECKEYPrivateKey * privKey, - CERTCertificate * cert, - PRBool disableSSL3) -{ - SECStatus secStatus; - PRStatus prStatus; - PRFileDesc * listenSocket; - PRNetAddr addr; - PRSocketOptionData socketOption; - - /* Create a new socket. */ - listenSocket = PR_NewTCPSocket(); - if (listenSocket == NULL) { - exitErr("PR_NewTCPSocket"); - } - - /* Set socket to be blocking - - * on some platforms the default is nonblocking. - */ - socketOption.option = PR_SockOpt_Nonblocking; - socketOption.value.non_blocking = PR_FALSE; - - prStatus = PR_SetSocketOption(listenSocket, &socketOption); - if (prStatus != PR_SUCCESS) { - exitErr("PR_SetSocketOption"); - } - - /* This cipher is not on by default. The Acceptance test - * would like it to be. Turn this cipher on. - */ - secStatus = SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE); - if (secStatus != SECSuccess) { - exitErr("SSL_CipherPrefSetDefault:SSL_RSA_WITH_NULL_MD5"); - } - - /* Configure the network connection. */ - addr.inet.family = PR_AF_INET; - addr.inet.ip = PR_INADDR_ANY; - addr.inet.port = PR_htons(port); - - /* Bind the address to the listener socket. */ - prStatus = PR_Bind(listenSocket, &addr); - if (prStatus != PR_SUCCESS) { - exitErr("PR_Bind"); - } - - /* Listen for connection on the socket. The second argument is - * the maximum size of the queue for pending connections. - */ - prStatus = PR_Listen(listenSocket, 5); - if (prStatus != PR_SUCCESS) { - exitErr("PR_Listen"); - } - - /* Launch thread to handle connections to the socket. */ - secStatus = launch_thread(&threadMGR, accept_connection, - listenSocket, requestCert); - if (secStatus != SECSuccess) { - PR_Close(listenSocket); - } else { - reap_threads(&threadMGR); - destroy_thread_data(&threadMGR); - } -} - -/* Function: int main() - * - * Purpose: Parses command arguments and configures SSL server. - * - */ -int -main(int argc, char **argv) -{ - char * progName = NULL; - char * nickName = NULL; - char * cipherString = NULL; - char * dir = "."; - int requestCert = 0; - unsigned short port = 0; - SECStatus secStatus; - PRBool disableSSL3 = PR_FALSE; - PLOptState * optstate; - PLOptStatus status; - - /* Zero out the thread manager. */ - PORT_Memset(&threadMGR, 0, sizeof(threadMGR)); - - progName = PL_strdup(argv[0]); - - optstate = PL_CreateOptState(argc, argv, "3FRc:d:fp:n:rw:"); - while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { - switch(optstate->option) { - case '3': disableSSL3 = PR_TRUE; break; - case 'F': requestCert = REQUIRE_CERT_ALL; break; - case 'R': requestCert = REQUEST_CERT_ALL; break; - case 'c': cipherString = PL_strdup(optstate->value); break; - case 'd': dir = PL_strdup(optstate->value); break; - case 'f': requestCert = REQUIRE_CERT_ONCE; break; - case 'n': nickName = PL_strdup(optstate->value); break; - case 'p': port = PORT_Atoi(optstate->value); break; - case 'r': requestCert = REQUEST_CERT_ONCE; break; - case 'w': password = PL_strdup(optstate->value); break; - default: - case '?': Usage(progName); - } - } - - if (nickName == NULL || port == 0) - Usage(progName); - - /* Call the NSPR initialization routines. */ - PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - - /* Set the cert database password callback. */ - PK11_SetPasswordFunc(myPasswd); - - /* Initialize NSS. */ - secStatus = NSS_Init(dir); - if (secStatus != SECSuccess) { - exitErr("NSS_Init"); - } - - /* Set the policy for this server (REQUIRED - no default). */ - secStatus = NSS_SetDomesticPolicy(); - if (secStatus != SECSuccess) { - exitErr("NSS_SetDomesticPolicy"); - } - - /* XXX keep this? */ - /* all the SSL2 and SSL3 cipher suites are enabled by default. */ - if (cipherString) { - int ndx; - - /* disable all the ciphers, then enable the ones we want. */ - disableAllSSLCiphers(); - - while (0 != (ndx = *cipherString++)) { - int *cptr; - int cipher; - - if (! isalpha(ndx)) - Usage(progName); - cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites; - for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) - /* do nothing */; - if (cipher) { - SECStatus status; - status = SSL_CipherPrefSetDefault(cipher, PR_TRUE); - if (status != SECSuccess) - errWarn("SSL_CipherPrefSetDefault()"); - } - } - } - - /* Get own certificate and private key. */ - cert = PK11_FindCertFromNickname(nickName, password); - if (cert == NULL) { - exitErr("PK11_FindCertFromNickname"); - } - - privKey = PK11_FindKeyByAnyCert(cert, password); - if (privKey == NULL) { - exitErr("PK11_FindKeyByAnyCert"); - } - - /* Configure the server's cache for a multi-process application - * using default timeout values (24 hrs) and directory location (/tmp). - */ - SSL_ConfigMPServerSIDCache(256, 0, 0, NULL); - - /* Launch server. */ - server_main(port, requestCert, privKey, cert, disableSSL3); - - /* Shutdown NSS and exit NSPR gracefully. */ - if (NSS_Shutdown() != SECSuccess) { - exit(1); - } - PR_Cleanup(); - return 0; -} diff --git a/security/nss/cmd/SSLsample/server.mn b/security/nss/cmd/SSLsample/server.mn deleted file mode 100644 index 2c29b587b208b..0000000000000 --- a/security/nss/cmd/SSLsample/server.mn +++ /dev/null @@ -1,48 +0,0 @@ -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - -CORE_DEPTH = ../../.. - -MODULE = nss - -EXPORTS = - -CSRCS = server.c \ - sslsample.c \ - $(NULL) - -PROGRAM = server - diff --git a/security/nss/cmd/SSLsample/sslerror.h b/security/nss/cmd/SSLsample/sslerror.h deleted file mode 100644 index aa64dc4d65472..0000000000000 --- a/security/nss/cmd/SSLsample/sslerror.h +++ /dev/null @@ -1,113 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include -#include -#include "nspr.h" - -struct tuple_str { - PRErrorCode errNum; - const char * errString; -}; - -typedef struct tuple_str tuple_str; - -#define ER2(a,b) {a, b}, -#define ER3(a,b,c) {a, c}, - -#include "secerr.h" -#include "sslerr.h" - -const tuple_str errStrings[] = { - -/* keep this list in asceding order of error numbers */ -#include "SSLerrs.h" -#include "SECerrs.h" -#include "NSPRerrs.h" - -}; - -const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str); - -/* Returns a UTF-8 encoded constant error string for "errNum". - * Returns NULL of errNum is unknown. - */ -const char * -SSL_Strerror(PRErrorCode errNum) { - PRInt32 low = 0; - PRInt32 high = numStrings - 1; - PRInt32 i; - PRErrorCode num; - static int initDone; - - /* make sure table is in ascending order. - * binary search depends on it. - */ - if (!initDone) { - PRErrorCode lastNum = (PRInt32)0x80000000; - for (i = low; i <= high; ++i) { - num = errStrings[i].errNum; - if (num <= lastNum) { - fprintf(stderr, -"sequence error in error strings at item %d\n" -"error %d (%s)\n" -"should come after \n" -"error %d (%s)\n", - i, lastNum, errStrings[i-1].errString, - num, errStrings[i].errString); - } - lastNum = num; - } - initDone = 1; - } - - /* Do binary search of table. */ - while (low + 1 < high) { - i = (low + high) / 2; - num = errStrings[i].errNum; - if (errNum == num) - return errStrings[i].errString; - if (errNum < num) - high = i; - else - low = i; - } - if (errNum == errStrings[low].errNum) - return errStrings[low].errString; - if (errNum == errStrings[high].errNum) - return errStrings[high].errString; - return NULL; -} diff --git a/security/nss/cmd/SSLsample/sslsample.c b/security/nss/cmd/SSLsample/sslsample.c deleted file mode 100644 index ebe714981b3f9..0000000000000 --- a/security/nss/cmd/SSLsample/sslsample.c +++ /dev/null @@ -1,593 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include "sslsample.h" -#include "sslerror.h" - -/* Declare SSL cipher suites. */ - -int ssl2CipherSuites[] = { - SSL_EN_RC4_128_WITH_MD5, /* A */ - SSL_EN_RC4_128_EXPORT40_WITH_MD5, /* B */ - SSL_EN_RC2_128_CBC_WITH_MD5, /* C */ - SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */ - SSL_EN_DES_64_CBC_WITH_MD5, /* E */ - SSL_EN_DES_192_EDE3_CBC_WITH_MD5, /* F */ - 0 -}; - -int ssl3CipherSuites[] = { - -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA a */ - -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA * b */ - SSL_RSA_WITH_RC4_128_MD5, /* c */ - SSL_RSA_WITH_3DES_EDE_CBC_SHA, /* d */ - SSL_RSA_WITH_DES_CBC_SHA, /* e */ - SSL_RSA_EXPORT_WITH_RC4_40_MD5, /* f */ - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */ - -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */ - SSL_RSA_WITH_NULL_MD5, /* i */ - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */ - SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */ - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ - 0 -}; - -/************************************************************************** -** -** SSL callback routines. -** -**************************************************************************/ - -/* Function: char * myPasswd() - * - * Purpose: This function is our custom password handler that is called by - * SSL when retreiving private certs and keys from the database. Returns a - * pointer to a string that with a password for the database. Password pointer - * should point to dynamically allocated memory that will be freed later. - */ -char * -myPasswd(PK11SlotInfo *info, PRBool retry, void *arg) -{ - char * passwd = NULL; - - if ( (!retry) && arg ) { - passwd = PORT_Strdup((char *)arg); - } - - return passwd; -} - -/* Function: SECStatus myAuthCertificate() - * - * Purpose: This function is our custom certificate authentication handler. - * - * Note: This implementation is essentially the same as the default - * SSL_AuthCertificate(). - */ -SECStatus -myAuthCertificate(void *arg, PRFileDesc *socket, - PRBool checksig, PRBool isServer) -{ - - SECCertUsage certUsage; - CERTCertificate * cert; - void * pinArg; - char * hostName; - SECStatus secStatus; - - if (!arg || !socket) { - errWarn("myAuthCertificate"); - return SECFailure; - } - - /* Define how the cert is being used based upon the isServer flag. */ - - certUsage = isServer ? certUsageSSLClient : certUsageSSLServer; - - cert = SSL_PeerCertificate(socket); - - pinArg = SSL_RevealPinArg(socket); - - secStatus = CERT_VerifyCertNow((CERTCertDBHandle *)arg, - cert, - checksig, - certUsage, - pinArg); - - /* If this is a server, we're finished. */ - if (isServer || secStatus != SECSuccess) { - CERT_DestroyCertificate(cert); - return secStatus; - } - - /* Certificate is OK. Since this is the client side of an SSL - * connection, we need to verify that the name field in the cert - * matches the desired hostname. This is our defense against - * man-in-the-middle attacks. - */ - - /* SSL_RevealURL returns a hostName, not an URL. */ - hostName = SSL_RevealURL(socket); - - if (hostName && hostName[0]) { - secStatus = CERT_VerifyCertName(cert, hostName); - } else { - PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0); - secStatus = SECFailure; - } - - if (hostName) - PR_Free(hostName); - - CERT_DestroyCertificate(cert); - return secStatus; -} - -/* Function: SECStatus myBadCertHandler() - * - * Purpose: This callback is called when the incoming certificate is not - * valid. We define a certain set of parameters that still cause the - * certificate to be "valid" for this session, and return SECSuccess to cause - * the server to continue processing the request when any of these conditions - * are met. Otherwise, SECFailure is return and the server rejects the - * request. - */ -SECStatus -myBadCertHandler(void *arg, PRFileDesc *socket) -{ - - SECStatus secStatus = SECFailure; - PRErrorCode err; - - /* log invalid cert here */ - - if (!arg) { - return secStatus; - } - - *(PRErrorCode *)arg = err = PORT_GetError(); - - /* If any of the cases in the switch are met, then we will proceed */ - /* with the processing of the request anyway. Otherwise, the default */ - /* case will be reached and we will reject the request. */ - - switch (err) { - case SEC_ERROR_INVALID_AVA: - case SEC_ERROR_INVALID_TIME: - case SEC_ERROR_BAD_SIGNATURE: - case SEC_ERROR_EXPIRED_CERTIFICATE: - case SEC_ERROR_UNKNOWN_ISSUER: - case SEC_ERROR_UNTRUSTED_CERT: - case SEC_ERROR_CERT_VALID: - case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: - case SEC_ERROR_CRL_EXPIRED: - case SEC_ERROR_CRL_BAD_SIGNATURE: - case SEC_ERROR_EXTENSION_VALUE_INVALID: - case SEC_ERROR_CA_CERT_INVALID: - case SEC_ERROR_CERT_USAGES_INVALID: - case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION: - secStatus = SECSuccess; - break; - default: - secStatus = SECFailure; - break; - } - - printf("Bad certificate: %d, %s\n", err, SSL_Strerror(err)); - - return secStatus; -} - -/* Function: SECStatus ownGetClientAuthData() - * - * Purpose: This callback is used by SSL to pull client certificate - * information upon server request. - */ -SECStatus -myGetClientAuthData(void *arg, - PRFileDesc *socket, - struct CERTDistNamesStr *caNames, - struct CERTCertificateStr **pRetCert, - struct SECKEYPrivateKeyStr **pRetKey) -{ - - CERTCertificate * cert; - SECKEYPrivateKey * privKey; - char * chosenNickName = (char *)arg; - void * proto_win = NULL; - SECStatus secStatus = SECFailure; - - proto_win = SSL_RevealPinArg(socket); - - if (chosenNickName) { - cert = PK11_FindCertFromNickname(chosenNickName, proto_win); - if (cert) { - privKey = PK11_FindKeyByAnyCert(cert, proto_win); - if (privKey) { - secStatus = SECSuccess; - } else { - CERT_DestroyCertificate(cert); - } - } - } else { /* no nickname given, automatically find the right cert */ - CERTCertNicknames *names; - int i; - - names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(), - SEC_CERT_NICKNAMES_USER, proto_win); - - if (names != NULL) { - for(i = 0; i < names->numnicknames; i++ ) { - - cert = PK11_FindCertFromNickname(names->nicknames[i], - proto_win); - if (!cert) { - continue; - } - - /* Only check unexpired certs */ - if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE) - != secCertTimeValid ) { - CERT_DestroyCertificate(cert); - continue; - } - - secStatus = NSS_CmpCertChainWCANames(cert, caNames); - if (secStatus == SECSuccess) { - privKey = PK11_FindKeyByAnyCert(cert, proto_win); - if (privKey) { - break; - } - secStatus = SECFailure; - break; - } - } /* for loop */ - CERT_FreeNicknames(names); - } - } - - if (secStatus == SECSuccess) { - *pRetCert = cert; - *pRetKey = privKey; - } - - return secStatus; -} - -/* Function: SECStatus myHandshakeCallback() - * - * Purpose: Called by SSL to inform application that the handshake is - * complete. This function is mostly used on the server side of an SSL - * connection, although it is provided for a client as well. - * Useful when a non-blocking SSL_ReHandshake or SSL_ResetHandshake - * is used to initiate a handshake. - * - * A typical scenario would be: - * - * 1. Server accepts an SSL connection from the client without client auth. - * 2. Client sends a request. - * 3. Server determines that to service request it needs to authenticate the - * client and initiates another handshake requesting client auth. - * 4. While handshake is in progress, server can do other work or spin waiting - * for the handshake to complete. - * 5. Server is notified that handshake has been successfully completed by - * the custom handshake callback function and it can service the client's - * request. - * - * Note: This function is not implemented in this sample, as we are using - * blocking sockets. - */ -void -myHandshakeCallback(PRFileDesc *socket, void *arg) -{ - printf("Handshake has completed, ready to send data securely.\n"); -} - - -/************************************************************************** -** -** Routines for disabling SSL ciphers. -** -**************************************************************************/ - -void -disableAllSSLCiphers(void) -{ - const PRUint16 *cipherSuites = SSL_ImplementedCiphers; - int i = SSL_NumImplementedCiphers; - SECStatus rv; - - /* disable all the SSL3 cipher suites */ - while (--i >= 0) { - PRUint16 suite = cipherSuites[i]; - rv = SSL_CipherPrefSetDefault(suite, PR_FALSE); - if (rv != SECSuccess) { - printf("SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n", - suite, i); - errWarn("SSL_CipherPrefSetDefault"); - exit(2); - } - } -} - -/************************************************************************** -** -** Error and information routines. -** -**************************************************************************/ - -void -errWarn(char *function) -{ - PRErrorCode errorNumber = PR_GetError(); - const char * errorString = SSL_Strerror(errorNumber); - - printf("Error in function %s: %d\n - %s\n", - function, errorNumber, errorString); -} - -void -exitErr(char *function) -{ - errWarn(function); - /* Exit gracefully. */ - /* ignoring return value of NSS_Shutdown as code exits with 1*/ - (void) NSS_Shutdown(); - PR_Cleanup(); - exit(1); -} - -void -printSecurityInfo(PRFileDesc *fd) -{ - char * cp; /* bulk cipher name */ - char * ip; /* cert issuer DN */ - char * sp; /* cert subject DN */ - int op; /* High, Low, Off */ - int kp0; /* total key bits */ - int kp1; /* secret key bits */ - int result; - SSL3Statistics * ssl3stats = SSL_GetStatistics(); - - result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp); - if (result != SECSuccess) - return; - printf("bulk cipher %s, %d secret key bits, %d key bits, status: %d\n" - "subject DN: %s\n" - "issuer DN: %s\n", cp, kp1, kp0, op, sp, ip); - PR_Free(cp); - PR_Free(ip); - PR_Free(sp); - - printf("%ld cache hits; %ld cache misses, %ld cache not reusable\n", - ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses, - ssl3stats->hch_sid_cache_not_ok); - -} - - -/************************************************************************** -** Begin thread management routines and data. -**************************************************************************/ - -void -thread_wrapper(void * arg) -{ - GlobalThreadMgr *threadMGR = (GlobalThreadMgr *)arg; - perThread *slot = &threadMGR->threads[threadMGR->index]; - - /* wait for parent to finish launching us before proceeding. */ - PR_Lock(threadMGR->threadLock); - PR_Unlock(threadMGR->threadLock); - - slot->rv = (* slot->startFunc)(slot->a, slot->b); - - PR_Lock(threadMGR->threadLock); - slot->running = rs_zombie; - - /* notify the thread exit handler. */ - PR_NotifyCondVar(threadMGR->threadEndQ); - - PR_Unlock(threadMGR->threadLock); -} - -SECStatus -launch_thread(GlobalThreadMgr *threadMGR, - startFn *startFunc, - void *a, - int b) -{ - perThread *slot; - int i; - - if (!threadMGR->threadStartQ) { - threadMGR->threadLock = PR_NewLock(); - threadMGR->threadStartQ = PR_NewCondVar(threadMGR->threadLock); - threadMGR->threadEndQ = PR_NewCondVar(threadMGR->threadLock); - } - PR_Lock(threadMGR->threadLock); - while (threadMGR->numRunning >= MAX_THREADS) { - PR_WaitCondVar(threadMGR->threadStartQ, PR_INTERVAL_NO_TIMEOUT); - } - for (i = 0; i < threadMGR->numUsed; ++i) { - slot = &threadMGR->threads[i]; - if (slot->running == rs_idle) - break; - } - if (i >= threadMGR->numUsed) { - if (i >= MAX_THREADS) { - /* something's really wrong here. */ - PORT_Assert(i < MAX_THREADS); - PR_Unlock(threadMGR->threadLock); - return SECFailure; - } - ++(threadMGR->numUsed); - PORT_Assert(threadMGR->numUsed == i + 1); - slot = &threadMGR->threads[i]; - } - - slot->a = a; - slot->b = b; - slot->startFunc = startFunc; - - threadMGR->index = i; - - slot->prThread = PR_CreateThread(PR_USER_THREAD, - thread_wrapper, threadMGR, - PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, - PR_JOINABLE_THREAD, 0); - - if (slot->prThread == NULL) { - PR_Unlock(threadMGR->threadLock); - printf("Failed to launch thread!\n"); - return SECFailure; - } - - slot->inUse = 1; - slot->running = 1; - ++(threadMGR->numRunning); - PR_Unlock(threadMGR->threadLock); - printf("Launched thread in slot %d \n", threadMGR->index); - - return SECSuccess; -} - -SECStatus -reap_threads(GlobalThreadMgr *threadMGR) -{ - perThread * slot; - int i; - - if (!threadMGR->threadLock) - return 0; - PR_Lock(threadMGR->threadLock); - while (threadMGR->numRunning > 0) { - PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT); - for (i = 0; i < threadMGR->numUsed; ++i) { - slot = &threadMGR->threads[i]; - if (slot->running == rs_zombie) { - /* Handle cleanup of thread here. */ - printf("Thread in slot %d returned %d\n", i, slot->rv); - - /* Now make sure the thread has ended OK. */ - PR_JoinThread(slot->prThread); - slot->running = rs_idle; - --threadMGR->numRunning; - - /* notify the thread launcher. */ - PR_NotifyCondVar(threadMGR->threadStartQ); - } - } - } - - /* Safety Sam sez: make sure count is right. */ - for (i = 0; i < threadMGR->numUsed; ++i) { - slot = &threadMGR->threads[i]; - if (slot->running != rs_idle) { - fprintf(stderr, "Thread in slot %d is in state %d!\n", - i, slot->running); - } - } - PR_Unlock(threadMGR->threadLock); - return 0; -} - -void -destroy_thread_data(GlobalThreadMgr *threadMGR) -{ - PORT_Memset(threadMGR->threads, 0, sizeof(threadMGR->threads)); - - if (threadMGR->threadEndQ) { - PR_DestroyCondVar(threadMGR->threadEndQ); - threadMGR->threadEndQ = NULL; - } - if (threadMGR->threadStartQ) { - PR_DestroyCondVar(threadMGR->threadStartQ); - threadMGR->threadStartQ = NULL; - } - if (threadMGR->threadLock) { - PR_DestroyLock(threadMGR->threadLock); - threadMGR->threadLock = NULL; - } -} - -/************************************************************************** -** End thread management routines. -**************************************************************************/ - -void -lockedVars_Init( lockedVars * lv) -{ - lv->count = 0; - lv->waiters = 0; - lv->lock = PR_NewLock(); - lv->condVar = PR_NewCondVar(lv->lock); -} - -void -lockedVars_Destroy( lockedVars * lv) -{ - PR_DestroyCondVar(lv->condVar); - lv->condVar = NULL; - - PR_DestroyLock(lv->lock); - lv->lock = NULL; -} - -void -lockedVars_WaitForDone(lockedVars * lv) -{ - PR_Lock(lv->lock); - while (lv->count > 0) { - PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT); - } - PR_Unlock(lv->lock); -} - -int /* returns count */ -lockedVars_AddToCount(lockedVars * lv, int addend) -{ - int rv; - - PR_Lock(lv->lock); - rv = lv->count += addend; - if (rv <= 0) { - PR_NotifyCondVar(lv->condVar); - } - PR_Unlock(lv->lock); - return rv; -} diff --git a/security/nss/cmd/SSLsample/sslsample.h b/security/nss/cmd/SSLsample/sslsample.h deleted file mode 100644 index 2146aacb92421..0000000000000 --- a/security/nss/cmd/SSLsample/sslsample.h +++ /dev/null @@ -1,180 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#ifndef SSLSAMPLE_H -#define SSLSAMPLE_H - -/* Generic header files */ - -#include -#include - -/* NSPR header files */ - -#include "nspr.h" -#include "prerror.h" -#include "prnetdb.h" - -/* NSS header files */ - -#include "pk11func.h" -#include "secitem.h" -#include "ssl.h" -#include "certt.h" -#include "nss.h" -#include "secder.h" -#include "key.h" -#include "sslproto.h" - -/* Custom header files */ - -/* -#include "sslerror.h" -*/ - -#define BUFFER_SIZE 10240 - -/* Declare SSL cipher suites. */ - -extern int cipherSuites[]; -extern int ssl2CipherSuites[]; -extern int ssl3CipherSuites[]; - -/* Data buffer read from a socket. */ -typedef struct DataBufferStr { - char data[BUFFER_SIZE]; - int index; - int remaining; - int dataStart; - int dataEnd; -} DataBuffer; - -/* SSL callback routines. */ - -char * myPasswd(PK11SlotInfo *info, PRBool retry, void *arg); - -SECStatus myAuthCertificate(void *arg, PRFileDesc *socket, - PRBool checksig, PRBool isServer); - -SECStatus myBadCertHandler(void *arg, PRFileDesc *socket); - -void myHandshakeCallback(PRFileDesc *socket, void *arg); - -SECStatus myGetClientAuthData(void *arg, PRFileDesc *socket, - struct CERTDistNamesStr *caNames, - struct CERTCertificateStr **pRetCert, - struct SECKEYPrivateKeyStr **pRetKey); - -/* Disable all v2/v3 SSL ciphers. */ - -void disableAllSSLCiphers(void); - - -/* Error and information utilities. */ - -void errWarn(char *function); - -void exitErr(char *function); - -void printSecurityInfo(PRFileDesc *fd); - -/* Some simple thread management routines. */ - -#define MAX_THREADS 32 - -typedef SECStatus startFn(void *a, int b); - -typedef enum { rs_idle = 0, rs_running = 1, rs_zombie = 2 } runState; - -typedef struct perThreadStr { - PRFileDesc *a; - int b; - int rv; - startFn *startFunc; - PRThread *prThread; - PRBool inUse; - runState running; -} perThread; - -typedef struct GlobalThreadMgrStr { - PRLock *threadLock; - PRCondVar *threadStartQ; - PRCondVar *threadEndQ; - perThread threads[MAX_THREADS]; - int index; - int numUsed; - int numRunning; -} GlobalThreadMgr; - -void thread_wrapper(void * arg); - -SECStatus launch_thread(GlobalThreadMgr *threadMGR, - startFn *startFunc, void *a, int b); - -SECStatus reap_threads(GlobalThreadMgr *threadMGR); - -void destroy_thread_data(GlobalThreadMgr *threadMGR); - -/* Management of locked variables. */ - -struct lockedVarsStr { - PRLock * lock; - int count; - int waiters; - PRCondVar * condVar; -}; - -typedef struct lockedVarsStr lockedVars; - -void lockedVars_Init(lockedVars *lv); - -void lockedVars_Destroy(lockedVars *lv); - -void lockedVars_WaitForDone(lockedVars *lv); - -int lockedVars_AddToCount(lockedVars *lv, int addend); - -/* Buffer stuff. */ - -static const char stopCmd[] = { "GET /stop " }; -static const char defaultHeader[] = { - "HTTP/1.0 200 OK\r\n" - "Server: SSL sample server\r\n" - "Content-type: text/plain\r\n" - "\r\n" -}; - -#endif diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index abd655a63eb62..6ae740d50e11f 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -537,7 +537,7 @@ ListCerts(CERTCertDBHandle *handle, char *nickname, PK11SlotInfo *slot, { SECStatus rv; - if (!ascii && !raw) { + if (!ascii && !raw && !nickname) { PR_fprintf(outfile, "\n%-60s %-5s\n%-60s %-5s\n\n", "Certificate Nickname", "Trust Attributes", "", "SSL,S/MIME,JAR/XPI"); @@ -2207,7 +2207,7 @@ certutil_main(int argc, char **argv, PRBool initialize) /* If making a cert request, need a subject. */ if ((certutil.commands[cmd_CertReq].activated || certutil.commands[cmd_CreateAndAddCert].activated) && - !certutil.options[opt_Subject].activated) { + !(certutil.options[opt_Subject].activated || keysource)) { PR_fprintf(PR_STDERR, "%s -%c: subject is required to create a cert request.\n", progName, commandToRun); @@ -2626,14 +2626,28 @@ certutil_main(int argc, char **argv, PRBool initialize) privkey = PK11_FindKeyByDERCert(slot, keycert, &pwdata); if (privkey) pubkey = CERT_ExtractPublicKey(keycert); - CERT_DestroyCertificate(keycert); if (!pubkey) { SECU_PrintError(progName, "Could not get keys from cert %s", keysource); rv = SECFailure; + CERT_DestroyCertificate(keycert); goto shutdown; } keytype = privkey->keyType; + /* On CertReq for renewal if no subject has been + * specified obtain it from the certificate. + */ + if (certutil.commands[cmd_CertReq].activated && !subject) { + subject = CERT_AsciiToName(keycert->subjectName); + if (!subject) { + SECU_PrintError(progName, + "Could not get subject from certificate %s", keysource); + CERT_DestroyCertificate(keycert); + rv = SECFailure; + goto shutdown; + } + } + CERT_DestroyCertificate(keycert); } else { privkey = CERTUTIL_GeneratePrivateKey(keytype, slot, keysize, diff --git a/security/nss/cmd/crlutil/crlutil.c b/security/nss/cmd/crlutil/crlutil.c index b5220b497a34f..a1b57bf6427f6 100644 --- a/security/nss/cmd/crlutil/crlutil.c +++ b/security/nss/cmd/crlutil/crlutil.c @@ -254,7 +254,7 @@ SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type, SECItem crlDER; PK11SlotInfo* slot = NULL; int rv; -#if defined(DEBUG_jpierre) +#if defined(DEBUG_jp96085) PRIntervalTime starttime, endtime, elapsed; PRUint32 mins, secs, msecs; #endif @@ -273,12 +273,12 @@ SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type, slot = PK11_GetInternalKeySlot(); -#if defined(DEBUG_jpierre) +#if defined(DEBUG_jp96085) starttime = PR_IntervalNow(); #endif crl = PK11_ImportCRL(slot, &crlDER, url, type, NULL, importOptions, NULL, decodeOptions); -#if defined(DEBUG_jpierre) +#if defined(DEBUG_jp96085) endtime = PR_IntervalNow(); elapsed = endtime - starttime; mins = PR_IntervalToSeconds(elapsed) / 60; diff --git a/security/nss/cmd/lib/SECerrs.h b/security/nss/cmd/lib/SECerrs.h index 3a26c9cb5aebd..de81429b43122 100644 --- a/security/nss/cmd/lib/SECerrs.h +++ b/security/nss/cmd/lib/SECerrs.h @@ -546,3 +546,12 @@ ER3(SEC_ERROR_BAD_INFO_ACCESS_LOCATION, (SEC_ERROR_BASE + 165), ER3(SEC_ERROR_LIBPKIX_INTERNAL, (SEC_ERROR_BASE + 166), "Libpkix internal error occured during cert validation.") + +ER3(SEC_ERROR_PKCS11_GENERAL_ERROR, (SEC_ERROR_BASE + 167), +"A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an unrecoverable error has occurred.") + +ER3(SEC_ERROR_PKCS11_FUNCTION_FAILED, (SEC_ERROR_BASE + 168), +"A PKCS #11 module returned CKR_FUNCTION_FAILED, indicating that the requested function could not be performed. Trying the same operation again might succeed.") + +ER3(SEC_ERROR_PKCS11_DEVICE_ERROR, (SEC_ERROR_BASE + 169), +"A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot.") diff --git a/security/nss/cmd/lib/ffs.c b/security/nss/cmd/lib/ffs.c index d7fdd38729b56..c7105eb20050a 100644 --- a/security/nss/cmd/lib/ffs.c +++ b/security/nss/cmd/lib/ffs.c @@ -33,7 +33,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -#ifdef XP_PC +#if !defined(XP_UNIX) && !defined(XP_OS2) int ffs( unsigned int i) { diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c index 8755bbe1fe2ab..9b36e2564fd24 100644 --- a/security/nss/cmd/lib/secutil.c +++ b/security/nss/cmd/lib/secutil.c @@ -1057,7 +1057,7 @@ secu_PrintTime(FILE *out, int64 time, char *m, int level) /* Convert to local time */ PR_ExplodeTime(time, PR_GMTParameters, &printableTime); - timeString = PORT_Alloc(100); + timeString = PORT_Alloc(256); if (timeString == NULL) return; @@ -1066,8 +1066,9 @@ secu_PrintTime(FILE *out, int64 time, char *m, int level) fprintf(out, "%s: ", m); } - PR_FormatTime(timeString, 100, "%a %b %d %H:%M:%S %Y", &printableTime); - fprintf(out, timeString); + if (PR_FormatTime(timeString, 256, "%a %b %d %H:%M:%S %Y", &printableTime)) { + fprintf(out, timeString); + } if (m != NULL) fprintf(out, "\n"); diff --git a/security/nss/cmd/lib/secutil.h b/security/nss/cmd/lib/secutil.h index 10faaee1f53a9..cfe975833f8e8 100644 --- a/security/nss/cmd/lib/secutil.h +++ b/security/nss/cmd/lib/secutil.h @@ -450,7 +450,7 @@ char *SECU_ErrorStringRaw(int16 err); void printflags(char *trusts, unsigned int flags); -#ifndef XP_UNIX +#if !defined(XP_UNIX) && !defined(XP_OS2) extern int ffs(unsigned int i); #endif diff --git a/security/nss/cmd/manifest.mn b/security/nss/cmd/manifest.mn index 88ef9f7f44d47..d1b83e59567f8 100644 --- a/security/nss/cmd/manifest.mn +++ b/security/nss/cmd/manifest.mn @@ -72,7 +72,6 @@ DIRS = lib \ signver \ shlibsign \ smimetools \ - SSLsample \ ssltap \ strsclnt \ symkeyutil \ diff --git a/security/nss/cmd/modutil/error.h b/security/nss/cmd/modutil/error.h index 7b478223a4e7c..f8f4a91879bbb 100644 --- a/security/nss/cmd/modutil/error.h +++ b/security/nss/cmd/modutil/error.h @@ -37,6 +37,10 @@ #ifndef MODUTIL_ERROR_H #define MODUTIL_ERROR_H +/* + * The values of these enumerated constants are immutable and must not be + * changed. + */ typedef enum { NO_ERR=0, INVALID_USAGE_ERR, @@ -61,7 +65,7 @@ typedef enum { DIR_NOT_WRITEABLE_ERR, INVALID_CONSTANT_ERR, ADD_MODULE_FAILED_ERR, - ADD_MODULE_FAILED_STATUS_ERR, + UNUSED_ERR, /* reserved for future use */ OUT_OF_MEM_ERR, DELETE_INTERNAL_ERR, DELETE_FAILED_ERR, @@ -114,8 +118,8 @@ static char *errStrings[] = { "ERROR: Directory \"%s\" is not readable.\n", "ERROR: Directory \"%s\" is not writeable.\n", "\"%s\" is not a recognized value.\n", - "ERROR: Failed to add module \"%s\".\n", "ERROR: Failed to add module \"%s\". Probable cause : \"%s\".\n", + "Unused error string", "ERROR: Out of memory.\n", "ERROR: Cannot delete internal module.\n", "ERROR: Failed to delete module \"%s\".\n", diff --git a/security/nss/cmd/modutil/pk11.c b/security/nss/cmd/modutil/pk11.c index 03db017c46aa0..0e1f216033489 100644 --- a/security/nss/cmd/modutil/pk11.c +++ b/security/nss/cmd/modutil/pk11.c @@ -297,12 +297,12 @@ AddModule(char *moduleName, char *libFile, char *cipherString, copied = PR_GetErrorText(errtxt); } if (copied && errtxt) { - PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_STATUS_ERR], + PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_ERR], moduleName, errtxt); PR_Free(errtxt); } else { PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_ERR], - moduleName); + moduleName, SECU_Strerror(PORT_GetError())); } return ADD_MODULE_FAILED_ERR; } else { diff --git a/security/nss/cmd/pk12util/pk12util.c b/security/nss/cmd/pk12util/pk12util.c index e001dbfbbdfda..a4d0e6b93970d 100644 --- a/security/nss/cmd/pk12util/pk12util.c +++ b/security/nss/cmd/pk12util/pk12util.c @@ -67,8 +67,8 @@ Usage(char *progName) FPS "Usage: %s -o exportfile -n certname [-d certdir] [-P dbprefix] [-v]\n", progName); - FPS "\t\t [-c key_cipher] [-C cert_cipher] [-k key_leng]\n"); - FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filepw]\n"); + FPS "\t\t [-c key_cipher] [-C cert_cipher] [-m | --key_len keyLen] [-n | --cert_key_len certKeyLen]\n"); + FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filefilepw]\n"); exit(PK12UERR_USAGE); } @@ -953,8 +953,8 @@ static secuCommandFlag pk12util_options[] = { /* opt_Debug */ 'v', PR_FALSE, 0, PR_FALSE }, { /* opt_Cipher */ 'c', PR_TRUE, 0, PR_FALSE }, { /* opt_CertCipher */ 'C', PR_TRUE, 0, PR_FALSE }, - { /* opt_KeyLength */ 'k', PR_TRUE, 0, PR_FALSE }, - { /* opt_CertKeyLength */ 'K', PR_TRUE, 0, PR_FALSE } + { /* opt_KeyLength */ 'm', PR_TRUE, 0, PR_FALSE, "key_len" }, + { /* opt_CertKeyLength */ 'n', PR_TRUE, 0, PR_FALSE, "cert_key_len" } }; int diff --git a/security/nss/cmd/platlibs.mk b/security/nss/cmd/platlibs.mk index 1b2e8e829f171..284ad5fc1a46a 100644 --- a/security/nss/cmd/platlibs.mk +++ b/security/nss/cmd/platlibs.mk @@ -240,26 +240,6 @@ ifeq ($(OS_ARCH), AIX) EXTRA_SHARED_LIBS += -brtl endif -# If GNU ld is used, we must use the -rpath-link option to tell -# the linker where to find libsoftokn3.so, an implicit dependency -# of libnss3.so. -ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD, $(OS_ARCH))) -EXTRA_SHARED_LIBS += -Wl,-rpath-link,$(DIST)/lib -endif - -ifeq ($(OS_ARCH), SunOS) -ifdef NS_USE_GCC -ifdef GCC_USE_GNU_LD -EXTRA_SHARED_LIBS += -Wl,-rpath-link,$(DIST)/lib -endif -endif -endif - -ifeq ($(OS_ARCH), Darwin) -EXTRA_SHARED_LIBS += -dylib_file @executable_path/libsoftokn3.dylib:$(DIST)/lib/libsoftokn3.dylib -endif - - # $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS) # $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX. EXTRA_SHARED_LIBS += \ diff --git a/security/nss/cmd/selfserv/selfserv.c b/security/nss/cmd/selfserv/selfserv.c index ea4a68705c6bd..5402aa7039a38 100644 --- a/security/nss/cmd/selfserv/selfserv.c +++ b/security/nss/cmd/selfserv/selfserv.c @@ -1766,35 +1766,6 @@ beAGoodParent(int argc, char **argv, int maxProcs, PRFileDesc * listen_sock) exit(0); } -#ifdef DEBUG_nelsonb - -#if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) -#define SSL_GETPID getpid -#elif defined(_WIN32_WCE) -#define SSL_GETPID GetCurrentProcessId -#elif defined(WIN32) -extern int __cdecl _getpid(void); -#define SSL_GETPID _getpid -#else -#define SSL_GETPID() 0 -#endif - -void -WaitForDebugger(void) -{ - - int waiting = 12; - int myPid = SSL_GETPID(); - PRIntervalTime nrval = PR_SecondsToInterval(5); - - while (waiting) { - printf("child %d is waiting to be debugged!\n", myPid); - PR_Sleep(nrval); - --waiting; - } -} -#endif - #define HEXCHAR_TO_INT(c, i) \ if (((c) >= '0') && ((c) <= '9')) { \ i = (c) - '0'; \ @@ -2060,9 +2031,6 @@ main(int argc, char **argv) prStatus = PR_SetFDInheritable(listen_sock, PR_FALSE); if (prStatus != PR_SUCCESS) errExit("PR_SetFDInheritable"); -#endif -#ifdef DEBUG_nelsonb - WaitForDebugger(); #endif rv = SSL_InheritMPServerSIDCache(envString); if (rv != SECSuccess) diff --git a/security/nss/cmd/shlibsign/shlibsign.c b/security/nss/cmd/shlibsign/shlibsign.c index da59a7204afb5..47cdf0110588a 100644 --- a/security/nss/cmd/shlibsign/shlibsign.c +++ b/security/nss/cmd/shlibsign/shlibsign.c @@ -37,7 +37,7 @@ /* * Test program for SDR (Secret Decoder Ring) functions. * - * $Id: shlibsign.c,v 1.16 2008/08/08 23:48:04 julien.pierre.boogz%sun.com Exp $ + * $Id: shlibsign.c,v 1.17 2008/09/30 04:32:43 nelson%bolyard.com Exp $ */ #ifdef XP_UNIX @@ -130,6 +130,100 @@ writeItem(PRFileDesc *fd, SECItem *item, char *file) return SECSuccess; } +static const unsigned char prime[] = { 0x00, + 0x97, 0x44, 0x1d, 0xcc, 0x0d, 0x39, 0x0d, 0x8d, + 0xcb, 0x75, 0xdc, 0x24, 0x25, 0x6f, 0x01, 0x92, + 0xa1, 0x11, 0x07, 0x6b, 0x70, 0xac, 0x73, 0xd7, + 0x82, 0x28, 0xdf, 0xab, 0x82, 0x0c, 0x41, 0x0c, + 0x95, 0xb3, 0x3c, 0x3d, 0xea, 0x8a, 0xe6, 0x44, + 0x0a, 0xb8, 0xab, 0x90, 0x15, 0x41, 0x11, 0xe8, + 0x48, 0x7b, 0x8d, 0xb0, 0x9c, 0xd3, 0xf2, 0x69, + 0x66, 0xff, 0x66, 0x4b, 0x70, 0x2b, 0xbf, 0xfb, + 0xd6, 0x68, 0x85, 0x76, 0x1e, 0x34, 0xaa, 0xc5, + 0x57, 0x6e, 0x23, 0x02, 0x08, 0x60, 0x6e, 0xfd, + 0x67, 0x76, 0xe1, 0x7c, 0xc8, 0xcb, 0x51, 0x77, + 0xcf, 0xb1, 0x3b, 0x00, 0x2e, 0xfa, 0x21, 0xcd, + 0x34, 0x76, 0x75, 0x01, 0x19, 0xfe, 0xf8, 0x5d, + 0x43, 0xc5, 0x34, 0xf3, 0x7a, 0x95, 0xdc, 0xc2, + 0x58, 0x07, 0x19, 0x2f, 0x1d, 0x6f, 0x9a, 0x77, + 0x7e, 0x55, 0xaa, 0xe7, 0x5a, 0x50, 0x43, 0xd3 }; + +static const unsigned char subprime[] = { 0x0, + 0xd8, 0x16, 0x23, 0x34, 0x8a, 0x9e, 0x3a, 0xf5, + 0xd9, 0x10, 0x13, 0x35, 0xaa, 0xf3, 0xf3, 0x54, + 0x0b, 0x31, 0x24, 0xf1 }; + +static const unsigned char base[] = { + 0x03, 0x3a, 0xad, 0xfa, 0x3a, 0x0c, 0xea, 0x0a, + 0x4e, 0x43, 0x32, 0x92, 0xbb, 0x87, 0xf1, 0x11, + 0xc0, 0xad, 0x39, 0x38, 0x56, 0x1a, 0xdb, 0x23, + 0x66, 0xb1, 0x08, 0xda, 0xb6, 0x19, 0x51, 0x42, + 0x93, 0x4f, 0xc3, 0x44, 0x43, 0xa8, 0x05, 0xc1, + 0xf8, 0x71, 0x62, 0x6f, 0x3d, 0xe2, 0xab, 0x6f, + 0xd7, 0x80, 0x22, 0x6f, 0xca, 0x0d, 0xf6, 0x9f, + 0x45, 0x27, 0x83, 0xec, 0x86, 0x0c, 0xda, 0xaa, + 0xd6, 0xe0, 0xd0, 0x84, 0xfd, 0xb1, 0x4f, 0xdc, + 0x08, 0xcd, 0x68, 0x3a, 0x77, 0xc2, 0xc5, 0xf1, + 0x99, 0x0f, 0x15, 0x1b, 0x6a, 0x8c, 0x3d, 0x18, + 0x2b, 0x6f, 0xdc, 0x2b, 0xd8, 0xb5, 0x9b, 0xb8, + 0x2d, 0x57, 0x92, 0x1c, 0x46, 0x27, 0xaf, 0x6d, + 0xe1, 0x45, 0xcf, 0x0b, 0x3f, 0xfa, 0x07, 0xcc, + 0x14, 0x8e, 0xe7, 0xb8, 0xaa, 0xd5, 0xd1, 0x36, + 0x1d, 0x7e, 0x5e, 0x7d, 0xfa, 0x5b, 0x77, 0x1f }; + +static const unsigned char h[] = { + 0x41, 0x87, 0x47, 0x79, 0xd8, 0xba, 0x4e, 0xac, + 0x44, 0x4f, 0x6b, 0xd2, 0x16, 0x5e, 0x04, 0xc6, + 0xc2, 0x29, 0x93, 0x5e, 0xbd, 0xc7, 0xa9, 0x8f, + 0x23, 0xa1, 0xc8, 0xee, 0x80, 0x64, 0xd5, 0x67, + 0x3c, 0xba, 0x59, 0x9a, 0x06, 0x0c, 0xcc, 0x29, + 0x56, 0xc0, 0xb2, 0x21, 0xe0, 0x5b, 0x52, 0xcd, + 0x84, 0x73, 0x57, 0xfd, 0xd8, 0xc3, 0x5b, 0x13, + 0x54, 0xd7, 0x4a, 0x06, 0x86, 0x63, 0x09, 0xa5, + 0xb0, 0x59, 0xe2, 0x32, 0x9e, 0x09, 0xa3, 0x9f, + 0x49, 0x62, 0xcc, 0xa6, 0xf9, 0x54, 0xd5, 0xb2, + 0xc3, 0x08, 0x71, 0x7e, 0xe3, 0x37, 0x50, 0xd6, + 0x7b, 0xa7, 0xc2, 0x60, 0xc1, 0xeb, 0x51, 0x32, + 0xfa, 0xad, 0x35, 0x25, 0x17, 0xf0, 0x7f, 0x23, + 0xe5, 0xa8, 0x01, 0x52, 0xcf, 0x2f, 0xd9, 0xa9, + 0xf6, 0x00, 0x21, 0x15, 0xf1, 0xf7, 0x70, 0xb7, + 0x57, 0x8a, 0xd0, 0x59, 0x6a, 0x82, 0xdc, 0x9c }; + +static const unsigned char seed[] = { 0x00, + 0xcc, 0x4c, 0x69, 0x74, 0xf6, 0x72, 0x24, 0x68, + 0x24, 0x4f, 0xd7, 0x50, 0x11, 0x40, 0x81, 0xed, + 0x19, 0x3c, 0x8a, 0x25, 0xbc, 0x78, 0x0a, 0x85, + 0x82, 0x53, 0x70, 0x20, 0xf6, 0x54, 0xa5, 0x1b, + 0xf4, 0x15, 0xcd, 0xff, 0xc4, 0x88, 0xa7, 0x9d, + 0xf3, 0x47, 0x1c, 0x0a, 0xbe, 0x10, 0x29, 0x83, + 0xb9, 0x0f, 0x4c, 0xdf, 0x90, 0x16, 0x83, 0xa2, + 0xb3, 0xe3, 0x2e, 0xc1, 0xc2, 0x24, 0x6a, 0xc4, + 0x9d, 0x57, 0xba, 0xcb, 0x0f, 0x18, 0x75, 0x00, + 0x33, 0x46, 0x82, 0xec, 0xd6, 0x94, 0x77, 0xc3, + 0x4f, 0x4c, 0x58, 0x1c, 0x7f, 0x61, 0x3c, 0x36, + 0xd5, 0x2f, 0xa5, 0x66, 0xd8, 0x2f, 0xce, 0x6e, + 0x8e, 0x20, 0x48, 0x4a, 0xbb, 0xe3, 0xe0, 0xb2, + 0x50, 0x33, 0x63, 0x8a, 0x5b, 0x2d, 0x6a, 0xbe, + 0x4c, 0x28, 0x81, 0x53, 0x5b, 0xe4, 0xf6, 0xfc, + 0x64, 0x06, 0x13, 0x51, 0xeb, 0x4a, 0x91, 0x9c }; + +#define MK_SECITEM(bb) { siBuffer, (unsigned char *)(bb), sizeof(bb) } + +static PQGParams pqgParams = { + NULL, /* arena */ + MK_SECITEM(prime), /* P */ + MK_SECITEM(subprime), /* Q */ + MK_SECITEM(base) /* G */ +}; + +static PQGVerify pqgVerify = { + NULL, /* arena */ + 1496, /* counter */ + MK_SECITEM(seed), /* seed */ + MK_SECITEM(h) /* h */ +}; + + int main (int argc, char **argv) @@ -152,10 +246,8 @@ main (int argc, char **argv) unsigned char sign_buf[40]; /* DSA_LENGTH */ SECItem hash,sign; PK11Context *hashcx = NULL; - int ks, count=0; + int count=0; int keySize = 1024; - PQGParams *pqgParams = NULL; - PQGVerify *pqgVerify = NULL; const char *nssDir = NULL; secuPWData pwdata = { PW_NONE, 0 }; #ifdef USES_LINKS @@ -249,13 +341,7 @@ main (int argc, char **argv) } printf("Generating DSA Key Pair...."); fflush(stdout); - ks = PQG_PBITS_TO_INDEX(keySize); - rv = PK11_PQG_ParamGen(ks,&pqgParams, &pqgVerify); - if (rv != SECSuccess) { - lperror("Generating PQG Params"); - goto loser; - } - privk = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, &pubk, + privk = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, &pqgParams, &pubk, PR_FALSE, PR_TRUE, &pwdata); if (privk == NULL) { lperror("Generating DSA Key"); diff --git a/security/nss/cmd/signtool/signtool.c b/security/nss/cmd/signtool/signtool.c index a55bddaa103ab..881a4e92d7d4d 100644 --- a/security/nss/cmd/signtool/signtool.c +++ b/security/nss/cmd/signtool/signtool.c @@ -185,7 +185,7 @@ ProcessCommandFile() return - 1; } - while (pr_fgets(buf, CMD_FILE_BUFSIZE, fd), buf && *buf != '\0') { + while (pr_fgets(buf, CMD_FILE_BUFSIZE, fd)) { char *eol; linenum++; diff --git a/security/nss/cmd/signtool/util.c b/security/nss/cmd/signtool/util.c index 7da4a661d09c0..be780d29b293b 100644 --- a/security/nss/cmd/signtool/util.c +++ b/security/nss/cmd/signtool/util.c @@ -1109,10 +1109,13 @@ pr_fgets(char *buf, int size, PRFileDesc *file) i = 0; while (i < size - 1) { - status = PR_Read(file, (void * ) &c, 1); + status = PR_Read(file, &c, 1); if (status == -1) { return NULL; } else if (status == 0) { + if (i == 0) { + return NULL; + } break; } buf[i++] = c; diff --git a/security/nss/cmd/signver/manifest.mn b/security/nss/cmd/signver/manifest.mn index be0b63539d578..a063d2a3c9751 100644 --- a/security/nss/cmd/signver/manifest.mn +++ b/security/nss/cmd/signver/manifest.mn @@ -54,5 +54,3 @@ PACKAGE_FILES += signver endif ARCHIVE_NAME = signver - -USE_STATIC_LIBS = 1 diff --git a/security/nss/cmd/signver/pk7print.c b/security/nss/cmd/signver/pk7print.c index dc8431e7abee9..60e0d07ec71aa 100644 --- a/security/nss/cmd/signver/pk7print.c +++ b/security/nss/cmd/signver/pk7print.c @@ -119,11 +119,12 @@ sv_PrintTime(FILE *out, SECItem *t, char *m) /* Convert to local time */ PR_ExplodeTime(time, PR_LocalTimeParameters, &printableTime); - timeString = (char *)PORT_Alloc(100); + timeString = (char *)PORT_Alloc(256); if ( timeString ) { - PR_FormatTime( timeString, 100, "%a %b %d %H:%M:%S %Y", &printableTime ); - fprintf(out, "%s%s\n", m, timeString); + if (PR_FormatTime( timeString, 256, "%a %b %d %H:%M:%S %Y", &printableTime )) { + fprintf(out, "%s%s\n", m, timeString); + } PORT_Free(timeString); return 0; } @@ -361,14 +362,16 @@ sv_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena, DER_ConvertBitString(&i->subjectPublicKey); switch(SECOID_FindOIDTag(&i->algorithm.algorithm)) { case SEC_OID_PKCS1_RSA_ENCRYPTION: - rv = SEC_ASN1DecodeItem(arena, pk, SECKEY_RSAPublicKeyTemplate, + rv = SEC_ASN1DecodeItem(arena, pk, + SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), &i->subjectPublicKey); if (rv) return rv; sprintf(mm, "%s.rsaPublicKey.", msg); sv_PrintRSAPublicKey(out, pk, mm); break; case SEC_OID_ANSIX9_DSA_SIGNATURE: - rv = SEC_ASN1DecodeItem(arena, pk, SECKEY_DSAPublicKeyTemplate, + rv = SEC_ASN1DecodeItem(arena, pk, + SEC_ASN1_GET(SECKEY_DSAPublicKeyTemplate), &i->subjectPublicKey); if (rv) return rv; sprintf(mm, "%s.dsaPublicKey.", msg); @@ -391,7 +394,8 @@ sv_PrintInvalidDateExten (FILE *out, SECItem *value, char *msg) char *formattedTime = NULL; decodedValue.data = NULL; - rv = SEC_ASN1DecodeItem (NULL, &decodedValue, SEC_GeneralizedTimeTemplate, + rv = SEC_ASN1DecodeItem (NULL, &decodedValue, + SEC_ASN1_GET(SEC_GeneralizedTimeTemplate), value); if (rv == SECSuccess) { rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue); @@ -495,7 +499,8 @@ sv_PrintCertificate(FILE *out, SECItem *der, char *m, int level) arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) return SEC_ERROR_NO_MEMORY; - rv = SEC_ASN1DecodeItem(arena, c, CERT_CertificateTemplate, der); + rv = SEC_ASN1DecodeItem(arena, c, SEC_ASN1_GET(CERT_CertificateTemplate), + der); if (rv) { PORT_FreeArena(arena, PR_FALSE); return rv; @@ -541,7 +546,8 @@ sv_PrintSignedData(FILE *out, SECItem *der, char *m, SECU_PPFunc inner) arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (!arena) return SEC_ERROR_NO_MEMORY; - rv = SEC_ASN1DecodeItem(arena, sd, CERT_SignedDataTemplate, der); + rv = SEC_ASN1DecodeItem(arena, sd, SEC_ASN1_GET(CERT_SignedDataTemplate), + der); if (rv) { PORT_FreeArena(arena, PR_FALSE); return rv; diff --git a/security/nss/cmd/tests/conflict.c b/security/nss/cmd/tests/conflict.c new file mode 100644 index 0000000000000..7dc95b57ab751 --- /dev/null +++ b/security/nss/cmd/tests/conflict.c @@ -0,0 +1,58 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 2008 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +/* + * This test verifies that NSS public headers don't conflict with common + * identifier names. + */ + +#include "nssilckt.h" + +/* + * Bug 455424: nssilckt.h used to define the enumeration constant 'Lock', + * which conflicts with C++ code that defines a Lock class. This is a + * reduced test case in C for that name conflict. + */ +typedef struct { + int dummy; +} Lock; + +Lock lock; + +int main() +{ + return 0; +} diff --git a/security/nss/cmd/tests/manifest.mn b/security/nss/cmd/tests/manifest.mn index b7ea8d25c0383..1418d08f34620 100644 --- a/security/nss/cmd/tests/manifest.mn +++ b/security/nss/cmd/tests/manifest.mn @@ -41,6 +41,7 @@ CORE_DEPTH = ../../.. MODULE = nss CSRCS = \ + conflict.c \ nonspr10.c \ remtest.c \ $(NULL) diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c index 6377c0236b51f..06c154108568b 100644 --- a/security/nss/cmd/tstclnt/tstclnt.c +++ b/security/nss/cmd/tstclnt/tstclnt.c @@ -38,7 +38,7 @@ /* ** -** Sample client side test program that uses SSL and libsec +** Sample client side test program that uses SSL and NSS ** */ @@ -126,20 +126,7 @@ int renegotiate = 0; static char *progName; -/* This exists only for the automated test suite. It allows us to - * pass in a password on the command line. - */ - -char *password = NULL; - -char * ownPasswd( PK11SlotInfo *slot, PRBool retry, void *arg) -{ - char *passwd = NULL; - if ( (!retry) && arg ) { - passwd = PL_strdup((char *)arg); - } - return passwd; -} +secuPWData pwdata = { PW_NONE, 0 }; void printSecurityInfo(PRFileDesc *fd) { @@ -203,7 +190,7 @@ static void Usage(const char *progName) { fprintf(stderr, "Usage: %s -h host [-p port] [-d certdir] [-n nickname] [-23BTfosvxr] \n" -" [-c ciphers] [-w passwd] [-q]\n", progName); +" [-c ciphers] [-w passwd] [-W pwfile] [-q]\n", progName); fprintf(stderr, "%-20s Hostname to connect with\n", "-h host"); fprintf(stderr, "%-20s Port number for SSL server\n", "-p port"); fprintf(stderr, @@ -523,7 +510,6 @@ int main(int argc, char **argv) PRSocketOptionData opt; PRNetAddr addr; PRPollDesc pollset[2]; - PRBool useCommandLinePassword = PR_FALSE; PRBool pingServerFirst = PR_FALSE; PRBool clientSpeaksFirst = PR_FALSE; PRBool wrStarted = PR_FALSE; @@ -548,7 +534,7 @@ int main(int argc, char **argv) } } - optstate = PL_CreateOptState(argc, argv, "23BTSfc:h:p:d:m:n:oqr:suvw:x"); + optstate = PL_CreateOptState(argc, argv, "23BTSfc:h:p:d:m:n:oqr:suvw:xW:"); while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': @@ -594,11 +580,16 @@ int main(int argc, char **argv) case 'r': renegotiate = atoi(optstate->value); break; - case 'w': - password = PORT_Strdup(optstate->value); - useCommandLinePassword = PR_TRUE; + case 'w': + pwdata.source = PW_PLAINTEXT; + pwdata.data = PORT_Strdup(optstate->value); break; + case 'W': + pwdata.source = PW_FROMFILE; + pwdata.data = PORT_Strdup(optstate->value); + break; + case 'x': useExportPolicy = 1; break; } } @@ -613,12 +604,7 @@ int main(int argc, char **argv) PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - /* set our password function */ - if ( useCommandLinePassword ) { - PK11_SetPasswordFunc(ownPasswd); - } else { - PK11_SetPasswordFunc(SECU_GetModulePassword); - } + PK11_SetPasswordFunc(SECU_GetModulePassword); /* open the cert DB, the key DB, and the secmod DB. */ if (!certDir) { @@ -843,9 +829,7 @@ int main(int argc, char **argv) return 1; } - if (useCommandLinePassword) { - SSL_SetPKCS11PinArg(s, password); - } + SSL_SetPKCS11PinArg(s, &pwdata); SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle); if (override) { @@ -1064,8 +1048,8 @@ int main(int argc, char **argv) if (nickname) { PORT_Free(nickname); } - if (password) { - PORT_Free(password); + if (pwdata.data) { + PORT_Free(pwdata.data); } PORT_Free(host); @@ -1075,6 +1059,7 @@ int main(int argc, char **argv) exit(1); } + FPRINTF(stderr, "tstclnt: exiting with return code %d\n", error); PR_Cleanup(); return error; } diff --git a/security/nss/lib/base/nssbaset.h b/security/nss/lib/base/nssbaset.h index 5108d9da2d0fe..2282d768fbd26 100644 --- a/security/nss/lib/base/nssbaset.h +++ b/security/nss/lib/base/nssbaset.h @@ -38,7 +38,7 @@ #define NSSBASET_H #ifdef DEBUG -static const char NSSBASET_CVS_ID[] = "@(#) $RCSfile: nssbaset.h,v $ $Revision: 1.6 $ $Date: 2005/01/20 02:25:45 $"; +static const char NSSBASET_CVS_ID[] = "@(#) $RCSfile: nssbaset.h,v $ $Revision: 1.7 $ $Date: 2008/10/05 20:59:16 $"; #endif /* DEBUG */ /* @@ -61,10 +61,10 @@ static const char NSSBASET_CVS_ID[] = "@(#) $RCSfile: nssbaset.h,v $ $Revision: */ #define DUMMY /* dummy */ -#define NSS_EXTERN PR_EXTERN(DUMMY) -#define NSS_IMPLEMENT PR_IMPLEMENT(DUMMY) -#define NSS_EXTERN_DATA PR_EXTERN_DATA(DUMMY) -#define NSS_IMPLEMENT_DATA PR_IMPLEMENT_DATA(DUMMY) +#define NSS_EXTERN extern +#define NSS_EXTERN_DATA extern +#define NSS_IMPLEMENT +#define NSS_IMPLEMENT_DATA PR_BEGIN_EXTERN_C diff --git a/security/nss/lib/certdb/stanpcertdb.c b/security/nss/lib/certdb/stanpcertdb.c index 1d81acd2ba023..6b48ca16947cc 100644 --- a/security/nss/lib/certdb/stanpcertdb.c +++ b/security/nss/lib/certdb/stanpcertdb.c @@ -996,6 +996,7 @@ CERT_OpenCertDBFilename(CERTCertDBHandle *handle, char *certdbname, PRBool readOnly) { PORT_Assert("CERT_OpenCertDBFilename is Deprecated" == NULL); + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); return SECFailure; } @@ -1003,6 +1004,7 @@ SECItem * SECKEY_HashPassword(char *pw, SECItem *salt) { PORT_Assert("SECKEY_HashPassword is Deprecated" == NULL); + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); return NULL; } @@ -1012,6 +1014,7 @@ __CERT_TraversePermCertsForSubject(CERTCertDBHandle *handle, void *cb, void *cbarg) { PORT_Assert("CERT_TraversePermCertsForSubject is Deprecated" == NULL); + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); return SECFailure; } @@ -1021,6 +1024,7 @@ __CERT_TraversePermCertsForNickname(CERTCertDBHandle *handle, char *nickname, void *cb, void *cbarg) { PORT_Assert("CERT_TraversePermCertsForNickname is Deprecated" == NULL); + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); return SECFailure; } diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c index b095a022ecf18..ca8ad754fb605 100644 --- a/security/nss/lib/certhigh/ocsp.c +++ b/security/nss/lib/certhigh/ocsp.c @@ -39,7 +39,7 @@ * Implementation of OCSP services, for both client and server. * (XXX, really, mostly just for client right now, but intended to do both.) * - * $Id: ocsp.c,v 1.54 2008/07/08 21:34:32 alexei.volkov.bugs%sun.com Exp $ + * $Id: ocsp.c,v 1.55 2008/10/06 23:37:55 julien.pierre.boogz%sun.com Exp $ */ #include "prerror.h" @@ -205,14 +205,14 @@ static void ocsp_dumpStringWithTime(const char *str, int64 time) { PRExplodedTime timePrintable; - char timestr[100]; + char timestr[256]; if (!wantOcspTrace()) return; PR_ExplodeTime(time, PR_GMTParameters, &timePrintable); - PR_FormatTime(timestr, 100, "%a %b %d %H:%M:%S %Y", - &timePrintable); - ocsp_Trace("OCSP %s %s\n", str, timestr); + if (PR_FormatTime(timestr, 256, "%a %b %d %H:%M:%S %Y", &timePrintable)) { + ocsp_Trace("OCSP %s %s\n", str, timestr); + } } static void @@ -245,16 +245,18 @@ dumpCertificate(CERTCertificate *cert) { int64 timeBefore, timeAfter; PRExplodedTime beforePrintable, afterPrintable; - char beforestr[100], afterstr[100]; + char beforestr[256], afterstr[256]; + PRStatus rv1, rv2; DER_DecodeTimeChoice(&timeBefore, &cert->validity.notBefore); DER_DecodeTimeChoice(&timeAfter, &cert->validity.notAfter); PR_ExplodeTime(timeBefore, PR_GMTParameters, &beforePrintable); PR_ExplodeTime(timeAfter, PR_GMTParameters, &afterPrintable); - PR_FormatTime(beforestr, 100, "%a %b %d %H:%M:%S %Y", + rv1 = PR_FormatTime(beforestr, 256, "%a %b %d %H:%M:%S %Y", &beforePrintable); - PR_FormatTime(afterstr, 100, "%a %b %d %H:%M:%S %Y", + rv2 = PR_FormatTime(afterstr, 256, "%a %b %d %H:%M:%S %Y", &afterPrintable); - ocsp_Trace("OCSP ## VALIDITY: %s to %s\n", beforestr, afterstr); + ocsp_Trace("OCSP ## VALIDITY: %s to %s\n", rv1 ? beforestr : "", + rv2 ? afterstr : ""); } ocsp_Trace("OCSP ## ISSUER: %s\n", cert->issuerName); printHexString("OCSP ## SERIAL NUMBER:", &cert->serialNumber); diff --git a/security/nss/lib/ckfw/builtins/certdata.c b/security/nss/lib/ckfw/builtins/certdata.c index 6ab9a61247d55..00bc641f7b899 100644 --- a/security/nss/lib/ckfw/builtins/certdata.c +++ b/security/nss/lib/ckfw/builtins/certdata.c @@ -35,7 +35,7 @@ * * ***** END LICENSE BLOCK ***** */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.50 $ $Date: 2008/08/14 18:15:56 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.50 $ $Date: 2008/08/14 18:15:56 $"; +static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $"; #endif /* DEBUG */ #ifndef BUILTINS_H @@ -803,6 +803,12 @@ static const CK_ATTRIBUTE_TYPE nss_builtins_types_248 [] = { static const CK_ATTRIBUTE_TYPE nss_builtins_types_249 [] = { CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED }; +static const CK_ATTRIBUTE_TYPE nss_builtins_types_250 [] = { + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERTIFICATE_TYPE, CKA_SUBJECT, CKA_ID, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_VALUE +}; +static const CK_ATTRIBUTE_TYPE nss_builtins_types_251 [] = { + CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH, CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_TRUST_SERVER_AUTH, CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED +}; #ifdef DEBUG static const NSSItem nss_builtins_items_0 [] = { { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) }, @@ -811,7 +817,7 @@ static const NSSItem nss_builtins_items_0 [] = { { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, { (void *)"CVS ID", (PRUint32)7 }, { (void *)"NSS", (PRUint32)4 }, - { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.50 $ $Date: 2008/08/14 18:15:56 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.50 $ $Date: 2008/08/14 18:15:56 $", (PRUint32)160 } + { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.51 $ $Date: 2008/10/17 23:06:45 $", (PRUint32)160 } }; #endif /* DEBUG */ static const NSSItem nss_builtins_items_1 [] = { @@ -16868,6 +16874,109 @@ static const NSSItem nss_builtins_items_249 [] = { { (void *)&ckt_netscape_trust_unknown, (PRUint32)sizeof(CK_TRUST) }, { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } }; +static const NSSItem nss_builtins_items_250 [] = { + { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"COMODO ECC Certification Authority", (PRUint32)35 }, + { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) }, + { (void *)"\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102" +"\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164" +"\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060" +"\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061" +"\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117" +"\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006" +"\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103" +"\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101" +"\165\164\150\157\162\151\164\171" +, (PRUint32)136 }, + { (void *)"0", (PRUint32)2 }, + { (void *)"\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102" +"\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164" +"\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060" +"\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061" +"\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117" +"\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006" +"\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103" +"\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101" +"\165\164\150\157\162\151\164\171" +, (PRUint32)136 }, + { (void *)"\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143" +"\231\052" +, (PRUint32)18 }, + { (void *)"\060\202\002\211\060\202\002\017\240\003\002\001\002\002\020\037" +"\107\257\252\142\000\160\120\124\114\001\236\233\143\231\052\060" +"\012\006\010\052\206\110\316\075\004\003\003\060\201\205\061\013" +"\060\011\006\003\125\004\006\023\002\107\102\061\033\060\031\006" +"\003\125\004\010\023\022\107\162\145\141\164\145\162\040\115\141" +"\156\143\150\145\163\164\145\162\061\020\060\016\006\003\125\004" +"\007\023\007\123\141\154\146\157\162\144\061\032\060\030\006\003" +"\125\004\012\023\021\103\117\115\117\104\117\040\103\101\040\114" +"\151\155\151\164\145\144\061\053\060\051\006\003\125\004\003\023" +"\042\103\117\115\117\104\117\040\105\103\103\040\103\145\162\164" +"\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162" +"\151\164\171\060\036\027\015\060\070\060\063\060\066\060\060\060" +"\060\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071" +"\065\071\132\060\201\205\061\013\060\011\006\003\125\004\006\023" +"\002\107\102\061\033\060\031\006\003\125\004\010\023\022\107\162" +"\145\141\164\145\162\040\115\141\156\143\150\145\163\164\145\162" +"\061\020\060\016\006\003\125\004\007\023\007\123\141\154\146\157" +"\162\144\061\032\060\030\006\003\125\004\012\023\021\103\117\115" +"\117\104\117\040\103\101\040\114\151\155\151\164\145\144\061\053" +"\060\051\006\003\125\004\003\023\042\103\117\115\117\104\117\040" +"\105\103\103\040\103\145\162\164\151\146\151\143\141\164\151\157" +"\156\040\101\165\164\150\157\162\151\164\171\060\166\060\020\006" +"\007\052\206\110\316\075\002\001\006\005\053\201\004\000\042\003" +"\142\000\004\003\107\173\057\165\311\202\025\205\373\165\344\221" +"\026\324\253\142\231\365\076\122\013\006\316\101\000\177\227\341" +"\012\044\074\035\001\004\356\075\322\215\011\227\014\340\165\344" +"\372\373\167\212\052\365\003\140\113\066\213\026\043\026\255\011" +"\161\364\112\364\050\120\264\376\210\034\156\077\154\057\057\011" +"\131\133\245\133\013\063\231\342\303\075\211\371\152\054\357\262" +"\323\006\351\243\102\060\100\060\035\006\003\125\035\016\004\026" +"\004\024\165\161\247\031\110\031\274\235\235\352\101\107\337\224" +"\304\110\167\231\323\171\060\016\006\003\125\035\017\001\001\377" +"\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377" +"\004\005\060\003\001\001\377\060\012\006\010\052\206\110\316\075" +"\004\003\003\003\150\000\060\145\002\061\000\357\003\133\172\254" +"\267\170\012\162\267\210\337\377\265\106\024\011\012\372\240\346" +"\175\010\306\032\207\275\030\250\163\275\046\312\140\014\235\316" +"\231\237\317\134\017\060\341\276\024\061\352\002\060\024\364\223" +"\074\111\247\063\172\220\106\107\263\143\175\023\233\116\267\157" +"\030\067\200\123\376\335\040\340\065\232\066\321\307\001\271\346" +"\334\335\363\377\035\054\072\026\127\331\222\071\326" +, (PRUint32)653 } +}; +static const NSSItem nss_builtins_items_251 [] = { + { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) }, + { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }, + { (void *)"COMODO ECC Certification Authority", (PRUint32)35 }, + { (void *)"\237\164\116\237\053\115\272\354\017\061\054\120\266\126\073\216" +"\055\223\303\021" +, (PRUint32)20 }, + { (void *)"\174\142\377\164\235\061\123\136\150\112\325\170\252\036\277\043" +, (PRUint32)16 }, + { (void *)"\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102" +"\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164" +"\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060" +"\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061" +"\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117" +"\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006" +"\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103" +"\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101" +"\165\164\150\157\162\151\164\171" +, (PRUint32)136 }, + { (void *)"\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143" +"\231\052" +, (PRUint32)18 }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }, + { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) } +}; builtinsInternalObject nss_builtins_data[] = { @@ -17122,11 +17231,13 @@ nss_builtins_data[] = { { 11, nss_builtins_types_246, nss_builtins_items_246, {NULL} }, { 13, nss_builtins_types_247, nss_builtins_items_247, {NULL} }, { 11, nss_builtins_types_248, nss_builtins_items_248, {NULL} }, - { 13, nss_builtins_types_249, nss_builtins_items_249, {NULL} } + { 13, nss_builtins_types_249, nss_builtins_items_249, {NULL} }, + { 11, nss_builtins_types_250, nss_builtins_items_250, {NULL} }, + { 13, nss_builtins_types_251, nss_builtins_items_251, {NULL} } }; const PRUint32 #ifdef DEBUG - nss_builtins_nObjects = 249+1; + nss_builtins_nObjects = 251+1; #else - nss_builtins_nObjects = 249; + nss_builtins_nObjects = 251; #endif /* DEBUG */ diff --git a/security/nss/lib/ckfw/builtins/certdata.txt b/security/nss/lib/ckfw/builtins/certdata.txt index cdce345ba642e..63fcc766ed959 100644 --- a/security/nss/lib/ckfw/builtins/certdata.txt +++ b/security/nss/lib/ckfw/builtins/certdata.txt @@ -34,7 +34,7 @@ # the terms of any one of the MPL, the GPL or the LGPL. # # ***** END LICENSE BLOCK ***** -CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.49 $ $Date: 2008/08/14 18:15:56 $" +CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.50 $ $Date: 2008/10/17 23:06:48 $" # # certdata.txt @@ -17388,3 +17388,116 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "COMODO ECC Certification Authority" +# +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "COMODO ECC Certification Authority" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102 +\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164 +\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060 +\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061 +\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117 +\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006 +\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103 +\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 +\165\164\150\157\162\151\164\171 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102 +\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164 +\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060 +\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061 +\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117 +\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006 +\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103 +\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 +\165\164\150\157\162\151\164\171 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143 +\231\052 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\211\060\202\002\017\240\003\002\001\002\002\020\037 +\107\257\252\142\000\160\120\124\114\001\236\233\143\231\052\060 +\012\006\010\052\206\110\316\075\004\003\003\060\201\205\061\013 +\060\011\006\003\125\004\006\023\002\107\102\061\033\060\031\006 +\003\125\004\010\023\022\107\162\145\141\164\145\162\040\115\141 +\156\143\150\145\163\164\145\162\061\020\060\016\006\003\125\004 +\007\023\007\123\141\154\146\157\162\144\061\032\060\030\006\003 +\125\004\012\023\021\103\117\115\117\104\117\040\103\101\040\114 +\151\155\151\164\145\144\061\053\060\051\006\003\125\004\003\023 +\042\103\117\115\117\104\117\040\105\103\103\040\103\145\162\164 +\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162 +\151\164\171\060\036\027\015\060\070\060\063\060\066\060\060\060 +\060\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071 +\065\071\132\060\201\205\061\013\060\011\006\003\125\004\006\023 +\002\107\102\061\033\060\031\006\003\125\004\010\023\022\107\162 +\145\141\164\145\162\040\115\141\156\143\150\145\163\164\145\162 +\061\020\060\016\006\003\125\004\007\023\007\123\141\154\146\157 +\162\144\061\032\060\030\006\003\125\004\012\023\021\103\117\115 +\117\104\117\040\103\101\040\114\151\155\151\164\145\144\061\053 +\060\051\006\003\125\004\003\023\042\103\117\115\117\104\117\040 +\105\103\103\040\103\145\162\164\151\146\151\143\141\164\151\157 +\156\040\101\165\164\150\157\162\151\164\171\060\166\060\020\006 +\007\052\206\110\316\075\002\001\006\005\053\201\004\000\042\003 +\142\000\004\003\107\173\057\165\311\202\025\205\373\165\344\221 +\026\324\253\142\231\365\076\122\013\006\316\101\000\177\227\341 +\012\044\074\035\001\004\356\075\322\215\011\227\014\340\165\344 +\372\373\167\212\052\365\003\140\113\066\213\026\043\026\255\011 +\161\364\112\364\050\120\264\376\210\034\156\077\154\057\057\011 +\131\133\245\133\013\063\231\342\303\075\211\371\152\054\357\262 +\323\006\351\243\102\060\100\060\035\006\003\125\035\016\004\026 +\004\024\165\161\247\031\110\031\274\235\235\352\101\107\337\224 +\304\110\167\231\323\171\060\016\006\003\125\035\017\001\001\377 +\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377 +\004\005\060\003\001\001\377\060\012\006\010\052\206\110\316\075 +\004\003\003\003\150\000\060\145\002\061\000\357\003\133\172\254 +\267\170\012\162\267\210\337\377\265\106\024\011\012\372\240\346 +\175\010\306\032\207\275\030\250\163\275\046\312\140\014\235\316 +\231\237\317\134\017\060\341\276\024\061\352\002\060\024\364\223 +\074\111\247\063\172\220\106\107\263\143\175\023\233\116\267\157 +\030\067\200\123\376\335\040\340\065\232\066\321\307\001\271\346 +\334\335\363\377\035\054\072\026\127\331\222\071\326 +END + +# Trust for Certificate "COMODO ECC Certification Authority" +CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "COMODO ECC Certification Authority" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\237\164\116\237\053\115\272\354\017\061\054\120\266\126\073\216 +\055\223\303\021 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\174\142\377\164\235\061\123\136\150\112\325\170\252\036\277\043 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102 +\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164 +\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060 +\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061 +\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117 +\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006 +\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103 +\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101 +\165\164\150\157\162\151\164\171 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143 +\231\052 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE diff --git a/security/nss/lib/ckfw/builtins/nssckbi.h b/security/nss/lib/ckfw/builtins/nssckbi.h index 2538bb087f412..d564ec3030442 100644 --- a/security/nss/lib/ckfw/builtins/nssckbi.h +++ b/security/nss/lib/ckfw/builtins/nssckbi.h @@ -75,8 +75,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 71 -#define NSS_BUILTINS_LIBRARY_VERSION "1.71" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 72 +#define NSS_BUILTINS_LIBRARY_VERSION "1.72" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 diff --git a/security/nss/lib/ckfw/capi/staticobj.c b/security/nss/lib/ckfw/capi/staticobj.c index 20dea0c6c2ae0..ec744b2fe2a22 100644 --- a/security/nss/lib/ckfw/capi/staticobj.c +++ b/security/nss/lib/ckfw/capi/staticobj.c @@ -37,7 +37,7 @@ * ***** END LICENSE BLOCK ***** */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: staticobj.c,v $ $Revision: 1.1 $ $Date: 2005/11/04 02:05:04 $""; @(#) $RCSfile: staticobj.c,v $ $Revision: 1.1 $ $Date: 2005/11/04 02:05:04 $"; +static const char CVS_ID[] = "@(#) $RCSfile: staticobj.c,v $ $Revision: 1.2 $ $Date: 2008/10/05 20:59:19 $""; @(#) $RCSfile: staticobj.c,v $ $Revision: 1.2 $ $Date: 2008/10/05 20:59:19 $"; #endif /* DEBUG */ #ifndef CKCAPI_H @@ -67,8 +67,8 @@ static const NSSItem nss_ckcapi_items_1 [] = { { (void *)"Mozilla CAPI Access", (PRUint32)20 } }; -PR_IMPLEMENT_DATA(ckcapiInternalObject) nss_ckcapi_data[] = { +ckcapiInternalObject nss_ckcapi_data[] = { { ckcapiRaw, { 5, nss_ckcapi_types_1, nss_ckcapi_items_1} , {NULL} }, }; -PR_IMPLEMENT_DATA(const PRUint32) nss_ckcapi_nObjects = 1; +const PRUint32 nss_ckcapi_nObjects = 1; diff --git a/security/nss/lib/ckfw/nssmkey/staticobj.c b/security/nss/lib/ckfw/nssmkey/staticobj.c index e35c093ac5e60..6babf7e9918d9 100644 --- a/security/nss/lib/ckfw/nssmkey/staticobj.c +++ b/security/nss/lib/ckfw/nssmkey/staticobj.c @@ -37,7 +37,7 @@ * ***** END LICENSE BLOCK ***** */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: staticobj.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $""; @(#) $RCSfile: staticobj.c,v $ $Revision: 1.1 $ $Date: 2005/11/23 23:04:08 $"; +static const char CVS_ID[] = "@(#) $RCSfile: staticobj.c,v $ $Revision: 1.2 $ $Date: 2008/10/05 20:59:22 $""; @(#) $RCSfile: staticobj.c,v $ $Revision: 1.2 $ $Date: 2008/10/05 20:59:22 $"; #endif /* DEBUG */ #ifndef CKMK_H @@ -67,8 +67,8 @@ static const NSSItem nss_ckmk_items_1 [] = { { (void *)"Mozilla Mac Key Ring Access", (PRUint32)28 } }; -PR_IMPLEMENT_DATA(ckmkInternalObject) nss_ckmk_data[] = { +ckmkInternalObject nss_ckmk_data[] = { { ckmkRaw, {{ 5, nss_ckmk_types_1, nss_ckmk_items_1}} , CKO_DATA, {NULL} }, }; -PR_IMPLEMENT_DATA(const PRUint32) nss_ckmk_nObjects = 1; +const PRUint32 nss_ckmk_nObjects = 1; diff --git a/security/nss/lib/ckfw/wrap.c b/security/nss/lib/ckfw/wrap.c index 3b4c71ec6adca..84c2733e0ef44 100644 --- a/security/nss/lib/ckfw/wrap.c +++ b/security/nss/lib/ckfw/wrap.c @@ -35,7 +35,7 @@ * ***** END LICENSE BLOCK ***** */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: wrap.c,v $ $Revision: 1.16 $ $Date: 2008/02/25 20:35:23 $"; +static const char CVS_ID[] = "@(#) $RCSfile: wrap.c,v $ $Revision: 1.17 $ $Date: 2008/08/25 22:47:32 $"; #endif /* DEBUG */ /* @@ -274,6 +274,17 @@ NSSCKFWC_Finalize break; } + /* + * A thread's error stack is automatically destroyed when the thread + * terminates or, for the primordial thread, by PR_Cleanup. On + * Windows with MinGW, the thread private data destructor PR_Free + * registered by this module is actually a thunk for PR_Free defined + * in this module. When the thread that unloads this module terminates + * or calls PR_Cleanup, the thunk for PR_Free is already gone with the + * module. Therefore we need to destroy the error stack before the + * module is unloaded. + */ + nss_DestroyErrorStack(); return error; } diff --git a/security/nss/lib/dev/ckhelper.c b/security/nss/lib/dev/ckhelper.c index d11c8166fbcf0..6cc58a9cb21ea 100644 --- a/security/nss/lib/dev/ckhelper.c +++ b/security/nss/lib/dev/ckhelper.c @@ -35,7 +35,7 @@ * ***** END LICENSE BLOCK ***** */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.37 $ $Date: 2008/05/29 17:24:15 $"; +static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.38 $ $Date: 2008/09/30 04:09:02 $"; #endif /* DEBUG */ #ifndef NSSCKEPV_H @@ -359,6 +359,10 @@ nssCryptokiCertificate_GetAttributes ( session = sessionOpt ? sessionOpt : nssToken_GetDefaultSession(certObject->token); + if (!session) { + nss_SetError(NSS_ERROR_INVALID_ARGUMENT); + return PR_FAILURE; + } slot = nssToken_GetSlot(certObject->token); status = nssCKObject_GetAttributes(certObject->handle, @@ -457,6 +461,10 @@ nssCryptokiTrust_GetAttributes ( session = sessionOpt ? sessionOpt : nssToken_GetDefaultSession(trustObject->token); + if (!session) { + nss_SetError(NSS_ERROR_INVALID_ARGUMENT); + return PR_FAILURE; + } slot = nssToken_GetSlot(trustObject->token); status = nssCKObject_GetAttributes(trustObject->handle, @@ -522,6 +530,10 @@ nssCryptokiCRL_GetAttributes ( session = sessionOpt ? sessionOpt : nssToken_GetDefaultSession(crlObject->token); + if (session == NULL) { + nss_SetError(NSS_ERROR_INVALID_ARGUMENT); + return PR_FAILURE; + } slot = nssToken_GetSlot(crlObject->token); status = nssCKObject_GetAttributes(crlObject->handle, @@ -580,10 +592,9 @@ nssCryptokiPrivateKey_SetCertificate ( if (sessionOpt) { if (!nssSession_IsReadWrite(sessionOpt)) { return PR_FAILURE; - } else { - session = sessionOpt; - } - } else if (nssSession_IsReadWrite(defaultSession)) { + } + session = sessionOpt; + } else if (defaultSession && nssSession_IsReadWrite(defaultSession)) { session = defaultSession; } else { NSSSlot *slot = nssToken_GetSlot(token); diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c index 65f159a281bb5..0317d88ff1e14 100644 --- a/security/nss/lib/dev/devtoken.c +++ b/security/nss/lib/dev/devtoken.c @@ -35,7 +35,7 @@ * ***** END LICENSE BLOCK ***** */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.50 $ $Date: 2008/08/09 01:25:58 $"; +static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.51 $ $Date: 2008/09/30 04:09:02 $"; #endif /* DEBUG */ #ifndef NSSCKEPV_H @@ -182,7 +182,8 @@ nssToken_DeleteStoredObject ( nssTokenObjectCache_RemoveObject(token->cache, instance); } if (instance->isTokenObject) { - if (nssSession_IsReadWrite(token->defaultSession)) { + if (token->defaultSession && + nssSession_IsReadWrite(token->defaultSession)) { session = token->defaultSession; } else { session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE); @@ -227,10 +228,10 @@ import_object ( if (!nssSession_IsReadWrite(sessionOpt)) { nss_SetError(NSS_ERROR_INVALID_ARGUMENT); return NULL; - } else { - session = sessionOpt; } - } else if (nssSession_IsReadWrite(tok->defaultSession)) { + session = sessionOpt; + } else if (tok->defaultSession && + nssSession_IsReadWrite(tok->defaultSession)) { session = tok->defaultSession; } else { session = nssSlot_CreateSession(tok->slot, NULL, PR_TRUE); @@ -307,8 +308,7 @@ find_objects ( nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession; /* Don't ask the module to use an invalid session handle. */ - PORT_Assert(session->handle != CK_INVALID_SESSION); - if (session->handle == CK_INVALID_SESSION) { + if (!session || session->handle == CK_INVALID_SESSION) { ckrv = CKR_SESSION_HANDLE_INVALID; goto loser; } @@ -1147,7 +1147,13 @@ nssToken_FindTrustForCertificate ( CK_ATTRIBUTE tobj_template[5]; CK_ULONG tobj_size; nssSession *session = sessionOpt ? sessionOpt : token->defaultSession; - nssCryptokiObject *object, **objects; + nssCryptokiObject *object = NULL, **objects; + + /* Don't ask the module to use an invalid session handle. */ + if (!session || session->handle == CK_INVALID_SESSION) { + PORT_SetError(SEC_ERROR_NO_TOKEN); + return object; + } NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size); if (searchType == nssTokenSearchType_SessionOnly) { @@ -1159,7 +1165,6 @@ nssToken_FindTrustForCertificate ( NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, certIssuer); NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER , certSerial); NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size); - object = NULL; objects = find_objects_by_template(token, session, tobj_template, tobj_size, 1, NULL); @@ -1227,9 +1232,15 @@ nssToken_FindCRLsBySubject ( CK_ATTRIBUTE_PTR attr; CK_ATTRIBUTE crlobj_template[3]; CK_ULONG crlobj_size; - nssCryptokiObject **objects; + nssCryptokiObject **objects = NULL; nssSession *session = sessionOpt ? sessionOpt : token->defaultSession; + /* Don't ask the module to use an invalid session handle. */ + if (!session || session->handle == CK_INVALID_SESSION) { + PORT_SetError(SEC_ERROR_NO_TOKEN); + return objects; + } + NSS_CK_TEMPLATE_START(crlobj_template, attr, crlobj_size); if (searchType == nssTokenSearchType_SessionOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); @@ -1280,8 +1291,14 @@ nssToken_Digest ( CK_BYTE_PTR digest; NSSItem *rvItem = NULL; void *epv = nssToken_GetCryptokiEPV(tok); - nssSession *session; - session = (sessionOpt) ? sessionOpt : tok->defaultSession; + nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession; + + /* Don't ask the module to use an invalid session handle. */ + if (!session || session->handle == CK_INVALID_SESSION) { + PORT_SetError(SEC_ERROR_NO_TOKEN); + return rvItem; + } + nssSession_EnterMonitor(session); ckrv = CKAPI(epv)->C_DigestInit(session->handle, &ap->mechanism); if (ckrv != CKR_OK) { @@ -1340,9 +1357,15 @@ nssToken_BeginDigest ( ) { CK_RV ckrv; - nssSession *session; void *epv = nssToken_GetCryptokiEPV(tok); - session = (sessionOpt) ? sessionOpt : tok->defaultSession; + nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession; + + /* Don't ask the module to use an invalid session handle. */ + if (!session || session->handle == CK_INVALID_SESSION) { + PORT_SetError(SEC_ERROR_NO_TOKEN); + return PR_FAILURE; + } + nssSession_EnterMonitor(session); ckrv = CKAPI(epv)->C_DigestInit(session->handle, &ap->mechanism); nssSession_ExitMonitor(session); @@ -1357,9 +1380,15 @@ nssToken_ContinueDigest ( ) { CK_RV ckrv; - nssSession *session; void *epv = nssToken_GetCryptokiEPV(tok); - session = (sessionOpt) ? sessionOpt : tok->defaultSession; + nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession; + + /* Don't ask the module to use an invalid session handle. */ + if (!session || session->handle == CK_INVALID_SESSION) { + PORT_SetError(SEC_ERROR_NO_TOKEN); + return PR_FAILURE; + } + nssSession_EnterMonitor(session); ckrv = CKAPI(epv)->C_DigestUpdate(session->handle, (CK_BYTE_PTR)item->data, @@ -1381,8 +1410,14 @@ nssToken_FinishDigest ( CK_BYTE_PTR digest; NSSItem *rvItem = NULL; void *epv = nssToken_GetCryptokiEPV(tok); - nssSession *session; - session = (sessionOpt) ? sessionOpt : tok->defaultSession; + nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession; + + /* Don't ask the module to use an invalid session handle. */ + if (!session || session->handle == CK_INVALID_SESSION) { + PORT_SetError(SEC_ERROR_NO_TOKEN); + return NULL; + } + nssSession_EnterMonitor(session); ckrv = CKAPI(epv)->C_DigestFinal(session->handle, NULL, &digestLen); if (ckrv != CKR_OK || digestLen == 0) { @@ -1459,6 +1494,12 @@ nssToken_TraverseCertificates ( void *epv = nssToken_GetCryptokiEPV(token); nssSession *session = (sessionOpt) ? sessionOpt : token->defaultSession; + /* Don't ask the module to use an invalid session handle. */ + if (!session || session->handle == CK_INVALID_SESSION) { + PORT_SetError(SEC_ERROR_NO_TOKEN); + return PR_FAILURE; + } + /* template for all certs */ NSS_CK_TEMPLATE_START(cert_template, attr, ctsize); if (searchType == nssTokenSearchType_SessionOnly) { diff --git a/security/nss/lib/dev/devutil.c b/security/nss/lib/dev/devutil.c index aea4173d5dd53..3ba9e0eef62a4 100644 --- a/security/nss/lib/dev/devutil.c +++ b/security/nss/lib/dev/devutil.c @@ -35,7 +35,7 @@ * ***** END LICENSE BLOCK ***** */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: devutil.c,v $ $Revision: 1.31 $ $Date: 2008/05/18 01:51:45 $"; +static const char CVS_ID[] = "@(#) $RCSfile: devutil.c,v $ $Revision: 1.32 $ $Date: 2008/09/30 04:09:02 $"; #endif /* DEBUG */ #ifndef DEVM_H @@ -387,7 +387,10 @@ create_object ( goto loser; } session = nssToken_GetDefaultSession(object->token); - + if (!session) { + nss_SetError(NSS_ERROR_INVALID_POINTER); + goto loser; + } arena = nssArena_Create(); if (!arena) { goto loser; diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile index 866f7a5677dbf..bf65098f40629 100644 --- a/security/nss/lib/freebl/Makefile +++ b/security/nss/lib/freebl/Makefile @@ -455,7 +455,7 @@ $(ECL_OBJS): $(ECL_HDRS) -$(OBJDIR)/sysrand$(OBJ_SUFFIX): sysrand.c unix_rand.c win_rand.c mac_rand.c os2_rand.c +$(OBJDIR)/sysrand$(OBJ_SUFFIX): sysrand.c unix_rand.c win_rand.c os2_rand.c $(OBJDIR)/$(PROG_PREFIX)mpprime$(OBJ_SUFFIX): primes.c diff --git a/security/nss/lib/freebl/config.mk b/security/nss/lib/freebl/config.mk index 68012cabfd919..dc2797ea0c020 100644 --- a/security/nss/lib/freebl/config.mk +++ b/security/nss/lib/freebl/config.mk @@ -90,15 +90,11 @@ EXTRA_SHARED_LIBS += \ -L$(DIST)/lib \ -lnssutil3 \ -L$(NSPR_LIB_DIR) \ - -lplc4 \ - -lplds4 \ -lnspr4 \ $(NULL) else # ! NS_USE_GCC EXTRA_SHARED_LIBS += \ $(DIST)/lib/nssutil3.lib \ - $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \ - $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \ $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \ $(NULL) endif # NS_USE_GCC @@ -109,11 +105,13 @@ EXTRA_SHARED_LIBS += \ -L$(DIST)/lib \ -lnssutil3 \ -L$(NSPR_LIB_DIR) \ - -lplc4 \ - -lplds4 \ -lnspr4 \ $(NULL) endif +ifeq ($(OS_ARCH), Darwin) +EXTRA_SHARED_LIBS += -dylib_file @executable_path/libplc4.dylib:$(DIST)/lib/libplc4.dylib -dylib_file @executable_path/libplds4.dylib:$(DIST)/lib/libplds4.dylib +endif + endif diff --git a/security/nss/lib/freebl/mac_rand.c b/security/nss/lib/freebl/mac_rand.c deleted file mode 100644 index 7d5cdf432b259..0000000000000 --- a/security/nss/lib/freebl/mac_rand.c +++ /dev/null @@ -1,318 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#ifdef notdef -#include "xp_core.h" -#include "xp_file.h" -#endif -#include "secrng.h" -#include "mcom_db.h" -#ifdef XP_MAC -#include -#include -#include -#include -#include -#include -#include - -/* Static prototypes */ -static size_t CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen); -void FE_ReadScreen(); - -static size_t CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen) -{ - union endianness { - int32 i; - char c[4]; - } u; - - if (srclen <= dstlen) { - memcpy(dst, src, srclen); - return srclen; - } - u.i = 0x01020304; - if (u.c[0] == 0x01) { - /* big-endian case */ - memcpy(dst, (char*)src + (srclen - dstlen), dstlen); - } else { - /* little-endian case */ - memcpy(dst, src, dstlen); - } - return dstlen; -} - -size_t RNG_GetNoise(void *buf, size_t maxbytes) -{ - UnsignedWide microTickCount; - Microseconds(µTickCount); - return CopyLowBits(buf, maxbytes, µTickCount, sizeof(microTickCount)); -} - -void RNG_FileForRNG(const char *filename) -{ - unsigned char buffer[BUFSIZ]; - size_t bytes; -#ifdef notdef /*sigh*/ - XP_File file; - unsigned long totalFileBytes = 0; - - if (filename == NULL) /* For now, read in global history if filename is null */ - file = XP_FileOpen(NULL, xpGlobalHistory,XP_FILE_READ_BIN); - else - file = XP_FileOpen(NULL, xpURL,XP_FILE_READ_BIN); - if (file != NULL) { - for (;;) { - bytes = XP_FileRead(buffer, sizeof(buffer), file); - if (bytes == 0) break; - RNG_RandomUpdate( buffer, bytes); - totalFileBytes += bytes; - if (totalFileBytes > 100*1024) break; /* No more than 100 K */ - } - XP_FileClose(file); - } -#endif - /* - * Pass yet another snapshot of our highest resolution clock into - * the hash function. - */ - bytes = RNG_GetNoise(buffer, sizeof(buffer)); - RNG_RandomUpdate(buffer, sizeof(buffer)); -} - -void RNG_SystemInfoForRNG() -{ -/* Time */ - { - unsigned long sec; - size_t bytes; - GetDateTime(&sec); /* Current time since 1970 */ - RNG_RandomUpdate( &sec, sizeof(sec)); - bytes = RNG_GetNoise(&sec, sizeof(sec)); - RNG_RandomUpdate(&sec, bytes); - } -/* User specific variables */ - { - MachineLocation loc; - ReadLocation(&loc); - RNG_RandomUpdate( &loc, sizeof(loc)); - } -#if !TARGET_CARBON -/* User name */ - { - unsigned long userRef; - Str32 userName; - GetDefaultUser(&userRef, userName); - RNG_RandomUpdate( &userRef, sizeof(userRef)); - RNG_RandomUpdate( userName, sizeof(userName)); - } -#endif -/* Mouse location */ - { - Point mouseLoc; - GetMouse(&mouseLoc); - RNG_RandomUpdate( &mouseLoc, sizeof(mouseLoc)); - } -/* Keyboard time threshold */ - { - SInt16 keyTresh = LMGetKeyThresh(); - RNG_RandomUpdate( &keyTresh, sizeof(keyTresh)); - } -/* Last key pressed */ - { - SInt8 keyLast; - keyLast = LMGetKbdLast(); - RNG_RandomUpdate( &keyLast, sizeof(keyLast)); - } -/* Volume */ - { - UInt8 volume = LMGetSdVolume(); - RNG_RandomUpdate( &volume, sizeof(volume)); - } -#if !TARGET_CARBON -/* Current directory */ - { - SInt32 dir = LMGetCurDirStore(); - RNG_RandomUpdate( &dir, sizeof(dir)); - } -#endif -/* Process information about all the processes in the machine */ - { - ProcessSerialNumber process; - ProcessInfoRec pi; - - process.highLongOfPSN = process.lowLongOfPSN = kNoProcess; - - while (GetNextProcess(&process) == noErr) - { - FSSpec fileSpec; - pi.processInfoLength = sizeof(ProcessInfoRec); - pi.processName = NULL; - pi.processAppSpec = &fileSpec; - GetProcessInformation(&process, &pi); - RNG_RandomUpdate( &pi, sizeof(pi)); - RNG_RandomUpdate( &fileSpec, sizeof(fileSpec)); - } - } - -#if !TARGET_CARBON -/* Heap */ - { - THz zone = LMGetTheZone(); - RNG_RandomUpdate( &zone, sizeof(zone)); - } -#endif - -/* Screen */ - { - GDHandle h = GetMainDevice(); /* GDHandle is **GDevice */ - RNG_RandomUpdate( *h, sizeof(GDevice)); - } - -#if !TARGET_CARBON -/* Scrap size */ - { - SInt32 scrapSize = LMGetScrapSize(); - RNG_RandomUpdate( &scrapSize, sizeof(scrapSize)); - } -/* Scrap count */ - { - SInt16 scrapCount = LMGetScrapCount(); - RNG_RandomUpdate( &scrapCount, sizeof(scrapCount)); - } -#else - { - ScrapRef scrap; - if (GetCurrentScrap(&scrap) == noErr) { - UInt32 flavorCount; - if (GetScrapFlavorCount(scrap, &flavorCount) == noErr) { - ScrapFlavorInfo* flavorInfo = (ScrapFlavorInfo*) malloc(flavorCount * sizeof(ScrapFlavorInfo)); - if (flavorInfo != NULL) { - if (GetScrapFlavorInfoList(scrap, &flavorCount, flavorInfo) == noErr) { - UInt32 i; - RNG_RandomUpdate(&flavorCount, sizeof(flavorCount)); - for (i = 0; i < flavorCount; ++i) { - Size flavorSize; - if (GetScrapFlavorSize(scrap, flavorInfo[i].flavorType, &flavorSize) == noErr) - RNG_RandomUpdate(&flavorSize, sizeof(flavorSize)); - } - } - free(flavorInfo); - } - } - } - } -#endif -/* File stuff, last modified, etc. */ - { - HParamBlockRec pb; - GetVolParmsInfoBuffer volInfo; - pb.ioParam.ioVRefNum = 0; - pb.ioParam.ioNamePtr = nil; - pb.ioParam.ioBuffer = (Ptr) &volInfo; - pb.ioParam.ioReqCount = sizeof(volInfo); - PBHGetVolParmsSync(&pb); - RNG_RandomUpdate( &volInfo, sizeof(volInfo)); - } -#if !TARGET_CARBON -/* Event queue */ - { - EvQElPtr eventQ; - for (eventQ = (EvQElPtr) LMGetEventQueue()->qHead; - eventQ; - eventQ = (EvQElPtr)eventQ->qLink) - RNG_RandomUpdate( &eventQ->evtQWhat, sizeof(EventRecord)); - } -#endif - FE_ReadScreen(); - RNG_FileForRNG(NULL); -} - -void FE_ReadScreen() -{ - UInt16 coords[4]; - PixMapHandle pmap; - GDHandle gh; - UInt16 screenHeight; - UInt16 screenWidth; /* just what they say */ - UInt32 bytesToRead; /* number of bytes we're giving */ - UInt32 offset; /* offset into the graphics buffer */ - UInt16 rowBytes; - UInt32 rowsToRead; - float bytesPerPixel; /* dependent on buffer depth */ - Ptr p; /* temporary */ - UInt16 x, y, w, h; - - gh = LMGetMainDevice(); - if ( !gh ) - return; - pmap = (**gh).gdPMap; - if ( !pmap ) - return; - - RNG_GenerateGlobalRandomBytes( coords, sizeof( coords ) ); - - /* make x and y inside the screen rect */ - screenHeight = (**pmap).bounds.bottom - (**pmap).bounds.top; - screenWidth = (**pmap).bounds.right - (**pmap).bounds.left; - x = coords[0] % screenWidth; - y = coords[1] % screenHeight; - w = ( coords[2] & 0x7F ) | 0x40; /* Make sure that w is in the range 64..128 */ - h = ( coords[3] & 0x7F ) | 0x40; /* same for h */ - - bytesPerPixel = (**pmap).pixelSize / 8; - rowBytes = (**pmap).rowBytes & 0x7FFF; - - /* starting address */ - offset = ( rowBytes * y ) + (UInt32)( (float)x * bytesPerPixel ); - - /* don't read past the end of the pixmap's rowbytes */ - bytesToRead = PR_MIN( (UInt32)( w * bytesPerPixel ), - (UInt32)( rowBytes - ( x * bytesPerPixel ) ) ); - - /* don't read past the end of the graphics device pixmap */ - rowsToRead = PR_MIN( h, - ( screenHeight - y ) ); - - p = GetPixBaseAddr( pmap ) + offset; - - while ( rowsToRead-- ) - { - RNG_RandomUpdate( p, bytesToRead ); - p += rowBytes; - } -} -#endif diff --git a/security/nss/lib/freebl/md2.c b/security/nss/lib/freebl/md2.c index ddc7a9d7e7f94..8582f903eedd0 100644 --- a/security/nss/lib/freebl/md2.c +++ b/security/nss/lib/freebl/md2.c @@ -100,7 +100,7 @@ MD2_Hash(unsigned char *dest, const char *src) return SECFailure; } MD2_Begin(cx); - MD2_Update(cx, (unsigned char *)src, PL_strlen(src)); + MD2_Update(cx, (const unsigned char *)src, PORT_Strlen(src)); MD2_End(cx, dest, &len, MD2_DIGEST_LEN); MD2_DestroyContext(cx, PR_TRUE); return SECSuccess; diff --git a/security/nss/lib/freebl/md5.c b/security/nss/lib/freebl/md5.c index fbcee7f46f328..97c400d9cd637 100644 --- a/security/nss/lib/freebl/md5.c +++ b/security/nss/lib/freebl/md5.c @@ -222,7 +222,7 @@ struct MD5ContextStr { SECStatus MD5_Hash(unsigned char *dest, const char *src) { - return MD5_HashBuf(dest, (unsigned char *)src, PL_strlen(src)); + return MD5_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src)); } SECStatus diff --git a/security/nss/lib/freebl/sysrand.c b/security/nss/lib/freebl/sysrand.c index 3a8bf4ec81055..7991e8f30a597 100644 --- a/security/nss/lib/freebl/sysrand.c +++ b/security/nss/lib/freebl/sysrand.c @@ -41,9 +41,6 @@ #ifdef XP_WIN #include "win_rand.c" #endif -#ifdef XP_MAC -#include "mac_rand.c" -#endif #ifdef XP_OS2 #include "os2_rand.c" #endif diff --git a/security/nss/lib/jar/jarfile.c b/security/nss/lib/jar/jarfile.c index fc3ed2ae93ec2..2ff6fd88e7938 100644 --- a/security/nss/lib/jar/jarfile.c +++ b/security/nss/lib/jar/jarfile.c @@ -360,7 +360,8 @@ static int jar_physical_inflate unsigned long prev_total, ochunk, tin; - if ((inbuf = (char *) PORT_ZAlloc (ICHUNK)) == NULL) + /* Raw inflate in zlib 1.1.4 needs an extra dummy byte at the end */ + if ((inbuf = (char *) PORT_ZAlloc (ICHUNK + 1)) == NULL) return JAR_ERR_MEMORY; if ((outbuf = (char *) PORT_ZAlloc (OCHUNK)) == NULL) @@ -400,6 +401,12 @@ static int jar_physical_inflate at += chunk; + if (at == length) + { + /* add an extra dummy byte at the end */ + inbuf[chunk++] = 0xDD; + } + zs.next_in = (Bytef *) inbuf; zs.avail_in = chunk; zs.avail_out = OCHUNK; @@ -631,7 +638,7 @@ static int jar_extract_mf (JAR *jar, jarArch format, JAR_FILE fp, char *ext) ZZList *list; char *fn, *e; - char ZHUGEP *manifest = NULL; + char ZHUGEP *manifest; long length; int status, ret = 0, num; @@ -676,17 +683,16 @@ static int jar_extract_mf (JAR *jar, jarArch format, JAR_FILE fp, char *ext) continue; } - if (phy->length == 0) + if (phy->length == 0 || phy->length > 0xFFFF) { - /* manifest files cannot be zero length! */ + /* manifest files cannot be zero length or too big! */ + /* the 0xFFFF limit is per J2SE SDK */ return JAR_ERR_CORRUPT; } /* Read in the manifest and parse it */ - /* limit is per J2SE SDK */ - if (phy->length <= 0xFFFF) { - manifest = (char ZHUGEP *) PORT_ZAlloc (phy->length + 1); - } + /* Raw inflate in zlib 1.1.4 needs an extra dummy byte at the end */ + manifest = (char ZHUGEP *) PORT_ZAlloc (phy->length + 1); if (manifest) { JAR_FSEEK (fp, phy->offset, (PRSeekWhence)0); @@ -702,6 +708,8 @@ static int jar_extract_mf (JAR *jar, jarArch format, JAR_FILE fp, char *ext) if (phy->compression == 8) { length = phy->length; + /* add an extra dummy byte at the end */ + manifest[length++] = 0xDD; status = jar_inflate_memory ((unsigned int) phy->compression, &length, phy->uncompressed_length, &manifest); diff --git a/security/nss/lib/libpkix/pkix/checker/manifest.mn b/security/nss/lib/libpkix/pkix/checker/manifest.mn index 417d84b276f3b..b30b5236c1d9e 100755 --- a/security/nss/lib/libpkix/pkix/checker/manifest.mn +++ b/security/nss/lib/libpkix/pkix/checker/manifest.mn @@ -41,19 +41,35 @@ EXPORTS = \ $(NULL) PRIVATE_EXPORTS = \ + pkix_basicconstraintschecker.h \ pkix_certchainchecker.h \ + pkix_defaultcrlchecker.h \ pkix_defaultrevchecker.h \ + pkix_expirationchecker.h \ + pkix_namechainingchecker.h \ + pkix_nameconstraintschecker.h \ pkix_ocspchecker.h \ + pkix_policychecker.h \ pkix_revocationchecker.h \ + pkix_signaturechecker.h \ + pkix_targetcertchecker.h \ $(NULL) MODULE = nss CSRCS = \ + pkix_basicconstraintschecker.c \ pkix_certchainchecker.c \ + pkix_defaultcrlchecker.c \ pkix_defaultrevchecker.c \ + pkix_expirationchecker.c \ + pkix_namechainingchecker.c \ + pkix_nameconstraintschecker.c \ pkix_ocspchecker.c \ pkix_revocationchecker.c \ + pkix_policychecker.c \ + pkix_signaturechecker.c \ + pkix_targetcertchecker.c \ $(NULL) REQUIRES = dbm diff --git a/security/nss/lib/libpkix/pkix/top/pkix_basicconstraintschecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.c similarity index 100% rename from security/nss/lib/libpkix/pkix/top/pkix_basicconstraintschecker.c rename to security/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.c diff --git a/security/nss/lib/libpkix/pkix/top/pkix_basicconstraintschecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.h similarity index 100% rename from security/nss/lib/libpkix/pkix/top/pkix_basicconstraintschecker.h rename to security/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.h diff --git a/security/nss/lib/libpkix/pkix/top/pkix_defaultcrlchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_defaultcrlchecker.c similarity index 100% rename from security/nss/lib/libpkix/pkix/top/pkix_defaultcrlchecker.c rename to security/nss/lib/libpkix/pkix/checker/pkix_defaultcrlchecker.c diff --git a/security/nss/lib/libpkix/pkix/top/pkix_defaultcrlchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_defaultcrlchecker.h similarity index 100% rename from security/nss/lib/libpkix/pkix/top/pkix_defaultcrlchecker.h rename to security/nss/lib/libpkix/pkix/checker/pkix_defaultcrlchecker.h diff --git a/security/nss/lib/libpkix/pkix/top/pkix_expirationchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.c similarity index 100% rename from security/nss/lib/libpkix/pkix/top/pkix_expirationchecker.c rename to security/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.c diff --git a/security/nss/lib/libpkix/pkix/top/pkix_expirationchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.h similarity index 100% rename from security/nss/lib/libpkix/pkix/top/pkix_expirationchecker.h rename to security/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.h diff --git a/security/nss/lib/libpkix/pkix/top/pkix_namechainingchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.c similarity index 100% rename from security/nss/lib/libpkix/pkix/top/pkix_namechainingchecker.c rename to security/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.c diff --git a/security/nss/lib/libpkix/pkix/top/pkix_namechainingchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.h similarity index 100% rename from security/nss/lib/libpkix/pkix/top/pkix_namechainingchecker.h rename to security/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.h diff --git a/security/nss/lib/libpkix/pkix/top/pkix_nameconstraintschecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c similarity index 100% rename from security/nss/lib/libpkix/pkix/top/pkix_nameconstraintschecker.c rename to security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c diff --git a/security/nss/lib/libpkix/pkix/top/pkix_nameconstraintschecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.h similarity index 100% rename from security/nss/lib/libpkix/pkix/top/pkix_nameconstraintschecker.h rename to security/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.h diff --git a/security/nss/lib/libpkix/pkix/top/pkix_policychecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_policychecker.c similarity index 100% rename from security/nss/lib/libpkix/pkix/top/pkix_policychecker.c rename to security/nss/lib/libpkix/pkix/checker/pkix_policychecker.c diff --git a/security/nss/lib/libpkix/pkix/top/pkix_policychecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_policychecker.h similarity index 100% rename from security/nss/lib/libpkix/pkix/top/pkix_policychecker.h rename to security/nss/lib/libpkix/pkix/checker/pkix_policychecker.h diff --git a/security/nss/lib/libpkix/pkix/top/pkix_signaturechecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c similarity index 100% rename from security/nss/lib/libpkix/pkix/top/pkix_signaturechecker.c rename to security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c diff --git a/security/nss/lib/libpkix/pkix/top/pkix_signaturechecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.h similarity index 100% rename from security/nss/lib/libpkix/pkix/top/pkix_signaturechecker.h rename to security/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.h diff --git a/security/nss/lib/libpkix/pkix/top/pkix_targetcertchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.c similarity index 100% rename from security/nss/lib/libpkix/pkix/top/pkix_targetcertchecker.c rename to security/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.c diff --git a/security/nss/lib/libpkix/pkix/top/pkix_targetcertchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.h similarity index 100% rename from security/nss/lib/libpkix/pkix/top/pkix_targetcertchecker.h rename to security/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.h diff --git a/security/nss/lib/libpkix/pkix/top/manifest.mn b/security/nss/lib/libpkix/pkix/top/manifest.mn index a4384e20d2bdd..67efa32fa4b79 100755 --- a/security/nss/lib/libpkix/pkix/top/manifest.mn +++ b/security/nss/lib/libpkix/pkix/top/manifest.mn @@ -41,31 +41,15 @@ EXPORTS = \ $(NULL) PRIVATE_EXPORTS = \ - pkix_basicconstraintschecker.h \ - pkix_nameconstraintschecker.h \ pkix_build.h \ - pkix_policychecker.h \ - pkix_defaultcrlchecker.h \ - pkix_signaturechecker.h \ - pkix_expirationchecker.h \ - pkix_targetcertchecker.h \ pkix_lifecycle.h \ pkix_validate.h \ - pkix_namechainingchecker.h \ $(NULL) MODULE = nss CSRCS = \ - pkix_signaturechecker.c \ - pkix_expirationchecker.c \ - pkix_namechainingchecker.c \ - pkix_basicconstraintschecker.c \ - pkix_policychecker.c \ pkix_validate.c \ - pkix_targetcertchecker.c \ - pkix_defaultcrlchecker.c \ - pkix_nameconstraintschecker.c \ pkix_lifecycle.c \ pkix_build.c \ $(NULL) diff --git a/security/nss/lib/libpkix/pkix/util/pkix_tools.h b/security/nss/lib/libpkix/pkix/util/pkix_tools.h index a113550a56fde..f4fcb4a6e11df 100755 --- a/security/nss/lib/libpkix/pkix/util/pkix_tools.h +++ b/security/nss/lib/libpkix/pkix/util/pkix_tools.h @@ -328,7 +328,7 @@ extern PLHashNumber PR_CALLBACK pkix_ErrorGen_Hash (const void *key); #endif /* disable to disable ;-) */ -#define WANT_TRACE_CHECK_FAILURES +/* #define WANT_TRACE_CHECK_FAILURES */ #ifdef WANT_TRACE_CHECK_FAILURES #define TRACE_CHECK_FAILURE(what, errorstring) \ diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c index 707e94c9e04b0..e2bf7f14fc8ce 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c @@ -331,9 +331,6 @@ pkix_pl_AIAMgr_GetHTTPCerts( &requestSession)); if (rv != SECSuccess) { - if (path != NULL) { - PORT_Free(path); - } PKIX_ERROR(PKIX_HTTPSERVERERROR); } @@ -415,6 +412,12 @@ pkix_pl_AIAMgr_GetHTTPCerts( if (locationAscii) { PORT_Free(locationAscii); } + if (hostname) { + PORT_Free(hostname); + } + if (path) { + PORT_Free(path); + } PKIX_RETURN(AIAMGR); } diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c index 30b2a53c75440..321857beb231d 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c @@ -410,7 +410,7 @@ pkix_pl_HttpDefaultClient_Create( PKIX_PL_HttpDefaultClient *client = NULL; PKIX_ENTER(HTTPDEFAULTCLIENT, "PKIX_PL_HttpDefaultClient_Create"); - PKIX_NULLCHECK_ONE(pClient); + PKIX_NULLCHECK_TWO(pClient, host); /* allocate an HttpDefaultClient */ PKIX_CHECK(PKIX_PL_Object_Alloc @@ -439,7 +439,12 @@ pkix_pl_HttpDefaultClient_Create( client->GETBuf = NULL; client->POSTBuf = NULL; client->rcvBuf = NULL; - client->host = host; + /* "host" is a parsing result by CERT_GetURL function that adds + * "end of line" to the value. OK to dup the string. */ + client->host = PORT_Strdup(host); + if (!client->host) { + PKIX_ERROR(PKIX_ALLOCERROR); + } client->path = NULL; client->rcvContentType = NULL; client->rcvHeaders = NULL; @@ -495,17 +500,22 @@ pkix_pl_HttpDefaultClient_Destroy( PR_smprintf_free(client->GETBuf); client->GETBuf = NULL; } - if (client->POSTBuf != NULL) { PKIX_PL_Free(client->POSTBuf, plContext); client->POSTBuf = NULL; } - if (client->rcvBuf != NULL) { PKIX_PL_Free(client->rcvBuf, plContext); client->rcvBuf = NULL; } - + if (client->host) { + PORT_Free(client->host); + client->host = NULL; + } + if (client->path) { + PORT_Free(client->path); + client->path = NULL; + } PKIX_DECREF(client->socket); cleanup: @@ -1254,7 +1264,15 @@ pkix_pl_HttpDefaultClient_RequestCreate( PKIX_ERROR(PKIX_UNRECOGNIZEDREQUESTMETHOD); } - client->path = path_and_query_string; + if (path_and_query_string) { + /* "path_and_query_string" is a parsing result by CERT_GetURL + * function that adds "end of line" to the value. OK to dup + * the string. */ + client->path = PORT_Strdup(path_and_query_string); + if (!client->path) { + PKIX_ERROR(PKIX_ALLOCERROR); + } + } client->timeout = timeout; diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.h b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.h index 918959f046ae8..70b408cae8627 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.h +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.h @@ -91,8 +91,8 @@ struct PKIX_PL_HttpDefaultClientStruct { char *GETBuf; char *POSTBuf; char *rcvBuf; - const char *host; - const char *path; + char *host; + char *path; const char *rcvContentType; void *rcvHeaders; HttpMethod send_http_method; diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c index 507bc3355b411..8f259fadf6162 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c @@ -2903,6 +2903,7 @@ PKIX_PL_Cert_VerifySignature( SECStatus status; PKIX_Boolean certEqual = PKIX_FALSE; PKIX_Boolean certInHash = PKIX_FALSE; + void* wincx = NULL; PKIX_ENTER(CERT, "PKIX_PL_Cert_VerifySignature"); PKIX_NULLCHECK_THREE(cert, cert->nssCert, pubKey); @@ -2934,7 +2935,12 @@ PKIX_PL_Cert_VerifySignature( } PKIX_CERT_DEBUG("\t\tCalling CERT_VerifySignedDataWithPublicKey).\n"); - status = CERT_VerifySignedDataWithPublicKey(tbsCert, nssPubKey, NULL); + + PKIX_CHECK(pkix_pl_NssContext_GetWincx + ((PKIX_PL_NssContext *)plContext, &wincx), + PKIX_NSSCONTEXTGETWINCXFAILED); + + status = CERT_VerifySignedDataWithPublicKey(tbsCert, nssPubKey, wincx); if (status != SECSuccess) { PKIX_ERROR(PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY); diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c index 84a62418579b4..1f38ba35e006a 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c @@ -1153,6 +1153,7 @@ PKIX_PL_CRL_VerifySignature( CERTSignedCrl *nssSignedCrl = NULL; SECKEYPublicKey *nssPubKey = NULL; CERTSignedData *tbsCrl = NULL; + void* wincx = NULL; SECStatus status; PKIX_ENTER(CRL, "PKIX_PL_CRL_VerifySignature"); @@ -1184,8 +1185,12 @@ PKIX_PL_CRL_VerifySignature( PKIX_ERROR(PKIX_SECKEYEXTRACTPUBLICKEYFAILED); } + PKIX_CHECK(pkix_pl_NssContext_GetWincx + ((PKIX_PL_NssContext *)plContext, &wincx), + PKIX_NSSCONTEXTGETWINCXFAILED); + PKIX_CRL_DEBUG("\t\tCalling CERT_VerifySignedDataWithPublicKey\n"); - status = CERT_VerifySignedDataWithPublicKey(tbsCrl, nssPubKey, NULL); + status = CERT_VerifySignedDataWithPublicKey(tbsCrl, nssPubKey, wincx); if (status != SECSuccess) { PKIX_ERROR(PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY); diff --git a/security/nss/lib/nss/config.mk b/security/nss/lib/nss/config.mk index b6214a4ebb4ad..195448df167fc 100644 --- a/security/nss/lib/nss/config.mk +++ b/security/nss/lib/nss/config.mk @@ -127,11 +127,6 @@ SHARED_LIBRARY_DIRS = \ ../libpkix/pkix_pl_nss/module \ $(NULL) -ifeq ($(OS_ARCH), Darwin) -EXTRA_SHARED_LIBS += -dylib_file @executable_path/libsqlite3.dylib:$(DIST)/lib/libsqlite3.dylib -endif - - ifeq ($(OS_TARGET),SunOS) ifeq ($(BUILD_SUN_PKG), 1) # The -R '$ORIGIN' linker option instructs this library to search for its diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 913614e931044..d444a7f498bf5 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -36,7 +36,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: nss.h,v 1.58.4.1 2008/09/05 17:02:49 kaie%kuix.de Exp $ */ +/* $Id: nss.h,v 1.61 2008/10/21 03:58:14 kaie%kuix.de Exp $ */ #ifndef __nss_h_ #define __nss_h_ @@ -70,10 +70,10 @@ SEC_BEGIN_PROTOS * The format of the version string should be * ".[.][ ][ ]" */ -#define NSS_VERSION "3.12.1.1" _NSS_ECC_STRING _NSS_CUSTOMIZED +#define NSS_VERSION "3.12.2.0" _NSS_ECC_STRING _NSS_CUSTOMIZED #define NSS_VMAJOR 3 #define NSS_VMINOR 12 -#define NSS_VPATCH 1 +#define NSS_VPATCH 2 #define NSS_BETA PR_FALSE /* diff --git a/security/nss/lib/nss/nssinit.c b/security/nss/lib/nss/nssinit.c index 1d2960d558c06..ed41fce73fccc 100644 --- a/security/nss/lib/nss/nssinit.c +++ b/security/nss/lib/nss/nssinit.c @@ -36,7 +36,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: nssinit.c,v 1.96 2008/05/17 03:44:41 wtc%google.com Exp $ */ +/* $Id: nssinit.c,v 1.97 2008/08/22 01:33:03 wtc%google.com Exp $ */ #include #include "seccomon.h" @@ -291,11 +291,9 @@ nss_doubleEscape(const char *string) } -#ifndef XP_MAC /* * The following code is an attempt to automagically find the external root - * module. NOTE: This code should be checked out on the MAC! There must be - * some cross platform support out there to help out with this? + * module. * Note: Keep the #if-defined chunks in order. HPUX must select before UNIX. */ @@ -308,8 +306,6 @@ static const char *dllname = "libnssckbi.dylib"; #elif defined(XP_UNIX) || defined(XP_BEOS) "libnssckbi.so"; -#elif defined(XP_MAC) - "NSS Builtin Root Certs"; #else #error "Uh! Oh! I don't know about this platform." #endif @@ -390,7 +386,6 @@ nss_FindExternalRoot(const char *dbpath, const char* secmodprefix) nss_FreeExternalRootPaths(oldpath, path); return; } -#endif /* * OK there are now lots of options here, lets go through them all: @@ -558,14 +553,11 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix, } CERT_SetDefaultCertDB((CERTCertDBHandle *) STAN_GetDefaultTrustDomain()); -#ifndef XP_MAC - /* only servers need this. We currently do not have a mac server */ if ((!noModDB) && (!noCertDB) && (!noRootInit)) { if (!SECMOD_HasRootCerts()) { nss_FindExternalRoot(configdir, secmodName); } } -#endif pk11sdr_Init(); cert_CreateSubjectKeyIDHashTable(); nss_IsInitted = PR_TRUE; diff --git a/security/nss/lib/pk11wrap/debug_module.c b/security/nss/lib/pk11wrap/debug_module.c index 3775f4ad17448..5197d960ed8a9 100644 --- a/security/nss/lib/pk11wrap/debug_module.c +++ b/security/nss/lib/pk11wrap/debug_module.c @@ -35,6 +35,7 @@ * ***** END LICENSE BLOCK ***** */ #include "prlog.h" #include +#include "cert.h" /* for CERT_DerNameToAscii & CERT_Hexify */ static PRLogModuleInfo *modlog = NULL; @@ -44,202 +45,624 @@ static CK_FUNCTION_LIST debug_functions; static void print_final_statistics(void); -/* The AIX 64-bit compiler chokes on large switch statements (see - * bug #63815). I tried the trick recommended there, using -O2 in - * debug builds, and it didn't work. Instead, I'll suppress some of - * the verbose output and just dump values. - */ +#define STRING static const char + +STRING fmt_flags[] = " flags = 0x%x"; +STRING fmt_hKey[] = " hKey = 0x%x"; +STRING fmt_hObject[] = " hObject = 0x%x"; +STRING fmt_hSession[] = " hSession = 0x%x"; +STRING fmt_manufacturerID[] = " manufacturerID = \"%.32s\""; +STRING fmt_pData[] = " pData = 0x%p"; +STRING fmt_pDigest[] = " pDigest = 0x%p"; +STRING fmt_pEncryptedData[] = " pEncryptedData = 0x%p"; +STRING fmt_pEncryptedPart[] = " pEncryptedPart = 0x%p"; +STRING fmt_pInfo[] = " pInfo = 0x%p"; +STRING fmt_pMechanism[] = " pMechanism = 0x%p"; +STRING fmt_pOperationState[] = " pOperationState = 0x%p"; +STRING fmt_pPart[] = " pPart = 0x%p"; +STRING fmt_pPin[] = " pPin = 0x%p"; +STRING fmt_pSignature[] = " pSignature = 0x%p"; +STRING fmt_pTemplate[] = " pTemplate = 0x%p"; +STRING fmt_pWrappedKey[] = " pWrappedKey = 0x%p"; +STRING fmt_phKey[] = " phKey = 0x%p"; +STRING fmt_phObject[] = " phObject = 0x%p"; +STRING fmt_pulCount[] = " pulCount = 0x%p"; +STRING fmt_pulDataLen[] = " pulDataLen = 0x%p"; +STRING fmt_pulDigestLen[] = " pulDigestLen = 0x%p"; +STRING fmt_pulEncryptedPartLen[] = " pulEncryptedPartLen = 0x%p"; +STRING fmt_pulPartLen[] = " pulPartLen = 0x%p"; +STRING fmt_pulSignatureLen[] = " pulSignatureLen = 0x%p"; +STRING fmt_slotID[] = " slotID = 0x%x"; +STRING fmt_sphKey[] = " *phKey = 0x%x"; +STRING fmt_spulCount[] = " *pulCount = 0x%x"; +STRING fmt_spulDataLen[] = " *pulDataLen = 0x%x"; +STRING fmt_spulDigestLen[] = " *pulDigestLen = 0x%x"; +STRING fmt_spulEncryptedPartLen[] = " *pulEncryptedPartLen = 0x%x"; +STRING fmt_spulPartLen[] = " *pulPartLen = 0x%x"; +STRING fmt_spulSignatureLen[] = " *pulSignatureLen = 0x%x"; +STRING fmt_ulAttributeCount[] = " ulAttributeCount = %d"; +STRING fmt_ulCount[] = " ulCount = %d"; +STRING fmt_ulDataLen[] = " ulDataLen = %d"; +STRING fmt_ulEncryptedPartLen[] = " ulEncryptedPartLen = %d"; +STRING fmt_ulPartLen[] = " ulPartLen = %d"; +STRING fmt_ulPinLen[] = " ulPinLen = %d"; +STRING fmt_ulSignatureLen[] = " ulSignatureLen = %d"; + +STRING fmt_fwVersion[] = " firmware version: %d.%d"; +STRING fmt_hwVersion[] = " hardware version: %d.%d"; +STRING fmt_s_qsq_d[] = " %s = \"%s\" [%d]"; +STRING fmt_s_s_d[] = " %s = %s [%d]"; +STRING fmt_invalid_handle[] = " (CK_INVALID_HANDLE)"; + static void get_attr_type_str(CK_ATTRIBUTE_TYPE atype, char *str, int len) { -#define SETA(attr) \ - PR_snprintf(str, len, "%s", attr); break; +#define CASE(attr) case attr: a = #attr ; break + + const char * a = NULL; + switch (atype) { -#ifndef AIX_64BIT - case CKA_CLASS: SETA("CKA_CLASS"); - case CKA_TOKEN: SETA("CKA_TOKEN"); - case CKA_PRIVATE: SETA("CKA_PRIVATE"); - case CKA_LABEL: SETA("CKA_LABEL"); - case CKA_APPLICATION: SETA("CKA_APPLICATION"); - case CKA_VALUE: SETA("CKA_VALUE"); - case CKA_OBJECT_ID: SETA("CKA_OBJECT_ID"); - case CKA_CERTIFICATE_TYPE: SETA("CKA_CERTIFICATE_TYPE"); - case CKA_ISSUER: SETA("CKA_ISSUER"); - case CKA_SERIAL_NUMBER: SETA("CKA_SERIAL_NUMBER"); - case CKA_AC_ISSUER: SETA("CKA_AC_ISSUER"); - case CKA_OWNER: SETA("CKA_OWNER"); - case CKA_ATTR_TYPES: SETA("CKA_ATTR_TYPES"); - case CKA_TRUSTED: SETA("CKA_TRUSTED"); - case CKA_KEY_TYPE: SETA("CKA_KEY_TYPE"); - case CKA_SUBJECT: SETA("CKA_SUBJECT"); - case CKA_ID: SETA("CKA_ID"); - case CKA_SENSITIVE: SETA("CKA_SENSITIVE"); - case CKA_ENCRYPT: SETA("CKA_ENCRYPT"); - case CKA_DECRYPT: SETA("CKA_DECRYPT"); - case CKA_WRAP: SETA("CKA_WRAP"); - case CKA_UNWRAP: SETA("CKA_UNWRAP"); - case CKA_SIGN: SETA("CKA_SIGN"); - case CKA_SIGN_RECOVER: SETA("CKA_SIGN_RECOVER"); - case CKA_VERIFY: SETA("CKA_VERIFY"); - case CKA_VERIFY_RECOVER: SETA("CKA_VERIFY_RECOVER"); - case CKA_DERIVE: SETA("CKA_DERIVE"); - case CKA_START_DATE: SETA("CKA_START_DATE"); - case CKA_END_DATE: SETA("CKA_END_DATE"); - case CKA_MODULUS: SETA("CKA_MODULUS"); - case CKA_MODULUS_BITS: SETA("CKA_MODULUS_BITS"); - case CKA_PUBLIC_EXPONENT: SETA("CKA_PUBLIC_EXPONENT"); - case CKA_PRIVATE_EXPONENT: SETA("CKA_PRIVATE_EXPONENT"); - case CKA_PRIME_1: SETA("CKA_PRIME_1"); - case CKA_PRIME_2: SETA("CKA_PRIME_2"); - case CKA_EXPONENT_1: SETA("CKA_EXPONENT_1"); - case CKA_EXPONENT_2: SETA("CKA_EXPONENT_2"); - case CKA_COEFFICIENT: SETA("CKA_COEFFICIENT"); - case CKA_PRIME: SETA("CKA_PRIME"); - case CKA_SUBPRIME: SETA("CKA_SUBPRIME"); - case CKA_BASE: SETA("CKA_BASE"); - case CKA_PRIME_BITS: SETA("CKA_PRIME_BITS"); - case CKA_SUB_PRIME_BITS: SETA("CKA_SUB_PRIME_BITS"); - case CKA_VALUE_BITS: SETA("CKA_VALUE_BITS"); - case CKA_VALUE_LEN: SETA("CKA_VALUE_LEN"); - case CKA_EXTRACTABLE: SETA("CKA_EXTRACTABLE"); - case CKA_LOCAL: SETA("CKA_LOCAL"); - case CKA_NEVER_EXTRACTABLE: SETA("CKA_NEVER_EXTRACTABLE"); - case CKA_ALWAYS_SENSITIVE: SETA("CKA_ALWAYS_SENSITIVE"); - case CKA_KEY_GEN_MECHANISM: SETA("CKA_KEY_GEN_MECHANISM"); - case CKA_MODIFIABLE: SETA("CKA_MODIFIABLE"); - case CKA_ECDSA_PARAMS: SETA("CKA_ECDSA_PARAMS"); - case CKA_EC_POINT: SETA("CKA_EC_POINT"); - case CKA_SECONDARY_AUTH: SETA("CKA_SECONDARY_AUTH"); - case CKA_AUTH_PIN_FLAGS: SETA("CKA_AUTH_PIN_FLAGS"); - case CKA_HW_FEATURE_TYPE: SETA("CKA_HW_FEATURE_TYPE"); - case CKA_RESET_ON_INIT: SETA("CKA_RESET_ON_INIT"); - case CKA_HAS_RESET: SETA("CKA_HAS_RESET"); - case CKA_VENDOR_DEFINED: SETA("CKA_VENDOR_DEFINED"); - case CKA_NETSCAPE_URL: SETA("CKA_NETSCAPE_URL"); - case CKA_NETSCAPE_EMAIL: SETA("CKA_NETSCAPE_EMAIL"); - case CKA_NETSCAPE_SMIME_INFO: SETA("CKA_NETSCAPE_SMIME_INFO"); - case CKA_NETSCAPE_SMIME_TIMESTAMP: SETA("CKA_NETSCAPE_SMIME_TIMESTAMP"); - case CKA_NETSCAPE_PKCS8_SALT: SETA("CKA_NETSCAPE_PKCS8_SALT"); - case CKA_NETSCAPE_PASSWORD_CHECK: SETA("CKA_NETSCAPE_PASSWORD_CHECK"); - case CKA_NETSCAPE_EXPIRES: SETA("CKA_NETSCAPE_EXPIRES"); - case CKA_NETSCAPE_KRL: SETA("CKA_NETSCAPE_KRL"); - case CKA_NETSCAPE_PQG_COUNTER: SETA("CKA_NETSCAPE_PQG_COUNTER"); - case CKA_NETSCAPE_PQG_SEED: SETA("CKA_NETSCAPE_PQG_SEED"); - case CKA_NETSCAPE_PQG_H: SETA("CKA_NETSCAPE_PQG_H"); - case CKA_NETSCAPE_PQG_SEED_BITS: SETA("CKA_NETSCAPE_PQG_SEED_BITS"); - case CKA_TRUST: SETA("CKA_TRUST"); - case CKA_TRUST_DIGITAL_SIGNATURE: SETA("CKA_TRUST_DIGITAL_SIGNATURE"); - case CKA_TRUST_NON_REPUDIATION: SETA("CKA_TRUST_NON_REPUDIATION"); - case CKA_TRUST_KEY_ENCIPHERMENT: SETA("CKA_TRUST_KEY_ENCIPHERMENT"); - case CKA_TRUST_DATA_ENCIPHERMENT: SETA("CKA_TRUST_DATA_ENCIPHERMENT"); - case CKA_TRUST_KEY_AGREEMENT: SETA("CKA_TRUST_KEY_AGREEMENT"); - case CKA_TRUST_KEY_CERT_SIGN: SETA("CKA_TRUST_KEY_CERT_SIGN"); - case CKA_TRUST_CRL_SIGN: SETA("CKA_TRUST_CRL_SIGN"); - case CKA_TRUST_SERVER_AUTH: SETA("CKA_TRUST_SERVER_AUTH"); - case CKA_TRUST_CLIENT_AUTH: SETA("CKA_TRUST_CLIENT_AUTH"); - case CKA_TRUST_CODE_SIGNING: SETA("CKA_TRUST_CODE_SIGNING"); - case CKA_TRUST_EMAIL_PROTECTION: SETA("CKA_TRUST_EMAIL_PROTECTION"); - case CKA_TRUST_IPSEC_END_SYSTEM: SETA("CKA_TRUST_IPSEC_END_SYSTEM"); - case CKA_TRUST_IPSEC_TUNNEL: SETA("CKA_TRUST_IPSEC_TUNNEL"); - case CKA_TRUST_IPSEC_USER: SETA("CKA_TRUST_IPSEC_USER"); - case CKA_TRUST_TIME_STAMPING: SETA("CKA_TRUST_TIME_STAMPING"); - case CKA_CERT_SHA1_HASH: SETA("CKA_CERT_SHA1_HASH"); - case CKA_CERT_MD5_HASH: SETA("CKA_CERT_MD5_HASH"); - case CKA_NETSCAPE_DB: SETA("CKA_NETSCAPE_DB"); - case CKA_NETSCAPE_TRUST: SETA("CKA_NETSCAPE_TRUST"); -#endif - default: PR_snprintf(str, len, "0x%p", atype); break; + CASE(CKA_CLASS); + CASE(CKA_TOKEN); + CASE(CKA_PRIVATE); + CASE(CKA_LABEL); + CASE(CKA_APPLICATION); + CASE(CKA_VALUE); + CASE(CKA_OBJECT_ID); + CASE(CKA_CERTIFICATE_TYPE); + CASE(CKA_ISSUER); + CASE(CKA_SERIAL_NUMBER); + CASE(CKA_AC_ISSUER); + CASE(CKA_OWNER); + CASE(CKA_ATTR_TYPES); + CASE(CKA_TRUSTED); + CASE(CKA_KEY_TYPE); + CASE(CKA_SUBJECT); + CASE(CKA_ID); + CASE(CKA_SENSITIVE); + CASE(CKA_ENCRYPT); + CASE(CKA_DECRYPT); + CASE(CKA_WRAP); + CASE(CKA_UNWRAP); + CASE(CKA_SIGN); + CASE(CKA_SIGN_RECOVER); + CASE(CKA_VERIFY); + CASE(CKA_VERIFY_RECOVER); + CASE(CKA_DERIVE); + CASE(CKA_START_DATE); + CASE(CKA_END_DATE); + CASE(CKA_MODULUS); + CASE(CKA_MODULUS_BITS); + CASE(CKA_PUBLIC_EXPONENT); + CASE(CKA_PRIVATE_EXPONENT); + CASE(CKA_PRIME_1); + CASE(CKA_PRIME_2); + CASE(CKA_EXPONENT_1); + CASE(CKA_EXPONENT_2); + CASE(CKA_COEFFICIENT); + CASE(CKA_PRIME); + CASE(CKA_SUBPRIME); + CASE(CKA_BASE); + CASE(CKA_PRIME_BITS); + CASE(CKA_SUB_PRIME_BITS); + CASE(CKA_VALUE_BITS); + CASE(CKA_VALUE_LEN); + CASE(CKA_EXTRACTABLE); + CASE(CKA_LOCAL); + CASE(CKA_NEVER_EXTRACTABLE); + CASE(CKA_ALWAYS_SENSITIVE); + CASE(CKA_KEY_GEN_MECHANISM); + CASE(CKA_MODIFIABLE); + CASE(CKA_ECDSA_PARAMS); + CASE(CKA_EC_POINT); + CASE(CKA_SECONDARY_AUTH); + CASE(CKA_AUTH_PIN_FLAGS); + CASE(CKA_HW_FEATURE_TYPE); + CASE(CKA_RESET_ON_INIT); + CASE(CKA_HAS_RESET); + CASE(CKA_VENDOR_DEFINED); + CASE(CKA_NETSCAPE_URL); + CASE(CKA_NETSCAPE_EMAIL); + CASE(CKA_NETSCAPE_SMIME_INFO); + CASE(CKA_NETSCAPE_SMIME_TIMESTAMP); + CASE(CKA_NETSCAPE_PKCS8_SALT); + CASE(CKA_NETSCAPE_PASSWORD_CHECK); + CASE(CKA_NETSCAPE_EXPIRES); + CASE(CKA_NETSCAPE_KRL); + CASE(CKA_NETSCAPE_PQG_COUNTER); + CASE(CKA_NETSCAPE_PQG_SEED); + CASE(CKA_NETSCAPE_PQG_H); + CASE(CKA_NETSCAPE_PQG_SEED_BITS); + CASE(CKA_TRUST); + CASE(CKA_TRUST_DIGITAL_SIGNATURE); + CASE(CKA_TRUST_NON_REPUDIATION); + CASE(CKA_TRUST_KEY_ENCIPHERMENT); + CASE(CKA_TRUST_DATA_ENCIPHERMENT); + CASE(CKA_TRUST_KEY_AGREEMENT); + CASE(CKA_TRUST_KEY_CERT_SIGN); + CASE(CKA_TRUST_CRL_SIGN); + CASE(CKA_TRUST_SERVER_AUTH); + CASE(CKA_TRUST_CLIENT_AUTH); + CASE(CKA_TRUST_CODE_SIGNING); + CASE(CKA_TRUST_EMAIL_PROTECTION); + CASE(CKA_TRUST_IPSEC_END_SYSTEM); + CASE(CKA_TRUST_IPSEC_TUNNEL); + CASE(CKA_TRUST_IPSEC_USER); + CASE(CKA_TRUST_TIME_STAMPING); + CASE(CKA_CERT_SHA1_HASH); + CASE(CKA_CERT_MD5_HASH); + CASE(CKA_NETSCAPE_DB); + CASE(CKA_NETSCAPE_TRUST); + default: break; } + if (a) + PR_snprintf(str, len, "%s", a); + else + PR_snprintf(str, len, "0x%p", atype); } static void get_obj_class(CK_OBJECT_CLASS objClass, char *str, int len) { -#define SETO(objc) \ - PR_snprintf(str, len, "%s", objc); break; + + const char * a = NULL; + switch (objClass) { -#ifndef AIX_64BIT - case CKO_DATA: SETO("CKO_DATA"); - case CKO_CERTIFICATE: SETO("CKO_CERTIFICATE"); - case CKO_PUBLIC_KEY: SETO("CKO_PUBLIC_KEY"); - case CKO_PRIVATE_KEY: SETO("CKO_PRIVATE_KEY"); - case CKO_SECRET_KEY: SETO("CKO_SECRET_KEY"); - case CKO_HW_FEATURE: SETO("CKO_HW_FEATURE"); - case CKO_DOMAIN_PARAMETERS: SETO("CKO_DOMAIN_PARAMETERS"); - case CKO_NETSCAPE_CRL: SETO("CKO_NETSCAPE_CRL"); - case CKO_NETSCAPE_SMIME: SETO("CKO_NETSCAPE_SMIME"); - case CKO_NETSCAPE_TRUST: SETO("CKO_NETSCAPE_TRUST"); - case CKO_NETSCAPE_BUILTIN_ROOT_LIST: SETO("CKO_NETSCAPE_BUILTIN_ROOT_LIST"); -#endif - default: PR_snprintf(str, len, "0x%p", objClass); break; + CASE(CKO_DATA); + CASE(CKO_CERTIFICATE); + CASE(CKO_PUBLIC_KEY); + CASE(CKO_PRIVATE_KEY); + CASE(CKO_SECRET_KEY); + CASE(CKO_HW_FEATURE); + CASE(CKO_DOMAIN_PARAMETERS); + CASE(CKO_NETSCAPE_CRL); + CASE(CKO_NETSCAPE_SMIME); + CASE(CKO_NETSCAPE_TRUST); + CASE(CKO_NETSCAPE_BUILTIN_ROOT_LIST); + default: break; } + if (a) + PR_snprintf(str, len, "%s", a); + else + PR_snprintf(str, len, "0x%p", objClass); } static void get_trust_val(CK_TRUST trust, char *str, int len) { -#define SETT(objc) \ - PR_snprintf(str, len, "%s", objc); break; + const char * a = NULL; + switch (trust) { -#ifndef AIX_64BIT - case CKT_NETSCAPE_TRUSTED: SETT("CKT_NETSCAPE_TRUSTED"); - case CKT_NETSCAPE_TRUSTED_DELEGATOR: SETT("CKT_NETSCAPE_TRUSTED_DELEGATOR"); - case CKT_NETSCAPE_UNTRUSTED: SETT("CKT_NETSCAPE_UNTRUSTED"); - case CKT_NETSCAPE_MUST_VERIFY: SETT("CKT_NETSCAPE_MUST_VERIFY"); - case CKT_NETSCAPE_TRUST_UNKNOWN: SETT("CKT_NETSCAPE_TRUST_UNKNOWN"); - case CKT_NETSCAPE_VALID: SETT("CKT_NETSCAPE_VALID"); - case CKT_NETSCAPE_VALID_DELEGATOR: SETT("CKT_NETSCAPE_VALID_DELEGATOR"); -#endif - default: PR_snprintf(str, len, "0x%p", trust); break; + CASE(CKT_NETSCAPE_TRUSTED); + CASE(CKT_NETSCAPE_TRUSTED_DELEGATOR); + CASE(CKT_NETSCAPE_UNTRUSTED); + CASE(CKT_NETSCAPE_MUST_VERIFY); + CASE(CKT_NETSCAPE_TRUST_UNKNOWN); + CASE(CKT_NETSCAPE_VALID); + CASE(CKT_NETSCAPE_VALID_DELEGATOR); + default: break; + } + if (a) + PR_snprintf(str, len, "%s", a); + else + PR_snprintf(str, len, "0x%p", trust); +} + +static void log_rv(CK_RV rv) +{ + const char * a = NULL; + + switch (rv) { + CASE(CKR_OK); + CASE(CKR_CANCEL); + CASE(CKR_HOST_MEMORY); + CASE(CKR_SLOT_ID_INVALID); + CASE(CKR_GENERAL_ERROR); + CASE(CKR_FUNCTION_FAILED); + CASE(CKR_ARGUMENTS_BAD); + CASE(CKR_NO_EVENT); + CASE(CKR_NEED_TO_CREATE_THREADS); + CASE(CKR_CANT_LOCK); + CASE(CKR_ATTRIBUTE_READ_ONLY); + CASE(CKR_ATTRIBUTE_SENSITIVE); + CASE(CKR_ATTRIBUTE_TYPE_INVALID); + CASE(CKR_ATTRIBUTE_VALUE_INVALID); + CASE(CKR_DATA_INVALID); + CASE(CKR_DATA_LEN_RANGE); + CASE(CKR_DEVICE_ERROR); + CASE(CKR_DEVICE_MEMORY); + CASE(CKR_DEVICE_REMOVED); + CASE(CKR_ENCRYPTED_DATA_INVALID); + CASE(CKR_ENCRYPTED_DATA_LEN_RANGE); + CASE(CKR_FUNCTION_CANCELED); + CASE(CKR_FUNCTION_NOT_PARALLEL); + CASE(CKR_FUNCTION_NOT_SUPPORTED); + CASE(CKR_KEY_HANDLE_INVALID); + CASE(CKR_KEY_SIZE_RANGE); + CASE(CKR_KEY_TYPE_INCONSISTENT); + CASE(CKR_KEY_NOT_NEEDED); + CASE(CKR_KEY_CHANGED); + CASE(CKR_KEY_NEEDED); + CASE(CKR_KEY_INDIGESTIBLE); + CASE(CKR_KEY_FUNCTION_NOT_PERMITTED); + CASE(CKR_KEY_NOT_WRAPPABLE); + CASE(CKR_KEY_UNEXTRACTABLE); + CASE(CKR_MECHANISM_INVALID); + CASE(CKR_MECHANISM_PARAM_INVALID); + CASE(CKR_OBJECT_HANDLE_INVALID); + CASE(CKR_OPERATION_ACTIVE); + CASE(CKR_OPERATION_NOT_INITIALIZED); + CASE(CKR_PIN_INCORRECT); + CASE(CKR_PIN_INVALID); + CASE(CKR_PIN_LEN_RANGE); + CASE(CKR_PIN_EXPIRED); + CASE(CKR_PIN_LOCKED); + CASE(CKR_SESSION_CLOSED); + CASE(CKR_SESSION_COUNT); + CASE(CKR_SESSION_HANDLE_INVALID); + CASE(CKR_SESSION_PARALLEL_NOT_SUPPORTED); + CASE(CKR_SESSION_READ_ONLY); + CASE(CKR_SESSION_EXISTS); + CASE(CKR_SESSION_READ_ONLY_EXISTS); + CASE(CKR_SESSION_READ_WRITE_SO_EXISTS); + CASE(CKR_SIGNATURE_INVALID); + CASE(CKR_SIGNATURE_LEN_RANGE); + CASE(CKR_TEMPLATE_INCOMPLETE); + CASE(CKR_TEMPLATE_INCONSISTENT); + CASE(CKR_TOKEN_NOT_PRESENT); + CASE(CKR_TOKEN_NOT_RECOGNIZED); + CASE(CKR_TOKEN_WRITE_PROTECTED); + CASE(CKR_UNWRAPPING_KEY_HANDLE_INVALID); + CASE(CKR_UNWRAPPING_KEY_SIZE_RANGE); + CASE(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT); + CASE(CKR_USER_ALREADY_LOGGED_IN); + CASE(CKR_USER_NOT_LOGGED_IN); + CASE(CKR_USER_PIN_NOT_INITIALIZED); + CASE(CKR_USER_TYPE_INVALID); + CASE(CKR_USER_ANOTHER_ALREADY_LOGGED_IN); + CASE(CKR_USER_TOO_MANY_TYPES); + CASE(CKR_WRAPPED_KEY_INVALID); + CASE(CKR_WRAPPED_KEY_LEN_RANGE); + CASE(CKR_WRAPPING_KEY_HANDLE_INVALID); + CASE(CKR_WRAPPING_KEY_SIZE_RANGE); + CASE(CKR_WRAPPING_KEY_TYPE_INCONSISTENT); + CASE(CKR_RANDOM_SEED_NOT_SUPPORTED); + CASE(CKR_RANDOM_NO_RNG); + CASE(CKR_DOMAIN_PARAMS_INVALID); + CASE(CKR_BUFFER_TOO_SMALL); + CASE(CKR_SAVED_STATE_INVALID); + CASE(CKR_INFORMATION_SENSITIVE); + CASE(CKR_STATE_UNSAVEABLE); + CASE(CKR_CRYPTOKI_NOT_INITIALIZED); + CASE(CKR_CRYPTOKI_ALREADY_INITIALIZED); + CASE(CKR_MUTEX_BAD); + CASE(CKR_MUTEX_NOT_LOCKED); + CASE(CKR_FUNCTION_REJECTED); + CASE(CKR_KEY_PARAMS_INVALID); + default: break; + } + if (a) + PR_LOG(modlog, 1, (" rv = %s\n", a)); + else + PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); +} + +static void log_state(CK_STATE state) +{ + const char * a = NULL; + + switch (state) { + CASE(CKS_RO_PUBLIC_SESSION); + CASE(CKS_RO_USER_FUNCTIONS); + CASE(CKS_RW_PUBLIC_SESSION); + CASE(CKS_RW_USER_FUNCTIONS); + CASE(CKS_RW_SO_FUNCTIONS); + default: break; + } + if (a) + PR_LOG(modlog, 1, (" state = %s\n", a)); + else + PR_LOG(modlog, 1, (" state = 0x%x\n", state)); +} + +static void log_handle(int level, const char * format, CK_ULONG handle) +{ + char fmtBuf[80]; + if (handle) + PR_LOG(modlog, level, (format, handle)); + else { + PL_strncpyz(fmtBuf, format, sizeof fmtBuf); + PL_strcatn(fmtBuf, sizeof fmtBuf, fmt_invalid_handle); + PR_LOG(modlog, level, (fmtBuf, handle)); + } +} + +static void print_mechanism(CK_MECHANISM_PTR m) +{ + + const char * a = NULL; + + switch (m->mechanism) { + CASE(CKM_AES_CBC); + CASE(CKM_AES_CBC_ENCRYPT_DATA); + CASE(CKM_AES_CBC_PAD); + CASE(CKM_AES_ECB); + CASE(CKM_AES_ECB_ENCRYPT_DATA); + CASE(CKM_AES_KEY_GEN); + CASE(CKM_AES_MAC); + CASE(CKM_AES_MAC_GENERAL); + CASE(CKM_CAMELLIA_CBC); + CASE(CKM_CAMELLIA_CBC_ENCRYPT_DATA); + CASE(CKM_CAMELLIA_CBC_PAD); + CASE(CKM_CAMELLIA_ECB); + CASE(CKM_CAMELLIA_ECB_ENCRYPT_DATA); + CASE(CKM_CAMELLIA_KEY_GEN); + CASE(CKM_CAMELLIA_MAC); + CASE(CKM_CAMELLIA_MAC_GENERAL); + CASE(CKM_CDMF_CBC); + CASE(CKM_CDMF_CBC_PAD); + CASE(CKM_CDMF_ECB); + CASE(CKM_CDMF_KEY_GEN); + CASE(CKM_CDMF_MAC); + CASE(CKM_CDMF_MAC_GENERAL); + CASE(CKM_CMS_SIG); + CASE(CKM_CONCATENATE_BASE_AND_DATA); + CASE(CKM_CONCATENATE_BASE_AND_KEY); + CASE(CKM_CONCATENATE_DATA_AND_BASE); + CASE(CKM_DES2_KEY_GEN); + CASE(CKM_DES3_CBC); + CASE(CKM_DES3_CBC_ENCRYPT_DATA); + CASE(CKM_DES3_CBC_PAD); + CASE(CKM_DES3_ECB); + CASE(CKM_DES3_ECB_ENCRYPT_DATA); + CASE(CKM_DES3_KEY_GEN); + CASE(CKM_DES3_MAC); + CASE(CKM_DES3_MAC_GENERAL); + CASE(CKM_DES_CBC); + CASE(CKM_DES_CBC_ENCRYPT_DATA); + CASE(CKM_DES_CBC_PAD); + CASE(CKM_DES_CFB64); + CASE(CKM_DES_CFB8); + CASE(CKM_DES_ECB); + CASE(CKM_DES_ECB_ENCRYPT_DATA); + CASE(CKM_DES_KEY_GEN); + CASE(CKM_DES_MAC); + CASE(CKM_DES_MAC_GENERAL); + CASE(CKM_DES_OFB64); + CASE(CKM_DES_OFB8); + CASE(CKM_DH_PKCS_DERIVE); + CASE(CKM_DH_PKCS_KEY_PAIR_GEN); + CASE(CKM_DH_PKCS_PARAMETER_GEN); + CASE(CKM_DSA); + CASE(CKM_DSA_KEY_PAIR_GEN); + CASE(CKM_DSA_PARAMETER_GEN); + CASE(CKM_DSA_SHA1); + CASE(CKM_ECDH1_COFACTOR_DERIVE); + CASE(CKM_ECDH1_DERIVE); + CASE(CKM_ECDSA); + CASE(CKM_ECDSA_SHA1); + CASE(CKM_ECMQV_DERIVE); + CASE(CKM_EC_KEY_PAIR_GEN); /* also CASE(CKM_ECDSA_KEY_PAIR_GEN); */ + CASE(CKM_EXTRACT_KEY_FROM_KEY); + CASE(CKM_FASTHASH); + CASE(CKM_FORTEZZA_TIMESTAMP); + CASE(CKM_GENERIC_SECRET_KEY_GEN); + CASE(CKM_IDEA_CBC); + CASE(CKM_IDEA_CBC_PAD); + CASE(CKM_IDEA_ECB); + CASE(CKM_IDEA_KEY_GEN); + CASE(CKM_IDEA_MAC); + CASE(CKM_IDEA_MAC_GENERAL); + CASE(CKM_KEA_KEY_DERIVE); + CASE(CKM_KEA_KEY_PAIR_GEN); + CASE(CKM_KEY_WRAP_LYNKS); + CASE(CKM_KEY_WRAP_SET_OAEP); + CASE(CKM_MD2); + CASE(CKM_MD2_HMAC); + CASE(CKM_MD2_HMAC_GENERAL); + CASE(CKM_MD2_KEY_DERIVATION); + CASE(CKM_MD2_RSA_PKCS); + CASE(CKM_MD5); + CASE(CKM_MD5_HMAC); + CASE(CKM_MD5_HMAC_GENERAL); + CASE(CKM_MD5_KEY_DERIVATION); + CASE(CKM_MD5_RSA_PKCS); + CASE(CKM_PBA_SHA1_WITH_SHA1_HMAC); + CASE(CKM_PBE_MD2_DES_CBC); + CASE(CKM_PBE_MD5_DES_CBC); + CASE(CKM_PBE_SHA1_DES2_EDE_CBC); + CASE(CKM_PBE_SHA1_DES3_EDE_CBC); + CASE(CKM_PBE_SHA1_RC2_128_CBC); + CASE(CKM_PBE_SHA1_RC2_40_CBC); + CASE(CKM_PBE_SHA1_RC4_128); + CASE(CKM_PBE_SHA1_RC4_40); + CASE(CKM_PKCS5_PBKD2); + CASE(CKM_RC2_CBC); + CASE(CKM_RC2_CBC_PAD); + CASE(CKM_RC2_ECB); + CASE(CKM_RC2_KEY_GEN); + CASE(CKM_RC2_MAC); + CASE(CKM_RC2_MAC_GENERAL); + CASE(CKM_RC4); + CASE(CKM_RC4_KEY_GEN); + CASE(CKM_RC5_CBC); + CASE(CKM_RC5_CBC_PAD); + CASE(CKM_RC5_ECB); + CASE(CKM_RC5_KEY_GEN); + CASE(CKM_RC5_MAC); + CASE(CKM_RC5_MAC_GENERAL); + CASE(CKM_RIPEMD128); + CASE(CKM_RIPEMD128_HMAC); + CASE(CKM_RIPEMD128_HMAC_GENERAL); + CASE(CKM_RIPEMD128_RSA_PKCS); + CASE(CKM_RIPEMD160); + CASE(CKM_RIPEMD160_HMAC); + CASE(CKM_RIPEMD160_HMAC_GENERAL); + CASE(CKM_RIPEMD160_RSA_PKCS); + CASE(CKM_RSA_9796); + CASE(CKM_RSA_PKCS); + CASE(CKM_RSA_PKCS_KEY_PAIR_GEN); + CASE(CKM_RSA_PKCS_OAEP); + CASE(CKM_RSA_PKCS_PSS); + CASE(CKM_RSA_X9_31); + CASE(CKM_RSA_X9_31_KEY_PAIR_GEN); + CASE(CKM_RSA_X_509); + CASE(CKM_SHA1_KEY_DERIVATION); + CASE(CKM_SHA1_RSA_PKCS); + CASE(CKM_SHA1_RSA_PKCS_PSS); + CASE(CKM_SHA1_RSA_X9_31); + CASE(CKM_SHA224); + CASE(CKM_SHA224_HMAC); + CASE(CKM_SHA224_HMAC_GENERAL); + CASE(CKM_SHA224_KEY_DERIVATION); + CASE(CKM_SHA224_RSA_PKCS); + CASE(CKM_SHA224_RSA_PKCS_PSS); + CASE(CKM_SHA256); + CASE(CKM_SHA256_HMAC); + CASE(CKM_SHA256_HMAC_GENERAL); + CASE(CKM_SHA256_KEY_DERIVATION); + CASE(CKM_SHA256_RSA_PKCS); + CASE(CKM_SHA256_RSA_PKCS_PSS); + CASE(CKM_SHA384); + CASE(CKM_SHA384_HMAC); + CASE(CKM_SHA384_HMAC_GENERAL); + CASE(CKM_SHA384_KEY_DERIVATION); + CASE(CKM_SHA384_RSA_PKCS); + CASE(CKM_SHA384_RSA_PKCS_PSS); + CASE(CKM_SHA512); + CASE(CKM_SHA512_HMAC); + CASE(CKM_SHA512_HMAC_GENERAL); + CASE(CKM_SHA512_KEY_DERIVATION); + CASE(CKM_SHA512_RSA_PKCS); + CASE(CKM_SHA512_RSA_PKCS_PSS); + CASE(CKM_SHA_1); + CASE(CKM_SHA_1_HMAC); + CASE(CKM_SHA_1_HMAC_GENERAL); + CASE(CKM_SKIPJACK_CBC64); + CASE(CKM_SKIPJACK_CFB16); + CASE(CKM_SKIPJACK_CFB32); + CASE(CKM_SKIPJACK_CFB64); + CASE(CKM_SKIPJACK_CFB8); + CASE(CKM_SKIPJACK_ECB64); + CASE(CKM_SKIPJACK_KEY_GEN); + CASE(CKM_SKIPJACK_OFB64); + CASE(CKM_SKIPJACK_PRIVATE_WRAP); + CASE(CKM_SKIPJACK_RELAYX); + CASE(CKM_SKIPJACK_WRAP); + CASE(CKM_SSL3_KEY_AND_MAC_DERIVE); + CASE(CKM_SSL3_MASTER_KEY_DERIVE); + CASE(CKM_SSL3_MASTER_KEY_DERIVE_DH); + CASE(CKM_SSL3_MD5_MAC); + CASE(CKM_SSL3_PRE_MASTER_KEY_GEN); + CASE(CKM_SSL3_SHA1_MAC); + CASE(CKM_TLS_KEY_AND_MAC_DERIVE); + CASE(CKM_TLS_MASTER_KEY_DERIVE); + CASE(CKM_TLS_MASTER_KEY_DERIVE_DH); + CASE(CKM_TLS_PRE_MASTER_KEY_GEN); + CASE(CKM_TLS_PRF); + CASE(CKM_TWOFISH_CBC); + CASE(CKM_TWOFISH_KEY_GEN); + CASE(CKM_X9_42_DH_DERIVE); + CASE(CKM_X9_42_DH_HYBRID_DERIVE); + CASE(CKM_X9_42_DH_KEY_PAIR_GEN); + CASE(CKM_X9_42_DH_PARAMETER_GEN); + CASE(CKM_X9_42_MQV_DERIVE); + CASE(CKM_XOR_BASE_AND_DATA); + default: break; } + if (a) + PR_LOG(modlog, 4, (" mechanism = %s", a)); + else + PR_LOG(modlog, 4, (" mechanism = 0x%p", m->mechanism)); +} + +static void get_key_type(CK_KEY_TYPE keyType, char *str, int len) +{ + + const char * a = NULL; + + switch (keyType) { + CASE(CKK_AES); + CASE(CKK_CAMELLIA); + CASE(CKK_CDMF); + CASE(CKK_DES); + CASE(CKK_DES2); + CASE(CKK_DES3); + CASE(CKK_DH); + CASE(CKK_DSA); + CASE(CKK_EC); /* also CASE(CKK_ECDSA); */ + CASE(CKK_GENERIC_SECRET); + CASE(CKK_IDEA); + CASE(CKK_INVALID_KEY_TYPE); + CASE(CKK_KEA); + CASE(CKK_RC2); + CASE(CKK_RC4); + CASE(CKK_RC5); + CASE(CKK_RSA); + CASE(CKK_SKIPJACK); + CASE(CKK_TWOFISH); + CASE(CKK_X9_42_DH); + default: break; + } + if (a) + PR_snprintf(str, len, "%s", a); + else + PR_snprintf(str, len, "0x%p", keyType); } static void print_attr_value(CK_ATTRIBUTE_PTR attr) { char atype[48]; - char valstr[48]; + char valstr[49]; int len; + get_attr_type_str(attr->type, atype, sizeof atype); switch (attr->type) { - case CKA_TOKEN: + case CKA_ALWAYS_SENSITIVE: + case CKA_DECRYPT: + case CKA_DERIVE: + case CKA_ENCRYPT: + case CKA_EXTRACTABLE: + case CKA_LOCAL: + case CKA_MODIFIABLE: + case CKA_NEVER_EXTRACTABLE: case CKA_PRIVATE: case CKA_SENSITIVE: - case CKA_ENCRYPT: - case CKA_DECRYPT: - case CKA_WRAP: - case CKA_UNWRAP: case CKA_SIGN: case CKA_SIGN_RECOVER: + case CKA_TOKEN: + case CKA_UNWRAP: case CKA_VERIFY: case CKA_VERIFY_RECOVER: - case CKA_DERIVE: - case CKA_EXTRACTABLE: - case CKA_LOCAL: - case CKA_NEVER_EXTRACTABLE: - case CKA_ALWAYS_SENSITIVE: - case CKA_MODIFIABLE: + case CKA_WRAP: if (attr->ulValueLen > 0 && attr->pValue) { CK_BBOOL tf = *((CK_BBOOL *)attr->pValue); - len = sizeof(valstr); - PR_snprintf(valstr, len, "%s", tf ? "CK_TRUE" : "CK_FALSE"); - PR_LOG(modlog, 4, (" %s = %s [%d]", - atype, valstr, attr->ulValueLen)); + PR_LOG(modlog, 4, (fmt_s_s_d, + atype, tf ? "CK_TRUE" : "CK_FALSE", attr->ulValueLen)); break; } case CKA_CLASS: if (attr->ulValueLen > 0 && attr->pValue) { CK_OBJECT_CLASS objClass = *((CK_OBJECT_CLASS *)attr->pValue); get_obj_class(objClass, valstr, sizeof valstr); - PR_LOG(modlog, 4, (" %s = %s [%d]", + PR_LOG(modlog, 4, (fmt_s_s_d, atype, valstr, attr->ulValueLen)); break; } - case CKA_TRUST_SERVER_AUTH: case CKA_TRUST_CLIENT_AUTH: case CKA_TRUST_CODE_SIGNING: case CKA_TRUST_EMAIL_PROTECTION: + case CKA_TRUST_SERVER_AUTH: if (attr->ulValueLen > 0 && attr->pValue) { CK_TRUST trust = *((CK_TRUST *)attr->pValue); get_trust_val(trust, valstr, sizeof valstr); - PR_LOG(modlog, 4, (" %s = %s [%d]", + PR_LOG(modlog, 4, (fmt_s_s_d, + atype, valstr, attr->ulValueLen)); + break; + } + case CKA_KEY_TYPE: + if (attr->ulValueLen > 0 && attr->pValue) { + CK_KEY_TYPE keyType = *((CK_KEY_TYPE *)attr->pValue); + get_obj_class(keyType, valstr, sizeof valstr); + PR_LOG(modlog, 4, (fmt_s_s_d, atype, valstr, attr->ulValueLen)); break; } @@ -249,12 +672,66 @@ static void print_attr_value(CK_ATTRIBUTE_PTR attr) if (attr->ulValueLen > 0 && attr->pValue) { len = PR_MIN(attr->ulValueLen + 1, sizeof valstr); PR_snprintf(valstr, len, "%s", attr->pValue); - PR_LOG(modlog, 4, (" %s = %s [%d]", + PR_LOG(modlog, 4, (fmt_s_qsq_d, atype, valstr, attr->ulValueLen)); break; } + case CKA_ISSUER: + case CKA_SUBJECT: + if (attr->ulValueLen > 0 && attr->pValue) { + char * asciiName; + SECItem derName; + derName.type = siDERNameBuffer; + derName.data = attr->pValue; + derName.len = attr->ulValueLen; + asciiName = CERT_DerNameToAscii(&derName); + if (asciiName) { + PR_LOG(modlog, 4, (fmt_s_s_d, + atype, asciiName, attr->ulValueLen)); + PORT_Free(asciiName); + break; + } + /* else fall through and treat like a binary buffer */ + } + case CKA_ID: + if (attr->ulValueLen > 0 && attr->pValue) { + unsigned char * pV = attr->pValue; + for (len = (int)attr->ulValueLen; len > 0; --len) { + unsigned int ch = *pV++; + if (ch >= 0x20 && ch < 0x7f) + continue; + if (!ch && len == 1) /* will ignore NUL if last character */ + continue; + break; + } + if (!len) { /* entire string is printable */ + len = PR_MIN(attr->ulValueLen + 1, sizeof valstr); + PR_snprintf(valstr, len, "%s", attr->pValue); + PR_LOG(modlog, 4, (fmt_s_qsq_d, + atype, valstr, attr->ulValueLen)); + break; + } + /* else fall through and treat like a binary buffer */ + } + case CKA_SERIAL_NUMBER: default: - PR_LOG(modlog, 4, (" %s = 0x%p [%d]", + if (attr->ulValueLen > 0 && attr->pValue) { + char * hexBuf; + SECItem attrBuf; + attrBuf.type = siDERNameBuffer; + attrBuf.data = attr->pValue; + attrBuf.len = PR_MIN(attr->ulValueLen, (sizeof valstr)/2); + + hexBuf = CERT_Hexify(&attrBuf, PR_FALSE); + if (hexBuf) { + PR_LOG(modlog, 4, (fmt_s_s_d, + atype, hexBuf, attr->ulValueLen)); + PORT_Free(hexBuf); + break; + } + /* else fall through and show only the address. :( */ + } + PR_LOG(modlog, 4, (" %s = [0x%p] [%d]", atype, attr->pValue, attr->ulValueLen)); break; } @@ -268,11 +745,6 @@ static void print_template(CK_ATTRIBUTE_PTR templ, CK_ULONG tlen) } } -static void print_mechanism(CK_MECHANISM_PTR m) -{ - PR_LOG(modlog, 4, (" mechanism = 0x%p", m->mechanism)); -} - struct nssdbg_prof_str { PRUint32 time; PRUint32 calls; @@ -439,18 +911,22 @@ static void nssdbg_start_time(PRInt32 fun_number, PRIntervalTime *start) *start = PR_IntervalNow(); } +#define COMMON_DEFINITIONS \ + CK_RV rv; \ + PRIntervalTime start + CK_RV NSSDBGC_Initialize( CK_VOID_PTR pInitArgs ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_Initialize")); PR_LOG(modlog, 3, (" pInitArgs = 0x%p", pInitArgs)); nssdbg_start_time(FUNC_C_INITIALIZE,&start); rv = module_functions->C_Initialize(pInitArgs); nssdbg_finish_time(FUNC_C_INITIALIZE,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -458,14 +934,14 @@ CK_RV NSSDBGC_Finalize( CK_VOID_PTR pReserved ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_Finalize")); PR_LOG(modlog, 3, (" pReserved = 0x%p", pReserved)); nssdbg_start_time(FUNC_C_FINALIZE,&start); rv = module_functions->C_Finalize(pReserved); nssdbg_finish_time(FUNC_C_FINALIZE,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -473,14 +949,25 @@ CK_RV NSSDBGC_GetInfo( CK_INFO_PTR pInfo ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_GetInfo")); - PR_LOG(modlog, 3, (" pInfo = 0x%p", pInfo)); + PR_LOG(modlog, 3, (fmt_pInfo, pInfo)); nssdbg_start_time(FUNC_C_GETINFO,&start); rv = module_functions->C_GetInfo(pInfo); nssdbg_finish_time(FUNC_C_GETINFO,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + if (rv == CKR_OK) { + PR_LOG(modlog, 4, (" cryptoki version: %d.%d", + pInfo->cryptokiVersion.major, + pInfo->cryptokiVersion.minor)); + PR_LOG(modlog, 4, (fmt_manufacturerID, pInfo->manufacturerID)); + PR_LOG(modlog, 4, (" library description = \"%.32s\"", + pInfo->libraryDescription)); + PR_LOG(modlog, 4, (" library version: %d.%d", + pInfo->libraryVersion.major, + pInfo->libraryVersion.minor)); + } + log_rv(rv); return rv; } @@ -488,14 +975,14 @@ CK_RV NSSDBGC_GetFunctionList( CK_FUNCTION_LIST_PTR_PTR ppFunctionList ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_GetFunctionList")); PR_LOG(modlog, 3, (" ppFunctionList = 0x%p", ppFunctionList)); nssdbg_start_time(FUNC_C_GETFUNCITONLIST,&start); rv = module_functions->C_GetFunctionList(ppFunctionList); nssdbg_finish_time(FUNC_C_GETFUNCITONLIST,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -505,25 +992,23 @@ CK_RV NSSDBGC_GetSlotList( CK_ULONG_PTR pulCount ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + CK_ULONG i; PR_LOG(modlog, 1, ("C_GetSlotList")); PR_LOG(modlog, 3, (" tokenPresent = 0x%x", tokenPresent)); PR_LOG(modlog, 3, (" pSlotList = 0x%p", pSlotList)); - PR_LOG(modlog, 3, (" pulCount = 0x%p", pulCount)); + PR_LOG(modlog, 3, (fmt_pulCount, pulCount)); nssdbg_start_time(FUNC_C_GETSLOTLIST,&start); - rv = module_functions->C_GetSlotList(tokenPresent, - pSlotList, - pulCount); + rv = module_functions->C_GetSlotList(tokenPresent, pSlotList, pulCount); nssdbg_finish_time(FUNC_C_GETSLOTLIST,start); - PR_LOG(modlog, 4, (" *pulCount = 0x%x", *pulCount)); + PR_LOG(modlog, 4, (fmt_spulCount, *pulCount)); if (pSlotList) { for (i=0; i<*pulCount; i++) { PR_LOG(modlog, 4, (" slotID[%d] = %x", i, pSlotList[i])); } } - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -532,16 +1017,30 @@ CK_RV NSSDBGC_GetSlotInfo( CK_SLOT_INFO_PTR pInfo ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_GetSlotInfo")); - PR_LOG(modlog, 3, (" slotID = 0x%x", slotID)); - PR_LOG(modlog, 3, (" pInfo = 0x%p", pInfo)); + PR_LOG(modlog, 3, (fmt_slotID, slotID)); + PR_LOG(modlog, 3, (fmt_pInfo, pInfo)); nssdbg_start_time(FUNC_C_GETSLOTINFO,&start); - rv = module_functions->C_GetSlotInfo(slotID, - pInfo); + rv = module_functions->C_GetSlotInfo(slotID, pInfo); nssdbg_finish_time(FUNC_C_GETSLOTINFO,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + if (rv == CKR_OK) { + PR_LOG(modlog, 4, (" slotDescription = \"%.64s\"", + pInfo->slotDescription)); + PR_LOG(modlog, 4, (fmt_manufacturerID, pInfo->manufacturerID)); + PR_LOG(modlog, 4, (" flags = %s %s %s", + pInfo->flags & CKF_HW_SLOT ? "CKF_HW_SLOT" : "", + pInfo->flags & CKF_REMOVABLE_DEVICE ? "CKF_REMOVABLE_DEVICE" : "", + pInfo->flags & CKF_TOKEN_PRESENT ? "CKF_TOKEN_PRESENT" : "")); + PR_LOG(modlog, 4, (fmt_hwVersion, + pInfo->hardwareVersion.major, + pInfo->hardwareVersion.minor)); + PR_LOG(modlog, 4, (fmt_fwVersion, + pInfo->firmwareVersion.major, + pInfo->firmwareVersion.minor)); + } + log_rv(rv); return rv; } @@ -550,16 +1049,38 @@ CK_RV NSSDBGC_GetTokenInfo( CK_TOKEN_INFO_PTR pInfo ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_GetTokenInfo")); - PR_LOG(modlog, 3, (" slotID = 0x%x", slotID)); - PR_LOG(modlog, 3, (" pInfo = 0x%p", pInfo)); + PR_LOG(modlog, 3, (fmt_slotID, slotID)); + PR_LOG(modlog, 3, (fmt_pInfo, pInfo)); nssdbg_start_time(FUNC_C_GETTOKENINFO,&start); - rv = module_functions->C_GetTokenInfo(slotID, - pInfo); + rv = module_functions->C_GetTokenInfo(slotID, pInfo); nssdbg_finish_time(FUNC_C_GETTOKENINFO,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + if (rv == CKR_OK) { + PR_LOG(modlog, 4, (" label = \"%.32s\"", pInfo->label)); + PR_LOG(modlog, 4, (fmt_manufacturerID, pInfo->manufacturerID)); + PR_LOG(modlog, 4, (" model = \"%.16s\"", pInfo->model)); + PR_LOG(modlog, 4, (" serial = \"%.16s\"", pInfo->serialNumber)); + PR_LOG(modlog, 4, (" flags = %s %s %s %s", + pInfo->flags & CKF_RNG ? "CKF_RNG" : "", + pInfo->flags & CKF_WRITE_PROTECTED ? "CKF_WRITE_PROTECTED" : "", + pInfo->flags & CKF_LOGIN_REQUIRED ? "CKF_LOGIN_REQUIRED" : "", + pInfo->flags & CKF_USER_PIN_INITIALIZED ? "CKF_USER_PIN_INIT" : "")); + PR_LOG(modlog, 4, (" maxSessions = %u, Sessions = %u", + pInfo->ulMaxSessionCount, pInfo->ulSessionCount)); + PR_LOG(modlog, 4, (" maxRwSessions = %u, RwSessions = %u", + pInfo->ulMaxRwSessionCount, + pInfo->ulRwSessionCount)); + /* ignore Max & Min Pin Len, Public and Private Memory */ + PR_LOG(modlog, 4, (fmt_hwVersion, + pInfo->hardwareVersion.major, + pInfo->hardwareVersion.minor)); + PR_LOG(modlog, 4, (fmt_fwVersion, + pInfo->firmwareVersion.major, + pInfo->firmwareVersion.minor)); + } + log_rv(rv); return rv; } @@ -569,19 +1090,19 @@ CK_RV NSSDBGC_GetMechanismList( CK_ULONG_PTR pulCount ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_GetMechanismList")); - PR_LOG(modlog, 3, (" slotID = 0x%x", slotID)); + PR_LOG(modlog, 3, (fmt_slotID, slotID)); PR_LOG(modlog, 3, (" pMechanismList = 0x%p", pMechanismList)); - PR_LOG(modlog, 3, (" pulCount = 0x%p", pulCount)); + PR_LOG(modlog, 3, (fmt_pulCount, pulCount)); nssdbg_start_time(FUNC_C_GETMECHANISMLIST,&start); rv = module_functions->C_GetMechanismList(slotID, pMechanismList, pulCount); nssdbg_finish_time(FUNC_C_GETMECHANISMLIST,start); - PR_LOG(modlog, 4, (" *pulCount = 0x%x", *pulCount)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + PR_LOG(modlog, 4, (fmt_spulCount, *pulCount)); + log_rv(rv); return rv; } @@ -591,18 +1112,18 @@ CK_RV NSSDBGC_GetMechanismInfo( CK_MECHANISM_INFO_PTR pInfo ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_GetMechanismInfo")); - PR_LOG(modlog, 3, (" slotID = 0x%x", slotID)); + PR_LOG(modlog, 3, (fmt_slotID, slotID)); PR_LOG(modlog, 3, (" type = 0x%x", type)); - PR_LOG(modlog, 3, (" pInfo = 0x%p", pInfo)); + PR_LOG(modlog, 3, (fmt_pInfo, pInfo)); nssdbg_start_time(FUNC_C_GETMECHANISMINFO,&start); rv = module_functions->C_GetMechanismInfo(slotID, type, pInfo); nssdbg_finish_time(FUNC_C_GETMECHANISMINFO,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -613,12 +1134,12 @@ CK_RV NSSDBGC_InitToken( CK_CHAR_PTR pLabel ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_InitToken")); - PR_LOG(modlog, 3, (" slotID = 0x%x", slotID)); - PR_LOG(modlog, 3, (" pPin = 0x%p", pPin)); - PR_LOG(modlog, 3, (" ulPinLen = %d", ulPinLen)); + PR_LOG(modlog, 3, (fmt_slotID, slotID)); + PR_LOG(modlog, 3, (fmt_pPin, pPin)); + PR_LOG(modlog, 3, (fmt_ulPinLen, ulPinLen)); PR_LOG(modlog, 3, (" pLabel = 0x%p", pLabel)); nssdbg_start_time(FUNC_C_INITTOKEN,&start); rv = module_functions->C_InitToken(slotID, @@ -626,7 +1147,7 @@ CK_RV NSSDBGC_InitToken( ulPinLen, pLabel); nssdbg_finish_time(FUNC_C_INITTOKEN,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -636,18 +1157,18 @@ CK_RV NSSDBGC_InitPIN( CK_ULONG ulPinLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_InitPIN")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pPin = 0x%p", pPin)); - PR_LOG(modlog, 3, (" ulPinLen = %d", ulPinLen)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pPin, pPin)); + PR_LOG(modlog, 3, (fmt_ulPinLen, ulPinLen)); nssdbg_start_time(FUNC_C_INITPIN,&start); rv = module_functions->C_InitPIN(hSession, pPin, ulPinLen); nssdbg_finish_time(FUNC_C_INITPIN,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -659,10 +1180,10 @@ CK_RV NSSDBGC_SetPIN( CK_ULONG ulNewLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_SetPIN")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); + log_handle(3, fmt_hSession, hSession); PR_LOG(modlog, 3, (" pOldPin = 0x%p", pOldPin)); PR_LOG(modlog, 3, (" ulOldLen = %d", ulOldLen)); PR_LOG(modlog, 3, (" pNewPin = 0x%p", pNewPin)); @@ -674,12 +1195,13 @@ CK_RV NSSDBGC_SetPIN( pNewPin, ulNewLen); nssdbg_finish_time(FUNC_C_SETPIN,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } static PRUint32 numOpenSessions = 0; static PRUint32 maxOpenSessions = 0; + CK_RV NSSDBGC_OpenSession( CK_SLOT_ID slotID, CK_FLAGS flags, @@ -688,13 +1210,13 @@ CK_RV NSSDBGC_OpenSession( CK_SESSION_HANDLE_PTR phSession ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_AtomicIncrement((PRInt32 *)&numOpenSessions); maxOpenSessions = PR_MAX(numOpenSessions, maxOpenSessions); PR_LOG(modlog, 1, ("C_OpenSession")); - PR_LOG(modlog, 3, (" slotID = 0x%x", slotID)); - PR_LOG(modlog, 3, (" flags = 0x%x", flags)); + PR_LOG(modlog, 3, (fmt_slotID, slotID)); + PR_LOG(modlog, 3, (fmt_flags, flags)); PR_LOG(modlog, 3, (" pApplication = 0x%p", pApplication)); PR_LOG(modlog, 3, (" Notify = 0x%x", Notify)); PR_LOG(modlog, 3, (" phSession = 0x%p", phSession)); @@ -705,8 +1227,8 @@ CK_RV NSSDBGC_OpenSession( Notify, phSession); nssdbg_finish_time(FUNC_C_OPENSESSION,start); - PR_LOG(modlog, 4, (" *phSession = 0x%x", *phSession)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_handle(4, " *phSession = 0x%x", *phSession); + log_rv(rv); return rv; } @@ -714,15 +1236,15 @@ CK_RV NSSDBGC_CloseSession( CK_SESSION_HANDLE hSession ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_AtomicDecrement((PRInt32 *)&numOpenSessions); PR_LOG(modlog, 1, ("C_CloseSession")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); + log_handle(3, fmt_hSession, hSession); nssdbg_start_time(FUNC_C_CLOSESESSION,&start); rv = module_functions->C_CloseSession(hSession); nssdbg_finish_time(FUNC_C_CLOSESESSION,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -730,14 +1252,14 @@ CK_RV NSSDBGC_CloseAllSessions( CK_SLOT_ID slotID ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_CloseAllSessions")); - PR_LOG(modlog, 3, (" slotID = 0x%x", slotID)); + PR_LOG(modlog, 3, (fmt_slotID, slotID)); nssdbg_start_time(FUNC_C_CLOSEALLSESSIONS,&start); rv = module_functions->C_CloseAllSessions(slotID); nssdbg_finish_time(FUNC_C_CLOSEALLSESSIONS,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -746,16 +1268,24 @@ CK_RV NSSDBGC_GetSessionInfo( CK_SESSION_INFO_PTR pInfo ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_GetSessionInfo")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pInfo = 0x%p", pInfo)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pInfo, pInfo)); nssdbg_start_time(FUNC_C_GETSESSIONINFO,&start); rv = module_functions->C_GetSessionInfo(hSession, pInfo); nssdbg_finish_time(FUNC_C_GETSESSIONINFO,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + if (rv == CKR_OK) { + PR_LOG(modlog, 4, (fmt_slotID, pInfo->slotID)); + log_state(pInfo->state); + PR_LOG(modlog, 4, (" flags = %s %s", + pInfo->flags & CKF_RW_SESSION ? "CKF_RW_SESSION" : "", + pInfo->flags & CKF_SERIAL_SESSION ? "CKF_SERIAL_SESSION" : "")); + PR_LOG(modlog, 4, (" deviceError = 0x%x", pInfo->ulDeviceError)); + } + log_rv(rv); return rv; } @@ -765,11 +1295,11 @@ CK_RV NSSDBGC_GetOperationState( CK_ULONG_PTR pulOperationStateLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_GetOperationState")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pOperationState = 0x%p", pOperationState)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pOperationState, pOperationState)); PR_LOG(modlog, 3, (" pulOperationStateLen = 0x%p", pulOperationStateLen)); nssdbg_start_time(FUNC_C_GETOPERATIONSTATE,&start); rv = module_functions->C_GetOperationState(hSession, @@ -777,7 +1307,7 @@ CK_RV NSSDBGC_GetOperationState( pulOperationStateLen); nssdbg_finish_time(FUNC_C_GETOPERATIONSTATE,start); PR_LOG(modlog, 4, (" *pulOperationStateLen = 0x%x", *pulOperationStateLen)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -789,14 +1319,14 @@ CK_RV NSSDBGC_SetOperationState( CK_OBJECT_HANDLE hAuthenticationKey ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_SetOperationState")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pOperationState = 0x%p", pOperationState)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pOperationState, pOperationState)); PR_LOG(modlog, 3, (" ulOperationStateLen = %d", ulOperationStateLen)); - PR_LOG(modlog, 3, (" hEncryptionKey = 0x%x", hEncryptionKey)); - PR_LOG(modlog, 3, (" hAuthenticationKey = 0x%x", hAuthenticationKey)); + log_handle(3, " hEncryptionKey = 0x%x", hEncryptionKey); + log_handle(3, " hAuthenticationKey = 0x%x", hAuthenticationKey); nssdbg_start_time(FUNC_C_SETOPERATIONSTATE,&start); rv = module_functions->C_SetOperationState(hSession, pOperationState, @@ -804,7 +1334,7 @@ CK_RV NSSDBGC_SetOperationState( hEncryptionKey, hAuthenticationKey); nssdbg_finish_time(FUNC_C_SETOPERATIONSTATE,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -815,20 +1345,20 @@ CK_RV NSSDBGC_Login( CK_ULONG ulPinLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_Login")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); + log_handle(3, fmt_hSession, hSession); PR_LOG(modlog, 3, (" userType = 0x%x", userType)); - PR_LOG(modlog, 3, (" pPin = 0x%p", pPin)); - PR_LOG(modlog, 3, (" ulPinLen = %d", ulPinLen)); + PR_LOG(modlog, 3, (fmt_pPin, pPin)); + PR_LOG(modlog, 3, (fmt_ulPinLen, ulPinLen)); nssdbg_start_time(FUNC_C_LOGIN,&start); rv = module_functions->C_Login(hSession, userType, pPin, ulPinLen); nssdbg_finish_time(FUNC_C_LOGIN,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -836,14 +1366,14 @@ CK_RV NSSDBGC_Logout( CK_SESSION_HANDLE hSession ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_Logout")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); + log_handle(3, fmt_hSession, hSession); nssdbg_start_time(FUNC_C_LOGOUT,&start); rv = module_functions->C_Logout(hSession); nssdbg_finish_time(FUNC_C_LOGOUT,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -854,13 +1384,13 @@ CK_RV NSSDBGC_CreateObject( CK_OBJECT_HANDLE_PTR phObject ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_CreateObject")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pTemplate = 0x%p", pTemplate)); - PR_LOG(modlog, 3, (" ulCount = %d", ulCount)); - PR_LOG(modlog, 3, (" phObject = 0x%p", phObject)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate)); + PR_LOG(modlog, 3, (fmt_ulCount, ulCount)); + PR_LOG(modlog, 3, (fmt_phObject, phObject)); print_template(pTemplate, ulCount); nssdbg_start_time(FUNC_C_CREATEOBJECT,&start); rv = module_functions->C_CreateObject(hSession, @@ -868,8 +1398,8 @@ CK_RV NSSDBGC_CreateObject( ulCount, phObject); nssdbg_finish_time(FUNC_C_CREATEOBJECT,start); - PR_LOG(modlog, 4, (" *phObject = 0x%x", *phObject)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_handle(4, " *phObject = 0x%x", *phObject); + log_rv(rv); return rv; } @@ -881,13 +1411,13 @@ CK_RV NSSDBGC_CopyObject( CK_OBJECT_HANDLE_PTR phNewObject ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_CopyObject")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" hObject = 0x%x", hObject)); - PR_LOG(modlog, 3, (" pTemplate = 0x%p", pTemplate)); - PR_LOG(modlog, 3, (" ulCount = %d", ulCount)); + log_handle(3, fmt_hSession, hSession); + log_handle(3, fmt_hObject, hObject); + PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate)); + PR_LOG(modlog, 3, (fmt_ulCount, ulCount)); PR_LOG(modlog, 3, (" phNewObject = 0x%p", phNewObject)); print_template(pTemplate, ulCount); nssdbg_start_time(FUNC_C_COPYOBJECT,&start); @@ -897,8 +1427,8 @@ CK_RV NSSDBGC_CopyObject( ulCount, phNewObject); nssdbg_finish_time(FUNC_C_COPYOBJECT,start); - PR_LOG(modlog, 4, (" *phNewObject = 0x%x", *phNewObject)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_handle(4, " *phNewObject = 0x%x", *phNewObject); + log_rv(rv); return rv; } @@ -907,16 +1437,16 @@ CK_RV NSSDBGC_DestroyObject( CK_OBJECT_HANDLE hObject ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_DestroyObject")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" hObject = 0x%x", hObject)); + log_handle(3, fmt_hSession, hSession); + log_handle(3, fmt_hObject, hObject); nssdbg_start_time(FUNC_C_DESTROYOBJECT,&start); rv = module_functions->C_DestroyObject(hSession, hObject); nssdbg_finish_time(FUNC_C_DESTROYOBJECT,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -926,11 +1456,11 @@ CK_RV NSSDBGC_GetObjectSize( CK_ULONG_PTR pulSize ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_GetObjectSize")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" hObject = 0x%x", hObject)); + log_handle(3, fmt_hSession, hSession); + log_handle(3, fmt_hObject, hObject); PR_LOG(modlog, 3, (" pulSize = 0x%p", pulSize)); nssdbg_start_time(FUNC_C_GETOBJECTSIZE,&start); rv = module_functions->C_GetObjectSize(hSession, @@ -938,7 +1468,7 @@ CK_RV NSSDBGC_GetObjectSize( pulSize); nssdbg_finish_time(FUNC_C_GETOBJECTSIZE,start); PR_LOG(modlog, 4, (" *pulSize = 0x%x", *pulSize)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -949,13 +1479,13 @@ CK_RV NSSDBGC_GetAttributeValue( CK_ULONG ulCount ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_GetAttributeValue")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" hObject = 0x%x", hObject)); - PR_LOG(modlog, 3, (" pTemplate = 0x%p", pTemplate)); - PR_LOG(modlog, 3, (" ulCount = %d", ulCount)); + log_handle(3, fmt_hSession, hSession); + log_handle(3, fmt_hObject, hObject); + PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate)); + PR_LOG(modlog, 3, (fmt_ulCount, ulCount)); nssdbg_start_time(FUNC_C_GETATTRIBUTEVALUE,&start); rv = module_functions->C_GetAttributeValue(hSession, hObject, @@ -963,7 +1493,7 @@ CK_RV NSSDBGC_GetAttributeValue( ulCount); nssdbg_finish_time(FUNC_C_GETATTRIBUTEVALUE,start); print_template(pTemplate, ulCount); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -974,13 +1504,13 @@ CK_RV NSSDBGC_SetAttributeValue( CK_ULONG ulCount ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_SetAttributeValue")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" hObject = 0x%x", hObject)); - PR_LOG(modlog, 3, (" pTemplate = 0x%p", pTemplate)); - PR_LOG(modlog, 3, (" ulCount = %d", ulCount)); + log_handle(3, fmt_hSession, hSession); + log_handle(3, fmt_hObject, hObject); + PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate)); + PR_LOG(modlog, 3, (fmt_ulCount, ulCount)); print_template(pTemplate, ulCount); nssdbg_start_time(FUNC_C_SETATTRIBUTEVALUE,&start); rv = module_functions->C_SetAttributeValue(hSession, @@ -988,7 +1518,7 @@ CK_RV NSSDBGC_SetAttributeValue( pTemplate, ulCount); nssdbg_finish_time(FUNC_C_SETATTRIBUTEVALUE,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -998,19 +1528,19 @@ CK_RV NSSDBGC_FindObjectsInit( CK_ULONG ulCount ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_FindObjectsInit")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pTemplate = 0x%p", pTemplate)); - PR_LOG(modlog, 3, (" ulCount = %d", ulCount)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate)); + PR_LOG(modlog, 3, (fmt_ulCount, ulCount)); print_template(pTemplate, ulCount); nssdbg_start_time(FUNC_C_FINDOBJECTSINIT,&start); rv = module_functions->C_FindObjectsInit(hSession, pTemplate, ulCount); nssdbg_finish_time(FUNC_C_FINDOBJECTSINIT,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1021,12 +1551,12 @@ CK_RV NSSDBGC_FindObjects( CK_ULONG_PTR pulObjectCount ) { - CK_RV rv; + COMMON_DEFINITIONS; CK_ULONG i; - PRIntervalTime start; + PR_LOG(modlog, 1, ("C_FindObjects")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" phObject = 0x%p", phObject)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_phObject, phObject)); PR_LOG(modlog, 3, (" ulMaxObjectCount = %d", ulMaxObjectCount)); PR_LOG(modlog, 3, (" pulObjectCount = 0x%p", pulObjectCount)); nssdbg_start_time(FUNC_C_FINDOBJECTS,&start); @@ -1037,9 +1567,10 @@ CK_RV NSSDBGC_FindObjects( nssdbg_finish_time(FUNC_C_FINDOBJECTS,start); PR_LOG(modlog, 4, (" *pulObjectCount = 0x%x", *pulObjectCount)); for (i=0; i<*pulObjectCount; i++) { - PR_LOG(modlog, 4, (" phObject[%d] = 0x%x", i, phObject[i])); + PR_LOG(modlog, 4, (" phObject[%d] = 0x%x%s", i, phObject[i], + phObject[i] ? "" : fmt_invalid_handle)); } - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1047,14 +1578,14 @@ CK_RV NSSDBGC_FindObjectsFinal( CK_SESSION_HANDLE hSession ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_FindObjectsFinal")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); + log_handle(3, fmt_hSession, hSession); nssdbg_start_time(FUNC_C_FINDOBJECTSFINAL,&start); rv = module_functions->C_FindObjectsFinal(hSession); nssdbg_finish_time(FUNC_C_FINDOBJECTSFINAL,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1064,19 +1595,19 @@ CK_RV NSSDBGC_EncryptInit( CK_OBJECT_HANDLE hKey ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_EncryptInit")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); - PR_LOG(modlog, 3, (" hKey = 0x%x", hKey)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism)); + log_handle(3, fmt_hKey, hKey); print_mechanism(pMechanism); nssdbg_start_time(FUNC_C_ENCRYPTINIT,&start); rv = module_functions->C_EncryptInit(hSession, pMechanism, hKey); nssdbg_finish_time(FUNC_C_ENCRYPTINIT,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1088,13 +1619,13 @@ CK_RV NSSDBGC_Encrypt( CK_ULONG_PTR pulEncryptedDataLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_Encrypt")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pData = 0x%p", pData)); - PR_LOG(modlog, 3, (" ulDataLen = %d", ulDataLen)); - PR_LOG(modlog, 3, (" pEncryptedData = 0x%p", pEncryptedData)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pData, pData)); + PR_LOG(modlog, 3, (fmt_ulDataLen, ulDataLen)); + PR_LOG(modlog, 3, (fmt_pEncryptedData, pEncryptedData)); PR_LOG(modlog, 3, (" pulEncryptedDataLen = 0x%p", pulEncryptedDataLen)); nssdbg_start_time(FUNC_C_ENCRYPT,&start); rv = module_functions->C_Encrypt(hSession, @@ -1104,7 +1635,7 @@ CK_RV NSSDBGC_Encrypt( pulEncryptedDataLen); nssdbg_finish_time(FUNC_C_ENCRYPT,start); PR_LOG(modlog, 4, (" *pulEncryptedDataLen = 0x%x", *pulEncryptedDataLen)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1116,14 +1647,14 @@ CK_RV NSSDBGC_EncryptUpdate( CK_ULONG_PTR pulEncryptedPartLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_EncryptUpdate")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pPart = 0x%p", pPart)); - PR_LOG(modlog, 3, (" ulPartLen = %d", ulPartLen)); - PR_LOG(modlog, 3, (" pEncryptedPart = 0x%p", pEncryptedPart)); - PR_LOG(modlog, 3, (" pulEncryptedPartLen = 0x%p", pulEncryptedPartLen)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pPart, pPart)); + PR_LOG(modlog, 3, (fmt_ulPartLen, ulPartLen)); + PR_LOG(modlog, 3, (fmt_pEncryptedPart, pEncryptedPart)); + PR_LOG(modlog, 3, (fmt_pulEncryptedPartLen, pulEncryptedPartLen)); nssdbg_start_time(FUNC_C_ENCRYPTUPDATE,&start); rv = module_functions->C_EncryptUpdate(hSession, pPart, @@ -1131,8 +1662,8 @@ CK_RV NSSDBGC_EncryptUpdate( pEncryptedPart, pulEncryptedPartLen); nssdbg_finish_time(FUNC_C_ENCRYPTUPDATE,start); - PR_LOG(modlog, 4, (" *pulEncryptedPartLen = 0x%x", *pulEncryptedPartLen)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + PR_LOG(modlog, 4, (fmt_spulEncryptedPartLen, *pulEncryptedPartLen)); + log_rv(rv); return rv; } @@ -1142,10 +1673,10 @@ CK_RV NSSDBGC_EncryptFinal( CK_ULONG_PTR pulLastEncryptedPartLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_EncryptFinal")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); + log_handle(3, fmt_hSession, hSession); PR_LOG(modlog, 3, (" pLastEncryptedPart = 0x%p", pLastEncryptedPart)); PR_LOG(modlog, 3, (" pulLastEncryptedPartLen = 0x%p", pulLastEncryptedPartLen)); nssdbg_start_time(FUNC_C_ENCRYPTFINAL,&start); @@ -1154,7 +1685,7 @@ CK_RV NSSDBGC_EncryptFinal( pulLastEncryptedPartLen); nssdbg_finish_time(FUNC_C_ENCRYPTFINAL,start); PR_LOG(modlog, 4, (" *pulLastEncryptedPartLen = 0x%x", *pulLastEncryptedPartLen)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1164,19 +1695,19 @@ CK_RV NSSDBGC_DecryptInit( CK_OBJECT_HANDLE hKey ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_DecryptInit")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); - PR_LOG(modlog, 3, (" hKey = 0x%x", hKey)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism)); + log_handle(3, fmt_hKey, hKey); print_mechanism(pMechanism); nssdbg_start_time(FUNC_C_DECRYPTINIT,&start); rv = module_functions->C_DecryptInit(hSession, pMechanism, hKey); nssdbg_finish_time(FUNC_C_DECRYPTINIT,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1188,14 +1719,14 @@ CK_RV NSSDBGC_Decrypt( CK_ULONG_PTR pulDataLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_Decrypt")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pEncryptedData = 0x%p", pEncryptedData)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pEncryptedData, pEncryptedData)); PR_LOG(modlog, 3, (" ulEncryptedDataLen = %d", ulEncryptedDataLen)); - PR_LOG(modlog, 3, (" pData = 0x%p", pData)); - PR_LOG(modlog, 3, (" pulDataLen = 0x%p", pulDataLen)); + PR_LOG(modlog, 3, (fmt_pData, pData)); + PR_LOG(modlog, 3, (fmt_pulDataLen, pulDataLen)); nssdbg_start_time(FUNC_C_DECRYPT,&start); rv = module_functions->C_Decrypt(hSession, pEncryptedData, @@ -1203,8 +1734,8 @@ CK_RV NSSDBGC_Decrypt( pData, pulDataLen); nssdbg_finish_time(FUNC_C_DECRYPT,start); - PR_LOG(modlog, 4, (" *pulDataLen = 0x%x", *pulDataLen)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + PR_LOG(modlog, 4, (fmt_spulDataLen, *pulDataLen)); + log_rv(rv); return rv; } @@ -1216,14 +1747,14 @@ CK_RV NSSDBGC_DecryptUpdate( CK_ULONG_PTR pulPartLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_DecryptUpdate")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pEncryptedPart = 0x%p", pEncryptedPart)); - PR_LOG(modlog, 3, (" ulEncryptedPartLen = %d", ulEncryptedPartLen)); - PR_LOG(modlog, 3, (" pPart = 0x%p", pPart)); - PR_LOG(modlog, 3, (" pulPartLen = 0x%p", pulPartLen)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pEncryptedPart, pEncryptedPart)); + PR_LOG(modlog, 3, (fmt_ulEncryptedPartLen, ulEncryptedPartLen)); + PR_LOG(modlog, 3, (fmt_pPart, pPart)); + PR_LOG(modlog, 3, (fmt_pulPartLen, pulPartLen)); nssdbg_start_time(FUNC_C_DECRYPTUPDATE,&start); rv = module_functions->C_DecryptUpdate(hSession, pEncryptedPart, @@ -1231,8 +1762,8 @@ CK_RV NSSDBGC_DecryptUpdate( pPart, pulPartLen); nssdbg_finish_time(FUNC_C_DECRYPTUPDATE,start); - PR_LOG(modlog, 4, (" *pulPartLen = 0x%x", *pulPartLen)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + PR_LOG(modlog, 4, (fmt_spulPartLen, *pulPartLen)); + log_rv(rv); return rv; } @@ -1242,10 +1773,10 @@ CK_RV NSSDBGC_DecryptFinal( CK_ULONG_PTR pulLastPartLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_DecryptFinal")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); + log_handle(3, fmt_hSession, hSession); PR_LOG(modlog, 3, (" pLastPart = 0x%p", pLastPart)); PR_LOG(modlog, 3, (" pulLastPartLen = 0x%p", pulLastPartLen)); nssdbg_start_time(FUNC_C_DECRYPTFINAL,&start); @@ -1254,7 +1785,7 @@ CK_RV NSSDBGC_DecryptFinal( pulLastPartLen); nssdbg_finish_time(FUNC_C_DECRYPTFINAL,start); PR_LOG(modlog, 4, (" *pulLastPartLen = 0x%x", *pulLastPartLen)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1263,17 +1794,17 @@ CK_RV NSSDBGC_DigestInit( CK_MECHANISM_PTR pMechanism ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_DigestInit")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism)); print_mechanism(pMechanism); nssdbg_start_time(FUNC_C_DIGESTINIT,&start); rv = module_functions->C_DigestInit(hSession, pMechanism); nssdbg_finish_time(FUNC_C_DIGESTINIT,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1285,14 +1816,14 @@ CK_RV NSSDBGC_Digest( CK_ULONG_PTR pulDigestLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_Digest")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pData = 0x%p", pData)); - PR_LOG(modlog, 3, (" ulDataLen = %d", ulDataLen)); - PR_LOG(modlog, 3, (" pDigest = 0x%p", pDigest)); - PR_LOG(modlog, 3, (" pulDigestLen = 0x%p", pulDigestLen)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pData, pData)); + PR_LOG(modlog, 3, (fmt_ulDataLen, ulDataLen)); + PR_LOG(modlog, 3, (fmt_pDigest, pDigest)); + PR_LOG(modlog, 3, (fmt_pulDigestLen, pulDigestLen)); nssdbg_start_time(FUNC_C_DIGEST,&start); rv = module_functions->C_Digest(hSession, pData, @@ -1300,8 +1831,8 @@ CK_RV NSSDBGC_Digest( pDigest, pulDigestLen); nssdbg_finish_time(FUNC_C_DIGEST,start); - PR_LOG(modlog, 4, (" *pulDigestLen = 0x%x", *pulDigestLen)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + PR_LOG(modlog, 4, (fmt_spulDigestLen, *pulDigestLen)); + log_rv(rv); return rv; } @@ -1311,18 +1842,18 @@ CK_RV NSSDBGC_DigestUpdate( CK_ULONG ulPartLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_DigestUpdate")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pPart = 0x%p", pPart)); - PR_LOG(modlog, 3, (" ulPartLen = %d", ulPartLen)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pPart, pPart)); + PR_LOG(modlog, 3, (fmt_ulPartLen, ulPartLen)); nssdbg_start_time(FUNC_C_DIGESTUPDATE,&start); rv = module_functions->C_DigestUpdate(hSession, pPart, ulPartLen); nssdbg_finish_time(FUNC_C_DIGESTUPDATE,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1331,15 +1862,15 @@ CK_RV NSSDBGC_DigestKey( CK_OBJECT_HANDLE hKey ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_DigestKey")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); + log_handle(3, fmt_hSession, hSession); nssdbg_start_time(FUNC_C_DIGESTKEY,&start); rv = module_functions->C_DigestKey(hSession, hKey); nssdbg_finish_time(FUNC_C_DIGESTKEY,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1349,19 +1880,19 @@ CK_RV NSSDBGC_DigestFinal( CK_ULONG_PTR pulDigestLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_DigestFinal")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pDigest = 0x%p", pDigest)); - PR_LOG(modlog, 3, (" pulDigestLen = 0x%p", pulDigestLen)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pDigest, pDigest)); + PR_LOG(modlog, 3, (fmt_pulDigestLen, pulDigestLen)); nssdbg_start_time(FUNC_C_DIGESTFINAL,&start); rv = module_functions->C_DigestFinal(hSession, pDigest, pulDigestLen); nssdbg_finish_time(FUNC_C_DIGESTFINAL,start); - PR_LOG(modlog, 4, (" *pulDigestLen = 0x%x", *pulDigestLen)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + PR_LOG(modlog, 4, (fmt_spulDigestLen, *pulDigestLen)); + log_rv(rv); return rv; } @@ -1371,19 +1902,19 @@ CK_RV NSSDBGC_SignInit( CK_OBJECT_HANDLE hKey ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_SignInit")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); - PR_LOG(modlog, 3, (" hKey = 0x%x", hKey)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism)); + log_handle(3, fmt_hKey, hKey); print_mechanism(pMechanism); nssdbg_start_time(FUNC_C_SIGNINIT,&start); rv = module_functions->C_SignInit(hSession, pMechanism, hKey); nssdbg_finish_time(FUNC_C_SIGNINIT,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1395,14 +1926,14 @@ CK_RV NSSDBGC_Sign( CK_ULONG_PTR pulSignatureLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_Sign")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pData = 0x%p", pData)); - PR_LOG(modlog, 3, (" ulDataLen = %d", ulDataLen)); - PR_LOG(modlog, 3, (" pSignature = 0x%p", pSignature)); - PR_LOG(modlog, 3, (" pulSignatureLen = 0x%p", pulSignatureLen)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pData, pData)); + PR_LOG(modlog, 3, (fmt_ulDataLen, ulDataLen)); + PR_LOG(modlog, 3, (fmt_pSignature, pSignature)); + PR_LOG(modlog, 3, (fmt_pulSignatureLen, pulSignatureLen)); nssdbg_start_time(FUNC_C_SIGN,&start); rv = module_functions->C_Sign(hSession, pData, @@ -1410,8 +1941,8 @@ CK_RV NSSDBGC_Sign( pSignature, pulSignatureLen); nssdbg_finish_time(FUNC_C_SIGN,start); - PR_LOG(modlog, 4, (" *pulSignatureLen = 0x%x", *pulSignatureLen)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + PR_LOG(modlog, 4, (fmt_spulSignatureLen, *pulSignatureLen)); + log_rv(rv); return rv; } @@ -1421,18 +1952,18 @@ CK_RV NSSDBGC_SignUpdate( CK_ULONG ulPartLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_SignUpdate")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pPart = 0x%p", pPart)); - PR_LOG(modlog, 3, (" ulPartLen = %d", ulPartLen)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pPart, pPart)); + PR_LOG(modlog, 3, (fmt_ulPartLen, ulPartLen)); nssdbg_start_time(FUNC_C_SIGNUPDATE,&start); rv = module_functions->C_SignUpdate(hSession, pPart, ulPartLen); nssdbg_finish_time(FUNC_C_SIGNUPDATE,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1442,19 +1973,19 @@ CK_RV NSSDBGC_SignFinal( CK_ULONG_PTR pulSignatureLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_SignFinal")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pSignature = 0x%p", pSignature)); - PR_LOG(modlog, 3, (" pulSignatureLen = 0x%p", pulSignatureLen)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pSignature, pSignature)); + PR_LOG(modlog, 3, (fmt_pulSignatureLen, pulSignatureLen)); nssdbg_start_time(FUNC_C_SIGNFINAL,&start); rv = module_functions->C_SignFinal(hSession, pSignature, pulSignatureLen); nssdbg_finish_time(FUNC_C_SIGNFINAL,start); - PR_LOG(modlog, 4, (" *pulSignatureLen = 0x%x", *pulSignatureLen)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + PR_LOG(modlog, 4, (fmt_spulSignatureLen, *pulSignatureLen)); + log_rv(rv); return rv; } @@ -1464,19 +1995,19 @@ CK_RV NSSDBGC_SignRecoverInit( CK_OBJECT_HANDLE hKey ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_SignRecoverInit")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); - PR_LOG(modlog, 3, (" hKey = 0x%x", hKey)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism)); + log_handle(3, fmt_hKey, hKey); print_mechanism(pMechanism); nssdbg_start_time(FUNC_C_SIGNRECOVERINIT,&start); rv = module_functions->C_SignRecoverInit(hSession, pMechanism, hKey); nssdbg_finish_time(FUNC_C_SIGNRECOVERINIT,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1488,14 +2019,14 @@ CK_RV NSSDBGC_SignRecover( CK_ULONG_PTR pulSignatureLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_SignRecover")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pData = 0x%p", pData)); - PR_LOG(modlog, 3, (" ulDataLen = %d", ulDataLen)); - PR_LOG(modlog, 3, (" pSignature = 0x%p", pSignature)); - PR_LOG(modlog, 3, (" pulSignatureLen = 0x%p", pulSignatureLen)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pData, pData)); + PR_LOG(modlog, 3, (fmt_ulDataLen, ulDataLen)); + PR_LOG(modlog, 3, (fmt_pSignature, pSignature)); + PR_LOG(modlog, 3, (fmt_pulSignatureLen, pulSignatureLen)); nssdbg_start_time(FUNC_C_SIGNRECOVER,&start); rv = module_functions->C_SignRecover(hSession, pData, @@ -1503,8 +2034,8 @@ CK_RV NSSDBGC_SignRecover( pSignature, pulSignatureLen); nssdbg_finish_time(FUNC_C_SIGNRECOVER,start); - PR_LOG(modlog, 4, (" *pulSignatureLen = 0x%x", *pulSignatureLen)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + PR_LOG(modlog, 4, (fmt_spulSignatureLen, *pulSignatureLen)); + log_rv(rv); return rv; } @@ -1514,19 +2045,19 @@ CK_RV NSSDBGC_VerifyInit( CK_OBJECT_HANDLE hKey ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_VerifyInit")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); - PR_LOG(modlog, 3, (" hKey = 0x%x", hKey)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism)); + log_handle(3, fmt_hKey, hKey); print_mechanism(pMechanism); nssdbg_start_time(FUNC_C_VERIFYINIT,&start); rv = module_functions->C_VerifyInit(hSession, pMechanism, hKey); nssdbg_finish_time(FUNC_C_VERIFYINIT,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1538,14 +2069,14 @@ CK_RV NSSDBGC_Verify( CK_ULONG ulSignatureLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_Verify")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pData = 0x%p", pData)); - PR_LOG(modlog, 3, (" ulDataLen = %d", ulDataLen)); - PR_LOG(modlog, 3, (" pSignature = 0x%p", pSignature)); - PR_LOG(modlog, 3, (" ulSignatureLen = %d", ulSignatureLen)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pData, pData)); + PR_LOG(modlog, 3, (fmt_ulDataLen, ulDataLen)); + PR_LOG(modlog, 3, (fmt_pSignature, pSignature)); + PR_LOG(modlog, 3, (fmt_ulSignatureLen, ulSignatureLen)); nssdbg_start_time(FUNC_C_VERIFY,&start); rv = module_functions->C_Verify(hSession, pData, @@ -1553,7 +2084,7 @@ CK_RV NSSDBGC_Verify( pSignature, ulSignatureLen); nssdbg_finish_time(FUNC_C_VERIFY,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1563,18 +2094,18 @@ CK_RV NSSDBGC_VerifyUpdate( CK_ULONG ulPartLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_VerifyUpdate")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pPart = 0x%p", pPart)); - PR_LOG(modlog, 3, (" ulPartLen = %d", ulPartLen)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pPart, pPart)); + PR_LOG(modlog, 3, (fmt_ulPartLen, ulPartLen)); nssdbg_start_time(FUNC_C_VERIFYUPDATE,&start); rv = module_functions->C_VerifyUpdate(hSession, pPart, ulPartLen); nssdbg_finish_time(FUNC_C_VERIFYUPDATE,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1584,18 +2115,18 @@ CK_RV NSSDBGC_VerifyFinal( CK_ULONG ulSignatureLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_VerifyFinal")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pSignature = 0x%p", pSignature)); - PR_LOG(modlog, 3, (" ulSignatureLen = %d", ulSignatureLen)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pSignature, pSignature)); + PR_LOG(modlog, 3, (fmt_ulSignatureLen, ulSignatureLen)); nssdbg_start_time(FUNC_C_VERIFYFINAL,&start); rv = module_functions->C_VerifyFinal(hSession, pSignature, ulSignatureLen); nssdbg_finish_time(FUNC_C_VERIFYFINAL,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1605,19 +2136,19 @@ CK_RV NSSDBGC_VerifyRecoverInit( CK_OBJECT_HANDLE hKey ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_VerifyRecoverInit")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); - PR_LOG(modlog, 3, (" hKey = 0x%x", hKey)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism)); + log_handle(3, fmt_hKey, hKey); print_mechanism(pMechanism); nssdbg_start_time(FUNC_C_VERIFYRECOVERINIT,&start); rv = module_functions->C_VerifyRecoverInit(hSession, pMechanism, hKey); nssdbg_finish_time(FUNC_C_VERIFYRECOVERINIT,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1629,14 +2160,14 @@ CK_RV NSSDBGC_VerifyRecover( CK_ULONG_PTR pulDataLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_VerifyRecover")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pSignature = 0x%p", pSignature)); - PR_LOG(modlog, 3, (" ulSignatureLen = %d", ulSignatureLen)); - PR_LOG(modlog, 3, (" pData = 0x%p", pData)); - PR_LOG(modlog, 3, (" pulDataLen = 0x%p", pulDataLen)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pSignature, pSignature)); + PR_LOG(modlog, 3, (fmt_ulSignatureLen, ulSignatureLen)); + PR_LOG(modlog, 3, (fmt_pData, pData)); + PR_LOG(modlog, 3, (fmt_pulDataLen, pulDataLen)); nssdbg_start_time(FUNC_C_VERIFYRECOVER,&start); rv = module_functions->C_VerifyRecover(hSession, pSignature, @@ -1644,8 +2175,8 @@ CK_RV NSSDBGC_VerifyRecover( pData, pulDataLen); nssdbg_finish_time(FUNC_C_VERIFYRECOVER,start); - PR_LOG(modlog, 4, (" *pulDataLen = 0x%x", *pulDataLen)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + PR_LOG(modlog, 4, (fmt_spulDataLen, *pulDataLen)); + log_rv(rv); return rv; } @@ -1657,14 +2188,14 @@ CK_RV NSSDBGC_DigestEncryptUpdate( CK_ULONG_PTR pulEncryptedPartLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_DigestEncryptUpdate")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pPart = 0x%p", pPart)); - PR_LOG(modlog, 3, (" ulPartLen = %d", ulPartLen)); - PR_LOG(modlog, 3, (" pEncryptedPart = 0x%p", pEncryptedPart)); - PR_LOG(modlog, 3, (" pulEncryptedPartLen = 0x%p", pulEncryptedPartLen)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pPart, pPart)); + PR_LOG(modlog, 3, (fmt_ulPartLen, ulPartLen)); + PR_LOG(modlog, 3, (fmt_pEncryptedPart, pEncryptedPart)); + PR_LOG(modlog, 3, (fmt_pulEncryptedPartLen, pulEncryptedPartLen)); nssdbg_start_time(FUNC_C_DIGESTENCRYPTUPDATE,&start); rv = module_functions->C_DigestEncryptUpdate(hSession, pPart, @@ -1672,8 +2203,8 @@ CK_RV NSSDBGC_DigestEncryptUpdate( pEncryptedPart, pulEncryptedPartLen); nssdbg_finish_time(FUNC_C_DIGESTENCRYPTUPDATE,start); - PR_LOG(modlog, 4, (" *pulEncryptedPartLen = 0x%x", *pulEncryptedPartLen)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + PR_LOG(modlog, 4, (fmt_spulEncryptedPartLen, *pulEncryptedPartLen)); + log_rv(rv); return rv; } @@ -1685,14 +2216,14 @@ CK_RV NSSDBGC_DecryptDigestUpdate( CK_ULONG_PTR pulPartLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_DecryptDigestUpdate")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pEncryptedPart = 0x%p", pEncryptedPart)); - PR_LOG(modlog, 3, (" ulEncryptedPartLen = %d", ulEncryptedPartLen)); - PR_LOG(modlog, 3, (" pPart = 0x%p", pPart)); - PR_LOG(modlog, 3, (" pulPartLen = 0x%p", pulPartLen)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pEncryptedPart, pEncryptedPart)); + PR_LOG(modlog, 3, (fmt_ulEncryptedPartLen, ulEncryptedPartLen)); + PR_LOG(modlog, 3, (fmt_pPart, pPart)); + PR_LOG(modlog, 3, (fmt_pulPartLen, pulPartLen)); nssdbg_start_time(FUNC_C_DECRYPTDIGESTUPDATE,&start); rv = module_functions->C_DecryptDigestUpdate(hSession, pEncryptedPart, @@ -1700,8 +2231,8 @@ CK_RV NSSDBGC_DecryptDigestUpdate( pPart, pulPartLen); nssdbg_finish_time(FUNC_C_DECRYPTDIGESTUPDATE,start); - PR_LOG(modlog, 4, (" *pulPartLen = 0x%x", *pulPartLen)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + PR_LOG(modlog, 4, (fmt_spulPartLen, *pulPartLen)); + log_rv(rv); return rv; } @@ -1713,14 +2244,14 @@ CK_RV NSSDBGC_SignEncryptUpdate( CK_ULONG_PTR pulEncryptedPartLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_SignEncryptUpdate")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pPart = 0x%p", pPart)); - PR_LOG(modlog, 3, (" ulPartLen = %d", ulPartLen)); - PR_LOG(modlog, 3, (" pEncryptedPart = 0x%p", pEncryptedPart)); - PR_LOG(modlog, 3, (" pulEncryptedPartLen = 0x%p", pulEncryptedPartLen)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pPart, pPart)); + PR_LOG(modlog, 3, (fmt_ulPartLen, ulPartLen)); + PR_LOG(modlog, 3, (fmt_pEncryptedPart, pEncryptedPart)); + PR_LOG(modlog, 3, (fmt_pulEncryptedPartLen, pulEncryptedPartLen)); nssdbg_start_time(FUNC_C_SIGNENCRYPTUPDATE,&start); rv = module_functions->C_SignEncryptUpdate(hSession, pPart, @@ -1728,8 +2259,8 @@ CK_RV NSSDBGC_SignEncryptUpdate( pEncryptedPart, pulEncryptedPartLen); nssdbg_finish_time(FUNC_C_SIGNENCRYPTUPDATE,start); - PR_LOG(modlog, 4, (" *pulEncryptedPartLen = 0x%x", *pulEncryptedPartLen)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + PR_LOG(modlog, 4, (fmt_spulEncryptedPartLen, *pulEncryptedPartLen)); + log_rv(rv); return rv; } @@ -1741,14 +2272,14 @@ CK_RV NSSDBGC_DecryptVerifyUpdate( CK_ULONG_PTR pulPartLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_DecryptVerifyUpdate")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pEncryptedPart = 0x%p", pEncryptedPart)); - PR_LOG(modlog, 3, (" ulEncryptedPartLen = %d", ulEncryptedPartLen)); - PR_LOG(modlog, 3, (" pPart = 0x%p", pPart)); - PR_LOG(modlog, 3, (" pulPartLen = 0x%p", pulPartLen)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pEncryptedPart, pEncryptedPart)); + PR_LOG(modlog, 3, (fmt_ulEncryptedPartLen, ulEncryptedPartLen)); + PR_LOG(modlog, 3, (fmt_pPart, pPart)); + PR_LOG(modlog, 3, (fmt_pulPartLen, pulPartLen)); nssdbg_start_time(FUNC_C_DECRYPTVERIFYUPDATE,&start); rv = module_functions->C_DecryptVerifyUpdate(hSession, pEncryptedPart, @@ -1756,8 +2287,8 @@ CK_RV NSSDBGC_DecryptVerifyUpdate( pPart, pulPartLen); nssdbg_finish_time(FUNC_C_DECRYPTVERIFYUPDATE,start); - PR_LOG(modlog, 4, (" *pulPartLen = 0x%x", *pulPartLen)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + PR_LOG(modlog, 4, (fmt_spulPartLen, *pulPartLen)); + log_rv(rv); return rv; } @@ -1769,14 +2300,14 @@ CK_RV NSSDBGC_GenerateKey( CK_OBJECT_HANDLE_PTR phKey ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_GenerateKey")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); - PR_LOG(modlog, 3, (" pTemplate = 0x%p", pTemplate)); - PR_LOG(modlog, 3, (" ulCount = %d", ulCount)); - PR_LOG(modlog, 3, (" phKey = 0x%p", phKey)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism)); + PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate)); + PR_LOG(modlog, 3, (fmt_ulCount, ulCount)); + PR_LOG(modlog, 3, (fmt_phKey, phKey)); print_template(pTemplate, ulCount); print_mechanism(pMechanism); nssdbg_start_time(FUNC_C_GENERATEKEY,&start); @@ -1786,8 +2317,8 @@ CK_RV NSSDBGC_GenerateKey( ulCount, phKey); nssdbg_finish_time(FUNC_C_GENERATEKEY,start); - PR_LOG(modlog, 4, (" *phKey = 0x%x", *phKey)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_handle(4, fmt_sphKey, *phKey); + log_rv(rv); return rv; } @@ -1802,18 +2333,18 @@ CK_RV NSSDBGC_GenerateKeyPair( CK_OBJECT_HANDLE_PTR phPrivateKey ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_GenerateKeyPair")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism)); PR_LOG(modlog, 3, (" pPublicKeyTemplate = 0x%p", pPublicKeyTemplate)); PR_LOG(modlog, 3, (" ulPublicKeyAttributeCount = %d", ulPublicKeyAttributeCount)); PR_LOG(modlog, 3, (" pPrivateKeyTemplate = 0x%p", pPrivateKeyTemplate)); PR_LOG(modlog, 3, (" ulPrivateKeyAttributeCount = %d", ulPrivateKeyAttributeCount)); PR_LOG(modlog, 3, (" phPublicKey = 0x%p", phPublicKey)); - PR_LOG(modlog, 3, (" phPrivateKey = 0x%p", phPrivateKey)); print_template(pPublicKeyTemplate, ulPublicKeyAttributeCount); + PR_LOG(modlog, 3, (" phPrivateKey = 0x%p", phPrivateKey)); print_template(pPrivateKeyTemplate, ulPrivateKeyAttributeCount); print_mechanism(pMechanism); nssdbg_start_time(FUNC_C_GENERATEKEYPAIR,&start); @@ -1826,9 +2357,9 @@ CK_RV NSSDBGC_GenerateKeyPair( phPublicKey, phPrivateKey); nssdbg_finish_time(FUNC_C_GENERATEKEYPAIR,start); - PR_LOG(modlog, 4, (" *phPublicKey = 0x%x", *phPublicKey)); - PR_LOG(modlog, 4, (" *phPrivateKey = 0x%x", *phPrivateKey)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_handle(4, " *phPublicKey = 0x%x", *phPublicKey); + log_handle(4, " *phPrivateKey = 0x%x", *phPrivateKey); + log_rv(rv); return rv; } @@ -1841,14 +2372,14 @@ CK_RV NSSDBGC_WrapKey( CK_ULONG_PTR pulWrappedKeyLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_WrapKey")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); - PR_LOG(modlog, 3, (" hWrappingKey = 0x%x", hWrappingKey)); - PR_LOG(modlog, 3, (" hKey = 0x%x", hKey)); - PR_LOG(modlog, 3, (" pWrappedKey = 0x%p", pWrappedKey)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism)); + log_handle(3, " hWrappingKey = 0x%x", hWrappingKey); + log_handle(3, fmt_hKey, hKey); + PR_LOG(modlog, 3, (fmt_pWrappedKey, pWrappedKey)); PR_LOG(modlog, 3, (" pulWrappedKeyLen = 0x%p", pulWrappedKeyLen)); print_mechanism(pMechanism); nssdbg_start_time(FUNC_C_WRAPKEY,&start); @@ -1860,7 +2391,7 @@ CK_RV NSSDBGC_WrapKey( pulWrappedKeyLen); nssdbg_finish_time(FUNC_C_WRAPKEY,start); PR_LOG(modlog, 4, (" *pulWrappedKeyLen = 0x%x", *pulWrappedKeyLen)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1875,17 +2406,17 @@ CK_RV NSSDBGC_UnwrapKey( CK_OBJECT_HANDLE_PTR phKey ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_UnwrapKey")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); - PR_LOG(modlog, 3, (" hUnwrappingKey = 0x%x", hUnwrappingKey)); - PR_LOG(modlog, 3, (" pWrappedKey = 0x%p", pWrappedKey)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism)); + log_handle(3, " hUnwrappingKey = 0x%x", hUnwrappingKey); + PR_LOG(modlog, 3, (fmt_pWrappedKey, pWrappedKey)); PR_LOG(modlog, 3, (" ulWrappedKeyLen = %d", ulWrappedKeyLen)); - PR_LOG(modlog, 3, (" pTemplate = 0x%p", pTemplate)); - PR_LOG(modlog, 3, (" ulAttributeCount = %d", ulAttributeCount)); - PR_LOG(modlog, 3, (" phKey = 0x%p", phKey)); + PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate)); + PR_LOG(modlog, 3, (fmt_ulAttributeCount, ulAttributeCount)); + PR_LOG(modlog, 3, (fmt_phKey, phKey)); print_template(pTemplate, ulAttributeCount); print_mechanism(pMechanism); nssdbg_start_time(FUNC_C_UNWRAPKEY,&start); @@ -1898,8 +2429,8 @@ CK_RV NSSDBGC_UnwrapKey( ulAttributeCount, phKey); nssdbg_finish_time(FUNC_C_UNWRAPKEY,start); - PR_LOG(modlog, 4, (" *phKey = 0x%x", *phKey)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_handle(4, fmt_sphKey, *phKey); + log_rv(rv); return rv; } @@ -1912,15 +2443,15 @@ CK_RV NSSDBGC_DeriveKey( CK_OBJECT_HANDLE_PTR phKey ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_DeriveKey")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); - PR_LOG(modlog, 3, (" pMechanism = 0x%p", pMechanism)); - PR_LOG(modlog, 3, (" hBaseKey = 0x%x", hBaseKey)); - PR_LOG(modlog, 3, (" pTemplate = 0x%p", pTemplate)); - PR_LOG(modlog, 3, (" ulAttributeCount = %d", ulAttributeCount)); - PR_LOG(modlog, 3, (" phKey = 0x%p", phKey)); + log_handle(3, fmt_hSession, hSession); + PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism)); + log_handle(3, " hBaseKey = 0x%x", hBaseKey); + PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate)); + PR_LOG(modlog, 3, (fmt_ulAttributeCount, ulAttributeCount)); + PR_LOG(modlog, 3, (fmt_phKey, phKey)); print_template(pTemplate, ulAttributeCount); print_mechanism(pMechanism); nssdbg_start_time(FUNC_C_DERIVEKEY,&start); @@ -1931,8 +2462,8 @@ CK_RV NSSDBGC_DeriveKey( ulAttributeCount, phKey); nssdbg_finish_time(FUNC_C_DERIVEKEY,start); - PR_LOG(modlog, 4, (" *phKey = 0x%x", *phKey)); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_handle(4, fmt_sphKey, *phKey); + log_rv(rv); return rv; } @@ -1942,10 +2473,10 @@ CK_RV NSSDBGC_SeedRandom( CK_ULONG ulSeedLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_SeedRandom")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); + log_handle(3, fmt_hSession, hSession); PR_LOG(modlog, 3, (" pSeed = 0x%p", pSeed)); PR_LOG(modlog, 3, (" ulSeedLen = %d", ulSeedLen)); nssdbg_start_time(FUNC_C_SEEDRANDOM,&start); @@ -1953,7 +2484,7 @@ CK_RV NSSDBGC_SeedRandom( pSeed, ulSeedLen); nssdbg_finish_time(FUNC_C_SEEDRANDOM,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1963,10 +2494,10 @@ CK_RV NSSDBGC_GenerateRandom( CK_ULONG ulRandomLen ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_GenerateRandom")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); + log_handle(3, fmt_hSession, hSession); PR_LOG(modlog, 3, (" RandomData = 0x%p", RandomData)); PR_LOG(modlog, 3, (" ulRandomLen = %d", ulRandomLen)); nssdbg_start_time(FUNC_C_GENERATERANDOM,&start); @@ -1974,7 +2505,7 @@ CK_RV NSSDBGC_GenerateRandom( RandomData, ulRandomLen); nssdbg_finish_time(FUNC_C_GENERATERANDOM,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1982,14 +2513,14 @@ CK_RV NSSDBGC_GetFunctionStatus( CK_SESSION_HANDLE hSession ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_GetFunctionStatus")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); + log_handle(3, fmt_hSession, hSession); nssdbg_start_time(FUNC_C_GETFUNCTIONSTATUS,&start); rv = module_functions->C_GetFunctionStatus(hSession); nssdbg_finish_time(FUNC_C_GETFUNCTIONSTATUS,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -1997,14 +2528,14 @@ CK_RV NSSDBGC_CancelFunction( CK_SESSION_HANDLE hSession ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_CancelFunction")); - PR_LOG(modlog, 3, (" hSession = 0x%x", hSession)); + log_handle(3, fmt_hSession, hSession); nssdbg_start_time(FUNC_C_CANCELFUNCTION,&start); rv = module_functions->C_CancelFunction(hSession); nssdbg_finish_time(FUNC_C_CANCELFUNCTION,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } @@ -2014,10 +2545,10 @@ CK_RV NSSDBGC_WaitForSlotEvent( CK_VOID_PTR pRserved ) { - CK_RV rv; - PRIntervalTime start; + COMMON_DEFINITIONS; + PR_LOG(modlog, 1, ("C_WaitForSlotEvent")); - PR_LOG(modlog, 3, (" flags = 0x%x", flags)); + PR_LOG(modlog, 3, (fmt_flags, flags)); PR_LOG(modlog, 3, (" pSlot = 0x%p", pSlot)); PR_LOG(modlog, 3, (" pRserved = 0x%p", pRserved)); nssdbg_start_time(FUNC_C_WAITFORSLOTEVENT,&start); @@ -2025,7 +2556,7 @@ CK_RV NSSDBGC_WaitForSlotEvent( pSlot, pRserved); nssdbg_finish_time(FUNC_C_WAITFORSLOTEVENT,start); - PR_LOG(modlog, 1, (" rv = 0x%x\n", rv)); + log_rv(rv); return rv; } diff --git a/security/nss/lib/pk11wrap/dev3hack.c b/security/nss/lib/pk11wrap/dev3hack.c index 2c2aa5f1b9a06..af50b1748e5ec 100644 --- a/security/nss/lib/pk11wrap/dev3hack.c +++ b/security/nss/lib/pk11wrap/dev3hack.c @@ -35,7 +35,7 @@ * ***** END LICENSE BLOCK ***** */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: dev3hack.c,v $ $Revision: 1.24 $ $Date: 2008/08/09 01:26:04 $"; +static const char CVS_ID[] = "@(#) $RCSfile: dev3hack.c,v $ $Revision: 1.25 $ $Date: 2008/09/30 04:09:04 $"; #endif /* DEBUG */ #ifndef PKIT_H @@ -195,7 +195,12 @@ nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot) nss3slot->session, nss3slot->sessionLock, nss3slot->defRWSession); - /* continue, even if rvToken->defaultSession is NULL */ +#if 0 /* we should do this instead of blindly continuing. */ + if (!rvToken->defaultSession) { + PORT_SetError(SEC_ERROR_NO_TOKEN); + goto loser; + } +#endif if (!PK11_IsInternal(nss3slot) && PK11_IsHW(nss3slot)) { rvToken->cache = nssTokenObjectCache_Create(rvToken, PR_TRUE, PR_TRUE, PR_TRUE); @@ -271,7 +276,7 @@ nssSlot_Refresh { PK11SlotInfo *nss3slot = slot->pk11slot; PRBool doit = PR_FALSE; - if (slot->token->base.name[0] == 0) { + if (slot->token && slot->token->base.name[0] == 0) { doit = PR_TRUE; } if (PK11_InitToken(nss3slot, PR_FALSE) != SECSuccess) { diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index bbafea5b35d65..0a81785b7070b 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -257,14 +257,18 @@ static CERTCertificate CK_ATTRIBUTE *privateLabel, char **nickptr) { NSSCertificate *c; - nssCryptokiObject *co; + nssCryptokiObject *co = NULL; nssPKIObject *pkio; NSSToken *token; NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); /* Get the cryptoki object from the handle */ token = PK11Slot_GetNSSToken(slot); - co = nssCryptokiObject_Create(token, token->defaultSession, certID); + if (token->defaultSession) { + co = nssCryptokiObject_Create(token, token->defaultSession, certID); + } else { + PORT_SetError(SEC_ERROR_NO_TOKEN); + } if (!co) { return NULL; } diff --git a/security/nss/lib/pk11wrap/pk11cxt.c b/security/nss/lib/pk11wrap/pk11cxt.c index ea74d194a0e5c..6b18370283052 100644 --- a/security/nss/lib/pk11wrap/pk11cxt.c +++ b/security/nss/lib/pk11wrap/pk11cxt.c @@ -291,6 +291,7 @@ static PK11Context *pk11_CreateNewContextInSlot(CK_MECHANISM_TYPE type, context->param = (SECItem *)&pk11_null_params; } } else { + PORT_SetError(SEC_ERROR_INVALID_ARGS); context->param = NULL; } context->init = PR_FALSE; diff --git a/security/nss/lib/pk11wrap/pk11err.c b/security/nss/lib/pk11wrap/pk11err.c index 588d6512cbad9..d58f49de213ff 100644 --- a/security/nss/lib/pk11wrap/pk11err.c +++ b/security/nss/lib/pk11wrap/pk11err.c @@ -72,12 +72,14 @@ PK11_MapError(CK_RV rv) { MAPERROR(CKR_CANCEL, SEC_ERROR_IO) MAPERROR(CKR_HOST_MEMORY, SEC_ERROR_NO_MEMORY) MAPERROR(CKR_SLOT_ID_INVALID, SEC_ERROR_BAD_DATA) + MAPERROR(CKR_ARGUMENTS_BAD, SEC_ERROR_INVALID_ARGS) MAPERROR(CKR_ATTRIBUTE_READ_ONLY, SEC_ERROR_READ_ONLY) MAPERROR(CKR_ATTRIBUTE_SENSITIVE, SEC_ERROR_IO) /* XX SENSITIVE */ MAPERROR(CKR_ATTRIBUTE_TYPE_INVALID, SEC_ERROR_BAD_DATA) MAPERROR(CKR_ATTRIBUTE_VALUE_INVALID, SEC_ERROR_BAD_DATA) + MAPERROR(CKR_BUFFER_TOO_SMALL, SEC_ERROR_OUTPUT_LEN) MAPERROR(CKR_DATA_INVALID, SEC_ERROR_BAD_DATA) - MAPERROR(CKR_DATA_LEN_RANGE, SEC_ERROR_BAD_DATA) + MAPERROR(CKR_DATA_LEN_RANGE, SEC_ERROR_INPUT_LEN) MAPERROR(CKR_DEVICE_ERROR, SEC_ERROR_IO) MAPERROR(CKR_DEVICE_MEMORY, SEC_ERROR_NO_MEMORY) MAPERROR(CKR_DEVICE_REMOVED, SEC_ERROR_NO_TOKEN) diff --git a/security/nss/lib/pk11wrap/pk11load.c b/security/nss/lib/pk11wrap/pk11load.c index 49d826dbe2ea9..c8de0b8cac720 100644 --- a/security/nss/lib/pk11wrap/pk11load.c +++ b/security/nss/lib/pk11wrap/pk11load.c @@ -37,6 +37,7 @@ * The following handles the loading, unloading and management of * various PCKS #11 modules */ +#define FORCE_PR_LOG 1 #include "seccomon.h" #include "pkcs11.h" #include "secmod.h" @@ -48,9 +49,7 @@ #include "secerr.h" #include "prenv.h" -#ifdef DEBUG #define DEBUG_MODULE 1 -#endif #ifdef DEBUG_MODULE static char *modToDBG = NULL; diff --git a/security/nss/lib/pk11wrap/pk11merge.c b/security/nss/lib/pk11wrap/pk11merge.c index e9d6d7315917d..ef0be3432853e 100644 --- a/security/nss/lib/pk11wrap/pk11merge.c +++ b/security/nss/lib/pk11wrap/pk11merge.c @@ -1300,7 +1300,7 @@ PK11_MergeTokens(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot, } PK11MergeLog * -PK11_CreateMergeLog() +PK11_CreateMergeLog(void) { PRArenaPool *arena; PK11MergeLog *log; diff --git a/security/nss/lib/pk11wrap/pk11obj.c b/security/nss/lib/pk11wrap/pk11obj.c index 2cb8651e39086..e7c3afc3c4985 100644 --- a/security/nss/lib/pk11wrap/pk11obj.c +++ b/security/nss/lib/pk11wrap/pk11obj.c @@ -1465,14 +1465,17 @@ CK_OBJECT_HANDLE pk11_FindObjectByTemplate(PK11SlotInfo *slot,CK_ATTRIBUTE *theTemplate,int tsize) { CK_OBJECT_HANDLE object; - CK_RV crv; + CK_RV crv = CKR_SESSION_HANDLE_INVALID; CK_ULONG objectCount; /* * issue the find */ PK11_EnterSlotMonitor(slot); - crv=PK11_GETTAB(slot)->C_FindObjectsInit(slot->session, theTemplate, tsize); + if (slot->session != CK_INVALID_SESSION) { + crv = PK11_GETTAB(slot)->C_FindObjectsInit(slot->session, + theTemplate, tsize); + } if (crv != CKR_OK) { PK11_ExitSlotMonitor(slot); PORT_SetError( PK11_MapError(crv) ); @@ -1498,16 +1501,18 @@ pk11_FindObjectByTemplate(PK11SlotInfo *slot,CK_ATTRIBUTE *theTemplate,int tsize * return all the object handles that matches the template */ CK_OBJECT_HANDLE * -pk11_FindObjectsByTemplate(PK11SlotInfo *slot, - CK_ATTRIBUTE *findTemplate,int findCount,int *object_count) { +pk11_FindObjectsByTemplate(PK11SlotInfo *slot, CK_ATTRIBUTE *findTemplate, + int templCount, int *object_count) +{ CK_OBJECT_HANDLE *objID = NULL; CK_ULONG returned_count = 0; - CK_RV crv; - + CK_RV crv = CKR_SESSION_HANDLE_INVALID; PK11_EnterSlotMonitor(slot); - crv = PK11_GETTAB(slot)->C_FindObjectsInit(slot->session, findTemplate, - findCount); + if (slot->session != CK_INVALID_SESSION) { + crv = PK11_GETTAB(slot)->C_FindObjectsInit(slot->session, + findTemplate, templCount); + } if (crv != CKR_OK) { PK11_ExitSlotMonitor(slot); PORT_SetError( PK11_MapError(crv) ); @@ -1615,28 +1620,31 @@ PK11_MatchItem(PK11SlotInfo *slot, CK_OBJECT_HANDLE searchID, */ int PK11_NumberObjectsFor(PK11SlotInfo *slot, CK_ATTRIBUTE *findTemplate, - int templateCount) + int templCount) { CK_OBJECT_HANDLE objID[PK11_SEARCH_CHUNKSIZE]; int object_count = 0; CK_ULONG returned_count = 0; - CK_RV crv; + CK_RV crv = CKR_SESSION_HANDLE_INVALID; PK11_EnterSlotMonitor(slot); - crv = PK11_GETTAB(slot)->C_FindObjectsInit(slot->session, - findTemplate, templateCount); + if (slot->session != CK_INVALID_SESSION) { + crv = PK11_GETTAB(slot)->C_FindObjectsInit(slot->session, + findTemplate, templCount); + } if (crv != CKR_OK) { PK11_ExitSlotMonitor(slot); PORT_SetError( PK11_MapError(crv) ); - return 0; + return object_count; } /* * collect all the Matching Objects */ do { - crv = PK11_GETTAB(slot)->C_FindObjects(slot->session, - objID,PK11_SEARCH_CHUNKSIZE,&returned_count); + crv = PK11_GETTAB(slot)->C_FindObjects(slot->session, objID, + PK11_SEARCH_CHUNKSIZE, + &returned_count); if (crv != CKR_OK) { PORT_SetError( PK11_MapError(crv) ); break; diff --git a/security/nss/lib/pk11wrap/pk11pub.h b/security/nss/lib/pk11wrap/pk11pub.h index e351de9e58109..73794f81dacb9 100644 --- a/security/nss/lib/pk11wrap/pk11pub.h +++ b/security/nss/lib/pk11wrap/pk11pub.h @@ -246,7 +246,7 @@ SECStatus PK11_MergeTokens(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot, /* * create and destroy merge logs needed by PK11_MergeTokens */ -PK11MergeLog * PK11_CreateMergeLog(); +PK11MergeLog * PK11_CreateMergeLog(void); void PK11_DestroyMergeLog(PK11MergeLog *log); diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index c619ae003418b..d83874918e89f 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -554,9 +554,8 @@ PK11_FindSlotsByNames(const char *dllName, const char* slotName, (0==PORT_Strcmp(tmpSlot->token_name, tokenName)))) && ( (!slotName) || (tmpSlot->slot_name && (0==PORT_Strcmp(tmpSlot->slot_name, slotName)))) ) { - PK11SlotInfo* slot = PK11_ReferenceSlot(tmpSlot); - if (slot) { - PK11_AddSlotToList(slotList, slot); + if (tmpSlot) { + PK11_AddSlotToList(slotList, tmpSlot); slotcount++; } } @@ -1342,12 +1341,12 @@ PK11_InitSlot(SECMODModule *mod,CK_SLOT_ID slotID,PK11SlotInfo *slot) slot->disabled = PR_TRUE; slot->reason = PK11_DIS_COULD_NOT_INIT_TOKEN; } - } - if (pk11_isRootSlot(slot)) { - if (!slot->hasRootCerts) { - slot->module->trustOrder = 100; + if (rv == SECSuccess && pk11_isRootSlot(slot)) { + if (!slot->hasRootCerts) { + slot->module->trustOrder = 100; + } + slot->hasRootCerts= PR_TRUE; } - slot->hasRootCerts= PR_TRUE; } } diff --git a/security/nss/lib/pkcs12/p12.h b/security/nss/lib/pkcs12/p12.h index d2d17165eafe9..852047c1f2f3b 100644 --- a/security/nss/lib/pkcs12/p12.h +++ b/security/nss/lib/pkcs12/p12.h @@ -145,17 +145,20 @@ SEC_PKCS12AddKeyForCert(SEC_PKCS12ExportContext *p12ctxt, SECItem *keyId, SECItem *nickName); extern SECStatus -SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt, +SEC_PKCS12AddCertOrChainAndKey(SEC_PKCS12ExportContext *p12ctxt, void *certSafe, void *certNestedDest, CERTCertificate *cert, CERTCertDBHandle *certDb, - void *keySafe, void *keyNestedDest, - PRBool shroudKey, SECItem *pwitem, SECOidTag algorithm); + void *keySafe, void *keyNestedDest, PRBool shroudKey, + SECItem *pwitem, SECOidTag algorithm, + PRBool includeCertChain); + extern SECStatus -SEC_PKCS12AddDERCertAndEncryptedKey(SEC_PKCS12ExportContext *p12ctxt, - void *certSafe, void *certNestedDest, SECItem *derCert, +SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt, + void *certSafe, void *certNestedDest, + CERTCertificate *cert, CERTCertDBHandle *certDb, void *keySafe, void *keyNestedDest, - SECKEYEncryptedPrivateKeyInfo *epki, char *nickname); + PRBool shroudKey, SECItem *pwitem, SECOidTag algorithm); extern void * SEC_PKCS12CreateNestedSafeContents(SEC_PKCS12ExportContext *p12ctxt, diff --git a/security/nss/lib/pkcs12/p12d.c b/security/nss/lib/pkcs12/p12d.c index 0be10c701838e..ce2bf00a37cae 100644 --- a/security/nss/lib/pkcs12/p12d.c +++ b/security/nss/lib/pkcs12/p12d.c @@ -1646,7 +1646,7 @@ sec_pkcs12_sanitize_nickname(PK11SlotInfo *slot, SECItem *nick) char *delimit; int delimitlen; - nickname = (char*)nick->data; /*Mac breaks without this type cast*/ + nickname = (char*)nick->data; if ((delimit = PORT_Strchr(nickname, ':')) != NULL) { char *slotName; int slotNameLen; diff --git a/security/nss/lib/pkcs12/p12e.c b/security/nss/lib/pkcs12/p12e.c index 7bb167ca02b45..959d37483e883 100644 --- a/security/nss/lib/pkcs12/p12e.c +++ b/security/nss/lib/pkcs12/p12e.c @@ -1180,97 +1180,6 @@ SEC_PKCS12AddCert(SEC_PKCS12ExportContext *p12ctxt, SEC_PKCS12SafeInfo *safe, return SECFailure; } -/* SEC_PKCS12AddEncryptedKey - * Extracts the key associated with a particular certificate and exports - * it. - * - * p12ctxt - the export context - * safe - the safeInfo to place the key in - * nestedDest - the nested safeContents to place a key - * cert - the certificate which the key belongs to - * shroudKey - encrypt the private key for export. This value should - * always be true. lower level code will not allow the export - * of unencrypted private keys. - * algorithm - the algorithm with which to encrypt the private key - * pwitem - the password to encrypted the private key with - * keyId - the keyID attribute - * nickName - the nickname attribute - */ -static SECStatus -SEC_PKCS12AddEncryptedKey(SEC_PKCS12ExportContext *p12ctxt, - SECKEYEncryptedPrivateKeyInfo *epki, SEC_PKCS12SafeInfo *safe, - void *nestedDest, SECItem *keyId, SECItem *nickName) -{ - void *mark; - void *keyItem; - SECOidTag keyType; - SECStatus rv = SECFailure; - sec_PKCS12SafeBag *returnBag; - - if(!p12ctxt || !safe || !epki) { - return SECFailure; - } - - mark = PORT_ArenaMark(p12ctxt->arena); - - keyItem = PORT_ArenaZAlloc(p12ctxt->arena, - sizeof(SECKEYEncryptedPrivateKeyInfo)); - if(!keyItem) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - goto loser; - } - - rv = SECKEY_CopyEncryptedPrivateKeyInfo(p12ctxt->arena, - (SECKEYEncryptedPrivateKeyInfo *)keyItem, - epki); - keyType = SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID; - - if(rv != SECSuccess) { - goto loser; - } - - /* create the safe bag and set any attributes */ - returnBag = sec_PKCS12CreateSafeBag(p12ctxt, keyType, keyItem); - if(!returnBag) { - rv = SECFailure; - goto loser; - } - - if(nickName) { - if(sec_PKCS12AddAttributeToBag(p12ctxt, returnBag, - SEC_OID_PKCS9_FRIENDLY_NAME, nickName) - != SECSuccess) { - goto loser; - } - } - - if(keyId) { - if(sec_PKCS12AddAttributeToBag(p12ctxt, returnBag, - SEC_OID_PKCS9_LOCAL_KEY_ID, - keyId) != SECSuccess) { - goto loser; - } - } - - if(nestedDest) { - rv = sec_pkcs12_append_bag_to_safe_contents(p12ctxt->arena, - (sec_PKCS12SafeContents*)nestedDest, - returnBag); - } else { - rv = sec_pkcs12_append_bag(p12ctxt, safe, returnBag); - } - -loser: - - if (rv != SECSuccess) { - PORT_ArenaRelease(p12ctxt->arena, mark); - } else { - PORT_ArenaUnmark(p12ctxt->arena, mark); - } - - return rv; -} - /* SEC_PKCS12AddKeyForCert * Extracts the key associated with a particular certificate and exports * it. @@ -1425,108 +1334,27 @@ SEC_PKCS12AddKeyForCert(SEC_PKCS12ExportContext *p12ctxt, SEC_PKCS12SafeInfo *sa return rv; } -/* SEC_PKCS12AddCertAndEncryptedKey - * Add a certificate and key pair to be exported. - * - * p12ctxt - the export context - * certSafe - the safeInfo where the cert is stored - * certNestedDest - the nested safeContents to store the cert - * keySafe - the safeInfo where the key is stored - * keyNestedDest - the nested safeContents to store the key - * shroudKey - extract the private key encrypted? - * pwitem - the password with which the key is encrypted - * algorithm - the algorithm with which the key is encrypted - */ -SECStatus -SEC_PKCS12AddDERCertAndEncryptedKey(SEC_PKCS12ExportContext *p12ctxt, - void *certSafe, void *certNestedDest, - SECItem *derCert, void *keySafe, - void *keyNestedDest, SECKEYEncryptedPrivateKeyInfo *epki, - char *nickname) -{ - SECStatus rv = SECFailure; - SGNDigestInfo *digest = NULL; - void *mark = NULL; - CERTCertificate *cert; - SECItem nick = {siBuffer, NULL,0}, *nickPtr = NULL; - - if(!p12ctxt || !certSafe || !keySafe || !derCert) { - return SECFailure; - } - - mark = PORT_ArenaMark(p12ctxt->arena); - - cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), - derCert, NULL, PR_FALSE, PR_FALSE); - if(!cert) { - PORT_ArenaRelease(p12ctxt->arena, mark); - PORT_SetError(SEC_ERROR_NO_MEMORY); - return SECFailure; - } - cert->nickname = nickname; - - /* generate the thumbprint of the cert to use as a keyId */ - digest = sec_pkcs12_compute_thumbprint(&cert->derCert); - if(!digest) { - CERT_DestroyCertificate(cert); - return SECFailure; - } - - /* add the certificate */ - rv = SEC_PKCS12AddCert(p12ctxt, (SEC_PKCS12SafeInfo*)certSafe, - certNestedDest, cert, NULL, - &digest->digest, PR_FALSE); - if(rv != SECSuccess) { - goto loser; - } - - if(nickname) { - nick.data = (unsigned char *)nickname; - nick.len = PORT_Strlen(nickname); - nickPtr = &nick; - } else { - nickPtr = NULL; - } - - /* add the key */ - rv = SEC_PKCS12AddEncryptedKey(p12ctxt, epki, (SEC_PKCS12SafeInfo*)keySafe, - keyNestedDest, &digest->digest, nickPtr ); - if(rv != SECSuccess) { - goto loser; - } - - SGN_DestroyDigestInfo(digest); - - PORT_ArenaUnmark(p12ctxt->arena, mark); - return SECSuccess; - -loser: - SGN_DestroyDigestInfo(digest); - CERT_DestroyCertificate(cert); - PORT_ArenaRelease(p12ctxt->arena, mark); - - return SECFailure; -} - -/* SEC_PKCS12AddCertAndKey +/* SEC_PKCS12AddCertOrChainAndKey * Add a certificate and key pair to be exported. * - * p12ctxt - the export context - * certSafe - the safeInfo where the cert is stored - * certNestedDest - the nested safeContents to store the cert - * keySafe - the safeInfo where the key is stored - * keyNestedDest - the nested safeContents to store the key - * shroudKey - extract the private key encrypted? - * pwitem - the password with which the key is encrypted - * algorithm - the algorithm with which the key is encrypted + * p12ctxt - the export context + * certSafe - the safeInfo where the cert is stored + * certNestedDest - the nested safeContents to store the cert + * keySafe - the safeInfo where the key is stored + * keyNestedDest - the nested safeContents to store the key + * shroudKey - extract the private key encrypted? + * pwitem - the password with which the key is encrypted + * algorithm - the algorithm with which the key is encrypted + * includeCertChain - also add certs from chain to bag. */ SECStatus -SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt, - void *certSafe, void *certNestedDest, - CERTCertificate *cert, CERTCertDBHandle *certDb, - void *keySafe, void *keyNestedDest, - PRBool shroudKey, SECItem *pwitem, SECOidTag algorithm) -{ +SEC_PKCS12AddCertOrChainAndKey(SEC_PKCS12ExportContext *p12ctxt, + void *certSafe, void *certNestedDest, + CERTCertificate *cert, CERTCertDBHandle *certDb, + void *keySafe, void *keyNestedDest, + PRBool shroudKey, SECItem *pwitem, + SECOidTag algorithm, PRBool includeCertChain) +{ SECStatus rv = SECFailure; SGNDigestInfo *digest = NULL; void *mark = NULL; @@ -1547,7 +1375,7 @@ SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt, /* add the certificate */ rv = SEC_PKCS12AddCert(p12ctxt, (SEC_PKCS12SafeInfo*)certSafe, (SEC_PKCS12SafeInfo*)certNestedDest, cert, certDb, - &digest->digest, PR_TRUE); + &digest->digest, includeCertChain); if(rv != SECSuccess) { goto loser; } @@ -1573,6 +1401,20 @@ SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt, return SECFailure; } +/* like SEC_PKCS12AddCertOrChainAndKey, but always adds cert chain */ +SECStatus +SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt, + void *certSafe, void *certNestedDest, + CERTCertificate *cert, CERTCertDBHandle *certDb, + void *keySafe, void *keyNestedDest, + PRBool shroudKey, SECItem *pwItem, SECOidTag algorithm) +{ + return SEC_PKCS12AddCertOrChainAndKey(p12ctxt, certSafe, certNestedDest, + cert, certDb, keySafe, keyNestedDest, shroudKey, pwItem, + algorithm, PR_TRUE); +} + + /* SEC_PKCS12CreateNestedSafeContents * Allows nesting of safe contents to be implemented. No limit imposed on * depth. @@ -2231,143 +2073,3 @@ SEC_PKCS12DestroyExportContext(SEC_PKCS12ExportContext *p12ecx) PORT_FreeArena(p12ecx->arena, PR_TRUE); } - -/********************************* - * All-in-one routines for exporting certificates - *********************************/ -struct inPlaceEncodeInfo { - PRBool error; - SECItem outItem; -}; - -static void -sec_pkcs12_in_place_encoder_output(void *arg, const char *buf, unsigned long len) -{ - struct inPlaceEncodeInfo *outInfo = (struct inPlaceEncodeInfo*)arg; - - if(!outInfo || !len || outInfo->error) { - return; - } - - if(!outInfo->outItem.data) { - outInfo->outItem.data = (unsigned char*)PORT_ZAlloc(len); - outInfo->outItem.len = 0; - } else { - if(!PORT_Realloc(&(outInfo->outItem.data), (outInfo->outItem.len + len))) { - SECITEM_ZfreeItem(&(outInfo->outItem), PR_FALSE); - outInfo->outItem.data = NULL; - PORT_SetError(SEC_ERROR_NO_MEMORY); - outInfo->error = PR_TRUE; - return; - } - } - - PORT_Memcpy(&(outInfo->outItem.data[outInfo->outItem.len]), buf, len); - outInfo->outItem.len += len; - - return; -} - -/* - * SEC_PKCS12ExportCertifcateAndKeyUsingPassword - * Exports a certificate/key pair using password-based encryption and - * authentication. - * - * pwfn, pwfnarg - password function and argument for the key database - * cert - the certificate to export - * certDb - certificate database - * pwitem - the password to use - * shroudKey - encrypt the key externally, - * keyShroudAlg - encryption algorithm for key - * encryptionAlg - the algorithm with which data is encrypted - * integrityAlg - the algorithm for integrity - */ -SECItem * -SEC_PKCS12ExportCertificateAndKeyUsingPassword( - SECKEYGetPasswordKey pwfn, void *pwfnarg, - CERTCertificate *cert, PK11SlotInfo *slot, - CERTCertDBHandle *certDb, SECItem *pwitem, - PRBool shroudKey, SECOidTag shroudAlg, - PRBool encryptCert, SECOidTag certEncAlg, - SECOidTag integrityAlg, void *wincx) -{ - struct inPlaceEncodeInfo outInfo; - SEC_PKCS12ExportContext *p12ecx = NULL; - SEC_PKCS12SafeInfo *keySafe, *certSafe; - SECItem *returnItem = NULL; - - if(!cert || !pwitem || !slot) { - return NULL; - } - - outInfo.error = PR_FALSE; - outInfo.outItem.data = NULL; - outInfo.outItem.len = 0; - - p12ecx = SEC_PKCS12CreateExportContext(pwfn, pwfnarg, slot, wincx); - if(!p12ecx) { - return NULL; - } - - /* set up cert safe */ - if(encryptCert) { - certSafe = SEC_PKCS12CreatePasswordPrivSafe(p12ecx, pwitem, certEncAlg); - } else { - certSafe = SEC_PKCS12CreateUnencryptedSafe(p12ecx); - } - if(!certSafe) { - goto loser; - } - - /* set up key safe */ - if(shroudKey) { - keySafe = SEC_PKCS12CreateUnencryptedSafe(p12ecx); - } else { - keySafe = certSafe; - } - if(!keySafe) { - goto loser; - } - - /* add integrity mode */ - if(SEC_PKCS12AddPasswordIntegrity(p12ecx, pwitem, integrityAlg) - != SECSuccess) { - goto loser; - } - - /* add cert and key pair */ - if(SEC_PKCS12AddCertAndKey(p12ecx, certSafe, NULL, cert, certDb, - keySafe, NULL, shroudKey, pwitem, shroudAlg) - != SECSuccess) { - goto loser; - } - - /* encode the puppy */ - if(SEC_PKCS12Encode(p12ecx, sec_pkcs12_in_place_encoder_output, &outInfo) - != SECSuccess) { - goto loser; - } - if(outInfo.error) { - goto loser; - } - - SEC_PKCS12DestroyExportContext(p12ecx); - - returnItem = SECITEM_DupItem(&outInfo.outItem); - SECITEM_ZfreeItem(&outInfo.outItem, PR_FALSE); - - return returnItem; - -loser: - if(outInfo.outItem.data) { - SECITEM_ZfreeItem(&(outInfo.outItem), PR_TRUE); - } - - if(p12ecx) { - SEC_PKCS12DestroyExportContext(p12ecx); - } - - return NULL; -} - - diff --git a/security/nss/lib/pkcs7/certread.c b/security/nss/lib/pkcs7/certread.c index 4e7bd21b7290d..31422095327ce 100644 --- a/security/nss/lib/pkcs7/certread.c +++ b/security/nss/lib/pkcs7/certread.c @@ -330,25 +330,29 @@ CERT_DecodeCertPackage(char *certbuf, /* find the beginning marker */ while ( cl > NS_CERT_HEADER_LEN ) { + int found = 0; if ( !PORT_Strncasecmp((char *)cp, NS_CERT_HEADER, NS_CERT_HEADER_LEN) ) { - cl -= NS_CERT_HEADER_LEN + 1; /* skip char after header */ - cp += NS_CERT_HEADER_LEN + 1; /* as all prior versions did. */ - certbegin = cp; - break; + cl -= NS_CERT_HEADER_LEN; + cp += NS_CERT_HEADER_LEN; + found = 1; } /* skip to next eol */ - do { + while ( cl && ( *cp != '\n' )) { cp++; cl--; - } while ( ( *cp != '\n') && cl ); + } /* skip all blank lines */ - while ( ( *cp == '\n') && cl ) { + while ( cl && ( *cp == '\n' || *cp == '\r' )) { cp++; cl--; } + if (cl && found) { + certbegin = cp; + break; + } } if ( certbegin ) { @@ -361,13 +365,13 @@ CERT_DecodeCertPackage(char *certbuf, } /* skip to next eol */ - do { + while ( cl && ( *cp != '\n' )) { cp++; cl--; - } while ( ( *cp != '\n') && cl ); + } /* skip all blank lines */ - while ( ( *cp == '\n') && cl ) { + while ( cl && ( *cp == '\n' || *cp == '\r' )) { cp++; cl--; } @@ -389,6 +393,7 @@ CERT_DecodeCertPackage(char *certbuf, rv = CERT_DecodeCertPackage((char *)bincert, binLen, f, arg); } else { + PORT_SetError(SEC_ERROR_BAD_DER); rv = SECFailure; } } diff --git a/security/nss/lib/pki/trustdomain.c b/security/nss/lib/pki/trustdomain.c index 4c7f017802715..c9797bc8ae612 100644 --- a/security/nss/lib/pki/trustdomain.c +++ b/security/nss/lib/pki/trustdomain.c @@ -35,7 +35,7 @@ * ***** END LICENSE BLOCK ***** */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: trustdomain.c,v $ $Revision: 1.59 $ $Date: 2008/08/09 01:26:05 $"; +static const char CVS_ID[] = "@(#) $RCSfile: trustdomain.c,v $ $Revision: 1.60 $ $Date: 2008/10/06 02:56:00 $"; #endif /* DEBUG */ #ifndef DEV_H @@ -773,6 +773,9 @@ NSSTrustDomain_FindCertificatesByNameComponents ( return NULL; } +/* This returns at most a single certificate, so it can stop the loop + * when one is found. + */ NSS_IMPLEMENT NSSCertificate * nssTrustDomain_FindCertificateByIssuerAndSerialNumber ( NSSTrustDomain *td, @@ -780,13 +783,12 @@ nssTrustDomain_FindCertificateByIssuerAndSerialNumber ( NSSDER *serial ) { - PRStatus status; - NSSToken *token = NULL; NSSSlot **slots = NULL; NSSSlot **slotp; NSSCertificate *rvCert = NULL; nssPKIObjectCollection *collection = NULL; nssUpdateLevel updateLevel; + /* see if this search is already cached */ rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td, issuer, @@ -795,61 +797,56 @@ nssTrustDomain_FindCertificateByIssuerAndSerialNumber ( return rvCert; } slots = nssTrustDomain_GetActiveSlots(td, &updateLevel); - if (!slots) { - goto loser; - } - for (slotp = slots; *slotp; slotp++) { - token = nssSlot_GetToken(*slotp); - if (token) { + if (slots) { + for (slotp = slots; *slotp; slotp++) { + NSSToken *token = nssSlot_GetToken(*slotp); nssSession *session; nssCryptokiObject *instance; nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; + PRStatus status = PR_FAILURE; + + if (!token) + continue; session = nssTrustDomain_GetSessionForToken(td, token); - if (!session) { - nssToken_Destroy(token); - goto loser; + if (session) { + instance = nssToken_FindCertificateByIssuerAndSerialNumber( + token, + session, + issuer, + serial, + tokenOnly, + &status); } - instance = nssToken_FindCertificateByIssuerAndSerialNumber( - token, - session, - issuer, - serial, - tokenOnly, - &status); nssToken_Destroy(token); if (status != PR_SUCCESS) { - goto loser; + continue; } if (instance) { if (!collection) { collection = nssCertificateCollection_Create(td, NULL); if (!collection) { - goto loser; + break; /* don't keep looping if out if memory */ } } - nssPKIObjectCollection_AddInstances(collection, - &instance, 1); + status = nssPKIObjectCollection_AddInstances(collection, + &instance, 1); + if (status == PR_SUCCESS) { + (void)nssPKIObjectCollection_GetCertificates( + collection, &rvCert, 1, NULL); + } + if (rvCert) { + break; /* found one cert, all done */ + } } } } - if (collection) { - (void)nssPKIObjectCollection_GetCertificates(collection, - &rvCert, 1, NULL); - if (!rvCert) { - goto loser; - } - nssPKIObjectCollection_Destroy(collection); - } - nssSlotArray_Destroy(slots); - return rvCert; -loser: if (collection) { nssPKIObjectCollection_Destroy(collection); } if (slots) { nssSlotArray_Destroy(slots); } - return (NSSCertificate *)NULL; + return rvCert; } NSS_IMPLEMENT NSSCertificate * @@ -1038,7 +1035,7 @@ NSSTrustDomain_TraverseCertificates ( void *arg ) { - PRStatus status; + PRStatus status = PR_FAILURE; NSSToken *token = NULL; NSSSlot **slots = NULL; NSSSlot **slotp; @@ -1049,7 +1046,8 @@ NSSTrustDomain_TraverseCertificates ( nssList *certList; certList = nssList_Create(NULL, PR_FALSE); - if (!certList) return NULL; + if (!certList) + return NULL; (void *)nssTrustDomain_GetCertsFromCache(td, certList); cached = get_certs_from_list(certList); collection = nssCertificateCollection_Create(td, cached); @@ -1072,16 +1070,14 @@ NSSTrustDomain_TraverseCertificates ( nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; /* get a session for the token */ session = nssTrustDomain_GetSessionForToken(td, token); - if (!session) { - nssToken_Destroy(token); - goto loser; + if (session) { + /* perform the traversal */ + status = nssToken_TraverseCertificates(token, + session, + tokenOnly, + collector, + collection); } - /* perform the traversal */ - status = nssToken_TraverseCertificates(token, - session, - tokenOnly, - collector, - collection); nssToken_Destroy(token); } } @@ -1090,10 +1086,6 @@ NSSTrustDomain_TraverseCertificates ( pkiCallback.func.cert = callback; pkiCallback.arg = arg; status = nssPKIObjectCollection_Traverse(collection, &pkiCallback); - /* clean up */ - nssPKIObjectCollection_Destroy(collection); - nssSlotArray_Destroy(slots); - return NULL; loser: if (slots) { nssSlotArray_Destroy(slots); @@ -1104,102 +1096,6 @@ NSSTrustDomain_TraverseCertificates ( return NULL; } -#ifdef notdef -/* - * search for Public and Private keys first - */ -NSS_IMPLEMENT PRStatus * -NSSTrustDomain_TraverseUserCertificates ( - NSSTrustDomain *td, - PRStatus (*callback)(NSSCertificate *c, void *arg), - void *arg -) -{ - PRStatus status; - NSSToken *token = NULL; - NSSSlot **slots = NULL; - NSSSlot **slotp; - nssPKIObjectCollection *collection = NULL; - nssPKIObjectCallback pkiCallback; - nssUpdateLevel updateLevel; - NSSCertificate **cached = NULL; - nssList *certList; - certList = nssList_Create(NULL, PR_FALSE); - if (!certList) return NULL; - (void *)nssTrustDomain_GetCertsFromCache(td, certList); - cached = get_certs_from_list(certList); - collection = nssCertificateCollection_Create(td, cached); - nssCertificateArray_Destroy(cached); - nssList_Destroy(certList); - if (!collection) { - return (PRStatus *)NULL; - } - /* obtain the current set of active slots in the trust domain */ - slots = nssTrustDomain_GetActiveSlots(td, &updateLevel); - if (!slots) { - goto loser; - } - /* iterate over the slots */ - for (slotp = slots; *slotp; slotp++) { - /* get the token for the slot, if present */ - token = nssSlot_GetToken(*slotp); - if (token) { - nssSession *session; - nssCryptokiObject **instances; - nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; - /* get a session for the token */ - session = nssTrustDomain_GetSessionForToken(td, token); - if (!session) { - nssToken_Destroy(token); - goto loser; - } - /* perform the traversal */ - if (!isLoggedIn(tok)) { - instances = nssToken_FindPublicKeys(token, - session, - tokenOnly, - 0, &status); - } else { - instances = nssToken_FindPrivateKeys(token, - session, - tokenOnly, - 0, &status); - } - nssToken_Destroy(token); - if (status != PR_SUCCESS) { - goto loser; - } - /* add the found certificates to the collection */ - status = nssPKIObjectCollection_AddInstances(collection, - instances, 0); - nss_ZFreeIf(instances); - if (status != PR_SUCCESS) { - goto loser; - } - } - } - status = nssPKIObjectCollection_MatchCerts(collection); - if (status != PR_SUCCESS) { - goto loser; - } - /* Traverse the collection */ - pkiCallback.func.cert = callback; - pkiCallback.arg = arg; - status = nssPKIObjectCollection_Traverse(collection, &pkiCallback); - /* clean up */ - nssPKIObjectCollection_Destroy(collection); - nssSlotArray_Destroy(slots); - return NULL; -loser: - if (slots) { - nssSlotArray_Destroy(slots); - } - if (collection) { - nssPKIObjectCollection_Destroy(collection); - } - return NULL; -} -#endif NSS_IMPLEMENT NSSTrust * nssTrustDomain_FindTrustForCertificate ( @@ -1207,10 +1103,8 @@ nssTrustDomain_FindTrustForCertificate ( NSSCertificate *c ) { - PRStatus status; NSSSlot **slots; NSSSlot **slotp; - NSSToken *token; nssCryptokiObject *to = NULL; nssPKIObject *pkio = NULL; NSSTrust *rvt = NULL; @@ -1220,7 +1114,8 @@ nssTrustDomain_FindTrustForCertificate ( return (NSSTrust *)NULL; } for (slotp = slots; *slotp; slotp++) { - token = nssSlot_GetToken(*slotp); + NSSToken *token = nssSlot_GetToken(*slotp); + if (token) { to = nssToken_FindTrustForCertificate(token, NULL, &c->encoding, @@ -1228,20 +1123,15 @@ nssTrustDomain_FindTrustForCertificate ( &c->serial, nssTokenSearchType_TokenOnly); if (to) { + PRStatus status; if (!pkio) { pkio = nssPKIObject_Create(NULL, to, td, NULL, nssPKILock); - if (!pkio) { - nssToken_Destroy(token); - nssCryptokiObject_Destroy(to); - goto loser; - } + status = pkio ? PR_SUCCESS : PR_FAILURE; } else { status = nssPKIObject_AddInstance(pkio, to); - if (status != PR_SUCCESS) { - nssToken_Destroy(token); - nssCryptokiObject_Destroy(to); - goto loser; - } + } + if (status != PR_SUCCESS) { + nssCryptokiObject_Destroy(to); } } nssToken_Destroy(token); @@ -1249,18 +1139,15 @@ nssTrustDomain_FindTrustForCertificate ( } if (pkio) { rvt = nssTrust_Create(pkio, &c->encoding); - if (!rvt) { - goto loser; + if (rvt) { + pkio = NULL; /* rvt object now owns the pkio reference */ } } - nssSlotArray_Destroy(slots); - return rvt; -loser: nssSlotArray_Destroy(slots); if (pkio) { nssPKIObject_Destroy(pkio); } - return (NSSTrust *)NULL; + return rvt; } NSS_IMPLEMENT NSSCRL ** @@ -1269,7 +1156,6 @@ nssTrustDomain_FindCRLsBySubject ( NSSDER *subject ) { - PRStatus status; NSSSlot **slots; NSSSlot **slotp; NSSToken *token; @@ -1287,39 +1173,32 @@ nssTrustDomain_FindCRLsBySubject ( for (slotp = slots; *slotp; slotp++) { token = nssSlot_GetToken(*slotp); if (token) { + PRStatus status = PR_FAILURE; nssSession *session; - nssCryptokiObject **instances; + nssCryptokiObject **instances = NULL; nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; + /* get a session for the token */ session = nssTrustDomain_GetSessionForToken(td, token); - if (!session) { - nssToken_Destroy(token); - goto loser; + if (session) { + /* perform the traversal */ + instances = nssToken_FindCRLsBySubject(token, session, subject, + tokenOnly, 0, &status); } - /* perform the traversal */ - instances = nssToken_FindCRLsBySubject(token, session, subject, - tokenOnly, 0, &status); nssToken_Destroy(token); - if (status != PR_SUCCESS) { - goto loser; + if (status == PR_SUCCESS) { + /* add the found CRL's to the collection */ + status = nssPKIObjectCollection_AddInstances(collection, + instances, 0); } - /* add the found CRL's to the collection */ - status = nssPKIObjectCollection_AddInstances(collection, - instances, 0); nss_ZFreeIf(instances); - if (status != PR_SUCCESS) { - goto loser; - } } } rvCRLs = nssPKIObjectCollection_GetCRLs(collection, NULL, 0, NULL); - nssPKIObjectCollection_Destroy(collection); - nssSlotArray_Destroy(slots); - return rvCRLs; loser: nssPKIObjectCollection_Destroy(collection); nssSlotArray_Destroy(slots); - return (NSSCRL **)NULL; + return rvCRLs; } NSS_IMPLEMENT PRStatus diff --git a/security/nss/lib/smime/config.mk b/security/nss/lib/smime/config.mk index cd87bd116bf33..b2100bc913ace 100644 --- a/security/nss/lib/smime/config.mk +++ b/security/nss/lib/smime/config.mk @@ -78,10 +78,6 @@ EXTRA_SHARED_LIBS += \ -lnspr4 \ $(NULL) -ifeq ($(OS_ARCH), Darwin) -EXTRA_SHARED_LIBS += -dylib_file @executable_path/libsoftokn3.dylib:$(DIST)/lib/libsoftokn3.dylib -endif - endif diff --git a/security/nss/lib/smime/smime.def b/security/nss/lib/smime/smime.def index 53b933d765ce3..39ccc45bb6584 100644 --- a/security/nss/lib/smime/smime.def +++ b/security/nss/lib/smime/smime.def @@ -267,3 +267,9 @@ SEC_PKCS12DecryptionAllowed; ;+ local: ;+ *; ;+}; +;+NSS_3.12.2 { # NSS 3.12.2 release +;+ global: +SEC_PKCS12AddCertOrChainAndKey; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index a126d232d1478..76d648f95d6b3 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -69,7 +69,6 @@ #include "secasn1.h" #include "secerr.h" -#include "ssl3prot.h" /* for SSL3_RANDOM_LENGTH */ #include "prprf.h" #define __PASTE(x,y) x##y @@ -88,6 +87,11 @@ #include "pkcs11f.h" +typedef struct { + uint8 client_version[2]; + uint8 random[46]; +} SSL3RSAPreMasterSecret; + static void sftk_Null(void *data, PRBool freeit) { return; @@ -242,6 +246,23 @@ NSC_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject) */ +/* + * map SEC_ERROR_xxx to CKR_xxx. + */ +static CK_RV +sftk_MapCryptError(int error) +{ + switch (error) { + case SEC_ERROR_INVALID_ARGS: + return CKR_ARGUMENTS_BAD; + case SEC_ERROR_INPUT_LEN: + return CKR_DATA_LEN_RANGE; + case SEC_ERROR_OUTPUT_LEN: + return CKR_BUFFER_TOO_SMALL; + } + return CKR_DEVICE_ERROR; +} + /* * return a context based on the SFTKContext type. */ @@ -797,7 +818,9 @@ CK_RV NSC_EncryptUpdate(CK_SESSION_HANDLE hSession, rv = (*context->update)(context->cipherInfo, pEncryptedPart, &padoutlen, context->blockSize, context->padBuf, context->blockSize); - if (rv != SECSuccess) return CKR_DEVICE_ERROR; + if (rv != SECSuccess) { + return sftk_MapCryptError(PORT_GetError()); + } pEncryptedPart += padoutlen; maxout -= padoutlen; } @@ -821,7 +844,10 @@ CK_RV NSC_EncryptUpdate(CK_SESSION_HANDLE hSession, rv = (*context->update)(context->cipherInfo,pEncryptedPart, &outlen, maxout, pPart, ulPartLen); *pulEncryptedPartLen = (CK_ULONG) (outlen + padoutlen); - return (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR; + if (rv != SECSuccess) { + return sftk_MapCryptError(PORT_GetError()); + } + return CKR_OK; } @@ -2677,7 +2703,7 @@ CK_RV NSC_GenerateRandom(CK_SESSION_HANDLE hSession, */ static CK_RV nsc_pbe_key_gen(NSSPKCS5PBEParameter *pkcs5_pbe, CK_MECHANISM_PTR pMechanism, - char *buf, CK_ULONG *key_length, PRBool faulty3DES) + void *buf, CK_ULONG *key_length, PRBool faulty3DES) { SECItem *pbe_key = NULL, iv, pwitem; CK_PBE_PARAMS *pbe_params = NULL; @@ -3017,7 +3043,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, CK_BBOOL cktrue = CK_TRUE; int i; SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession); - char buf[MAX_KEY_LEN]; + unsigned char buf[MAX_KEY_LEN]; enum {nsc_pbe, nsc_ssl, nsc_bulk, nsc_param} key_gen_type; NSSPKCS5PBEParameter *pbe_param; SSL3RSAPreMasterSecret *rsa_pms; @@ -3163,9 +3189,8 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, case nsc_bulk: /* get the key, check for weak keys and repeat if found */ do { - crv = NSC_GenerateRandom(0, (unsigned char *)buf, key_length); - } while (crv == CKR_OK && checkWeak && - sftk_IsWeakKey((unsigned char *)buf,key_type)); + crv = NSC_GenerateRandom(0, buf, key_length); + } while (crv == CKR_OK && checkWeak && sftk_IsWeakKey(buf,key_type)); break; case nsc_param: /* generate parameters */ @@ -4851,6 +4876,7 @@ static const char * const mixers[NUM_MIXERS] = { "IIIIIIIII" }; #define SSL3_PMS_LENGTH 48 #define SSL3_MASTER_SECRET_LENGTH 48 +#define SSL3_RANDOM_LENGTH 32 /* NSC_DeriveKey derives a key from a base key, creating a new key object. */ diff --git a/security/nss/lib/softoken/pkcs11t.h b/security/nss/lib/softoken/pkcs11t.h index a828743c30a11..104fa698a1351 100644 --- a/security/nss/lib/softoken/pkcs11t.h +++ b/security/nss/lib/softoken/pkcs11t.h @@ -60,9 +60,9 @@ #define CK_PTR * #define CK_NULL_PTR 0 -#define CK_CALLBACK_FUNCTION(rv,func) rv (PR_CALLBACK * func) -#define CK_DECLARE_FUNCTION(rv,func) PR_EXTERN(rv) func -#define CK_DECLARE_FUNCTION_POINTER(rv,func) rv (PR_CALLBACK * func) +#define CK_CALLBACK_FUNCTION(rtype,func) rtype (PR_CALLBACK * func) +#define CK_DECLARE_FUNCTION(rtype,func) extern rtype func +#define CK_DECLARE_FUNCTION_POINTER(rtype,func) rtype (PR_CALLBACK * func) #define CK_INVALID_SESSION 0 diff --git a/security/nss/lib/softoken/pkcs11u.c b/security/nss/lib/softoken/pkcs11u.c index 70c15300b7e86..0d649e26eadc0 100644 --- a/security/nss/lib/softoken/pkcs11u.c +++ b/security/nss/lib/softoken/pkcs11u.c @@ -1200,7 +1200,7 @@ sftk_AddObject(SFTKSession *session, SFTKObject *object) } /* - * add an object to a slot andsession queue + * delete an object from a slot and session queue */ CK_RV sftk_DeleteObject(SFTKSession *session, SFTKObject *object) @@ -1211,7 +1211,7 @@ sftk_DeleteObject(SFTKSession *session, SFTKObject *object) CK_RV crv = CKR_OK; PRUint32 index = sftk_hash(object->handle, slot->sessObjHashSize); - /* Handle Token case */ + /* Handle Token case */ if (so && so->session) { SFTKSession *session = so->session; PZ_Lock(session->objectLock); @@ -1221,7 +1221,7 @@ sftk_DeleteObject(SFTKSession *session, SFTKObject *object) sftkqueue_delete2(object, object->handle, index, slot->sessObjHashTable); PZ_Unlock(slot->objectLock); sftkqueue_clear_deleted_element(object); - sftk_FreeObject(object); /* reduce it's reference count */ + sftk_FreeObject(object); /* free the reference owned by the queue */ } else { SFTKDBHandle *handle = sftk_getDBForTokenObject(slot, object->handle); diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index 26bf9775a2e56..22aa8dcc66b52 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -57,10 +57,10 @@ * The format of the version string should be * ".[.][ ][ ]" */ -#define SOFTOKEN_VERSION "3.12.1.0" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.12.2.0" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 #define SOFTOKEN_VMINOR 12 -#define SOFTOKEN_VPATCH 1 +#define SOFTOKEN_VPATCH 2 #define SOFTOKEN_BETA PR_FALSE #endif /* _SOFTKVER_H_ */ diff --git a/security/nss/lib/ssl/config.mk b/security/nss/lib/ssl/config.mk index 9ffd3cb13aae8..a161675b1ca51 100644 --- a/security/nss/lib/ssl/config.mk +++ b/security/nss/lib/ssl/config.mk @@ -115,15 +115,10 @@ ifeq ($(OS_ARCH), BeOS) EXTRA_SHARED_LIBS += -lbe endif -ifeq ($(OS_ARCH), Darwin) -EXTRA_SHARED_LIBS += -dylib_file @executable_path/libsoftokn3.dylib:$(DIST)/lib/libsoftokn3.dylib -endif - ifeq ($(OS_TARGET),SunOS) # The -R '$ORIGIN' linker option instructs this library to search for its # dependencies in the same directory where it resides. MKSHLIB += -R '$$ORIGIN' -#EXTRA_SHARED_LIBS += -ldl -lrt -lc -z defs endif endif diff --git a/security/nss/lib/ssl/manifest.mn b/security/nss/lib/ssl/manifest.mn index dfcd4303122ba..84512296dbfdc 100644 --- a/security/nss/lib/ssl/manifest.mn +++ b/security/nss/lib/ssl/manifest.mn @@ -38,11 +38,6 @@ CORE_DEPTH = ../../.. # DEFINES = -DTRACE -PRIVATE_EXPORTS = \ - ssl3prot.h \ - sslimpl.h \ - $(NULL) - EXPORTS = \ ssl.h \ sslt.h \ diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 751315a307a76..5d91759a3d0db 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -39,7 +39,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: ssl3con.c,v 1.112 2008/03/18 01:32:18 julien.pierre.boogz%sun.com Exp $ */ +/* $Id: ssl3con.c,v 1.113 2008/09/22 23:47:00 wtc%google.com Exp $ */ #include "cert.h" #include "ssl.h" @@ -59,7 +59,6 @@ #include "pk11func.h" #include "secmod.h" -#include "ec.h" #include "blapi.h" #include diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index 57c806fde4de7..f57ba5de69395 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -41,7 +41,7 @@ * ***** END LICENSE BLOCK ***** */ /* TLS extension code moved here from ssl3ecc.c */ -/* $Id: ssl3ext.c,v 1.2 2008/03/06 20:16:22 wtc%google.com Exp $ */ +/* $Id: ssl3ext.c,v 1.3 2008/10/06 22:04:15 nelson%bolyard.com Exp $ */ #include "nssrenam.h" #include "nss.h" @@ -291,17 +291,18 @@ ssl3_SendServerNameXtn( PRBool append, PRUint32 maxBytes) { - PRUint32 len, span; + PRUint32 len; + PRNetAddr netAddr; + /* must have a hostname */ if (!ss || !ss->url || !ss->url[0]) return 0; - /* must have at lest one character other than [0-9\.] */ - len = PORT_Strlen(ss->url); - span = strspn(ss->url, "0123456789."); - if (len == span) { - /* is a dotted decimal IP address */ - return 0; + /* must not be an IPv4 or IPv6 address */ + if (PR_SUCCESS == PR_StringToNetAddr(ss->url, &netAddr)) { + /* is an IP address (v4 or v6) */ + return 0; } + len = PORT_Strlen(ss->url); if (append && maxBytes >= len + 9) { SECStatus rv; /* extension_type */ diff --git a/security/nss/lib/ssl/sslsecur.c b/security/nss/lib/ssl/sslsecur.c index 620090f11391c..c13100a78af90 100644 --- a/security/nss/lib/ssl/sslsecur.c +++ b/security/nss/lib/ssl/sslsecur.c @@ -37,7 +37,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslsecur.c,v 1.41 2007/09/11 00:48:09 nelson%bolyard.com Exp $ */ +/* $Id: sslsecur.c,v 1.42 2008/10/03 19:20:20 wtc%google.com Exp $ */ #include "cert.h" #include "secitem.h" #include "keyhi.h" @@ -995,14 +995,38 @@ ssl_SecureConnect(sslSocket *ss, const PRNetAddr *sa) return rv; } +/* + * The TLS 1.2 RFC 5246, Section 7.2.1 says: + * + * Unless some other fatal alert has been transmitted, each party is + * required to send a close_notify alert before closing the write side + * of the connection. The other party MUST respond with a close_notify + * alert of its own and close down the connection immediately, + * discarding any pending writes. It is not required for the initiator + * of the close to wait for the responding close_notify alert before + * closing the read side of the connection. + * + * The second sentence requires that we send a close_notify alert when we + * have received a close_notify alert. In practice, all SSL implementations + * close the socket immediately after sending a close_notify alert (which is + * allowed by the third sentence), so responding with a close_notify alert + * would result in a write failure with the ECONNRESET error. This is why + * we don't respond with a close_notify alert. + * + * Also, in the unlikely event that the TCP pipe is full and the peer stops + * reading, the SSL3_SendAlert call in ssl_SecureClose and ssl_SecureShutdown + * may block indefinitely in blocking mode, and may fail (without retrying) + * in non-blocking mode. + */ + int ssl_SecureClose(sslSocket *ss) { int rv; if (ss->version >= SSL_LIBRARY_VERSION_3_0 && - ss->firstHsDone && !(ss->shutdownHow & ssl_SHUTDOWN_SEND) && + ss->firstHsDone && !ss->recvdCloseNotify && ss->ssl3.initialized) { @@ -1032,8 +1056,8 @@ ssl_SecureShutdown(sslSocket *ss, int nsprHow) } if ((sslHow & ssl_SHUTDOWN_SEND) != 0 && + ss->version >= SSL_LIBRARY_VERSION_3_0 && !(ss->shutdownHow & ssl_SHUTDOWN_SEND) && - (ss->version >= SSL_LIBRARY_VERSION_3_0) && ss->firstHsDone && !ss->recvdCloseNotify && ss->ssl3.initialized) { diff --git a/security/nss/lib/ssl/sslsnce.c b/security/nss/lib/ssl/sslsnce.c index a3e1cc1b6264a..6435b294ba719 100644 --- a/security/nss/lib/ssl/sslsnce.c +++ b/security/nss/lib/ssl/sslsnce.c @@ -36,7 +36,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslsnce.c,v 1.45 2008/03/10 00:01:28 wtc%google.com Exp $ */ +/* $Id: sslsnce.c,v 1.46 2008/09/30 03:53:01 nelson%bolyard.com Exp $ */ /* Note: ssl_FreeSID() in sslnonce.c gets used for both client and server * cache sids! @@ -1179,9 +1179,6 @@ SSL_ConfigServerSessionIDCacheInstance( cacheDesc *cache, { SECStatus rv; -#if defined(DEBUG_nelsonb) - printf("sizeof(sidCacheEntry) == %u\n", sizeof(sidCacheEntry)); -#endif PORT_Assert(sizeof(sidCacheEntry) == 192); PORT_Assert(sizeof(certCacheEntry) == 4096); diff --git a/security/nss/lib/util/nssb64d.c b/security/nss/lib/util/nssb64d.c index 6cfa14aa7cc81..51426f015fede 100644 --- a/security/nss/lib/util/nssb64d.c +++ b/security/nss/lib/util/nssb64d.c @@ -37,7 +37,7 @@ /* * Base64 decoding (ascii to binary). * - * $Id: nssb64d.c,v 1.6 2004/04/25 15:03:17 gerv%gerv.net Exp $ + * $Id: nssb64d.c,v 1.7 2008/10/05 20:59:26 nelson%bolyard.com Exp $ */ #include "nssb64.h" @@ -53,7 +53,7 @@ * - giving everything names that are accepted by the NSPR module owners * (though I tried to choose ones that would work without modification) * - exporting the functions (remove static declarations and add - * PR_IMPLEMENT as necessary) + * to nssutil.def as necessary) * - put prototypes into appropriate header file (probably replacing * the entire current lib/libc/include/plbase64.h in NSPR) * along with a typedef for the context structure (which should be diff --git a/security/nss/lib/util/nssilckt.h b/security/nss/lib/util/nssilckt.h index 302bac984b63d..797b4e123b87b 100644 --- a/security/nss/lib/util/nssilckt.h +++ b/security/nss/lib/util/nssilckt.h @@ -162,6 +162,11 @@ typedef enum { nssILockLast /* don't use this one! */ } nssILockType; +/* +** conditionally compile in nssilock features +*/ +#if defined(NEED_NSS_ILOCK) + /* ** Declare operation type enumerator ** enumerations identify the function being performed @@ -200,12 +205,6 @@ struct pzTrace_s { char file[24]; /* filename */ }; -PR_BEGIN_EXTERN_C -/* -** conditionally compile in nssilock features -*/ -#if defined(NEED_NSS_ILOCK) - /* ** declare opaque types. See: nssilock.c */ @@ -221,5 +220,4 @@ typedef struct pzmonitor_s PZMonitor; #endif /* NEED_NSS_ILOCK */ -PR_END_EXTERN_C #endif /* _NSSILCKT_H_ */ diff --git a/security/nss/lib/util/nssrwlk.c b/security/nss/lib/util/nssrwlk.c index 1eafde1636000..c46e36617dcb7 100644 --- a/security/nss/lib/util/nssrwlk.c +++ b/security/nss/lib/util/nssrwlk.c @@ -101,7 +101,7 @@ static void nssRWLock_ReleaseLockStack(void *lock_stack); * */ -PR_IMPLEMENT(NSSRWLock *) +NSSRWLock * NSSRWLock_New(PRUint32 lock_rank, const char *lock_name) { NSSRWLock *rwlock; @@ -147,7 +147,7 @@ NSSRWLock_New(PRUint32 lock_rank, const char *lock_name) /* ** Destroy the given RWLock "lock". */ -PR_IMPLEMENT(void) +void NSSRWLock_Destroy(NSSRWLock *rwlock) { PR_ASSERT(rwlock != NULL); @@ -169,7 +169,7 @@ NSSRWLock_Destroy(NSSRWLock *rwlock) /* ** Read-lock the RWLock. */ -PR_IMPLEMENT(void) +void NSSRWLock_LockRead(NSSRWLock *rwlock) { PRThread *me = PR_GetCurrentThread(); @@ -207,7 +207,7 @@ NSSRWLock_LockRead(NSSRWLock *rwlock) /* Unlock a Read lock held on this RW lock. */ -PR_IMPLEMENT(void) +void NSSRWLock_UnlockRead(NSSRWLock *rwlock) { PZ_Lock(rwlock->rw_lock); @@ -236,7 +236,7 @@ NSSRWLock_UnlockRead(NSSRWLock *rwlock) /* ** Write-lock the RWLock. */ -PR_IMPLEMENT(void) +void NSSRWLock_LockWrite(NSSRWLock *rwlock) { PRThread *me = PR_GetCurrentThread(); @@ -286,7 +286,7 @@ NSSRWLock_LockWrite(NSSRWLock *rwlock) /* Unlock a Read lock held on this RW lock. */ -PR_IMPLEMENT(void) +void NSSRWLock_UnlockWrite(NSSRWLock *rwlock) { PRThread *me = PR_GetCurrentThread(); @@ -321,7 +321,7 @@ NSSRWLock_UnlockWrite(NSSRWLock *rwlock) } /* This is primarily for debugging, i.e. for inclusion in ASSERT calls. */ -PR_IMPLEMENT(PRBool) +PRBool NSSRWLock_HaveWriteLock(NSSRWLock *rwlock) { PRBool ownWriteLock; PRThread *me = PR_GetCurrentThread(); diff --git a/security/nss/lib/util/nssrwlk.h b/security/nss/lib/util/nssrwlk.h index 822411b7f50fc..914bf3a8ae018 100644 --- a/security/nss/lib/util/nssrwlk.h +++ b/security/nss/lib/util/nssrwlk.h @@ -74,7 +74,7 @@ PR_BEGIN_EXTERN_C ** is returned. ** ***********************************************************************/ -PR_EXTERN(NSSRWLock*) NSSRWLock_New(PRUint32 lock_rank, const char *lock_name); +extern NSSRWLock* NSSRWLock_New(PRUint32 lock_rank, const char *lock_name); /*********************************************************************** ** FUNCTION: NSSRWLock_AtomicCreate @@ -92,7 +92,7 @@ PR_EXTERN(NSSRWLock*) NSSRWLock_New(PRUint32 lock_rank, const char *lock_name); ** the pointer will be left NULL. ** ***********************************************************************/ -PR_EXTERN(NSSRWLock *) +extern NSSRWLock * nssRWLock_AtomicCreate( NSSRWLock ** prwlock, PRUint32 lock_rank, const char * lock_name); @@ -105,7 +105,7 @@ nssRWLock_AtomicCreate( NSSRWLock ** prwlock, ** OUTPUTS: void ** RETURN: None ***********************************************************************/ -PR_EXTERN(void) NSSRWLock_Destroy(NSSRWLock *lock); +extern void NSSRWLock_Destroy(NSSRWLock *lock); /*********************************************************************** ** FUNCTION: NSSRWLock_LockRead @@ -115,7 +115,7 @@ PR_EXTERN(void) NSSRWLock_Destroy(NSSRWLock *lock); ** OUTPUTS: void ** RETURN: None ***********************************************************************/ -PR_EXTERN(void) NSSRWLock_LockRead(NSSRWLock *lock); +extern void NSSRWLock_LockRead(NSSRWLock *lock); /*********************************************************************** ** FUNCTION: NSSRWLock_LockWrite @@ -125,7 +125,7 @@ PR_EXTERN(void) NSSRWLock_LockRead(NSSRWLock *lock); ** OUTPUTS: void ** RETURN: None ***********************************************************************/ -PR_EXTERN(void) NSSRWLock_LockWrite(NSSRWLock *lock); +extern void NSSRWLock_LockWrite(NSSRWLock *lock); /*********************************************************************** ** FUNCTION: NSSRWLock_UnlockRead @@ -135,7 +135,7 @@ PR_EXTERN(void) NSSRWLock_LockWrite(NSSRWLock *lock); ** OUTPUTS: void ** RETURN: void ***********************************************************************/ -PR_EXTERN(void) NSSRWLock_UnlockRead(NSSRWLock *lock); +extern void NSSRWLock_UnlockRead(NSSRWLock *lock); /*********************************************************************** ** FUNCTION: NSSRWLock_UnlockWrite @@ -145,7 +145,7 @@ PR_EXTERN(void) NSSRWLock_UnlockRead(NSSRWLock *lock); ** OUTPUTS: void ** RETURN: void ***********************************************************************/ -PR_EXTERN(void) NSSRWLock_UnlockWrite(NSSRWLock *lock); +extern void NSSRWLock_UnlockWrite(NSSRWLock *lock); /*********************************************************************** ** FUNCTION: NSSRWLock_HaveWriteLock @@ -156,7 +156,7 @@ PR_EXTERN(void) NSSRWLock_UnlockWrite(NSSRWLock *lock); ** RETURN: PRBool PR_TRUE IFF the current thread holds the write lock. ***********************************************************************/ -PR_EXTERN(PRBool) NSSRWLock_HaveWriteLock(NSSRWLock *rwlock); +extern PRBool NSSRWLock_HaveWriteLock(NSSRWLock *rwlock); /* SEC_END_PROTOS */ PR_END_EXTERN_C diff --git a/security/nss/lib/util/secerr.h b/security/nss/lib/util/secerr.h index 552e26313e3f8..0c29838cc1ac1 100644 --- a/security/nss/lib/util/secerr.h +++ b/security/nss/lib/util/secerr.h @@ -221,6 +221,10 @@ SEC_ERROR_BAD_INFO_ACCESS_LOCATION = (SEC_ERROR_BASE + 165), SEC_ERROR_LIBPKIX_INTERNAL = (SEC_ERROR_BASE + 166), +SEC_ERROR_PKCS11_GENERAL_ERROR = (SEC_ERROR_BASE + 167), +SEC_ERROR_PKCS11_FUNCTION_FAILED = (SEC_ERROR_BASE + 168), +SEC_ERROR_PKCS11_DEVICE_ERROR = (SEC_ERROR_BASE + 169), + /* Add new error codes above here. */ SEC_ERROR_END_OF_LIST } SECErrorCodes; diff --git a/security/nss/lib/util/secport.c b/security/nss/lib/util/secport.c index 06ed6f002922b..02c0dc44f0d44 100644 --- a/security/nss/lib/util/secport.c +++ b/security/nss/lib/util/secport.c @@ -41,7 +41,7 @@ * * NOTE - These are not public interfaces * - * $Id: secport.c,v 1.22 2008/05/02 01:27:11 julien.pierre.boogz%sun.com Exp $ + * $Id: secport.c,v 1.23 2008/08/22 01:33:05 wtc%google.com Exp $ */ #include "seccomon.h" @@ -63,7 +63,7 @@ #include "prthread.h" #endif /* THREADMARK */ -#if defined(XP_UNIX) || defined(XP_MAC) || defined(XP_OS2) || defined(XP_BEOS) +#if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) #include #else #include "wtypes.h" @@ -634,7 +634,7 @@ PORT_UCS2_ASCIIConversion(PRBool toUnicode, unsigned char *inBuf, int NSS_PutEnv(const char * envVarName, const char * envValue) { -#if defined(XP_MAC) || defined(_WIN32_WCE) +#ifdef _WIN32_WCE return SECFailure; #else SECStatus result = SECSuccess; diff --git a/security/nss/lib/util/secport.h b/security/nss/lib/util/secport.h index f70d14a642cd0..3a8ad5bccf282 100644 --- a/security/nss/lib/util/secport.h +++ b/security/nss/lib/util/secport.h @@ -37,7 +37,7 @@ /* * secport.h - portability interfaces for security libraries * - * $Id: secport.h,v 1.15 2008/02/14 18:41:38 wtc%google.com Exp $ + * $Id: secport.h,v 1.17 2008/10/05 20:59:26 nelson%bolyard.com Exp $ */ #ifndef _SECPORT_H_ @@ -46,15 +46,9 @@ #include "utilrename.h" /* - * define XP_MAC, XP_WIN, XP_BEOS, or XP_UNIX, in case they are not defined + * define XP_WIN, XP_BEOS, or XP_UNIX, in case they are not defined * by anyone else */ -#ifdef macintosh -# ifndef XP_MAC -# define XP_MAC 1 -# endif -#endif - #ifdef _WINDOWS # ifndef XP_WIN # define XP_WIN @@ -89,9 +83,6 @@ #if defined(_WIN32_WCE) #include #include -#elif defined( XP_MAC ) -#include -#include /* for time_t below */ #else #include #endif @@ -222,7 +213,7 @@ PRBool PORT_ISO88591_UTF8Conversion(const unsigned char *inBuf, unsigned int inBufLen, unsigned char *outBuf, unsigned int maxOutBufLen, unsigned int *outBufLen); -PR_EXTERN(PRBool) +extern PRBool sec_port_ucs4_utf8_conversion_function ( PRBool toUnicode, @@ -233,7 +224,7 @@ sec_port_ucs4_utf8_conversion_function unsigned int *outBufLen ); -PR_EXTERN(PRBool) +extern PRBool sec_port_ucs2_utf8_conversion_function ( PRBool toUnicode, diff --git a/security/nss/lib/util/sectime.c b/security/nss/lib/util/sectime.c index 65cadccd67d1f..cf4c526fbe62f 100644 --- a/security/nss/lib/util/sectime.c +++ b/security/nss/lib/util/sectime.c @@ -96,10 +96,13 @@ CERT_UTCTime2FormattedAscii (int64 utcTime, char *format) /* Converse time to local time and decompose it into components */ PR_ExplodeTime(utcTime, PR_LocalTimeParameters, &printableTime); - timeString = (char *)PORT_Alloc(100); + timeString = (char *)PORT_Alloc(256); if ( timeString ) { - PR_FormatTime( timeString, 100, format, &printableTime ); + if ( ! PR_FormatTime( timeString, 256, format, &printableTime )) { + PORT_Free(timeString); + timeString = NULL; + } } return (timeString); @@ -113,10 +116,14 @@ char *CERT_GenTime2FormattedAscii (int64 genTime, char *format) /* Decompose time into components */ PR_ExplodeTime(genTime, PR_GMTParameters, &printableTime); - timeString = (char *)PORT_Alloc(100); + timeString = (char *)PORT_Alloc(256); if ( timeString ) { - PR_FormatTime( timeString, 100, format, &printableTime ); + if ( ! PR_FormatTime( timeString, 256, format, &printableTime )) { + PORT_Free(timeString); + timeString = NULL; + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + } } return (timeString); diff --git a/security/nss/lib/util/utf8.c b/security/nss/lib/util/utf8.c index dd00beb21a65e..7b26f48287b31 100644 --- a/security/nss/lib/util/utf8.c +++ b/security/nss/lib/util/utf8.c @@ -36,7 +36,7 @@ * ***** END LICENSE BLOCK ***** */ #ifdef DEBUG -static const char CVS_ID[] = "@(#) $RCSfile: utf8.c,v $ $Revision: 1.12 $ $Date: 2005/01/20 02:25:50 $"; +static const char CVS_ID[] = "@(#) $RCSfile: utf8.c,v $ $Revision: 1.13 $ $Date: 2008/10/05 20:59:26 $"; #endif /* DEBUG */ #include "seccomon.h" @@ -163,7 +163,7 @@ sec_port_read_utf8(unsigned int *index, unsigned char *inBuf, unsigned int inBuf return result; } -PR_IMPLEMENT(PRBool) +PRBool sec_port_ucs4_utf8_conversion_function ( PRBool toUnicode, @@ -287,7 +287,7 @@ sec_port_ucs4_utf8_conversion_function } } -PR_IMPLEMENT(PRBool) +PRBool sec_port_ucs2_utf8_conversion_function ( PRBool toUnicode, diff --git a/security/nss/tests/all.sh b/security/nss/tests/all.sh index e4cc1c792dbc1..288ecb9de3c6e 100755 --- a/security/nss/tests/all.sh +++ b/security/nss/tests/all.sh @@ -21,6 +21,7 @@ # the Initial Developer. All Rights Reserved. # # Contributor(s): +# Slavomir Katuscak , Sun Microsystems # # Alternatively, the contents of this file may be used under the terms of # either the GNU General Public License Version 2 or later (the "GPL"), or @@ -40,80 +41,296 @@ # # mozilla/security/nss/tests/all.sh # -# Script to start all available NSS QA suites on one machine -# this script is called or sourced by nssqa which runs on all required +# Script to start selected available NSS QA suites on one machine +# this script is called or sourced by NSS QA which runs on all required # platforms # -# needs to work on all Unix and Windows platforms -# -# currently available NSS QA suites: -# -------------------------------------------------- -# cert.sh - exercises certutil and creates certs necessary for all -# other tests -# ssl.sh - tests SSL V2 SSL V3 and TLS -# smime.sh - S/MIME testing -# crmf.sh - CRMF/CMMF testing -# sdr.sh - test NSS SDR -# cipher.sh - test NSS ciphers -# perf.sh - Nightly performance measurments -# tools.sh - Tests the majority of the NSS tools -# fips.sh - Tests basic functionallity of NSS in FIPS-compliant mode -# -# special strings +# Needs to work on all Unix and Windows platforms +# +# Currently available NSS QA suites: +# ---------------------------------- +# cipher.sh - tests NSS ciphers +# libpkix.sh - tests PKIX functionality +# cert.sh - exercises certutil and creates certs necessary for +# all other tests +# dbtests.sh - tests related to certificate databases +# tools.sh - tests the majority of the NSS tools +# fips.sh - tests basic functionallity of NSS in FIPS-compliant +# - mode +# sdr.sh - tests NSS SDR +# crmf.sh - CRMF/CMMF testing +# smime.sh - S/MIME testing +# ssl.sh - tests SSL V2 SSL V3 and TLS +# ocsp.sh - OCSP testing +# merge.sh - tests merging old and new shareable databases +# pkits.sh - NIST/PKITS tests +# dbupgrade.sh - upgrade databases to new shareable version (used +# only in upgrade test cycle) +# memleak.sh - memory leak testing (optional) +# +# NSS testing is now devided to 4 cycles: +# --------------------------------------- +# standard - run test suites with defaults settings +# pkix - run test suites with PKIX enabled +# upgradedb - upgrade existing certificate databases to shareable +# format (creates them if doesn't exist yet) and run +# test suites with those databases +# sharedb - run test suites with shareable database format +# enabled (databases are created directly to this +# format) +# +# Mandatory environment variables (to be set before testing): +# ----------------------------------------------------------- +# HOST - test machine host name +# DOMSUF - test machine domain name +# +# Optional environment variables to specify build to use: +# ------------------------------------------------------- +# BUILT_OPT - use optimized/debug build +# USE_64 - use 64bit/32bit build +# +# Optional environment variables to enable specific NSS features: +# --------------------------------------------------------------- +# NSS_ENABLE_ECC - enable ECC +# NSS_ECC_MORE_THAN_SUITE_B - enable extended ECC +# +# Optional environment variables to select which cycles/suites to test: +# --------------------------------------------------------------------- +# NSS_CYCLES - list of cycles to run (separated by space +# character) +# - by default all cycles are tested +# +# NSS_TESTS - list of all test suites to run (separated by space +# character, without trailing .sh) +# - this list can be reduced for individual test cycles +# +# NSS_SSL_TESTS - list of ssl tests to run (see ssl.sh) +# NSS_SSL_RUN - list of sss sub-tests to run (see ssl.sh) +# +# Testing schema: # --------------- +# all.sh ~ (main) +# | | +# +------------+------------+-----------+ ~ run_cycles +# | | | | | +# standard pkix upgradedb sharedb ~ run_cycle_* +# | | +# +------+------+------+-----> ~ run_tests +# | | | | | +# cert tools fips ssl ... ~ . *.sh +# +# Special strings: +# ---------------- # FIXME ... known problems, search for this string # NOTE .... unexpected behavior # # NOTE: # ----- -# Unlike the old QA this is based on files sourcing each other -# This is done to save time, since a great portion of time is lost -# in calling and sourcing the same things multiple times over the -# network. Also, this way all scripts have all shell function available -# and a completely common environment -# -# file tells the test suite that the output is going to a log, so any -# forked() children need to redirect their output to prevent them from -# being over written. +# Unlike the old QA this is based on files sourcing each other +# This is done to save time, since a great portion of time is lost +# in calling and sourcing the same things multiple times over the +# network. Also, this way all scripts have all shell function +# available and a completely common environment # ######################################################################## +############################## run_tests ############################### +# run test suites defined in TESTS variable, skip scripts defined in +# TESTS_SKIP variable +######################################################################## run_tests() { - for i in ${TESTS} - do - SCRIPTNAME=${i}.sh - if [ "$O_CRON" = "ON" ]; then - echo "Running tests for $i" >> ${LOGFILE} - echo "TIMESTAMP $i BEGIN: `date`" >> ${LOGFILE} - (cd ${QADIR}/$i ; . ./$SCRIPTNAME all file >> ${LOGFILE} 2>&1) - echo "TIMESTAMP $i END: `date`" >> ${LOGFILE} - else - echo "Running tests for $i" | tee -a ${LOGFILE} - echo "TIMESTAMP $i BEGIN: `date`" | tee -a ${LOGFILE} - (cd ${QADIR}/$i ; . ./$SCRIPTNAME all file 2>&1 | tee -a ${LOGFILE}) - echo "TIMESTAMP $i END: `date`" | tee -a ${LOGFILE} - fi - done + for TEST in ${TESTS} + do + echo "${TESTS_SKIP}" | grep "${TEST}" > /dev/null + if [ $? -eq 0 ]; then + continue + fi + + SCRIPTNAME=${TEST}.sh + echo "Running tests for ${TEST}" + echo "TIMESTAMP ${TEST} BEGIN: `date`" + (cd ${QADIR}/${TEST}; . ./${SCRIPTNAME} 2>&1) + echo "TIMESTAMP ${TEST} END: `date`" + done +} + +########################## run_cycle_standard ########################## +# run test suites with defaults settings (no PKIX, no sharedb) +######################################################################## +run_cycle_standard() +{ + TEST_MODE=STANDARD + + TESTS="${ALL_TESTS}" + TESTS_SKIP= + + run_tests +} + +############################ run_cycle_pkix ############################ +# run test suites with PKIX enabled +######################################################################## +run_cycle_pkix() +{ + TEST_MODE=PKIX + + TABLE_ARGS="bgcolor=cyan" + html_head "Testing with PKIX" + html "
" + + HOSTDIR="${HOSTDIR}/pkix" + mkdir -p "${HOSTDIR}" + init_directories + + NSS_ENABLE_PKIX_VERIFY="1" + export NSS_ENABLE_PKIX_VERIFY + + TESTS="${ALL_TESTS}" + TESTS_SKIP="cipher dbtests sdr crmf smime merge" + + echo "${NSS_SSL_TESTS}" | grep "_" > /dev/null + RET=$? + NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/bypass//g" -e "s/fips//g" -e "s/_//g"` + [ ${RET} -eq 0 ] && NSS_SSL_TESTS="${NSS_SSL_TESTS} bypass_bypass" + + run_tests +} + +######################### run_cycle_upgrade_db ######################### +# upgrades certificate database to shareable format and run test suites +# with those databases +######################################################################## +run_cycle_upgrade_db() +{ + TEST_MODE=UPGRADE_DB + + TABLE_ARGS="bgcolor=pink" + html_head "Testing with upgraded library" + html "
" + + OLDHOSTDIR="${HOSTDIR}" + HOSTDIR="${HOSTDIR}/upgradedb" + mkdir -p "${HOSTDIR}" + init_directories + + if [ -r "${OLDHOSTDIR}/cert.log" ]; then + DIRS="alicedir bobdir CA cert_extensions client clientCA dave eccurves eve ext_client ext_server fips SDR server serverCA tools/copydir cert.log cert.done tests.*" + for i in $DIRS + do + cp -r ${OLDHOSTDIR}/${i} ${HOSTDIR} #2> /dev/null + done + fi + + # upgrade certs dbs to shared db + TESTS="dbupgrade" + TESTS_SKIP= + + run_tests + + NSS_DEFAULT_DB_TYPE="sql" + export NSS_DEFAULT_DB_TYPE + + # run the subset of tests with the upgraded database + TESTS="${ALL_TESTS}" + TESTS_SKIP="cipher libpkix cert dbtests sdr ocsp pkits" + + echo "${NSS_SSL_TESTS}" | grep "_" > /dev/null + RET=$? + NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/bypass//g" -e "s/fips//g" -e "s/_//g"` + [ ${RET} -eq 0 ] && NSS_SSL_TESTS="${NSS_SSL_TESTS} bypass_bypass" + NSS_SSL_RUN=`echo "${NSS_SSL_RUN}" | sed -e "s/cov//g" -e "s/auth//g"` + + run_tests +} + +########################## run_cycle_shared_db ######################### +# run test suites with certificate databases set to shareable format +######################################################################## +run_cycle_shared_db() +{ + TEST_MODE=SHARED_DB + + TABLE_ARGS="bgcolor=yellow" + html_head "Testing with shared library" + html "
" + + HOSTDIR="${HOSTDIR}/sharedb" + mkdir -p "${HOSTDIR}" + init_directories + + NSS_DEFAULT_DB_TYPE="sql" + export NSS_DEFAULT_DB_TYPE + + # run the tests for native sharedb support + TESTS="${ALL_TESTS}" + TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits" + + echo "${NSS_SSL_TESTS}" | grep "_" > /dev/null + RET=$? + NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/bypass//g" -e "s/fips//g" -e "s/_//g"` + [ ${RET} -eq 0 ] && NSS_SSL_TESTS="${NSS_SSL_TESTS} bypass_bypass" + NSS_SSL_RUN=`echo "${NSS_SSL_RUN}" | sed -e "s/cov//g" -e "s/auth//g"` + + run_tests } -tests="cipher perf libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits" -if [ -z "$BUILD_LIBPKIX_TESTS" ] ; then - tests=`echo "${tests}" | sed -e "s/libpkix//"` +############################# run_cycles ############################### +# run test cycles defined in CYCLES variable +######################################################################## +run_cycles() +{ + for CYCLE in ${CYCLES} + do + case "${CYCLE}" in + "standard") + run_cycle_standard + ;; + "pkix") + run_cycle_pkix + ;; + "upgradedb") + run_cycle_upgrade_db + ;; + "sharedb") + run_cycle_shared_db + ;; + esac + . ${ENV_BACKUP} + done +} + +############################## main code ############################### + +cycles="standard pkix upgradedb sharedb" +CYCLES=${NSS_CYCLES:-$cycles} + +tests="cipher libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits" +TESTS=${NSS_TESTS:-$tests} + +# FIXME: move check for ${BUILD_LIBPKIX_TESTS} to libpkix.sh +if [ -z "${BUILD_LIBPKIX_TESTS}" ] ; then + TESTS=`echo "${TESTS}" | sed -e "s/libpkix//"` fi -TESTS=${TESTS:-$tests} ALL_TESTS=${TESTS} +nss_ssl_tests="crl bypass_normal normal_bypass fips_normal normal_fips iopr" +NSS_SSL_TESTS="${NSS_SSL_TESTS:-$nss_ssl_tests}" + +nss_ssl_run="cov auth stress" +NSS_SSL_RUN="${NSS_SSL_RUN:-$nss_ssl_run}" + SCRIPTNAME=all.sh CLEANUP="${SCRIPTNAME}" -cd `dirname $0` # will cause problems if sourced +cd `dirname $0` # all.sh should be the first one to try to source the init if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then - cd common - . ./init.sh + cd common + . ./init.sh fi +# NOTE: # Since in make at the top level, modutil is the last file # created, we check for modutil to know whether the build # is complete. If a new file is created after that, the @@ -121,98 +338,22 @@ fi if [ ! -f ${DIST}/${OBJDIR}/bin/modutil -a \ ! -f ${DIST}/${OBJDIR}/bin/modutil.exe ]; then - echo "Build Incomplete. Aborting test." >> ${LOGFILE} - html_head "Testing Initialization" - Exit "Checking for build" + echo "Build Incomplete. Aborting test." >> ${LOGFILE} + html_head "Testing Initialization" + Exit "Checking for build" fi -# backup selected environment variables +# NOTE: +# Lists of enabled tests and other settings are stored to ${ENV_BACKUP} +# file and are are restored after every test cycle. + ENV_BACKUP=${HOSTDIR}/env.sh env_backup > ${ENV_BACKUP} -# standard tests, no pkix, no sharedb -if [ -z "$NSS_TEST_DISABLE_STANDARD" ] ; then - TEST_MODE=STANDARD - run_tests -fi - -# PKIX tests -if [ -z "$NSS_TEST_DISABLE_PKIX" ] ; then - TABLE_ARGS="bgcolor=cyan" - html_head "Testing with PKIX" - html "
" - - HOSTDIR="${HOSTDIR}/pkix" - mkdir -p "${HOSTDIR}" - init_directories - - NSS_TEST_SERVER_CLIENT_BYPASS="1" - NSS_TEST_DISABLE_FIPS="1" - NSS_ENABLE_PKIX_VERIFY="1" - export NSS_ENABLE_PKIX_VERIFY - - TESTS=`echo "${ALL_TESTS}" | sed -e "s/cipher//" -e "s/libpkix//" \ - -e "s/dbupgrade//"` - TEST_MODE=PKIX - run_tests - - . ${ENV_BACKUP} -fi - -# upgrade cert dbs to shared db + run tests there -if [ -z "$NSS_TEST_DISABLE_UPGRADE_DB" ] ; then - TABLE_ARGS="bgcolor=pink" - html_head "Testing with upgraded library" - html "
" - - OLDHOSTDIR="${HOSTDIR}" - HOSTDIR="${HOSTDIR}/upgradedb" - mkdir -p "${HOSTDIR}" - init_directories - - if [ -r "${OLDHOSTDIR}/cert.log" ]; then - DIRS="alicedir bobdir CA cert_extensions client clientCA dave eccurves eve ext_client ext_server fips SDR server serverCA tools/copydir cert.log" - for i in $DIRS - do - cp -r ${OLDHOSTDIR}/${i} ${HOSTDIR} #2> /dev/null - done - fi - - # upgrade certs dbs to shared db - TESTS="dbupgrade" - TEST_MODE=UPGRADE_DB - run_tests - - NSS_DEFAULT_DB_TYPE="sql" - export NSS_DEFAULT_DB_TYPE - - # run the subset of tests with the upgraded database - TESTS=`echo "${ALL_TESTS}" | sed -e "s/cipher//" -e "s/perf//" \ - -e "s/libpkix//" -e "s/cert//" -e "s/dbtests//" -e "s/dbupgrade//"` - run_tests - - . ${ENV_BACKUP} -fi - -# tests for native sharedb support -if [ -z "$NSS_TEST_DISABLE_SHARED_DB" ] ; then - TABLE_ARGS="bgcolor=yellow" - html_head "Testing with shared library" - html "
" - - HOSTDIR="${HOSTDIR}/sharedb" - mkdir -p "${HOSTDIR}" - init_directories - - NSS_DEFAULT_DB_TYPE="sql" - export NSS_DEFAULT_DB_TYPE - - # run the tests for native sharedb support - TESTS=`echo "${ALL_TESTS}" | sed -e "s/libpkix//" -e "s/dbupgrade//"` - TEST_MODE=SHARED_DB - run_tests - - . ${ENV_BACKUP} +if [ "${O_CRON}" = "ON" ]; then + run_cycles >> ${LOGFILE} +else + run_cycles | tee -a ${LOGFILE} fi SCRIPTNAME=all.sh diff --git a/security/nss/tests/common/init.sh b/security/nss/tests/common/init.sh index 8b3bdd9a70377..12be76841b509 100644 --- a/security/nss/tests/common/init.sh +++ b/security/nss/tests/common/init.sh @@ -156,12 +156,8 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then echo "HOSTDIR=\"${HOSTDIR}\"" echo "TABLE_ARGS=" echo "NSS_TEST_DISABLE_CRL=${NSS_TEST_DISABLE_CRL}" - echo "NSS_TEST_DISABLE_CIPHERS=${NSS_TEST_DISABLE_CIPHERS}" - echo "NSS_TEST_DISABLE_BYPASS=${NSS_TEST_DISABLE_BYPASS}" - echo "NSS_TEST_DISABLE_CLIENT_BYPASS=${NSS_TEST_DISABLE_CLIENT_BYPASS}" - echo "NSS_TEST_DISABLE_SERVER_BYPASS=${NSS_TEST_DISABLE_SERVER_BYPASS}" - echo "NSS_TEST_SERVER_CLIENT_BYPASS=${NSS_TEST_SERVER_CLIENT_BYPASS}" - echo "NSS_TEST_DISABLE_FIPS=${NSS_TEST_DISABLE_FIPS}" + echo "NSS_SSL_TESTS=\"${NSS_SSL_TESTS}\"" + echo "NSS_SSL_RUN=\"${NSS_SSL_RUN}\"" echo "NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE}" echo "export NSS_DEFAULT_DB_TYPE" echo "NSS_ENABLE_PKIX_VERIFY=${NSS_ENABLE_PKIX_VERIFY}" diff --git a/security/nss/tests/iopr/ssl_iopr.sh b/security/nss/tests/iopr/ssl_iopr.sh index e4ba2901192b3..d8b592f30c70d 100644 --- a/security/nss/tests/iopr/ssl_iopr.sh +++ b/security/nss/tests/iopr/ssl_iopr.sh @@ -393,6 +393,7 @@ ssl_iopr_cov_ext_client() kill_selfserv P_R_SERVERDIR=$OR_P_R_SERVERDIR + P_R_CLIENTDIR=$OR_P_R_CLIENTDIR rm -f ${TEST_IN} ${TEST_OUT} html "
" @@ -431,7 +432,7 @@ ssl_iopr_auth_ext_client() OR_P_R_SERVERDIR=$P_R_SERVERDIR P_R_SERVERDIR=${serDbDir} OR_P_R_CLIENTDIR=$P_R_CLIENTDIR - P_R_CLIENTDIR=$serDbDir + P_R_CLIENTDIR=${serDbDir} SSLAUTH_TMP=${TMP}/authin.tl.tmp @@ -486,7 +487,9 @@ ssl_iopr_auth_ext_client() kill_selfserv rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null done < ${SSLAUTH_TMP} + P_R_SERVERDIR=$OR_P_R_SERVERDIR + P_R_CLIENTDIR=$OR_P_R_CLIENTDIR rm -f ${SSLAUTH_TMP} ${TEST_IN} ${TEST_OUT} html "
" @@ -583,7 +586,9 @@ ssl_iopr_crl_ext_client() done kill_selfserv done < ${SSLAUTH_TMP} + P_R_SERVERDIR=$OR_P_R_SERVERDIR + P_R_CLIENTDIR=$OR_P_R_CLIENTDIR rm -f ${SSLAUTH_TMP} html "
" @@ -599,12 +604,13 @@ ssl_iopr_crl_ext_client() # Returns 1 if interoperability testing is off, 0 otherwise. # ssl_iopr_run() { - NO_ECC_CERTS=1 # disable ECC for interoperability tests - if [ "$IOPR" -ne 1 ]; then return 1 fi cd ${CLIENTDIR} + + ORIG_ECC_CERT=${NO_ECC_CERTS} + NO_ECC_CERTS=1 # disable ECC for interoperability tests num=1 IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` @@ -660,7 +666,7 @@ ssl_iopr_run() { num=`expr $num + 1` IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '` done - NO_ECC_CERTS=0 + NO_ECC_CERTS=${ORIG_ECC_CERTS} return 0 } diff --git a/security/nss/tests/memleak/memleak.sh b/security/nss/tests/memleak/memleak.sh index f58cb98568a4c..4a3555e7ae69b 100644 --- a/security/nss/tests/memleak/memleak.sh +++ b/security/nss/tests/memleak/memleak.sh @@ -261,18 +261,35 @@ set_freebl() if [ -d "${TMP_LIBDIR}" ] ; then rm -rf ${TMP_LIBDIR} fi + mkdir ${TMP_LIBDIR} + [ $? -ne 0 ] && html_failed "Create temp directory" && return 1 + cp ${DIST}/${OBJDIR}/lib/*.so ${DIST}/${OBJDIR}/lib/*.chk ${TMP_LIBDIR} + [ $? -ne 0 ] && html_failed "Copy libraries to temp directory" && return 1 echo "${SCRIPTNAME}: Using ${freebl} instead of ${FREEBL_DEFAULT}" + mv ${TMP_LIBDIR}/${FREEBL_DEFAULT}.so ${TMP_LIBDIR}/${FREEBL_DEFAULT}.so.orig + [ $? -ne 0 ] && html_failed "Move ${FREEBL_DEFAULT}.so -> ${FREEBL_DEFAULT}.so.orig" && return 1 + cp ${TMP_LIBDIR}/${freebl}.so ${TMP_LIBDIR}/${FREEBL_DEFAULT}.so + [ $? -ne 0 ] && html_failed "Copy ${freebl}.so -> ${FREEBL_DEFAULT}.so" && return 1 + mv ${TMP_LIBDIR}/${FREEBL_DEFAULT}.chk ${TMP_LIBDIR}/${FREEBL_DEFAULT}.chk.orig + [ $? -ne 0 ] && html_failed "Move ${FREEBL_DEFAULT}.chk -> ${FREEBL_DEFAULT}.chk.orig" && return 1 + cp ${TMP_LIBDIR}/${freebl}.chk ${TMP_LIBDIR}/${FREEBL_DEFAULT}.chk - + [ $? -ne 0 ] && html_failed "Copy ${freebl}.chk to temp directory" && return 1 + + echo "ls -l ${TMP_LIBDIR}" + ls -l ${TMP_LIBDIR} + LD_LIBRARY_PATH="${TMP_LIBDIR}" export LD_LIBRARY_PATH fi + + return 0 } ############################# clear_freebl ############################# @@ -349,7 +366,7 @@ run_selfserv() ${BINDIR}/selfserv ${SELFSERV_ATTR} ret=$? if [ $ret -ne 0 ]; then - html_failed " ${LOGNAME}: Selfserv" + html_failed "${LOGNAME}: Selfserv" echo "${SCRIPTNAME} ${LOGNAME}: " \ "Selfserv produced a returncode of ${ret} - FAILED" fi @@ -365,7 +382,7 @@ run_selfserv_dbg() ${RUN_COMMAND_DBG} ${BINDIR}/selfserv ${SERVER_OPTION} ${SELFSERV_ATTR} ret=$? if [ $ret -ne 0 ]; then - html_failed " ${LOGNAME}: Selfserv" + html_failed "${LOGNAME}: Selfserv" echo "${SCRIPTNAME} ${LOGNAME}: " \ "Selfserv produced a returncode of ${ret} - FAILED" fi @@ -384,7 +401,7 @@ run_strsclnt() ${BINDIR}/strsclnt ${ATTR} ret=$? if [ $ret -ne 0 ]; then - html_failed " ${LOGNAME}: Strsclnt with cipher ${cipher}" + html_failed "${LOGNAME}: Strsclnt with cipher ${cipher}" echo "${SCRIPTNAME} ${LOGNAME}: " \ "Strsclnt produced a returncode of ${ret} - FAILED" fi @@ -395,7 +412,7 @@ run_strsclnt() ${BINDIR}/tstclnt ${TSTCLNT_ATTR} < ${REQUEST_FILE} ret=$? if [ $ret -ne 0 ]; then - html_failed " ${LOGNAME}: Tstclnt" + html_failed "${LOGNAME}: Tstclnt" echo "${SCRIPTNAME} ${LOGNAME}: " \ "Tstclnt produced a returncode of ${ret} - FAILED" fi @@ -412,7 +429,7 @@ run_strsclnt_dbg() ${RUN_COMMAND_DBG} ${BINDIR}/strsclnt ${CLIENT_OPTION} ${ATTR} ret=$? if [ $ret -ne 0 ]; then - html_failed " ${LOGNAME}: Strsclnt with cipher ${cipher}" + html_failed "${LOGNAME}: Strsclnt with cipher ${cipher}" echo "${SCRIPTNAME} ${LOGNAME}: " \ "Strsclnt produced a returncode of ${ret} - FAILED" fi @@ -423,7 +440,7 @@ run_strsclnt_dbg() ${BINDIR}/tstclnt ${TSTCLNT_ATTR} < ${REQUEST_FILE} ret=$? if [ $ret -ne 0 ]; then - html_failed " ${LOGNAME}: Tstclnt" + html_failed "${LOGNAME}: Tstclnt" echo "${SCRIPTNAME} ${LOGNAME}: " \ "Tstclnt produced a returncode of ${ret} - FAILED" fi @@ -501,7 +518,7 @@ run_ciphers_server() set_test_mode for freebl in ${FREEBL_LIST}; do - set_freebl + set_freebl || continue LOGNAME=server-${BIT_NAME}-${freebl}-${server_mode} LOGFILE=${LOGDIR}/${LOGNAME}.log @@ -540,7 +557,7 @@ run_ciphers_client() set_test_mode for freebl in ${FREEBL_LIST}; do - set_freebl + set_freebl || continue LOGNAME=client-${BIT_NAME}-${freebl}-${client_mode} LOGFILE=${LOGDIR}/${LOGNAME}.log diff --git a/security/nss/tests/merge/merge.sh b/security/nss/tests/merge/merge.sh index a0ce9171c5f25..205f41c7aef3b 100755 --- a/security/nss/tests/merge/merge.sh +++ b/security/nss/tests/merge/merge.sh @@ -201,8 +201,8 @@ merge_main() # Make sure we can decrypt with our original SDR key generated above echo "$SCRIPTNAME: Decrypt - With Original SDR Key" - ${PROFTOOL} echo "sdrtest -d ${PROFILE} -i ${VALUE3} -t Test2 -f ${R_PWFILE}" - ${BINDIR}/sdrtest -d ${PROFILE} -i ${VALUE3} -t Test2 -f ${R_PWFILE} + echo "sdrtest -d ${PROFILE} -i ${VALUE3} -t Test2 -f ${R_PWFILE}" + ${PROFTOOL} ${BINDIR}/sdrtest -d ${PROFILE} -i ${VALUE3} -t Test2 -f ${R_PWFILE} html_msg $? 0 "Decrypt - Value 3" # Make sure we can decrypt with our the SDR key merged in from ../SDR diff --git a/security/nss/tests/ssl/ssl.sh b/security/nss/tests/ssl/ssl.sh index 1359e3c01b8d1..27a1aa6bd8d7c 100755 --- a/security/nss/tests/ssl/ssl.sh +++ b/security/nss/tests/ssl/ssl.sh @@ -119,6 +119,13 @@ ssl_init() ECC_STRING="" fi + CSHORT="-c ABCDEF:0041:0084cdefgijklmnvyz" + CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:0041:0084cdefgijklmnvyz" + + if [ "${OS_ARCH}" != "WINNT" ]; then + ulimit -n 1000 # make sure we have enough file descriptors + fi + cd ${CLIENTDIR} } @@ -249,13 +256,6 @@ start_selfserv() RET=$? fi - # Bug 348198 - temporary patch - # Print processes and list of open ports, in case that selfserv fails. - if [ ${RET} -ne 0 -a "${OS_NAME}" = "SunOS" ]; then - ps -ef - netstat -af inet - fi - # The PID $! returned by the MKS or Cygwin shell is not the PID of # the real background process, but rather the PID of a helper # process (sh.exe). MKS's kill command has a bug: invoking kill @@ -286,7 +286,7 @@ start_selfserv() ######################################################################## ssl_cov() { - html_head "SSL Cipher Coverage $NORM_EXT - $BYPASS_STRING $ECC_STRING" + html_head "SSL Cipher Coverage $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING" testname="" if [ -n "$NSS_ENABLE_ECC" ] ; then @@ -298,21 +298,19 @@ ssl_cov() mixed=0 start_selfserv # Launch the server - p="" - exec < ${SSLCOV} while read ectype tls param testname do - p=`echo "$testname" | sed -e "s/_.*//"` #sonmi, only run extended test on SSL3 and TLS - - echo "$testname" | grep EXPORT > /dev/null 2>&1 - exp=$? + echo "${testname}" | grep "EXPORT" > /dev/null + EXP=$? + echo "${testname}" | grep "SSL2" > /dev/null + SSL2=$? - if [ "$p" = "SSL2" -a "$NORM_EXT" = "Extended Test" ] ; then + if [ "$NORM_EXT" = "Extended Test" -a "${SSL2}" -eq 0 ] ; then echo "$SCRIPTNAME: skipping $testname for $NORM_EXT" - elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then + elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" - elif [ "$p" = "SSL2" -o "$exp" -eq 0 ] && [ "$BYPASS_STRING" = "Server FIPS" ] ; then + elif [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] && [ "$SSL2" -eq 0 -o "$EXP" -eq 0 ] ; then echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" elif [ "$ectype" != "#" ] ; then echo "$SCRIPTNAME: running $testname ----------------------------" @@ -350,11 +348,11 @@ ssl_cov() fi echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} ${CLIENT_OPTIONS} \\" - echo " -f -d ${P_R_CLIENTDIR} < ${REQUEST_FILE}" + echo " -f -d ${P_R_CLIENTDIR} -w nss < ${REQUEST_FILE}" rm ${TMP}/$HOST.tmp.$$ 2>/dev/null ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} ${TLS_FLAG} ${CLIENT_OPTIONS} -f \ - -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \ + -d ${P_R_CLIENTDIR} -w nss < ${REQUEST_FILE} \ >${TMP}/$HOST.tmp.$$ 2>&1 ret=$? cat ${TMP}/$HOST.tmp.$$ @@ -373,19 +371,24 @@ ssl_cov() ######################################################################## ssl_auth() { - html_head "SSL Client Authentication $NORM_EXT - $BYPASS_STRING $ECC_STRING" + html_head "SSL Client Authentication $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING" exec < ${SSLAUTH} while read ectype value sparam cparam testname do - if [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then + echo "${testname}" | grep "don't require client auth" > /dev/null + CAUTH=$? + + if [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -eq 0 ] ; then + echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" + elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" elif [ "$ectype" != "#" ]; then cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" ` start_selfserv echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} \\" - echo " ${cparam} < ${REQUEST_FILE}" + echo " ${cparam} < ${REQUEST_FILE}" rm ${TMP}/$HOST.tmp.$$ 2>/dev/null ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} ${CLIENT_OPTIONS} \ -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \ @@ -394,6 +397,10 @@ ssl_auth() cat ${TMP}/$HOST.tmp.$$ rm ${TMP}/$HOST.tmp.$$ 2>/dev/null + #workaround for bug #402058 + [ $ret -ne 0 ] && ret=1 + [ $value -ne 0 ] && value=1 + html_msg $ret $value "${testname}" \ "produced a returncode of $ret, expected is $value" kill_selfserv @@ -409,7 +416,7 @@ ssl_auth() ######################################################################## ssl_stress() { - html_head "SSL Stress Test $NORM_EXT - $BYPASS_STRING $ECC_STRING" + html_head "SSL Stress Test $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING" exec < ${SSLSTRESS} while read ectype value sparam cparam testname @@ -418,12 +425,19 @@ ssl_stress() # silently ignore blank lines continue fi - p=`echo "$testname" | sed -e "s/Stress //" -e "s/ .*//"` #sonmi, only run extended test on SSL3 and TLS - if [ "$p" = "SSL2" -a "$NORM_EXT" = "Extended Test" ] ; then + + echo "${testname}" | grep "SSL2" > /dev/null + SSL2=$? + echo "${testname}" | grep "client auth" > /dev/null + CAUTH=$? + + if [ "${SSL2}" -eq 0 -a "$NORM_EXT" = "Extended Test" ] ; then echo "$SCRIPTNAME: skipping $testname for $NORM_EXT" elif [ "$ectype" = "ECC" -a -z "$NSS_ENABLE_ECC" ] ; then echo "$SCRIPTNAME: skipping $testname (ECC only)" - elif [ "$p" = "SSL2" -a "$BYPASS_STRING" = "Server FIPS" ] ; then + elif [ "${SERVER_MODE}" = "fips" -o "${CLIENT_MODE}" = "fips" ] && [ "${SSL2}" -eq 0 ] ; then + echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" + elif [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -ne 0 ] ; then echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" elif [ "$ectype" != "#" ]; then cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" ` @@ -464,10 +478,9 @@ ssl_stress() html "
" } -############################## ssl_crl ################################# +############################ ssl_crl_ssl ############################### # local shell function to perform SSL test with/out revoked certs tests ######################################################################## - ssl_crl_ssl() { html_head "CRL SSL Client Tests $NORM_EXT $ECC_STRING" @@ -540,11 +553,9 @@ ssl_crl_ssl() html "
" } -############################## ssl_crl ################################# -# local shell function to perform SSL test for crl cache functionality -# with/out revoked certs +############################# is_revoked ############################### +# local shell function to check if certificate is revoked ######################################################################## - is_revoked() { certNum=$1 currLoadedGrp=$2 @@ -575,6 +586,9 @@ is_revoked() { return 0 } +########################### load_group_crl ############################# +# local shell function to load CRL +######################################################################## load_group_crl() { group=$1 ectype=$2 @@ -644,7 +658,10 @@ _EOF_REQUEST_ echo "================= CRL Reloaded =============" } - +########################### ssl_crl_cache ############################## +# local shell function to perform SSL test for crl cache functionality +# with/out revoked certs +######################################################################## ssl_crl_cache() { html_head "Cache CRL SSL Client Tests $NORM_EXT $ECC_STRING" @@ -765,17 +782,44 @@ ssl_cleanup() . common/cleanup.sh } +############################## ssl_run ################################# +# local shell function to run coverage, authentication and stress tests +######################################################################## +ssl_run() +{ + for SSL_RUN in ${NSS_SSL_RUN} + do + case "${SSL_RUN}" in + "cov") + ssl_cov + ;; + "auth") + ssl_auth + ;; + "stress") + ssl_stress + ;; + esac + done +} -############################## ssl_run ### ############################# +############################ ssl_run_all ############################### # local shell function to run both standard and extended ssl tests ######################################################################## -ssl_run() +ssl_run_all() { - ssl_init + ORIG_SERVERDIR=$SERVERDIR + ORIG_CLIENTDIR=$CLIENTDIR + ORIG_R_SERVERDIR=$R_SERVERDIR + ORIG_R_CLIENTDIR=$R_CLIENTDIR + ORIG_P_R_SERVERDIR=$P_R_SERVERDIR + ORIG_P_R_CLIENTDIR=$P_R_CLIENTDIR - ssl_cov - ssl_auth - ssl_stress + USER_NICKNAME=TestUser + NORM_EXT="" + cd ${CLIENTDIR} + + ssl_run SERVERDIR=$EXT_SERVERDIR CLIENTDIR=$EXT_CLIENTDIR @@ -783,12 +827,12 @@ ssl_run() R_CLIENTDIR=$R_EXT_CLIENTDIR P_R_SERVERDIR=$P_R_EXT_SERVERDIR P_R_CLIENTDIR=$P_R_EXT_CLIENTDIR + USER_NICKNAME=ExtendedSSLUser NORM_EXT="Extended Test" cd ${CLIENTDIR} - ssl_cov - ssl_auth - ssl_stress + + ssl_run # the next round of ssl tests will only run if these vars are reset SERVERDIR=$ORIG_SERVERDIR @@ -797,6 +841,7 @@ ssl_run() R_CLIENTDIR=$ORIG_R_CLIENTDIR P_R_SERVERDIR=$ORIG_P_R_SERVERDIR P_R_CLIENTDIR=$ORIG_P_R_CLIENTDIR + USER_NICKNAME=TestUser NORM_EXT= cd ${QADIR}/ssl @@ -807,127 +852,126 @@ ssl_run() ######################################################################## ssl_set_fips() { - DBDIR=$1 - FIPSMODE=$2 - TESTNAME=$3 - MODUTIL="modutil" - - [ "${FIPSMODE}" = "true" ] - RET_EXP=$? - - echo "${SCRIPTNAME}: ${TESTNAME}" - - echo "${MODUTIL} -dbdir ${DBDIR} -fips ${FIPSMODE} -force" - ${BINDIR}/${MODUTIL} -dbdir ${DBDIR} -fips ${FIPSMODE} -force 2>&1 - RET=$? - html_msg "${RET}" "0" "${TESTNAME} (modutil -fips ${FIPSMODE})" \ - "produced a returncode of ${RET}, expected is 0" - - echo "${MODUTIL} -dbdir ${DBDIR} -list" - DBLIST=`${BINDIR}/${MODUTIL} -dbdir ${DBDIR} -list 2>&1` - RET=$? - html_msg "${RET}" "0" "${TESTNAME} (modutil -list)" \ - "produced a returncode of ${RET}, expected is 0" - - echo "${DBLIST}" | grep "FIPS PKCS #11" - RET=$? - html_msg "${RET}" "${RET_EXP}" "${TESTNAME} (grep \"FIPS PKCS #11\")" \ - "produced a returncode of ${RET}, expected is ${RET_EXP}" -} - -################## main ################################################# - -#this script may be sourced from the distributed stress test - in this case do nothing... + CLTSRV=$1 + ONOFF=$2 -CSHORT="-c ABCDEF:0041:0084cdefgijklmnvyz" -CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:0041:0084cdefgijklmnvyz" - -if [ -z "$DO_REM_ST" -a -z "$DO_DIST_ST" ] ; then - - if [ "${OS_ARCH}" != "WINNT" ]; then - ulimit -n 1000 # make sure we have enough file descriptors + if [ ${CLTSRV} = "server" ]; then + DBDIRS="${SERVERDIR} ${EXT_SERVERDIR}" + else + DBDIRS="${CLIETNDIR} ${EXT_CLIENTDIR}" fi - - ssl_init - - # save the directories as setup by init.sh - ORIG_SERVERDIR=$SERVERDIR - ORIG_CLIENTDIR=$CLIENTDIR - ORIG_R_SERVERDIR=$R_SERVERDIR - ORIG_R_CLIENTDIR=$R_CLIENTDIR - ORIG_P_R_SERVERDIR=$P_R_SERVERDIR - ORIG_P_R_CLIENTDIR=$P_R_CLIENTDIR - - if [ -z "$NSS_TEST_DISABLE_CRL" ] ; then - ssl_crl_ssl - ssl_crl_cache + + if [ "${ONOFF}" = "on" ]; then + FIPSMODE=true + RET_EXP=0 else - echo "$SCRIPTNAME: Skipping CRL Client Tests" + FIPSMODE=false + RET_EXP=1 fi - # Test all combinations of client bypass and server bypass + html_head "SSL - FIPS mode ${ONOFF} for ${CLTSRV}" - if [ -z "$NSS_TEST_DISABLE_CIPHERS" ] ; then - if [ -n "$NSS_TEST_DISABLE_BYPASS" ] ; then - SERVER_OPTIONS="" - CLIENT_OPTIONS="" - BYPASS_STRING="No Bypass" - ssl_run + for DBDIR in ${DBDIRS} + do + EXT_OPT= + echo ${DBDIR} | grep ext > /dev/null + if [ $? -eq 0 ]; then + EXT_OPT="extended " fi - if [ -z "$NSS_TEST_DISABLE_BYPASS" -a \ - -z "$NSS_TEST_DISABLE_CLIENT_BYPASS" -a \ - -z "$NSS_TEST_SERVER_CLIENT_BYPASS" ] ; then - CLIENT_OPTIONS="-B -s" - SERVER_OPTIONS="" - BYPASS_STRING="Client Bypass" - ssl_run - else - echo "$SCRIPTNAME: Skipping Cipher Coverage - Client Bypass Tests" - fi + echo "${SCRIPTNAME}: Turning FIPS ${ONOFF} for the ${EXT_OPT} ${CLTSRV}" - if [ -z "$NSS_TEST_DISABLE_BYPASS" -a \ - -z "$NSS_TEST_DISABLE_SERVER_BYPASS" -a \ - -z "$NSS_TEST_SERVER_CLIENT_BYPASS" ] ; then - SERVER_OPTIONS="-B -s" - CLIENT_OPTIONS="" - BYPASS_STRING="Server Bypass" - ssl_run - else - echo "$SCRIPTNAME: Skipping Cipher Coverage - Server Bypass Tests" - fi + echo "modutil -dbdir ${DBDIR} -fips ${FIPSMODE} -force" + ${BINDIR}/modutil -dbdir ${DBDIR} -fips ${FIPSMODE} -force 2>&1 + RET=$? + html_msg "${RET}" "0" "${TESTNAME} (modutil -fips ${FIPSMODE})" \ + "produced a returncode of ${RET}, expected is 0" + + echo "modutil -dbdir ${DBDIR} -list" + DBLIST=`${BINDIR}/modutil -dbdir ${DBDIR} -list 2>&1` + RET=$? + html_msg "${RET}" "0" "${TESTNAME} (modutil -list)" \ + "produced a returncode of ${RET}, expected is 0" + + echo "${DBLIST}" | grep "FIPS PKCS #11" + RET=$? + html_msg "${RET}" "${RET_EXP}" "${TESTNAME} (grep \"FIPS PKCS #11\")" \ + "produced a returncode of ${RET}, expected is ${RET_EXP}" + done - if [ -n "$NSS_TEST_SERVER_CLIENT_BYPASS" -a \ - -z "$NSS_TEST_DISABLE_BYPASS" ] ; then - SERVER_OPTIONS="-B -s" - CLIENT_OPTIONS="-B -s" - BYPASS_STRING="Server Bypass/Client Bypass" - ssl_run - fi + html "
" +} - if [ -z "$NSS_TEST_DISABLE_FIPS" ] ; then - CLIENT_OPTIONS="" - SERVER_OPTIONS="" - BYPASS_STRING="Server FIPS" +############################ ssl_set_fips ############################## +# local shell function to run all tests set in NSS_SSL_TESTS variable +######################################################################## +ssl_run_tests() +{ + for SSL_TEST in ${NSS_SSL_TESTS} + do + case "${SSL_TEST}" in + "crl") + ssl_crl_ssl + ssl_crl_cache + ;; + "iopr") + ssl_iopr_run + ;; + *) + SERVER_MODE=`echo "${SSL_TEST}" | cut -d_ -f1` + CLIENT_MODE=`echo "${SSL_TEST}" | cut -d_ -f2` + + case "${SERVER_MODE}" in + "normal") + SERVER_OPTIONS= + ;; + "bypass") + SERVER_OPTIONS="-B -s" + ;; + "fips") + SERVER_OPTIONS= + ssl_set_fips server on + ;; + *) + echo "${SCRIPTNAME}: Error: Unknown server mode ${SERVER_MODE}" + continue + ;; + esac - html_head "SSL - FIPS mode on" - ssl_set_fips "${SERVERDIR}" "true" "Turning FIPS on for the server" - ssl_set_fips "${EXT_SERVERDIR}" "true" "Turning FIPS on for the extended server" - html "
" + case "${CLIENT_MODE}" in + "normal") + CLIENT_OPTIONS= + ;; + "bypass") + CLIENT_OPTIONS="-B -s" + ;; + "fips") + SERVER_OPTIONS= + ssl_set_fips client on + ;; + *) + echo "${SCRIPTNAME}: Error: Unknown client mode ${CLIENT_MODE}" + continue + ;; + esac - ssl_run + ssl_run_all - html_head "SSL - FIPS mode off" - ssl_set_fips "${SERVERDIR}" "false" "Turning FIPS off for the server" - ssl_set_fips "${EXT_SERVERDIR}" "false" "Turning FIPS off for the extended server" - html "
" - else - echo "$SCRIPTNAME: Skipping Cipher Coverage - FIPS Tests" - fi - else - echo "$SCRIPTNAME: Skipping Cipher Coverage Tests" - fi + if [ "${SERVER_MODE}" = "fips" ]; then + ssl_set_fips server off + fi + + if [ "${CLIENT_MODE}" = "fips" ]; then + ssl_set_fips client off + fi + ;; + esac + done +} + +################################# main ################################# + +ssl_init +ssl_run_tests +ssl_cleanup - ssl_iopr_run - ssl_cleanup -fi diff --git a/security/nss/tests/tools/tools.sh b/security/nss/tests/tools/tools.sh index 76e1234a634e9..0f4fb73b62658 100644 --- a/security/nss/tests/tools/tools.sh +++ b/security/nss/tests/tools/tools.sh @@ -41,7 +41,7 @@ # # mozilla/security/nss/tests/tools/tools.sh # -# Script to test basic functionallity of NSS tools +# Script to test basic functionality of NSS tools # # needs to work on all Unix and Windows platforms # @@ -55,6 +55,39 @@ # NOTE .... unexpected behavior ######################################################################## + export pkcs12v2pbeWithSha1And128BitRc4=\ +"PKCS #12 V2 PBE With Sha1 and 128 Bit RC4" + + export pkcs12v2pbeWithSha1And40BitRc4=\ +"PKCS #12 V2 PBE With Sha1 and 40 Bit RC4" + + export pkcs12v2pbeWithSha1AndTripleDESCBC=\ +"PKCS #12 V2 PBE With Sha1 and Triple DES CBC" + + export pkcs12v2pbeWithSha1And128BitRc2Cbc=\ +"PKCS #12 V2 PBE With Sha1 and 128 Bit RC2 CBC" + + export pkcs12v2pbeWithSha1And40BitRc2Cbc=\ +"PKCS #12 V2 PBE With Sha1 and 40 Bit RC2 CBC" + + export pkcs12v2pbeWithMd2AndDESCBC=\ +"PKCS #5 Password Based Encryption with MD2 and DES CBC" + + export pkcs12v2pbeWithMd5AndDESCBC=\ +"PKCS #5 Password Based Encryption with MD5 and DES CBC" + + export pkcs12v2pbeWithSha1AndDESCBC=\ +"PKCS #5 Password Based Encryption with SHA1 and DES CBC" + + export pkcs5pbeWithMD2AndDEScbc=\ +"PKCS #5 Password Based Encryption with MD2 and DES CBC" + + export pkcs5pbeWithMD5AndDEScbc=\ +"PKCS #5 Password Based Encryption with MD5 and DES CBC" + + export pkcs5pbeWithSha1AndDEScbc=\ +"PKCS #5 Password Based Encryption with SHA1 and DES CBC" + ############################## tools_init ############################## # local shell function to initialize this script ######################################################################## @@ -104,33 +137,267 @@ tools_init() cd ${TOOLSDIR} } -############################## tools_p12 ############################### -# local shell function to test basic functionality of pk12util +########################## list_p12_file ############################### +# List the key and cert in the specified p12 file ######################################################################## -tools_p12() +list_p12_file() { - echo "$SCRIPTNAME: Exporting Alice's email cert & key------------------" - echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\" - echo " -w ${R_PWFILE}" - ${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \ - -w ${R_PWFILE} 2>&1 + echo "$SCRIPTNAME: Listing Alice's pk12 file" + echo "pk12util -l ${1} -w ${R_PWFILE}" + + ${BINDIR}/pk12util -l ${1} -w ${R_PWFILE} 2>&1 ret=$? - html_msg $ret 0 "Exporting Alice's email cert & key (pk12util -o)" + html_msg $ret 0 "Listing ${1} (pk12util -l)" check_tmpfile +} - echo "$SCRIPTNAME: Importing Alice's email cert & key -----------------" - echo "pk12util -i Alice.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}" - ${BINDIR}/pk12util -i Alice.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1 +######################################################################## +# Import the key and cert from the specified p12 file +######################################################################## +import_p12_file() +{ + echo "$SCRIPTNAME: Importing Alice's pk12 ${1} file" + echo "pk12util -i ${1} -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}" + + ${BINDIR}/pk12util -i ${1} -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1 ret=$? - html_msg $ret 0 "Importing Alice's email cert & key (pk12util -i)" + html_msg $ret 0 "Importing ${1} (pk12util -i)" + check_tmpfile +} + +######################################################################## +# Export the key and cert to a p12 file using default ciphers +######################################################################## +export_with_default_ciphers() +{ + echo "$SCRIPTNAME: Exporting Alice's key & cert with [default:default] (pk12util -o)" + echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" + echo " -k ${R_PWFILE} -w ${R_PWFILE}" + ${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} \ + -k ${R_PWFILE} -w ${R_PWFILE} 2>&1 + ret=$? + html_msg $ret 0 "Exporting Alices's key & cert with [default:default] (pk12util -o)" + check_tmpfile + return $ret +} + +######################################################################## +# Exports key/cert to a p12 file, the key encryption cipher is specified +# and the cert encryption cipher is blank for default. +######################################################################## +export_with_key_cipher() +{ + # $1 key encryption cipher + echo "$SCRIPTNAME: Exporting with [${1}:default]" + echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" + echo " -k ${R_PWFILE} -w ${R_PWFILE} -c ${1}" + ${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} \ + -k ${R_PWFILE} -w ${R_PWFILE} -c "${1}" 2>&1 + ret=$? + html_msg $ret 0 "Exporting with [${1}:default] (pk12util -o)" check_tmpfile + return $ret +} + +######################################################################## +# Exports key/cert to a p12 file, the key encryption cipher is left +# empty for default and the cert encryption cipher is specified. +######################################################################## +export_with_cert_cipher() +{ + # $1 certificate encryption cipher + echo "$SCRIPTNAME: Exporting with [default:${1}]" + echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" + echo " -k ${R_PWFILE} -w ${R_PWFILE} -C ${1}" + ${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} \ + -k ${R_PWFILE} -w ${R_PWFILE} -C "${1}" 2>&1 + ret=$? + html_msg $ret 0 "Exporting with [default:${1}] (pk12util -o)" + check_tmpfile + return $ret +} - echo "$SCRIPTNAME: Listing Alice's pk12 file -----------------" - echo "pk12util -l Alice.p12 -w ${R_PWFILE}" - ${BINDIR}/pk12util -l Alice.p12 -w ${R_PWFILE} 2>&1 +######################################################################## +# Exports key/cert to a p12 file, both the key encryption cipher and +# the cert encryption cipher are specified. +######################################################################## +export_with_both_key_and_cert_cipher() +{ + # $1 key encryption cipher or "" + # $2 certificate encryption cipher or "" + + echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" + echo " -k ${R_PWFILE} -w ${R_PWFILE} -c ${1} -C ${2}" + ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \ + -k ${R_PWFILE} -w ${R_PWFILE} \ + -c "${1}" -C "${2}" 2>&1 + ret=$? + html_msg $ret 0 "Exporting with [${1}:${2}] (pk12util -o)" + check_tmpfile + return $ret +} + +######################################################################## +# Exports key and cert to a p12 file, both the key encryption cipher +# and the cert encryption cipher are specified. The key and cert are +# imported and the p12 file is listed +######################################################################## +export_list_import() +{ + # $1 key encryption cipher + # $2 certificate encryption cipher + + if [[ "${1}" != "" && "${2}" != "" ]]; then + export_with_both_key_and_cert_cipher "${1}" "${2}" + elif [[ "${1}" != "" && "${2}" = "" ]]; then + export_with_key_cipher "${1}" + elif [[ "${1}" = "" && "${2}" != "" ]]; then + export_with_cert_cipher "${2}" + else + export_with_default_ciphers + fi + + list_p12_file Alice.p12 + import_p12_file Alice.p12 +} + +######################################################################## +# Export using the pkcs5pbe ciphers for key and certificate encryption. +# List the contents of and import from the p12 file. +######################################################################## +tools_p12_export_list_import_all_pkcs5pbe_ciphers() +{ + # specify each on key and cert cipher + for key_cipher in "${pkcs5pbeWithMD2AndDEScbc}" \ + "${pkcs5pbeWithMD5AndDEScbc}" \ + "${pkcs5pbeWithSha1AndDEScbc}"\ + ""; do + for cert_cipher in "${pkcs5pbeWithMD2AndDEScbc}" \ + "${pkcs5pbeWithMD5AndDEScbc}" \ + "${pkcs5pbeWithSha1AndDEScbc}" \ + ""\ + "null"; do + export_list_import "${key_cipher}" "${cert_cipher}" + done + done +} + +######################################################################## +# Export using the pkcs5v2 ciphers for key and certificate encryption. +# List the contents of and import from the p12 file. +######################################################################## +tools_p12_export_list_import_all_pkcs5v2_ciphers() +{ + # These should pass + for key_cipher in\ + RC2-CBC \ + DES-EDE3-CBC \ + AES-128-CBC \ + AES-192-CBC \ + AES-256-CBC \ + CAMELLIA-128-CBC \ + CAMELLIA-192-CBC \ + CAMELLIA-256-CBC; do + +#--------------------------------------------------------------- +# Bug 452464 - pk12util -o fails when -C option specifies AES or +# Camellia ciphers +# FIXME Restore these to the list +# AES-128-CBC, \ +# AES-192-CBC, \ +# AES-256-CBC, \ +# CAMELLIA-128-CBC, \ +# CAMELLIA-192-CBC, \ +# CAMELLIA-256-CBC, \ +# when 452464 is fixed +#--------------------------------------------------------------- + for cert_cipher in \ + RC2-CBC \ + DES-EDE3-CBC \ + null; do + export_list_import ${key_cipher} ${cert_cipher} + done + done +} + +######################################################################## +# Export using the pkcs12v2pbe ciphers for key and certificate encryption. +# List the contents of and import from the p12 file. +######################################################################## +tools_p12_export_list_import_all_pkcs12v2pbe_ciphers() +{ +#--------------------------------------------------------------- +# Bug 452471 - pk12util -o fails when -c option specifies pkcs12v2 PBE ciphers +# FIXME - Restore these to the list +# "${pkcs12v2pbeWithSha1And128BitRc4}" \ +# "${pkcs12v2pbeWithSha1And40BitRc4}" \ +# "${pkcs12v2pbeWithSha1AndTripleDESCBC}" \ +# "${pkcs12v2pbeWithSha1And128BitRc2Cbc}" \ +# "${pkcs12v2pbeWithSha1And40BitRc2Cbc}" \ +# "${pkcs12v2pbeWithMd2AndDESCBC}" \ +# "${pkcs12v2pbeWithMd5AndDESCBC}" \ +# "${pkcs12v2pbeWithSha1AndDESCBC}" \ +# ""; do +# when 452471 is fixed +#--------------------------------------------------------------- +# for key_cipher in \ + key_cipher="" + for cert_cipher in "${pkcs12v2pbeWithSha1And128BitRc4}" \ + "${pkcs12v2pbeWithSha1And40BitRc4}" \ + "${pkcs12v2pbeWithSha1AndTripleDESCBC}" \ + "${pkcs12v2pbeWithSha1And128BitRc2Cbc}" \ + "${pkcs12v2pbeWithSha1And40BitRc2Cbc}" \ + "${pkcs12v2pbeWithMd2AndDESCBC}" \ + "${pkcs12v2pbeWithMd5AndDESCBC}" \ + "${pkcs12v2pbeWithSha1AndDESCBC}" \ + ""\ + "null"; do + export_list_import "${key_cipher}" "${key_cipher}" + done + #done +} + +######################################################################### +# Export with no encryption on key should fail but on cert should pass +######################################################################### +tools_p12_export_with_null_ciphers() +{ + # use null as the key encryption algorithm default for the cert one + # should fail + + echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" + echo " -k ${R_PWFILE} -w ${R_PWFILE} -c null" + ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \ + -k ${R_PWFILE} -w ${R_PWFILE} \ + -c null 2>&1 + ret=$? + html_msg $ret 30 "Exporting with [null:default] (pk12util -o)" + check_tmpfile + + # use default as the key encryption algorithm null for the cert one + # should pass + + echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" + echo " -k ${R_PWFILE} -w ${R_PWFILE} -C null" + ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \ + -k ${R_PWFILE} -w ${R_PWFILE} \ + -C null 2>&1 ret=$? - html_msg $ret 0 "Listing Alice's pk12 file (pk12util -l)" + html_msg $ret 0 "Exporting with [default:null] (pk12util -o)" check_tmpfile + +} + +######################################################################### +# Exports using the default key and certificate encryption ciphers. +# Imports from and lists the contents of the p12 file. +# Repeats the test with ECC if enabled. +######################################################################## +tools_p12_export_list_import_with_default_ciphers() +{ + echo "$SCRIPTNAME: Exporting Alice's email cert & key - default ciphers" + + export_list_import "" "" if [ -n "$NSS_ENABLE_ECC" ] ; then echo "$SCRIPTNAME: Exporting Alice's email EC cert & key---------------" @@ -156,7 +423,18 @@ tools_p12() html_msg $ret 0 "Listing Alice's pk12 EC file (pk12util -l)" check_tmpfile fi +} +############################## tools_p12 ############################### +# local shell function to test basic functionality of pk12util +######################################################################## +tools_p12() +{ + tools_p12_export_list_import_with_default_ciphers + tools_p12_export_list_import_all_pkcs5v2_ciphers + tools_p12_export_list_import_all_pkcs5pbe_ciphers + tools_p12_export_list_import_all_pkcs12v2pbe_ciphers + tools_p12_export_with_null_ciphers } ############################## tools_sign ############################## @@ -240,9 +518,7 @@ tools_cleanup() ################## main ################################################# tools_init - tools_p12 - tools_sign tools_cleanup