mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Land BOB_WORK_BRANCH unto the tip. 

remove lots of depricated files.
move some files to appropriate directories (pcertdb *_rand
associated headers to soft token, for instance)
rename several stan files which had the same name as other nss files.
remove depricated functions.
This commit is contained in:
relyea%netscape.com 2001-11-08 00:15:51 +00:00
Родитель 2af9588497
Коммит e27189dd1d
148 изменённых файлов: 15842 добавлений и 20762 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

64
security/nss/cmd/certutil/certutil.c
Просмотреть файл

@ -272,7 +272,7 @@ GetYesNo(char *prompt)
static SECStatus
AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts,
PRFileDesc *inFile, PRBool ascii, PRBool emailcert)
PRFileDesc *inFile, PRBool ascii, PRBool emailcert, void *pwdata)
{
CERTCertTrust *trust = NULL;
CERTCertificate *cert = NULL, *tempCert = NULL;
@ -308,6 +308,7 @@ AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts,
GEN_BREAK(SECFailure);
}
#ifdef notdef
/* CERT_ImportCert only collects certificates and returns the
* first certficate. It does not insert these certificates into
* the dbase. For now, just call CERT_NewTempCertificate.
@ -320,6 +321,7 @@ AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts,
if (!PK11_IsInternal(slot)) {
tempCert->trust = trust;
rv = PK11_ImportCertForKeyToSlot(slot, tempCert, name,
PR_FALSE, NULL);
}
@ -337,9 +339,36 @@ AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts,
if ( emailcert )
CERT_SaveSMimeProfile(tempCert, NULL, NULL);
#else
cert->trust = trust;
rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
if (rv != SECSuccess) {
SECU_PrintError(progName, "could authenticate to token or database");
GEN_BREAK(SECFailure);
}
rv = PK11_ImportCert(slot, cert, CK_INVALID_HANDLE, name, PR_FALSE);
if (rv != SECSuccess) {
SECU_PrintError(progName, "could not add certificate to token or database");
GEN_BREAK(SECFailure);
}
rv = CERT_ChangeCertTrust(handle, cert, trust);
if (rv != SECSuccess) {
SECU_PrintError(progName, "could not change trust on certificate");
GEN_BREAK(SECFailure);
}
if ( emailcert ) {
CERT_SaveSMimeProfile(cert, NULL, pwdata);
}
#endif
} while (0);
#ifdef notdef
CERT_DestroyCertificate (tempCert);
#endif
CERT_DestroyCertificate (cert);
PORT_Free(trust);
PORT_Free(certDER.data);
@ -525,8 +554,8 @@ printCertCB(CERTCertificate *cert, void *arg)
if (trust) {
SECU_PrintTrustFlags(stdout, trust,
"Certificate Trust Flags", 1);
} else {
SECU_PrintTrustFlags(stdout, &cert->dbEntry->trust,
} else if (cert->trust) {
SECU_PrintTrustFlags(stdout, cert->trust,
"Certificate Trust Flags", 1);
}
@ -544,6 +573,7 @@ listCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot,
PRInt32 numBytes;
SECStatus rv;
#ifdef nodef
/* For now, split handling of slot to internal vs. other. slot should
* probably be allowed to be NULL so that all slots can be listed.
* In that case, need to add a call to PK11_TraverseSlotCerts().
@ -584,8 +614,9 @@ listCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot,
NULL);
}
} else {
#endif
/* List certs on a non-internal slot. */
if (PK11_NeedLogin(slot))
if ( !PK11_IsFriendly(slot) && PK11_NeedLogin(slot))
PK11_Authenticate(slot, PR_TRUE, pwarg);
if (name) {
CERTCertificate *the_cert;
@ -594,7 +625,22 @@ listCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot,
SECU_PrintError(progName, "Could not find: %s\n", name);
return SECFailure;
}
rv = printCertCB(the_cert, the_cert->trust);
data.data = the_cert->derCert.data;
data.len = the_cert->derCert.len;
if (ascii) {
PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER,
BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER);
rv = SECSuccess;
} else if (raw) {
numBytes = PR_Write(outfile, data.data, data.len);
if (numBytes != data.len) {
SECU_PrintSystemError(progName, "error writing raw cert");
rv = SECFailure;
}
rv = SECSuccess;
} else {
rv = printCertCB(the_cert, the_cert->trust);
}
} else {
rv = PK11_TraverseCertsInSlot(slot, SECU_PrintCertNickname, stdout);
}
@ -602,7 +648,9 @@ listCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot,
SECU_PrintError(progName, "problem printing certificate nicknames");
return SECFailure;
}
#ifdef notdef
}
#endif
return SECSuccess; /* not rv ?? */
}
@ -2690,7 +2738,7 @@ main(int argc, char **argv)
certutil.options[opt_Trust].arg,
inFile,
certutil.options[opt_ASCIIForIO].activated,
certutil.commands[cmd_AddEmailCert].activated);
certutil.commands[cmd_AddEmailCert].activated,&pwdata);
if (rv)
return 255;
}
@ -2701,9 +2749,13 @@ main(int argc, char **argv)
PR_Delete(certreqfile);
}
#ifdef notdef
if ( certHandle ) {
CERT_ClosePermCertDB(certHandle);
}
#else
NSS_Shutdown();
#endif
return rv;
}

21
security/nss/cmd/crlutil/crlutil.c
Просмотреть файл

@ -64,7 +64,7 @@ static CERTSignedCrl *FindCRL
return ((CERTSignedCrl *)NULL);
}
crl = SEC_FindCrlByKey(certHandle, &cert->derSubject, type);
crl = SEC_FindCrlByName(certHandle, &cert->derSubject, type);
if (crl ==NULL)
SECU_PrintError
(progName, "could not find %s's CRL", name);
@ -81,7 +81,7 @@ static void DisplayCRL (CERTCertDBHandle *certHandle, char *nickName, int crlTyp
if (crl) {
SECU_PrintCRLInfo (stdout, &crl->crl, "CRL Info:\n", 0);
CERT_DestroyCrl (crl);
SEC_DestroyCrl (crl);
}
}
@ -124,10 +124,8 @@ static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType)
fprintf (stdout, "\n");
fprintf (stdout, "\n%-40s %-5s\n\n", "CRL names", "CRL Type");
while (crlNode) {
mark = PORT_ArenaMark (arena);
rv = SEC_ASN1DecodeItem
(arena, name, CERT_NameTemplate, &(crlNode->crl->crl.derName));
if (!name){
name = &crlNode->crl->crl.name;
if (!name){
fprintf(stderr, "%s: fail to get the CRL issuer name\n", progName,
SECU_Strerror(PORT_GetError()));
break;
@ -135,7 +133,6 @@ static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType)
fprintf (stdout, "\n%-40s %-5s\n", CERT_NameToAscii(name), "CRL");
crlNode = crlNode->next;
PORT_ArenaRelease (arena, mark);
}
} while (0);
@ -172,14 +169,6 @@ static SECStatus DeleteCRL (CERTCertDBHandle *certHandle, char *name, int type)
name, SECU_Strerror(PORT_GetError()));
return SECFailure;
}
rv = SEC_DeleteTempCrl (crl);
if (rv != SECSuccess) {
SECU_PrintError
(progName, "fail to delete the issuer %s's CRL from the temp dbase (reason: %s)",
name, SECU_Strerror(PORT_GetError()));
return SECFailure;
}
return (rv);
}
@ -214,7 +203,7 @@ SECStatus ImportCRL (CERTCertDBHandle *certHandle, char *url, int type,
(progName, "unable to import CRL");
}
PORT_Free (crlDER.data);
CERT_DestroyCrl (crl);
SEC_DestroyCrl (crl);
return (rv);
}

2
security/nss/cmd/crlutil/manifest.mn
Просмотреть файл

@ -50,4 +50,4 @@ CSRCS = crlutil.c
# PROGRAM = ./$(OBJDIR)/crlutil.exe
PROGRAM = crlutil
USE_STATIC_LIBS = 1
#USE_STATIC_LIBS = 1

2
security/nss/cmd/lib/seccnames.c
Просмотреть файл

@ -82,7 +82,7 @@ sec_CollectCertNamesAndTrust(CERTCertificate *cert, SECItem *unknown, void *arg)
int i;
i = pCertNames->numCerts;
name = cert->dbEntry->nickname ? cert->dbEntry->nickname : cert->emailAddr;
name = cert->nickname ? cert->nickname : cert->emailAddr;
if (name)
pCertNames->nameAndTrustEntries[i].name = PORT_Strdup(name);

15
security/nss/cmd/lib/secutil.c
Просмотреть файл

@ -1518,20 +1518,6 @@ SECU_PrintCertNickname(CERTCertificate *cert, void *data)
PORT_Memset (trusts, 0, sizeof (trusts));
out = (FILE *)data;
if ( cert->dbEntry ) {
name = cert->dbEntry->nickname;
if ( name == NULL ) {
name = cert->emailAddr;
}
trust = &cert->dbEntry->trust;
printflags(trusts, trust->sslFlags);
PORT_Strcat(trusts, ",");
printflags(trusts, trust->emailFlags);
PORT_Strcat(trusts, ",");
printflags(trusts, trust->objectSigningFlags);
fprintf(out, "%-60s %-5s\n", name, trusts);
} else {
name = cert->nickname;
if ( name == NULL ) {
name = cert->emailAddr;
@ -1548,7 +1534,6 @@ SECU_PrintCertNickname(CERTCertificate *cert, void *data)
PORT_Memcpy(trusts,",,",3);
}
fprintf(out, "%-60s %-5s\n", name, trusts);
}
return (SECSuccess);
}

5
security/nss/cmd/modutil/manifest.mn
Просмотреть файл

@ -54,6 +54,7 @@ REQUIRES = seccmd security dbm
DEFINES = -DNSPR20
INCLUDES =
# sigh
INCLUDES += -I$(CORE_DEPTH)/nss/lib/pk11wrap
USE_STATIC_LIBS = 1
USE_STATIC_LIBS = 1

38
security/nss/cmd/modutil/modutil.c
Просмотреть файл

@ -57,6 +57,7 @@ typedef enum {
JAR_COMMAND,
LIST_COMMAND,
RAW_LIST_COMMAND,
RAW_ADD_COMMAND,
UNDEFAULT_COMMAND
} Command;
@ -74,6 +75,7 @@ static char *commandNames[] = {
"-jar",
"-list",
"-rawlist",
"-rawadd",
"-undefault"
};
@ -81,6 +83,7 @@ static char *commandNames[] = {
/* this enum must be kept in sync with the optionStrings list */
typedef enum {
ADD_ARG=0,
RAW_ADD_ARG,
CHANGEPW_ARG,
CIPHERS_ARG,
CREATE_ARG,
@ -112,6 +115,7 @@ typedef enum {
/* This list must be kept in sync with the Arg enum */
static char *optionStrings[] = {
"-add",
"-rawadd",
"-changepw",
"-ciphers",
"-create",
@ -150,6 +154,7 @@ static Command command = NO_COMMAND;
static char* pwFile = NULL;
static char* newpwFile = NULL;
static char* moduleName = NULL;
static char* moduleSpec = NULL;
static char* slotName = NULL;
static char* secmodName = NULL;
static char* tokenName = NULL;
@ -398,6 +403,18 @@ parse_args(int argc, char *argv[])
moduleName = argv[++i];
}
break;
case RAW_ADD_ARG:
if(command != NO_COMMAND) {
PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
return MULTIPLE_COMMAND_ERR;
}
command = RAW_ADD_COMMAND;
if(TRY_INC(i, argc)) {
PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
return OPTION_NEEDS_ARG_ERR;
}
moduleSpec = argv[i];
break;
case MECHANISMS_ARG:
if(mechanisms != NULL) {
PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
@ -500,6 +517,8 @@ verify_params()
case LIST_COMMAND:
case RAW_LIST_COMMAND:
break;
case RAW_ADD_COMMAND:
break;
case UNDEFAULT_COMMAND:
case DEFAULT_COMMAND:
if(mechanisms == NULL) {
@ -777,17 +796,26 @@ main(int argc, char *argv[])
goto loser;
}
if (command == RAW_LIST_COMMAND) {
if ((command == RAW_LIST_COMMAND) || (command == RAW_ADD_COMMAND)) {
if(!moduleName) {
char *readOnlyStr, *noCertDBStr, *sep;
if (!secmodName) secmodName="secmod.db";
if (!dbprefix) dbprefix = "";
sep = ((command == RAW_LIST_COMMAND) && nocertdb) ? "," : " ";
readOnlyStr = (command == RAW_LIST_COMMAND) ? "readOnly" : "" ;
noCertDBStr = nocertdb ? "noCertDB" : "";
SECU_ConfigDirectory(dbdir);
moduleName=PR_smprintf("name=\"NSS default Module DB\" parameters=\"configdir=%s certPrefix=%s keyPrefix=%s secmod=%s flags=readOnly%s\" NSS=\"flags=internal,moduleDB,moduleDBOnly,critical\"",
SECU_ConfigDirectory(NULL),dbprefix,
dbprefix,secmodName, nocertdb?",noCertDB":"");
moduleName=PR_smprintf("name=\"NSS default Module DB\" parameters=\"configdir=%s certPrefix=%s keyPrefix=%s secmod=%s flags=%s%s%s\" NSS=\"flags=internal,moduleDB,moduleDBOnly,critical\"",
SECU_ConfigDirectory(NULL),dbprefix, dbprefix,
secmodName, readOnlyStr,sep, noCertDBStr);
}
if (command == RAW_LIST_COMMAND) {
errcode = RawListModule(moduleName);
} else {
PORT_Assert(moduleSpec);
errcode = RawAddModule(moduleName,moduleSpec);
}
errcode = RawListModule(moduleName);
goto loser;
}

25
security/nss/cmd/modutil/pk11.c
Просмотреть файл

@ -303,6 +303,31 @@ RawListModule(char *modulespec)
return SUCCESS;
}
RawAddModule(char *dbmodulespec, char *modulespec)
{
SECMODModule *module;
SECMODModule *dbmodule;
dbmodule = SECMOD_LoadModule(dbmodulespec,NULL,PR_TRUE);
if (dbmodule == NULL) {
/* handle error */
return NO_SUCH_MODULE_ERR;
}
module = SECMOD_LoadModule(modulespec,dbmodule,PR_FALSE);
if (module == NULL) {
/* handle error */
return NO_SUCH_MODULE_ERR;
}
if( SECMOD_UpdateModule(module) != SECSuccess ) {
PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], modulespec);
return UPDATE_MOD_FAILED_ERR;
}
return SUCCESS;
}
/************************************************************************
*
* L i s t M o d u l e s

5
security/nss/cmd/ocspclnt/ocspclnt.c
Просмотреть файл

@ -34,7 +34,7 @@
/*
* Test program for client-side OCSP.
*
* $Id: ocspclnt.c,v 1.1 2000/03/31 20:09:29 relyea%netscape.com Exp $
* $Id: ocspclnt.c,v 1.2 2001/11/08 00:14:21 relyea%netscape.com Exp $
*/
#include "secutil.h"
@ -859,7 +859,7 @@ print_response (FILE *out_file, SECItem *data, CERTCertDBHandle *handle)
}
sigStatus = CERT_VerifyOCSPResponseSignature (response, handle,
NULL, &signerCert);
NULL, &signerCert, NULL);
SECU_Indent (out_file, level);
fprintf (out_file, "Signature verification ");
if (sigStatus != SECSuccess) {
@ -1209,7 +1209,6 @@ nssdone:
if (handle != NULL) {
(void) CERT_DisableOCSPChecking (handle);
CERT_ClosePermCertDB (handle);
}
NSS_Shutdown ();

4
security/nss/cmd/platlibs.mk
Просмотреть файл

@ -61,7 +61,7 @@ EXTRA_LIBS += \
$(DIST)/lib/cryptohi.lib \
$(DIST)/lib/pk11wrap.lib \
$(DIST)/lib/certdb.lib \
$(DIST)/lib/softoken.lib \
$(DIST)/lib/softokn.lib \
$(CRYPTOLIB) \
$(DIST)/lib/swfci.lib \
$(DIST)/lib/secutil.lib \
@ -106,7 +106,7 @@ EXTRA_LIBS += \
$(DIST)/lib/libcerthi.$(LIB_SUFFIX) \
$(DIST)/lib/libnsspki.$(LIB_SUFFIX) \
$(DIST)/lib/libpk11wrap.$(LIB_SUFFIX) \
$(DIST)/lib/libsoftoken.$(LIB_SUFFIX) \
$(DIST)/lib/libsoftokn.$(LIB_SUFFIX) \
$(DIST)/lib/libcertdb.$(LIB_SUFFIX) \
$(DIST)/lib/libnsspki.$(LIB_SUFFIX) \
$(DIST)/lib/libnssdev.$(LIB_SUFFIX) \

18
security/nss/cmd/rsaperf/defkey.c
Просмотреть файл

@ -36,7 +36,7 @@
*/
#include "seccomon.h"
#include "secoidt.h"
#include "keytlow.h"
#include "lowkeyti.h"
#define CONST
@ -100,16 +100,16 @@ static CONST unsigned char default_qInvModP[64] = {
};
static struct SECKEYLowPrivateKeyStr rsaPriv;
static struct NSSLOWKEYPrivateKeyStr rsaPriv;
SECKEYLowPrivateKey *
NSSLOWKEYPrivateKey *
getDefaultRSAPrivateKey(void)
{
if (rsaPriv.keyType != lowRSAKey) {
if (rsaPriv.keyType != NSSLOWKEYRSAKey) {
/* leaving arena uninitialized. It isn't used in this test. */
rsaPriv.keyType = lowRSAKey;
rsaPriv.keyType = NSSLOWKEYRSAKey;
/* leaving arena uninitialized. It isn't used. */
/* leaving version uninitialized. It isn't used. */
@ -134,14 +134,14 @@ getDefaultRSAPrivateKey(void)
return &rsaPriv;
}
static struct SECKEYLowPublicKeyStr rsaPub;
static struct NSSLOWKEYPublicKeyStr rsaPub;
SECKEYLowPublicKey *
NSSLOWKEYPublicKey *
getDefaultRSAPublicKey(void)
{
if (rsaPub.keyType != lowRSAKey) {
if (rsaPub.keyType != NSSLOWKEYRSAKey) {
rsaPub.keyType = lowRSAKey;
rsaPub.keyType = NSSLOWKEYRSAKey;
rsaPub.u.rsa.modulus.data = default_n;
rsaPub.u.rsa.modulus.len = sizeof default_n;

17
security/nss/cmd/rsaperf/rsaperf.c
Просмотреть файл

@ -38,14 +38,14 @@
#include "nss.h"
#include "blapi.h"
#include "plgetopt.h"
#include "keylow.h"
#include "lowkeyi.h"
#define MAX_RSA_MODULUS_BYTES (1024/8)
#define DEFAULT_ITERS 10
extern SECKEYLowPrivateKey * getDefaultRSAPrivateKey(void);
extern SECKEYLowPublicKey * getDefaultRSAPublicKey(void);
extern NSSLOWKEYPrivateKey * getDefaultRSAPrivateKey(void);
extern NSSLOWKEYPublicKey * getDefaultRSAPublicKey(void);
typedef struct TimingContextStr TimingContext;
@ -196,7 +196,7 @@ dumpItem( SECItem * item, const char * description)
}
void
printPrivKey(SECKEYLowPrivateKey * privKey)
printPrivKey(NSSLOWKEYPrivateKey * privKey)
{
RSAPrivateKey *rsa = &privKey->u.rsa;
@ -226,10 +226,9 @@ int
main(int argc, char **argv)
{
TimingContext * timeCtx;
SECKEYKeyDBHandle * keydb;
SECKEYPublicKey * pubHighKey;
SECKEYLowPrivateKey * privKey;
SECKEYLowPublicKey * pubKey;
NSSLOWKEYPrivateKey * privKey;
NSSLOWKEYPublicKey * pubKey;
CERTCertificate * cert;
char * progName;
char * secDir = NULL;
@ -292,7 +291,6 @@ main(int argc, char **argv)
exit(1);
}
certdb = CERT_GetDefaultCertDB();
keydb = SECKEY_GetDefaultKeyDB();
} else {
rv = NSS_NoDB_Init(secDir);
if (rv != SECSuccess) {
@ -342,9 +340,6 @@ main(int argc, char **argv)
exit(1);
}
#if 0
printPrivKey(privKey);
#endif
fn = (RSAOp)RSA_PrivateKeyOp;
rsaKey = (void *)(&privKey->u.rsa);
}

3
security/nss/cmd/signtool/certgen.c
Просмотреть файл

@ -498,8 +498,7 @@ install_cert(CERTCertDBHandle *db, PK11SlotInfo *slot, SECItem *derCert,
CERTCertTrust trust;
PK11SlotInfo *newSlot;
newcert = CERT_NewTempCertificate(db, derCert, NULL,
/*isperm*/ PR_FALSE, /*copyDER*/ PR_TRUE);
newcert = CERT_DecodeDERCertificate(derCert, PR_TRUE, NULL);
if (newcert == NULL) {
PR_fprintf(errorFD, "%s: can't create new certificate\n", PROGRAM_NAME);

8
security/nss/cmd/signtool/list.c
Просмотреть файл

@ -91,14 +91,6 @@ ListCerts(char *key, int list_certs)
return -1;
}
/* Traverse Internal DB */
rv = SEC_TraversePermCerts(db, cert_trav_callback, (void*)&list_certs);
if (rv) {
PR_fprintf(outputFD, "**Traverse of internal DB failed**\n");
return -1;
}
if (num_trav_certs == 0) {
PR_fprintf(outputFD,
"You don't appear to have any object signing certificates.\n");

3
security/nss/cmd/swfort/instinit/instinit.c
Просмотреть файл

@ -318,7 +318,8 @@ main(int argc, char ** argv)
}
continue;
}
cert = CERT_NewTempCertificate(certhandle,derCert, NULL,
cert = (CERTCertificate *)
__CERT_NewTempCertificate(certhandle,derCert, NULL,
PR_FALSE, PR_TRUE);
if (cert == NULL) {
if (verbose) {

5
security/nss/cmd/swfort/newuser/newuser.c
Просмотреть файл

@ -40,7 +40,7 @@
#include "blapi.h" /* program calls low level functions directly!*/
#include "pk11func.h"
#include "secmod.h"
#include "secmodi.h"
/*#include "secmodi.h"*/
#include "cert.h"
#include "key.h"
#include "swforti.h"
@ -791,7 +791,8 @@ main(int argc, char **argv)
}
derCert.data = origCert;
derCert.len = Cert_length(origCert, sizeof(origCert));
cert = CERT_NewTempCertificate(certhandle,&derCert, NULL,
cert =
(CERTCertificate *)CERT_NewTempCertificate(certhandle,&derCert, NULL,
PR_FALSE, PR_TRUE);
caCert.valid[i].cert = cert;
if (cert == NULL) continue;

19
security/nss/lib/asn1/asn1.c
Просмотреть файл

@ -32,7 +32,7 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: asn1.c,v $ $Revision: 1.1 $ $Date: 2000/03/31 19:54:49 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: asn1.c,v $ $Revision: 1.2 $ $Date: 2001/11/08 00:14:34 $ $Name: $";
#endif /* DEBUG */
/*
@ -316,7 +316,7 @@ nssASN1Decoder_Update
PRUint32 amount
)
{
PRStatus rv;
SECStatus rv;
#ifdef DEBUG
if( PR_SUCCESS != nssASN1Decoder_verify(decoder) ) {
@ -332,7 +332,7 @@ nssASN1Decoder_Update
rv = SEC_ASN1DecoderUpdate((SEC_ASN1DecoderContext *)decoder,
(const char *)data,
(unsigned long)amount);
if( PR_SUCCESS != rv ) {
if( SECSuccess != rv ) {
nss_SetError(PORT_GetError()); /* ugly */
return PR_FAILURE;
}
@ -361,7 +361,8 @@ nssASN1Decoder_Finish
nssASN1Decoder *decoder
)
{
PRStatus rv;
PRStatus rv = PR_SUCCESS;
SECStatus srv;
#ifdef DEBUG
if( PR_SUCCESS != nssASN1Decoder_verify(decoder) ) {
@ -369,10 +370,11 @@ nssASN1Decoder_Finish
}
#endif /* DEBUG */
rv = SEC_ASN1DecoderFinish((SEC_ASN1DecoderContext *)decoder);
srv = SEC_ASN1DecoderFinish((SEC_ASN1DecoderContext *)decoder);
if( PR_SUCCESS != rv ) {
if( SECSuccess != srv ) {
nss_SetError(PORT_GetError()); /* ugly */
rv = PR_FAILURE;
}
#ifdef DEBUG
@ -763,7 +765,7 @@ nssASN1Encoder_Update
PRUint32 length
)
{
PRStatus rv;
SECStatus rv;
#ifdef DEBUG
if( PR_SUCCESS != nssASN1Encoder_verify(encoder) ) {
@ -778,7 +780,7 @@ nssASN1Encoder_Update
rv = SEC_ASN1EncoderUpdate((SEC_ASN1EncoderContext *)encoder,
(const char *)data,
(unsigned long)length);
if( PR_SUCCESS != rv ) {
if( SECSuccess != rv ) {
nss_SetError(PORT_GetError()); /* ugly */
return PR_FAILURE;
}
@ -1187,7 +1189,6 @@ nssASN1_EncodeItem
NSSASN1EncodingType encoding
)
{
PLArenaPool *hack = (PLArenaPool *)arenaOpt;
NSSDER *rv;
PRUint32 len = 0;
PRStatus status;

7
security/nss/lib/base/list.c
Просмотреть файл

@ -32,7 +32,7 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: list.c,v $ $Revision: 1.5 $ $Date: 2001/10/17 14:37:48 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: list.c,v $ $Revision: 1.6 $ $Date: 2001/11/08 00:14:37 $ $Name: $";
#endif /* DEBUG */
/*
@ -91,7 +91,10 @@ nsslist_get_matching_element(nssList *list, void *data)
break;
}
link = &node->link;
if (link == PR_LIST_TAIL(&list->head->link)) break;
if (link == PR_LIST_TAIL(&list->head->link)) {
node = NULL;
break;
}
node = (nssListElement *)PR_NEXT_LINK(&node->link);
}
return node;

6
security/nss/lib/base/nssbaset.h
Просмотреть файл

@ -35,7 +35,7 @@
#define NSSBASET_H
#ifdef DEBUG
static const char NSSBASET_CVS_ID[] = "@(#) $RCSfile: nssbaset.h,v $ $Revision: 1.3 $ $Date: 2001/01/03 19:48:46 $ $Name: $";
static const char NSSBASET_CVS_ID[] = "@(#) $RCSfile: nssbaset.h,v $ $Revision: 1.4 $ $Date: 2001/11/08 00:14:37 $ $Name: $";
#endif /* DEBUG */
/*
@ -138,7 +138,7 @@ typedef NSSItem NSSBitString;
* Character strings encoded in UTF-8, as defined by RFC 2279.
*/
typedef PRUint8 NSSUTF8;
typedef char NSSUTF8;
/*
* NSSASCII7
@ -146,7 +146,7 @@ typedef PRUint8 NSSUTF8;
* Character strings guaranteed to be 7-bit ASCII.
*/
typedef PRUint8 NSSASCII7;
typedef char NSSASCII7;
PR_END_EXTERN_C

6
security/nss/lib/base/utf8.c
Просмотреть файл

@ -32,7 +32,7 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: utf8.c,v $ $Revision: 1.4 $ $Date: 2001/09/20 22:02:46 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: utf8.c,v $ $Revision: 1.5 $ $Date: 2001/11/08 00:14:37 $ $Name: $";
#endif /* DEBUG */
/*
@ -679,7 +679,7 @@ nssUTF8_CopyIntoFixedBuffer
#endif /* NSSDEBUG */
if( (NSSUTF8 *)NULL == string ) {
string = (unsigned char*) "";
string = (NSSUTF8 *) "";
}
stringSize = nssUTF8_Size(string, (PRStatus *)NULL);
@ -699,7 +699,7 @@ nssUTF8_CopyIntoFixedBuffer
}
/* Too long. We have to trim the last character */
for( bs; bs != 0; bs-- ) {
for( /*bs*/; bs != 0; bs-- ) {
if( (buffer[bs-1] & 0xC0) != 0x80 ) {
buffer[bs-1] = pad;
break;

91
security/nss/lib/certdb/cert.h
Просмотреть файл

@ -34,7 +34,7 @@
/*
* cert.h - public data structures and prototypes for the certificate library
*
* $Id: cert.h,v 1.12 2001/06/21 03:20:09 nelsonb%netscape.com Exp $
* $Id: cert.h,v 1.13 2001/11/08 00:14:39 relyea%netscape.com Exp $
*/
#ifndef _CERT_H_
@ -276,6 +276,10 @@ extern CERTCertDBHandle *CERT_GetDefaultCertDB(void);
extern CERTCertList *CERT_GetCertChainFromCert(CERTCertificate *cert,
int64 time,
SECCertUsage usage);
extern CERTCertificate *
CERT_NewTempCertificate (CERTCertDBHandle *handle, SECItem *derCert,
char *nickname, PRBool isperm, PRBool copyDER);
/******************************************************************************
*
@ -397,26 +401,7 @@ extern void CERT_DestroyCrl (CERTSignedCrl *crl);
** Decode a certificate and put it into the temporary certificate database
*/
extern CERTCertificate *
CERT_NewTempCertificate (CERTCertDBHandle *handle, SECItem *derCert,
char *nickname, PRBool isperm, PRBool copyDER);
/*
** Add a certificate to the temporary database.
** "dbCert" is the certificate from the perm database.
** "isperm" indicates if the cert is in the permanent database.
*/
extern CERTCertificate *
CERT_AddTempCertificate (CERTCertDBHandle *handle, certDBEntryCert *entry,
PRBool isperm);
/*
** Add a temporary certificate to the permanent database.
** "cert" is the temporary cert
** "nickname" is the permanent nickname to use
** "trust" is the certificate trust parameters to assign to the cert
*/
extern SECStatus
CERT_AddTempCertToPerm (CERTCertificate *cert, char *nickname, CERTCertTrust *trust);
CERT_DecodeCertificate (SECItem *derCert, char *nickname,PRBool copyDER);
/*
** Find a certificate in the database
@ -424,16 +409,6 @@ CERT_AddTempCertToPerm (CERTCertificate *cert, char *nickname, CERTCertTrust *tr
*/
extern CERTCertificate *CERT_FindCertByKey(CERTCertDBHandle *handle, SECItem *key);
/*
* Lookup a certificate in the databases without locking
* "certKey" is the database key to look for
*
* XXX - this should be internal, but pkcs 11 needs to call it during a
* traversal.
*/
CERTCertificate *
CERT_FindCertByKeyNoLocking(CERTCertDBHandle *handle, SECItem *certKey);
/*
** Find a certificate in the database by name
** "name" is the distinguished name to look up
@ -470,6 +445,7 @@ CERT_FindCertByIssuerAndSN (CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAnd
*/
extern CERTCertificate *
CERT_FindCertByNickname (CERTCertDBHandle *handle, char *nickname);
/*
** Find a certificate in the database by a DER encoded certificate
** "derCert" is the DER encoded certificate
@ -504,17 +480,6 @@ CERT_FindCertBySPKDigest(CERTCertDBHandle *handle, SECItem *spkDigest);
CERTCertificate *
CERT_FindCertIssuer(CERTCertificate *cert, int64 validTime, SECCertUsage usage);
/*
** Delete a certificate from the temporary database
** "cert" is the certificate to be deleted
*/
extern SECStatus CERT_DeleteTempCertificate(CERTCertificate *cert);
/*
** Flush and close the permanent database.
*/
extern void CERT_ClosePermCertDB(CERTCertDBHandle *handle);
/*
** Check the validity times of a certificate vs. time 't', allowing
** some slop for broken clocks and stuff.
@ -641,6 +606,14 @@ extern char *CERT_HTMLCertInfo(CERTCertificate *cert, PRBool showImages,
*/
extern SECItem *CERT_DecodeAVAValue(SECItem *derAVAValue);
/*
* take a DER certificate and decode it into a certificate structure
*/
CERTCertificate *
CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
char *nickname);
/*
** extract various element strings from a distinguished name.
@ -926,32 +899,6 @@ extern void CERT_DestroyCertificateList(CERTCertificateList *list);
/* is cert a newer than cert b? */
PRBool CERT_IsNewer(CERTCertificate *certa, CERTCertificate *certb);
typedef SECStatus (* CERTCertCallback)(CERTCertificate *cert, void *arg);
SECStatus
CERT_TraversePermCertsForSubject(CERTCertDBHandle *handle, SECItem *derSubject,
CERTCertCallback cb, void *cbarg);
int
CERT_NumPermCertsForSubject(CERTCertDBHandle *handle, SECItem *derSubject);
SECStatus
CERT_TraversePermCertsForNickname(CERTCertDBHandle *handle, char *nickname,
CERTCertCallback cb, void *cbarg);
int
CERT_NumPermCertsForNickname(CERTCertDBHandle *handle, char *nickname);
int
CERT_NumCertsForCertSubject(CERTCertificate *cert);
int
CERT_NumPermCertsForCertSubject(CERTCertificate *cert);
SECStatus
CERT_TraverseCertsForSubject(CERTCertDBHandle *handle,
CERTSubjectList *subjectList,
CERTCertCallback cb, void *cbarg);
/* currently a stub for address book */
PRBool
CERT_IsCertRevoked(CERTCertificate *cert);
@ -1009,12 +956,6 @@ CERT_SaveSMimeProfile(CERTCertificate *cert, SECItem *emailProfile,
SECItem *
CERT_FindSMimeProfile(CERTCertificate *cert);
int
CERT_GetDBContentVersion(CERTCertDBHandle *handle);
void
CERT_SetDBContentVersion(int version, CERTCertDBHandle *handle);
SECStatus
CERT_AddNewCerts(CERTCertDBHandle *handle);
@ -1370,6 +1311,8 @@ CERT_GetStatusConfig(CERTCertDBHandle *handle);
void
CERT_SetStatusConfig(CERTCertDBHandle *handle, CERTStatusConfig *config);
/*
* Acquire the cert reference count lock
* There is currently one global lock for all certs, but I'm putting a cert

164
security/nss/lib/certdb/certdb.c
Просмотреть файл

@ -34,7 +34,7 @@
/*
* Certificate handling code
*
* $Id: certdb.c,v 1.16 2001/10/19 18:05:37 ian.mcgreer%sun.com Exp $
* $Id: certdb.c,v 1.17 2001/11/08 00:14:39 relyea%netscape.com Exp $
*/
#include "nssilock.h"
@ -58,7 +58,7 @@
#include "secerr.h"
#include "sslerr.h"
#include "nsslocks.h"
#include "cdbhdl.h"
#include "pk11func.h"
#ifndef NSS_3_4_CODE
#define NSS_3_4_CODE
@ -462,7 +462,7 @@ fortezzaIsCA( CERTCertificate *cert) {
unsigned char *end;
int len;
rawkey = spki->subjectPublicKey;
rawkey = spki->subjectPublicKey;
DER_ConvertBitString(&rawkey);
rawptr = rawkey.data;
end = rawkey.data + rawkey.len;
@ -489,7 +489,7 @@ fortezzaIsCA( CERTCertificate *cert) {
/* DSSPrivilege (the string up to the first byte with the hi-bit on */
if (*rawptr & 0x30) isCA = PR_TRUE;
}
return isCA;
}
@ -627,12 +627,12 @@ CERT_GetCertType(CERTCertificate *cert)
cert->nsCertType = NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER |
NS_CERT_TYPE_EMAIL;
/* if the basic constraint extension says the cert is a CA, then
/* if the basic constraint extension says the cert is a CA, then
allow SSL CA and EMAIL CA and Status Responder */
if ((basicConstraintPresent == PR_TRUE)
&& (basicConstraint.isCA)) {
cert->nsCertType |= NS_CERT_TYPE_SSL_CA;
cert->nsCertType |= NS_CERT_TYPE_EMAIL_CA;
cert->nsCertType |= NS_CERT_TYPE_SSL_CA;
cert->nsCertType |= NS_CERT_TYPE_EMAIL_CA;
cert->nsCertType |= EXT_KEY_USAGE_STATUS_RESPONDER;
} else if (CERT_IsCACert(cert, NULL) == PR_TRUE) {
cert->nsCertType |= EXT_KEY_USAGE_STATUS_RESPONDER;
@ -640,8 +640,8 @@ CERT_GetCertType(CERTCertificate *cert)
/* if the cert is a fortezza CA cert, then allow SSL CA and EMAIL CA */
if (fortezzaIsCA(cert)) {
cert->nsCertType |= NS_CERT_TYPE_SSL_CA;
cert->nsCertType |= NS_CERT_TYPE_EMAIL_CA;
cert->nsCertType |= NS_CERT_TYPE_SSL_CA;
cert->nsCertType |= NS_CERT_TYPE_EMAIL_CA;
}
}
@ -688,9 +688,9 @@ cert_GetKeyID(CERTCertificate *cert)
cert->subjectKeyID.data = (unsigned char *)PORT_ArenaAlloc(cert->arena, 8);
if ( cert->subjectKeyID.data != NULL ) {
PORT_Memcpy(cert->subjectKeyID.data, key->u.fortezza.KMID, 8);
cert->subjectKeyID.len = 8;
cert->keyIDGenerated = PR_FALSE;
PORT_Memcpy(cert->subjectKeyID.data, key->u.fortezza.KMID, 8);
cert->subjectKeyID.len = 8;
cert->keyIDGenerated = PR_FALSE;
}
}
@ -705,7 +705,7 @@ cert_GetKeyID(CERTCertificate *cert)
*/
cert->subjectKeyID.data = (unsigned char *)PORT_ArenaAlloc(cert->arena, SHA1_LENGTH);
if ( cert->subjectKeyID.data != NULL ) {
rv = SHA1_HashBuf(cert->subjectKeyID.data,
rv = PK11_HashBuf(SEC_OID_SHA1,cert->subjectKeyID.data,
cert->derPublicKey.data,
cert->derPublicKey.len);
if ( rv == SECSuccess ) {
@ -725,7 +725,7 @@ cert_GetKeyID(CERTCertificate *cert)
* take a DER certificate and decode it into a certificate structure
*/
CERTCertificate *
__CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
char *nickname)
{
CERTCertificate *cert;
@ -833,7 +833,7 @@ __CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
cert->referenceCount = 1;
cert->slot = NULL;
cert->pkcs11ID = CK_INVALID_KEY;
cert->pkcs11ID = CK_INVALID_HANDLE;
cert->dbnickname = NULL;
return(cert);
@ -848,12 +848,13 @@ loser:
}
CERTCertificate *
CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
__CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
char *nickname)
{
return(__CERT_DecodeDERCertificate(derSignedCert, copyDER, nickname));
return CERT_DecodeDERCertificate(derSignedCert, copyDER, nickname);
}
/*
** Amount of time that a certifiate is allowed good before it is actually
** good. This is used for pending certificates, ones that are about to be
@ -909,7 +910,7 @@ CERT_CheckCertValidTimes(CERTCertificate *c, PRTime t, PRBool allowOverride)
/* if cert is already marked OK, then don't bother to check */
if ( allowOverride && c->timeOK ) {
return(secCertTimeValid);
return(secCertTimeValid);
}
rv = CERT_GetCertTimes(c, &notBefore, &notAfter);
@ -1184,70 +1185,6 @@ CERT_GetDefaultCertDB(void)
return(default_cert_db_handle);
}
/*
* Open volatile certificate database and index databases. This is a
* fallback if the real databases can't be opened or created. It is only
* resident in memory, so it will not be persistent. We do this so that
* we don't crash if the databases can't be created.
*/
SECStatus
CERT_OpenVolatileCertDB(CERTCertDBHandle *handle)
{
#ifndef STAN_CERT_DB
#define DBM_DEFAULT 0
static const HASHINFO hashInfo = {
DBM_DEFAULT, /* bucket size */
DBM_DEFAULT, /* fill factor */
DBM_DEFAULT, /* number of elements */
256 * 1024, /* bytes to cache */
DBM_DEFAULT, /* hash function */
DBM_DEFAULT /* byte order */
};
/*
* Open the memory resident perm cert database.
*/
handle->permCertDB = dbopen(0, O_RDWR | O_CREAT, 0600, DB_HASH, &hashInfo);
if ( !handle->permCertDB ) {
goto loser;
}
/*
* Open the memory resident decoded cert database.
*/
handle->tempCertDB = dbopen(0, O_RDWR | O_CREAT, 0600, DB_HASH, &hashInfo);
if ( !handle->tempCertDB ) {
goto loser;
}
handle->dbMon = PZ_NewMonitor(nssILockCertDB);
PORT_Assert(handle->dbMon != NULL);
handle->spkDigestInfo = NULL;
handle->statusConfig = NULL;
/* initialize the cert database */
(void) CERT_InitCertDB(handle);
return (SECSuccess);
loser:
PORT_SetError(SEC_ERROR_BAD_DATABASE);
if ( handle->permCertDB ) {
(* handle->permCertDB->close)(handle->permCertDB);
handle->permCertDB = 0;
}
if ( handle->tempCertDB ) {
(* handle->tempCertDB->close)(handle->tempCertDB);
handle->tempCertDB = 0;
}
#endif
return(SECFailure);
}
/* XXX this would probably be okay/better as an xp routine? */
static void
sec_lower_string(char *s)
@ -1272,14 +1209,14 @@ SECStatus
CERT_AddOKDomainName(CERTCertificate *cert, const char *hn)
{
CERTOKDomainName *domainOK;
int newNameLen;
int newNameLen;
if (!hn || !(newNameLen = strlen(hn))) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
domainOK = (CERTOKDomainName *)PORT_ArenaZAlloc(cert->arena,
(sizeof *domainOK) + newNameLen);
(sizeof *domainOK) + newNameLen);
if (!domainOK)
return SECFailure; /* error code is already set. */
@ -1705,14 +1642,12 @@ CERT_IsCACert(CERTCertificate *cert, unsigned int *rettype)
return(ret);
}
PRBool
CERT_IsCADERCert(SECItem *derCert, unsigned int *type) {
CERTCertificate *cert;
PRBool isCA;
cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), derCert, NULL,
PR_FALSE, PR_TRUE);
cert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL);
if (cert == NULL) return PR_FALSE;
isCA = CERT_IsCACert(cert,type);
@ -1961,8 +1896,8 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
/* decode all of the certs into the temporary DB */
for ( i = 0, fcerts= 0; i < ncerts; i++) {
certs[fcerts] = CERT_NewTempCertificate(certdb, derCerts[i], NULL,
PR_FALSE, PR_TRUE);
certs[fcerts] = CERT_DecodeDERCertificate(derCerts[i], PR_FALSE,
NULL);
if (certs[fcerts]) fcerts++;
}
@ -1975,10 +1910,11 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
* otherwise if there are more than one cert, we don't
* know which cert it belongs to.
*/
rv = CERT_SaveImportedCert(certs[i], usage, caOnly, NULL);
rv = PK11_ImportCert(PK11_GetInternalKeySlot(),certs[i],
CK_INVALID_HANDLE,NULL,PR_TRUE);
} else {
rv = CERT_SaveImportedCert(certs[i], usage, caOnly,
nickname);
rv = PK11_ImportCert(PK11_GetInternalKeySlot(),certs[i],
CK_INVALID_HANDLE,nickname,PR_TRUE);
}
/* don't care if it fails - keep going */
}
@ -2321,40 +2257,6 @@ loser:
return(SECFailure);
}
/*
* Acquire the global lock on the cert database.
* This lock is currently used for the following operations:
* adding or deleting a cert to either the temp or perm databases
* converting a temp to perm or perm to temp
* changing(maybe just adding !?) the trust of a cert
* chaning the DB status checking Configuration
*/
void
CERT_LockDB(CERTCertDBHandle *handle)
{
#ifndef STAN_CERT_DB
PZ_EnterMonitor(handle->dbMon);
return;
#endif
}
/*
* Free the global cert database lock.
*/
void
CERT_UnlockDB(CERTCertDBHandle *handle)
{
#ifndef STAN_CERT_DB
PRStatus prstat;
prstat = PZ_ExitMonitor(handle->dbMon);
PORT_Assert(prstat == PR_SUCCESS);
return;
#endif
}
static PZLock *certRefCountLock = NULL;
/*
@ -2436,7 +2338,12 @@ CERT_UnlockCertTrust(CERTCertificate *cert)
CERTStatusConfig *
CERT_GetStatusConfig(CERTCertDBHandle *handle)
{
#ifdef notdef
return handle->statusConfig;
#else
/*PORT_Assert(0); */
return NULL;
#endif
}
/*
@ -2446,7 +2353,10 @@ CERT_GetStatusConfig(CERTCertDBHandle *handle)
void
CERT_SetStatusConfig(CERTCertDBHandle *handle, CERTStatusConfig *statusConfig)
{
#ifdef notdef
PORT_Assert(handle->statusConfig == NULL);
handle->statusConfig = statusConfig;
#else
PORT_Assert(0);
#endif
}

400
security/nss/lib/certdb/certdb.h
Просмотреть файл

@ -34,247 +34,6 @@
#ifndef _CERTDB_H_
#define _CERTDB_H_
#include "plarena.h"
#include "prlong.h"
/*
* Certificate Database related definitions and data structures
*/
/* version number of certificate database */
#define CERT_DB_FILE_VERSION 7
#ifdef USE_NS_ROOTS
#define CERT_DB_CONTENT_VERSION 28
#else
#define CERT_DB_CONTENT_VERSION 2
#endif
#define SEC_DB_ENTRY_HEADER_LEN 3
#define SEC_DB_KEY_HEADER_LEN 1
/* All database entries have this form:
*
* byte offset field
* ----------- -----
* 0 version
* 1 type
* 2 flags
*/
/* database entry types */
typedef enum {
certDBEntryTypeVersion = 0,
certDBEntryTypeCert = 1,
certDBEntryTypeNickname = 2,
certDBEntryTypeSubject = 3,
certDBEntryTypeRevocation = 4,
certDBEntryTypeKeyRevocation = 5,
certDBEntryTypeSMimeProfile = 6,
certDBEntryTypeContentVersion = 7
} certDBEntryType;
typedef struct {
certDBEntryType type;
unsigned int version;
unsigned int flags;
PRArenaPool *arena;
} certDBEntryCommon;
/*
* Certificate entry:
*
* byte offset field
* ----------- -----
* 0 sslFlags-msb
* 1 sslFlags-lsb
* 2 emailFlags-msb
* 3 emailFlags-lsb
* 4 objectSigningFlags-msb
* 5 objectSigningFlags-lsb
* 6 derCert-len-msb
* 7 derCert-len-lsb
* 8 nickname-len-msb
* 9 nickname-len-lsb
* ... derCert
* ... nickname
*
* NOTE: the nickname string as stored in the database is null terminated,
* in other words, the last byte of the db entry is always 0
* if a nickname is present.
* NOTE: if nickname is not present, then nickname-len-msb and
* nickname-len-lsb will both be zero.
*/
struct _certDBEntryCert {
certDBEntryCommon common;
CERTCertTrust trust;
SECItem derCert;
char *nickname;
};
/*
* Certificate Nickname entry:
*
* byte offset field
* ----------- -----
* 0 subjectname-len-msb
* 1 subjectname-len-lsb
* 2... subjectname
*
* The database key for this type of entry is a nickname string
* The "subjectname" value is the DER encoded DN of the identity
* that matches this nickname.
*/
typedef struct {
certDBEntryCommon common;
char *nickname;
SECItem subjectName;
} certDBEntryNickname;
#define DB_NICKNAME_ENTRY_HEADER_LEN 2
/*
* Certificate Subject entry:
*
* byte offset field
* ----------- -----
* 0 ncerts-msb
* 1 ncerts-lsb
* 2 nickname-msb
* 3 nickname-lsb
* 4 emailAddr-msb
* 5 emailAddr-lsb
* ... nickname
* ... emailAddr
* ...+2*i certkey-len-msb
* ...+1+2*i certkey-len-lsb
* ...+2*ncerts+2*i keyid-len-msb
* ...+1+2*ncerts+2*i keyid-len-lsb
* ... certkeys
* ... keyids
*
* The database key for this type of entry is the DER encoded subject name
* The "certkey" value is an array of certificate database lookup keys that
* points to the database entries for the certificates that matche
* this subject.
*
*/
typedef struct _certDBEntrySubject {
certDBEntryCommon common;
SECItem derSubject;
unsigned int ncerts;
char *nickname;
char *emailAddr;
SECItem *certKeys;
SECItem *keyIDs;
} certDBEntrySubject;
#define DB_SUBJECT_ENTRY_HEADER_LEN 6
/*
* Certificate SMIME profile entry:
*
* byte offset field
* ----------- -----
* 0 subjectname-len-msb
* 1 subjectname-len-lsb
* 2 smimeoptions-len-msb
* 3 smimeoptions-len-lsb
* 4 options-date-len-msb
* 5 options-date-len-lsb
* 6... subjectname
* ... smimeoptions
* ... options-date
*
* The database key for this type of entry is the email address string
* The "subjectname" value is the DER encoded DN of the identity
* that matches this nickname.
* The "smimeoptions" value is a string that represents the algorithm
* capabilities on the remote user.
* The "options-date" is the date that the smime options value was created.
* This is generally the signing time of the signed message that contained
* the options. It is a UTCTime value.
*/
typedef struct {
certDBEntryCommon common;
char *emailAddr;
SECItem subjectName;
SECItem smimeOptions;
SECItem optionsDate;
} certDBEntrySMime;
#define DB_SMIME_ENTRY_HEADER_LEN 6
/*
* Crl/krl entry:
*
* byte offset field
* ----------- -----
* 0 derCert-len-msb
* 1 derCert-len-lsb
* 2 url-len-msb
* 3 url-len-lsb
* ... derCert
* ... url
*
* NOTE: the url string as stored in the database is null terminated,
* in other words, the last byte of the db entry is always 0
* if a nickname is present.
* NOTE: if url is not present, then url-len-msb and
* url-len-lsb will both be zero.
*/
#define DB_CRL_ENTRY_HEADER_LEN 4
struct _certDBEntryRevocation {
certDBEntryCommon common;
SECItem derCrl;
char *url; /* where to load the crl from */
};
/*
* Database Version Entry:
*
* byte offset field
* ----------- -----
* only the low level header...
*
* The database key for this type of entry is the string "Version"
*/
typedef struct {
certDBEntryCommon common;
} certDBEntryVersion;
#define SEC_DB_VERSION_KEY "Version"
#define SEC_DB_VERSION_KEY_LEN sizeof(SEC_DB_VERSION_KEY)
/*
* Database Content Version Entry:
*
* byte offset field
* ----------- -----
* 0 contentVersion
*
* The database key for this type of entry is the string "ContentVersion"
*/
typedef struct {
certDBEntryCommon common;
char contentVersion;
} certDBEntryContentVersion;
#define SEC_DB_CONTENT_VERSION_KEY "ContentVersion"
#define SEC_DB_CONTENT_VERSION_KEY_LEN sizeof(SEC_DB_CONTENT_VERSION_KEY)
typedef union {
certDBEntryCommon common;
certDBEntryVersion version;
certDBEntryCert cert;
certDBEntryNickname nickname;
certDBEntrySubject subject;
certDBEntryRevocation revocation;
} certDBEntry;
/* length of the fixed part of a database entry */
#define DBCERT_V4_HEADER_LEN 7
#define DB_CERT_V5_ENTRY_HEADER_LEN 7
#define DB_CERT_V6_ENTRY_HEADER_LEN 7
#define DB_CERT_ENTRY_HEADER_LEN 10
/* common flags for all types of certificates */
#define CERTDB_VALID_PEER (1<<0)
@ -288,71 +47,9 @@ typedef union {
#define CERTDB_INVISIBLE_CA (1<<8) /* don't show in UI */
#define CERTDB_GOVT_APPROVED_CA (1<<9) /* can do strong crypto in export ver */
SEC_BEGIN_PROTOS
/*
** Add a DER encoded certificate to the permanent database.
** "derCert" is the DER encoded certificate.
** "nickname" is the nickname to use for the cert
** "trust" is the trust parameters for the cert
*/
SECStatus SEC_AddPermCertificate(CERTCertDBHandle *handle, SECItem *derCert,
char *nickname, CERTCertTrust *trust);
certDBEntryCert *
SEC_FindPermCertByKey(CERTCertDBHandle *handle, SECItem *certKey);
certDBEntryCert
*SEC_FindPermCertByName(CERTCertDBHandle *handle, SECItem *name);
SECStatus SEC_OpenPermCertDB(CERTCertDBHandle *handle,
PRBool readOnly,
CERTDBNameFunc namecb,
void *cbarg);
SECStatus SEC_DeletePermCertificate(CERTCertificate *cert);
typedef SECStatus (PR_CALLBACK * PermCertCallback)(CERTCertificate *cert,
SECItem *k, void *pdata);
/*
** Traverse the entire permanent database, and pass the certs off to a
** user supplied function.
** "certfunc" is the user function to call for each certificate
** "udata" is the user's data, which is passed through to "certfunc"
*/
SECStatus
SEC_TraversePermCerts(CERTCertDBHandle *handle,
PermCertCallback certfunc,
void *udata );
SECStatus
SEC_AddTempNickname(CERTCertDBHandle *handle, char *nickname, SECItem *certKey);
SECStatus
SEC_DeleteTempNickname(CERTCertDBHandle *handle, char *nickname);
PRBool
SEC_CertNicknameConflict(char *nickname, SECItem *derSubject,
CERTCertDBHandle *handle);
PRBool
SEC_CertDBKeyConflict(SECItem *derCert, CERTCertDBHandle *handle);
SECStatus
SEC_GetCrlTimes(CERTCrl *dates, PRTime *notBefore, PRTime *notAfter);
SECCertTimeValidity
SEC_CheckCrlTimes(CERTCrl *crl, PRTime t);
PRBool
SEC_CrlIsNewer(CERTCrl *inNew, CERTCrl *old);
CERTSignedCrl *
SEC_AddPermCrlToTemp(CERTCertDBHandle *handle, certDBEntryRevocation *entry);
SECStatus
SEC_DeleteTempCrl(CERTSignedCrl *crl);
CERTSignedCrl *
SEC_FindCrlByKey(CERTCertDBHandle *handle, SECItem *crlKey, int type);
@ -362,25 +59,12 @@ SEC_FindCrlByName(CERTCertDBHandle *handle, SECItem *crlKey, int type);
CERTSignedCrl *
SEC_FindCrlByDERCert(CERTCertDBHandle *handle, SECItem *derCrl, int type);
SECStatus
SEC_DestroyCrl(CERTSignedCrl *crl);
PRBool
SEC_CertNicknameConflict(char *nickname, SECItem *derSubject,
CERTCertDBHandle *handle);
CERTSignedCrl *
SEC_NewCrl(CERTCertDBHandle *handle, char *url, SECItem *derCrl, int type);
CERTSignedCrl *
cert_DBInsertCRL
(CERTCertDBHandle *handle, char *url,
CERTSignedCrl *newCrl, SECItem *derCrl, int type);
SECStatus
SEC_CheckKRL(CERTCertDBHandle *handle,SECKEYPublicKey *key,
CERTCertificate *rootCert, int64 t, void *wincx);
SECStatus
SEC_CheckCRL(CERTCertDBHandle *handle,CERTCertificate *cert,
CERTCertificate *caCert, int64 t, void *wincx);
SECStatus
SEC_DeletePermCRL(CERTSignedCrl *crl);
@ -388,8 +72,82 @@ SEC_DeletePermCRL(CERTSignedCrl *crl);
SECStatus
SEC_LookupCrls(CERTCertDBHandle *handle, CERTCrlHeadNode **nodes, int type);
SECStatus
SEC_DestroyCrl(CERTSignedCrl *crl);
#ifdef notdef
/*
** Add a DER encoded certificate to the permanent database.
** "derCert" is the DER encoded certificate.
** "nickname" is the nickname to use for the cert
** "trust" is the trust parameters for the cert
*/
SECStatus SEC_AddPermCertificate(PCERTCertDBHandle *handle, SECItem *derCert,
char *nickname, PCERTCertTrust *trust);
certDBEntryCert *
SEC_FindPermCertByKey(PCERTCertDBHandle *handle, SECItem *certKey);
certDBEntryCert
*SEC_FindPermCertByName(PCERTCertDBHandle *handle, SECItem *name);
SECStatus SEC_OpenPermCertDB(PCERTCertDBHandle *handle,
PRBool readOnly,
PCERTDBNameFunc namecb,
void *cbarg);
SECStatus SEC_DeletePermCertificate(PCERTCertificate *cert);
typedef SECStatus (PR_CALLBACK * PermCertCallback)(PCERTCertificate *cert,
SECItem *k, void *pdata);
/*
** Traverse the entire permanent database, and pass the certs off to a
** user supplied function.
** "certfunc" is the user function to call for each certificate
** "udata" is the user's data, which is passed through to "certfunc"
*/
SECStatus
SEC_CrlReplaceUrl(CERTSignedCrl *crl,char *url);
PCERT_TraversePermCerts(PCERTCertDBHandle *handle,
PermCertCallback certfunc,
void *udata );
SECStatus
SEC_AddTempNickname(PCERTCertDBHandle *handle, char *nickname, SECItem *certKey);
SECStatus
SEC_DeleteTempNickname(PCERTCertDBHandle *handle, char *nickname);
PRBool
SEC_CertDBKeyConflict(SECItem *derCert, PCERTCertDBHandle *handle);
SECStatus
SEC_GetCrlTimes(PCERTCrl *dates, PRTime *notBefore, PRTime *notAfter);
SECCertTimeValidity
SEC_CheckCrlTimes(PCERTCrl *crl, PRTime t);
PRBool
SEC_CrlIsNewer(PCERTCrl *inNew, PCERTCrl *old);
PCERTSignedCrl *
SEC_AddPermCrlToTemp(PCERTCertDBHandle *handle, certDBEntryRevocation *entry);
SECStatus
SEC_DeleteTempCrl(PCERTSignedCrl *crl);
SECStatus
SEC_CheckKRL(PCERTCertDBHandle *handle,SECKEYLowPublicKey *key,
PCERTCertificate *rootCert, int64 t, void *wincx);
SECStatus
SEC_CheckCRL(PCERTCertDBHandle *handle,PCERTCertificate *cert,
PCERTCertificate *caCert, int64 t, void *wincx);
SECStatus
SEC_CrlReplaceUrl(PCERTSignedCrl *crl,char *url);
#endif
SEC_END_PROTOS

416
security/nss/lib/certdb/certinit.c
Просмотреть файл

@ -1,416 +0,0 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "cert.h"
#include "base64.h"
#include "mcom_db.h"
#include "certdb.h"
#ifdef STATIC_CERT_INIT
static char example_com_server_ca[] =
"MIICBTCCAW6gAwIBAgIBATANBgkqhkiG9w0BAQQFADA+MREwDwYICZIm9ZgeZAET"
"A2NvbTEVMBMGCAmSJvWYHmQBEwdFeGFtcGxlMRIwEAYDVQQDEwlTZXJ2ZXIgQ0Ew"
"HhcNMDAwMjAzMjIyMDA3WhcNMTAwNTAzMjIyMDA3WjA+MREwDwYICZIm9ZgeZAET"
"A2NvbTEVMBMGCAmSJvWYHmQBEwdFeGFtcGxlMRIwEAYDVQQDEwlTZXJ2ZXIgQ0Ew"
"gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALGiKEvTd2k4ZJbdAVWokfFlB6Hz"
"WJXveXm8+IgmFlgtAnicZI11z5wAutFRvDpun7WmRLgHxvEhU3tLoiACGYdGJXPw"
"+lI2pzHzFSd63B0qcA/NVAW3EOBJeaEFwy0jkUaCIki8qQV06g8RosNX/zv6a+OF"
"d5NMpS0fecK4fEvdAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN"
"AQEEBQADgYEAi5rFiG6afWS1PHigssk2LwAJws5cszPbVIeIMHCBbtu259V7uWts"
"gNxUPJRjeQBsK0ItAfinC0xxLeuMbRfIdZoRYv/OYDxCwGW7hUcNLi+fHlGnJNXH"
"TWaCRdOwkljnws4v8ABas2DYA/k7xUFAygkIJd9NtE29ZrdrWpfSavI=";
static char example_com_individual_ca[] =
"MIICDTCCAXagAwIBAgIBAjANBgkqhkiG9w0BAQQFADBCMREwDwYICZIm9ZgeZAET"
"A2NvbTEVMBMGCAmSJvWYHmQBEwdFeGFtcGxlMRYwFAYDVQQDEw1JbmRpdmlkdWFs"
"IENBMB4XDTAwMDIwMzIyMjE1NFoXDTEwMDUwMzIyMjE1NFowQjERMA8GCAmSJvWY"
"HmQBEwNjb20xFTATBggJkib1mB5kARMHRXhhbXBsZTEWMBQGA1UEAxMNSW5kaXZp"
"ZHVhbCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu5syfboe93MOkGec"
"dOuJholyX42wcaH/RgnL3C/8NnZp9WWaTaguvn7KrbCj4TAMzu0pabUN8apB3J60"
"9C/FlixjXF7r73OzbyTCM5ja6/bPfmHMPmDl9l/9tKqhh+loFvRizXDaWSFRViDS"
"XvKNeQztwwAOpEAqnJwyTkn4FjECAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zAN"
"BgkqhkiG9w0BAQQFAAOBgQB1XK+5pXdXYq3O3TC/ZY5LWlZ7zuoWUO75OpuMY7XF"
"iW/jeXbVT5IYZXoRGXJFGGaDmnAuK1/m6FTDhjSTG0XUmd5tg4aFieI+LY4rkYEv"
"mbJElxKabXl5hVD4mg2bwYlFY7XBmifTa1Ll3HDX3VZM0DC1bm4KCHBnY0qXjSYq"
"PA==";
static char example_com_objsign_ca[] =
"MIICETCCAXqgAwIBAgIBAzANBgkqhkiG9w0BAQQFADBEMREwDwYICZIm9ZgeZAET"
"A2NvbTEVMBMGCAmSJvWYHmQBEwdFeGFtcGxlMRgwFgYDVQQDEw9Db2RlIFNpZ25p"
"bmcgQ0EwHhcNMDAwMjAzMjIyMzEzWhcNMTAwNTAzMjIyMzEzWjBEMREwDwYICZIm"
"9ZgeZAETA2NvbTEVMBMGCAmSJvWYHmQBEwdFeGFtcGxlMRgwFgYDVQQDEw9Db2Rl"
"IFNpZ25pbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALcy76InmpM9"
"S9K2MlNSjusx6nkYWWbx7eDRTV+xhRPeDxW4t8jtKPqDF5LTusyM9WCI/nneqsIP"
"7iTSHpxlGx37J1VbqKX5fZsfJ3wKv6ZIylzeRuFY9MFypPA2UmVd1ACDOUB3YDvY"
"mrCVkOPEhjnZKbq4FfCpf8KNL2A5EBcZAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMB"
"Af8wDQYJKoZIhvcNAQEEBQADgYEAI0IXzwgBRXvow3JQi8Y4YdG2wZc4BWRGW87x"
"2zOD7GOA0CWN149vb6rEchECykDsJj9LoBl6o1aRxk9WkIFnXmMOJSuJA+ilCe//"
"81a5OhKbe0p7ym6rh190BLwh2VePFeyabq6NipfZlN6qgWUzoepf+jVblufW/2EI"
"fbMSylc=";
#endif
/* This is the cert->certKey (serial number and issuer name) of
* the cert that we want to revoke.
*/
static unsigned char revoked_system_principal_key[] = {
0x40, 0x18, 0xf2, 0x35, 0x86, 0x06, 0x78, 0xce, 0x87, 0x89,
0x0c, 0x5d, 0x68, 0x67, 0x33, 0x09, 0x30, 0x81, 0xc1, 0x31,
0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x16,
0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54,
0x72, 0x75, 0x73, 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f,
0x72, 0x6b, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04,
0x0b, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67,
0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x3a, 0x30,
0x38, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x31, 0x56, 0x65,
0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x4f, 0x62, 0x6a,
0x65, 0x63, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e,
0x67, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x43, 0x6c, 0x61,
0x73, 0x73, 0x20, 0x33, 0x20, 0x4f, 0x72, 0x67, 0x61, 0x6e,
0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x49, 0x30,
0x47, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x40, 0x77, 0x77,
0x77, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e,
0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x50, 0x53, 0x20, 0x49,
0x6e, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x62, 0x79, 0x20, 0x52,
0x65, 0x66, 0x2e, 0x20, 0x4c, 0x49, 0x41, 0x42, 0x49, 0x4c,
0x49, 0x54, 0x59, 0x20, 0x4c, 0x54, 0x44, 0x2e, 0x28, 0x63,
0x29, 0x39, 0x37, 0x20, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69,
0x67, 0x6e
};
SECStatus
CERT_CheckForEvilCert(CERTCertificate *cert)
{
if ( cert->certKey.len == sizeof(revoked_system_principal_key) ) {
if ( PORT_Memcmp(cert->certKey.data,
revoked_system_principal_key,
sizeof(revoked_system_principal_key)) == 0 ) {
return(SECFailure);
}
}
return(SECSuccess);
}
#ifdef STATIC_CERT_INIT
#define DEFAULT_TRUST_FLAGS (CERTDB_VALID_CA | \
CERTDB_TRUSTED_CA | \
CERTDB_NS_TRUSTED_CA)
typedef enum {
certUpdateNone,
certUpdateAdd,
certUpdateDelete,
certUpdateAddTrust,
certUpdateRemoveTrust,
certUpdateSetTrust
} certUpdateOp;
typedef struct {
char *cert;
char *nickname;
CERTCertTrust trust;
int updateVersion;
certUpdateOp op;
CERTCertTrust trustDelta;
} certInitEntry;
static certInitEntry initialcerts[] = {
{
example_com_server_ca,
"Example.com Server CA",
{ DEFAULT_TRUST_FLAGS | CERTDB_GOVT_APPROVED_CA, 0, 0 },
1,
certUpdateAdd,
{ 0, 0, 0 }
},
{
example_com_server_ca,
"Example.com Server CA",
{ DEFAULT_TRUST_FLAGS | CERTDB_GOVT_APPROVED_CA, 0, 0 },
2,
certUpdateAddTrust,
{ CERTDB_GOVT_APPROVED_CA, 0, 0 }
},
{
example_com_individual_ca,
"Example.com Individual CA",
{ 0, DEFAULT_TRUST_FLAGS, 0 },
1,
certUpdateAdd,
{ 0, 0, 0 }
},
{
example_com_individual_ca,
"Example.com Individual CA",
{ 0, DEFAULT_TRUST_FLAGS, 0 },
2,
certUpdateRemoveTrust,
{ 0, 0, DEFAULT_TRUST_FLAGS }
},
{
example_com_objsign_ca,
"Example.com Code Signing CA",
{ 0, 0, DEFAULT_TRUST_FLAGS },
2,
certUpdateAdd,
{ 0, 0, 0 }
},
{
0, 0
}
};
static SECStatus
ConvertAndCheckCertificate(CERTCertDBHandle *handle, char *asciicert,
char *nickname, CERTCertTrust *trust)
{
SECItem sdder;
SECStatus rv;
CERTCertificate *cert;
PRBool conflict;
SECItem derSubject;
/* First convert ascii to binary */
rv = ATOB_ConvertAsciiToItem (&sdder, asciicert);
if (rv != SECSuccess) {
return(rv);
}
/*
** Inside the ascii is a Signed Certificate.
*/
cert = NULL;
/* make sure that no conflicts exist */
conflict = SEC_CertDBKeyConflict(&sdder, handle);
if ( conflict ) {
goto done;
}
rv = CERT_NameFromDERCert(&sdder, &derSubject);
if ( rv != SECSuccess ) {
goto loser;
}
conflict = SEC_CertNicknameConflict(nickname, &derSubject, handle);
if ( conflict ) {
goto done;
}
cert = CERT_NewTempCertificate(handle, &sdder, NULL, PR_FALSE, PR_TRUE);
if ( cert == NULL ) {
goto loser;
}
rv = CERT_AddTempCertToPerm(cert, nickname, trust);
CERT_DestroyCertificate(cert);
if (rv == SECSuccess) {
/*
** XXX should verify signatures too, if we have the certificate for
** XXX its issuer...
*/
}
done:
PORT_Free(sdder.data);
return(rv);
loser:
return(SECFailure);
}
#endif
extern void certdb_InitDBLock(void);
SECStatus
CERT_InitCertDB(CERTCertDBHandle *handle)
{
#ifdef STATIC_CERT_INIT
SECStatus rv;
certInitEntry *entry;
certdb_InitDBLock();
entry = initialcerts;
while ( entry->cert != NULL) {
if ( entry->op != certUpdateDelete ) {
rv = ConvertAndCheckCertificate(handle, entry->cert,
entry->nickname, &entry->trust);
/* keep going */
}
entry++;
}
done:
CERT_SetDBContentVersion(CERT_DB_CONTENT_VERSION, handle);
return(rv);
#else
#ifdef DO_ANYTHING_HERE_FOR_3_4
certdb_InitDBLock();
CERT_SetDBContentVersion(0, handle);
#endif
return(SECSuccess);
#endif
}
#ifdef STATIC_CERT_INIT
static CERTCertificate *
CertFromEntry(CERTCertDBHandle *handle, char *asciicert)
{
SECItem sdder;
SECStatus rv;
CERTCertificate *cert;
/* First convert ascii to binary */
rv = ATOB_ConvertAsciiToItem (&sdder, asciicert);
if (rv != SECSuccess) {
return(NULL);
}
/*
** Inside the ascii is a Signed Certificate.
*/
cert = CERT_NewTempCertificate(handle, &sdder, NULL, PR_FALSE, PR_TRUE);
return(cert);
}
#endif
SECStatus
CERT_AddNewCerts(CERTCertDBHandle *handle)
{
#ifdef STATIC_CERT_INIT
int oldversion;
int newversion;
certInitEntry *entry;
CERTCertTrust tmptrust;
SECStatus rv;
CERTCertificate *cert;
newversion = CERT_DB_CONTENT_VERSION;
oldversion = CERT_GetDBContentVersion(handle);
if ( newversion > oldversion ) {
entry = initialcerts;
while ( entry->cert != NULL ) {
if ( entry->updateVersion > oldversion ) {
switch ( entry->op ) {
default:
break;
case certUpdateAdd:
rv = ConvertAndCheckCertificate(handle, entry->cert,
entry->nickname,
&entry->trust);
break;
case certUpdateDelete:
cert = CertFromEntry(handle, entry->cert);
if ( cert != NULL ) {
if ( cert->isperm ) {
rv = SEC_DeletePermCertificate(cert);
}
CERT_DestroyCertificate(cert);
}
break;
case certUpdateAddTrust:
cert = CertFromEntry(handle, entry->cert);
if ( cert != NULL ) {
if ( cert->isperm ) {
tmptrust = *cert->trust;
tmptrust.sslFlags |= entry->trustDelta.sslFlags;
tmptrust.emailFlags |=
entry->trustDelta.emailFlags;
tmptrust.objectSigningFlags |=
entry->trustDelta.objectSigningFlags;
rv = CERT_ChangeCertTrust(handle, cert,
&tmptrust);
}
CERT_DestroyCertificate(cert);
}
break;
case certUpdateRemoveTrust:
cert = CertFromEntry(handle, entry->cert);
if ( cert != NULL ) {
if ( cert->isperm ) {
tmptrust = *cert->trust;
tmptrust.sslFlags &=
(~entry->trustDelta.sslFlags);
tmptrust.emailFlags &=
(~entry->trustDelta.emailFlags);
tmptrust.objectSigningFlags &=
(~entry->trustDelta.objectSigningFlags);
rv = CERT_ChangeCertTrust(handle, cert,
&tmptrust);
}
CERT_DestroyCertificate(cert);
}
break;
case certUpdateSetTrust:
cert = CertFromEntry(handle, entry->cert);
if ( cert != NULL ) {
if ( cert->isperm ) {
tmptrust = *cert->trust;
tmptrust.sslFlags = entry->trustDelta.sslFlags;
tmptrust.emailFlags =
entry->trustDelta.emailFlags;
tmptrust.objectSigningFlags =
entry->trustDelta.objectSigningFlags;
rv = CERT_ChangeCertTrust(handle, cert,
&tmptrust);
}
CERT_DestroyCertificate(cert);
}
break;
}
}
entry++;
}
CERT_SetDBContentVersion(newversion, handle);
}
#endif
return(SECSuccess);
}

15
security/nss/lib/certdb/certt.h
Просмотреть файл

@ -33,7 +33,7 @@
/*
* certt.h - public data structures for the certificate library
*
* $Id: certt.h,v 1.10 2001/10/19 18:05:37 ian.mcgreer%sun.com Exp $
* $Id: certt.h,v 1.11 2001/11/08 00:14:39 relyea%netscape.com Exp $
*/
#ifndef _CERTT_H_
#define _CERTT_H_
@ -169,9 +169,6 @@ struct CERTPublicKeyAndChallengeStr {
SECItem challenge;
};
typedef struct _certDBEntryCert certDBEntryCert;
typedef struct _certDBEntryRevocation certDBEntryRevocation;
struct CERTCertTrustStr {
unsigned int sslFlags;
unsigned int emailFlags;
@ -215,7 +212,7 @@ struct CERTSubjectListStr {
char *emailAddr;
CERTSubjectNode *head;
CERTSubjectNode *tail; /* do we need tail? */
struct _certDBEntrySubject *entry;
void *entry;
};
/*
@ -275,7 +272,7 @@ struct CERTCertificateStr {
PRBool istemp;
char *nickname;
char *dbnickname;
certDBEntryCert *dbEntry; /* database entry struct */
void *dbEntry; /* database entry struct */
CERTCertTrust *trust;
/* the reference count is modified whenever someone looks up, dups
@ -404,8 +401,10 @@ struct CERTCrlKeyStr {
struct CERTSignedCrlStr {
PRArenaPool *arena;
CERTCrl crl;
certDBEntryRevocation *dbEntry; /* database entry struct */
PRBool keep; /* keep this crl in the cache for the session*/
/*certDBEntryRevocation *dbEntry; database entry struct */
PK11SlotInfo *slot;
/* PRBool keep; keep this crl in the cache for the session*/
CK_OBJECT_HANDLE pkcs11ID;
PRBool isperm;
PRBool istemp;
int referenceCount;

220
security/nss/lib/certdb/crl.c
Просмотреть файл

@ -34,7 +34,7 @@
/*
* Moved from secpkcs7.c
*
* $Id: crl.c,v 1.3 2001/05/07 21:07:23 relyea%netscape.com Exp $
* $Id: crl.c,v 1.4 2001/11/08 00:14:40 relyea%netscape.com Exp $
*/
#include "cert.h"
@ -45,6 +45,7 @@
#include "certxutl.h"
#include "prtime.h"
#include "secerr.h"
#include "pk11func.h"
const SEC_ASN1Template SEC_CERTExtensionTemplate[] = {
{ SEC_ASN1_SEQUENCE,
@ -389,6 +390,223 @@ loser:
return(0);
}
/*
* Lookup a CRL in the databases. We mirror the same fast caching data base
* caching stuff used by certificates....?
*/
CERTSignedCrl *
SEC_FindCrlByKeyOnSlot(PK11SlotInfo *slot, SECItem *crlKey, int type)
{
CERTSignedCrl *crl = NULL;
SECItem *derCrl;
CK_OBJECT_HANDLE crlHandle;
if (slot) {
PK11_ReferenceSlot(slot);
}
derCrl = PK11_FindCrlByName(&slot, &crlHandle, crlKey,type);
if (derCrl == NULL) {
goto loser;
}
crl = CERT_DecodeDERCrl(NULL, derCrl, type);
if (crl) {
crl->slot = slot;
slot = NULL; /* adopt it */
}
loser:
if (slot) {
PK11_FreeSlot(slot);
}
return(crl);
}
SECStatus SEC_DestroyCrl(CERTSignedCrl *crl);
CERTSignedCrl *
crl_storeCRL (PK11SlotInfo *slot,char *url,
CERTSignedCrl *newCrl, SECItem *derCrl, int type)
{
CERTSignedCrl *oldCrl = NULL, *crl = NULL;
CK_OBJECT_HANDLE crlHandle;
oldCrl = SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type);
/* if there is an old crl, make sure the one we are installing
* is newer. If not, exit out, otherwise delete the old crl.
*/
if (oldCrl != NULL) {
if (!SEC_CrlIsNewer(&newCrl->crl,&oldCrl->crl)) {
if (type == SEC_CRL_TYPE) {
PORT_SetError(SEC_ERROR_OLD_CRL);
} else {
PORT_SetError(SEC_ERROR_OLD_KRL);
}
goto done;
}
if ((SECITEM_CompareItem(&newCrl->crl.derName,
&oldCrl->crl.derName) != SECEqual) &&
(type == SEC_KRL_TYPE) ) {
PORT_SetError(SEC_ERROR_CKL_CONFLICT);
goto done;
}
/* if we have a url in the database, use that one */
if (oldCrl->url) {
url = oldCrl->url;
}
/* really destroy this crl */
/* first drum it out of the permanment Data base */
SEC_DeletePermCRL(oldCrl);
}
/* Write the new entry into the data base */
crlHandle = PK11_PutCrl(slot, derCrl, &newCrl->crl.derName, url, type);
if (crlHandle != CK_INVALID_HANDLE) {
crl = newCrl;
crl->slot = PK11_ReferenceSlot(slot);
crl->pkcs11ID = crlHandle;
}
done:
if (oldCrl) SEC_DestroyCrl(oldCrl);
return crl;
}
CERTSignedCrl *
SEC_FindCrlByName(CERTCertDBHandle *handle, SECItem *crlKey, int type)
{
return SEC_FindCrlByKeyOnSlot(NULL,crlKey,type);
}
/*
*
* create a new CRL from DER material.
*
* The signature on this CRL must be checked before you
* load it. ???
*/
CERTSignedCrl *
SEC_NewCrl(CERTCertDBHandle *handle, char *url, SECItem *derCrl, int type)
{
CERTSignedCrl *newCrl = NULL, *crl = NULL;
PK11SlotInfo *slot;
/* make this decode dates! */
newCrl = CERT_DecodeDERCrl(NULL, derCrl, type);
if (newCrl == NULL) {
if (type == SEC_CRL_TYPE) {
PORT_SetError(SEC_ERROR_CRL_INVALID);
} else {
PORT_SetError(SEC_ERROR_KRL_INVALID);
}
goto done;
}
slot = PK11_GetInternalKeySlot();
crl = crl_storeCRL(slot, url, newCrl, derCrl, type);
PK11_FreeSlot(slot);
done:
if (crl == NULL) {
if (newCrl) {
PORT_FreeArena(newCrl->arena, PR_FALSE);
}
}
return crl;
}
CERTSignedCrl *
SEC_FindCrlByDERCert(CERTCertDBHandle *handle, SECItem *derCrl, int type)
{
PRArenaPool *arena;
SECItem crlKey;
SECStatus rv;
CERTSignedCrl *crl = NULL;
/* create a scratch arena */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( arena == NULL ) {
return(NULL);
}
/* extract the database key from the cert */
rv = CERT_KeyFromDERCrl(arena, derCrl, &crlKey);
if ( rv != SECSuccess ) {
goto loser;
}
/* find the crl */
crl = SEC_FindCrlByName(handle, &crlKey, type);
loser:
PORT_FreeArena(arena, PR_FALSE);
return(crl);
}
SECStatus
SEC_DestroyCrl(CERTSignedCrl *crl)
{
if (crl) {
if (crl->referenceCount-- <= 1) {
if (crl->slot) {
PK11_FreeSlot(crl->slot);
}
PORT_FreeArena(crl->arena, PR_FALSE);
}
}
return SECSuccess;
}
SECStatus
SEC_LookupCrls(CERTCertDBHandle *handle, CERTCrlHeadNode **nodes, int type)
{
CERTCrlHeadNode *head;
PRArenaPool *arena = NULL;
SECStatus rv;
*nodes = NULL;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( arena == NULL ) {
return SECFailure;
}
/* build a head structure */
head = (CERTCrlHeadNode *)PORT_ArenaAlloc(arena, sizeof(CERTCrlHeadNode));
head->arena = arena;
head->first = NULL;
head->last = NULL;
head->dbhandle = handle;
/* Look up the proper crl types */
*nodes = head;
rv = PK11_LookupCrls(nodes, type, NULL);
if (rv != SECSuccess) {
if ( arena ) {
PORT_FreeArena(arena, PR_FALSE);
*nodes = NULL;
}
}
return rv;
}
/* These functions simply return the address of the above-declared templates.
** This is necessary for Windows DLLs. Sigh.
*/

10
security/nss/lib/certdb/manifest.mn
Просмотреть файл

@ -42,28 +42,20 @@ PRIVATE_EXPORTS = \
genname.h \
xconst.h \
certxutl.h \
cdbhdl.h \
$(NULL)
MODULE = security
CERTINIT=certinit.c
ifdef NSS_STAN_MODULE
PCERTDB=stanpcertdb.c
DEFINES=-DSTAN_CERT_DB
else
PCERTDB=pcertdb.c
endif
CSRCS = \
alg1485.c \
certdb.c \
certv3.c \
$(CERTINIT) \
certxutl.c \
crl.c \
genname.c \
$(PCERTDB) \
stanpcertdb.c \
polcyxtn.c \
secname.c \
xauthkid.c \

7490
security/nss/lib/certdb/pcertdb.c
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

1078
security/nss/lib/certdb/stanpcertdb.c
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

43
security/nss/lib/certhigh/certhigh.c
Просмотреть файл

@ -44,7 +44,7 @@
#include "nsspki.h"
#include "pkit.h"
#include "pkitm.h"
#include "pkinss3hack.h"
#include "pki3hack.h"
/*
* Find all user certificates that match the given criteria.
@ -424,18 +424,11 @@ CERT_GetCertNicknames(CERTCertDBHandle *handle, int what, void *wincx)
names->what = what;
names->totallen = 0;
rv = SEC_TraversePermCerts(handle, CollectNicknames, (void *)names);
rv = PK11_TraverseSlotCerts(CollectNicknames, (void *)names, wincx);
if ( rv ) {
goto loser;
}
if ( wincx != NULL ) {
rv = PK11_TraverseSlotCerts(CollectNicknames, (void *)names, wincx);
if ( rv ) {
goto loser;
}
}
if ( names->numnicknames ) {
names->nicknames = (char**)PORT_ArenaAlloc(arena,
names->numnicknames * sizeof(char *));
@ -502,9 +495,7 @@ CollectDistNames( CERTCertificate *cert, SECItem *k, void *data)
trust = cert->trust;
/* only collect names of CAs trusted for issuing SSL clients */
if ( ( trust->sslFlags &
( CERTDB_VALID_CA | CERTDB_TRUSTED_CLIENT_CA ) ) ==
( CERTDB_VALID_CA | CERTDB_TRUSTED_CLIENT_CA ) ) {
if ( trust->sslFlags & CERTDB_TRUSTED_CLIENT_CA ) {
saveit = PR_TRUE;
}
}
@ -568,7 +559,7 @@ CERT_GetSSLCACerts(CERTCertDBHandle *handle)
names->names = NULL;
/* collect the names from the database */
rv = SEC_TraversePermCerts(handle, CollectDistNames, (void *)names);
rv = PK11_TraverseSlotCerts(CollectDistNames, (void *)names, NULL);
if ( rv ) {
goto loser;
}
@ -746,10 +737,12 @@ CERTSignedCrl * CERT_ImportCRL
break;
}
#ifdef FIXME
/* Do CRL validation and add to the dbase if this crl is more present then the one
in the dbase, if one exists.
*/
crl = cert_DBInsertCRL (handle, url, newCrl, derCRL, type);
#endif
} while (0);
@ -763,7 +756,6 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
{
SECStatus rv;
SECItem *derCert;
SECItem certKey;
PRArenaPool *arena;
CERTCertificate *cert = NULL;
CERTCertificate *newcert = NULL;
@ -785,22 +777,6 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
while (numcerts--) {
derCert = certs;
certs++;
/* get the key (issuer+cn) from the cert */
rv = CERT_KeyFromDERCert(arena, derCert, &certKey);
if ( rv != SECSuccess ) {
goto loser;
}
/* same cert already exists in the database, don't need to do
* anything more with it
*/
cert = CERT_FindCertByKey(handle, &certKey);
if ( cert ) {
CERT_DestroyCertificate(cert);
cert = NULL;
continue;
}
/* decode my certificate */
newcert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL);
@ -864,7 +840,7 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
}
}
cert = CERT_NewTempCertificate(handle, derCert, NULL, PR_FALSE, PR_TRUE);
cert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL);
if ( cert == NULL ) {
goto loser;
}
@ -872,7 +848,10 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
/* get a default nickname for it */
nickname = CERT_MakeCANickname(cert);
rv = CERT_AddTempCertToPerm(cert, nickname, &trust);
cert->trust = &trust;
rv = PK11_ImportCert(PK11_GetInternalKeySlot(), cert,
CK_INVALID_HANDLE, nickname, PR_TRUE);
/* free the nickname */
if ( nickname ) {
PORT_Free(nickname);

26
security/nss/lib/certhigh/certvfy.c
Просмотреть файл

@ -48,7 +48,7 @@
#include "nsspki.h"
#include "pkitm.h"
#include "pkim.h"
#include "pkinss3hack.h"
#include "pki3hack.h"
#include "base.h"
#define PENDING_SLOP (24L*60L*60L)
@ -322,8 +322,6 @@ CERT_FindCertIssuer(CERTCertificate *cert, int64 validTime, SECCertUsage usage)
CERTCertificate * issuerCert = NULL;
SECItem * caName;
PRArenaPool *tmpArena = NULL;
SECItem issuerCertKey;
SECStatus rv;
tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
@ -361,14 +359,16 @@ CERT_FindCertIssuer(CERTCertificate *cert, int64 validTime, SECCertUsage usage)
*/
if (caName != NULL) {
rv = CERT_KeyFromIssuerAndSN(tmpArena, caName,
&authorityKeyID->authCertSerialNumber,
&issuerCertKey);
if ( rv == SECSuccess ) {
issuerCert = CERT_FindCertByKey(cert->dbhandle,
&issuerCertKey);
}
CERTIssuerAndSN issuerSN;
issuerSN.derIssuer.data = caName->data;
issuerSN.derIssuer.len = caName->len;
issuerSN.serialNumber.data =
authorityKeyID->authCertSerialNumber.data;
issuerSN.serialNumber.len =
authorityKeyID->authCertSerialNumber.len;
issuerCert = CERT_FindCertByIssuerAndSN(cert->dbhandle,
&issuerSN);
if ( issuerCert == NULL ) {
PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER);
goto loser;
@ -994,13 +994,15 @@ CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
PRBool allowOverride;
SECCertTimeValidity validity;
CERTStatusConfig *statusConfig;
#ifdef notdef
/* check if this cert is in the Evil list */
rv = CERT_CheckForEvilCert(cert);
if ( rv != SECSuccess ) {
PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
LOG_ERROR_OR_EXIT(log,cert,0,0);
}
#endif
/* make sure that the cert is valid at time t */
allowOverride = (PRBool)((certUsage == certUsageSSLServer) ||

298
security/nss/lib/certhigh/ocsp.c
Просмотреть файл

@ -35,7 +35,7 @@
* Implementation of OCSP services, for both client and server.
* (XXX, really, mostly just for client right now, but intended to do both.)
*
* $Id: ocsp.c,v 1.3 2001/09/20 21:41:34 relyea%netscape.com Exp $
* $Id: ocsp.c,v 1.4 2001/11/08 00:14:43 relyea%netscape.com Exp $
*/
#include "prerror.h"
@ -653,6 +653,28 @@ ocsp_CreateCertID(PRArenaPool *arena, CERTCertificate *cert, int64 time)
if (rv != SECSuccess) {
goto loser;
}
certID->issuerSHA1NameHash.data = certID->issuerNameHash.data;
certID->issuerSHA1NameHash.len = certID->issuerNameHash.len;
/* cache the other two hash algorithms as well */
if (SECITEM_AllocItem(arena, &(certID->issuerMD5NameHash),
MD5_LENGTH) == NULL) {
goto loser;
}
rv = PK11_HashBuf(SEC_OID_MD5, certID->issuerMD5NameHash.data,
tempItem->data, tempItem->len);
if (rv != SECSuccess) {
goto loser;
}
if (SECITEM_AllocItem(arena, &(certID->issuerMD2NameHash),
MD2_LENGTH) == NULL) {
goto loser;
}
rv = PK11_HashBuf(SEC_OID_MD2, certID->issuerMD2NameHash.data,
tempItem->data, tempItem->len);
if (rv != SECSuccess) {
goto loser;
}
SECITEM_FreeItem(tempItem, PR_TRUE);
tempItem = NULL;
@ -660,6 +682,18 @@ ocsp_CreateCertID(PRArenaPool *arena, CERTCertificate *cert, int64 time)
&(certID->issuerKeyHash)) == NULL) {
goto loser;
}
certID->issuerSHA1KeyHash.data = certID->issuerKeyHash.data;
certID->issuerSHA1KeyHash.len = certID->issuerKeyHash.len;
/* cache the other two hash algorithms as well */
if (CERT_SPKDigestValueForCert(arena, issuerCert, SEC_OID_MD5,
&(certID->issuerMD5KeyHash)) == NULL) {
goto loser;
}
if (CERT_SPKDigestValueForCert(arena, issuerCert, SEC_OID_MD2,
&(certID->issuerMD2KeyHash)) == NULL) {
goto loser;
}
/* now we are done with issuerCert */
CERT_DestroyCertificate(issuerCert);
@ -2368,6 +2402,40 @@ ocsp_CertHasNoCheckExtension(CERTCertificate *cert)
}
#endif /* LATER */
static PRBool
ocsp_matchcert(SECItem *certIndex,CERTCertificate *testCert)
{
SECItem item;
unsigned char buf[SHA1_LENGTH]; /* MAX Hash Len */
item.data = buf;
item.len = SHA1_LENGTH;
if (CERT_SPKDigestValueForCert(NULL,testCert,SEC_OID_SHA1, &item) == NULL) {
return PR_FALSE;
}
if (SECITEM_ItemsAreEqual(certIndex,&item)) {
return PR_TRUE;
}
if (CERT_SPKDigestValueForCert(NULL,testCert,SEC_OID_MD5, &item) == NULL) {
return PR_FALSE;
}
if (SECITEM_ItemsAreEqual(certIndex,&item)) {
return PR_TRUE;
}
if (CERT_SPKDigestValueForCert(NULL,testCert,SEC_OID_MD2, &item) == NULL) {
return PR_FALSE;
}
if (SECITEM_ItemsAreEqual(certIndex,&item)) {
return PR_TRUE;
}
return PR_FALSE;
}
static CERTCertificate *
ocsp_CertGetDefaultResponder(CERTCertDBHandle *handle,CERTOCSPCertID *certID);
/*
* Check the signature on some OCSP data. This is a helper function that
* can be used to check either a request or a response. The result is
@ -2397,15 +2465,18 @@ ocsp_CheckSignature(ocspSignature *signature, void *tbs,
const SEC_ASN1Template *encodeTemplate,
CERTCertDBHandle *handle, SECCertUsage certUsage,
int64 checkTime, PRBool lookupByName, void *certIndex,
void *pwArg, CERTCertificate **pSignerCert)
void *pwArg, CERTCertificate **pSignerCert,
CERTCertificate *issuer)
{
SECItem rawSignature;
SECItem *encodedTBS = NULL;
CERTCertificate *responder = NULL;
CERTCertificate *signerCert = NULL;
SECKEYPublicKey *signerKey = NULL;
CERTCertificate **certs = NULL;
SECStatus rv = SECFailure;
int certCount;
int i;
/*
* If this signature has already gone through verification, just
@ -2432,6 +2503,7 @@ ocsp_CheckSignature(ocspSignature *signature, void *tbs,
if (signature->derCerts != NULL) {
for (; signature->derCerts[certCount] != NULL; certCount++) {
/* just counting */
/*IMPORT CERT TO SPKI TABLE */
}
}
rv = CERT_ImportCerts(handle, certUsage, certCount,
@ -2455,7 +2527,22 @@ ocsp_CheckSignature(ocspSignature *signature, void *tbs,
signerCert = CERT_FindCertByName(handle, encodedName);
SECITEM_FreeItem(encodedName, PR_TRUE);
} else {
signerCert = CERT_FindCertBySPKDigest(handle, certIndex);
/*
* The signer is either 1) a known issuer CA we passed in,
* 2) the default OCSP responder, or 3) and intermediate CA
* passed in the cert list to use. Figure out which it is.
*/
responder = ocsp_CertGetDefaultResponder(handle,NULL);
if (responder && ocsp_matchcert(certIndex,responder)) {
signerCert = CERT_DupCertificate(responder);
} else if (issuer && ocsp_matchcert(certIndex,issuer)) {
signerCert = CERT_DupCertificate(issuer);
}
for (i=0; (signerCert == NULL) && (i < certCount); i++) {
if (ocsp_matchcert(certIndex,certs[i])) {
signerCert = CERT_DupCertificate(certs[i]);
}
}
}
if (signerCert == NULL) {
@ -2546,6 +2633,7 @@ finish:
if (certs != NULL)
CERT_DestroyCertArray(certs, certCount);
/* Free CERTS from SPKDigest Table */
return rv;
}
@ -2583,7 +2671,8 @@ finish:
SECStatus
CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
CERTCertDBHandle *handle, void *pwArg,
CERTCertificate **pSignerCert)
CERTCertificate **pSignerCert,
CERTCertificate *issuer)
{
ocspResponseData *tbsData; /* this is what is signed */
PRBool byName;
@ -2623,7 +2712,7 @@ CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
return ocsp_CheckSignature(ocsp_GetResponseSignature(response),
tbsData, ocsp_ResponseDataTemplate,
handle, certUsageStatusResponder, producedAt,
byName, certIndex, pwArg, pSignerCert);
byName, certIndex, pwArg, pSignerCert, issuer);
}
/*
@ -2635,12 +2724,10 @@ ocsp_CertIDsMatch(CERTCertDBHandle *handle,
CERTOCSPCertID *certID1, CERTOCSPCertID *certID2)
{
PRBool match = PR_FALSE;
CERTCertificate *issuer1 = NULL;
CERTCertificate *issuer2 = NULL;
SECItem *foundHash = NULL;
CERTCertificate *found;
SECOidTag hashAlg;
SECItem *givenHash;
SECItem *keyHash;
SECItem *nameHash;
/*
* In order to match, they must have the same issuer and the same
@ -2668,63 +2755,34 @@ ocsp_CertIDsMatch(CERTCertDBHandle *handle,
goto done;
}
/*
* The hash algorithms are different; this is harder. We have
* to do a lookup of each one and compare them.
*/
issuer1 = CERT_FindCertBySPKDigest(handle, &certID1->issuerKeyHash);
issuer2 = CERT_FindCertBySPKDigest(handle, &certID2->issuerKeyHash);
if (issuer1 == NULL && issuer2 == NULL) {
/* If we cannot find an issuer cert, we have no way to compare. */
goto done;
hashAlg = SECOID_FindOIDTag(&certID2->hashAlgorithm.algorithm);
switch (hashAlg) {
case SEC_OID_SHA1:
keyHash = &certID1->issuerSHA1KeyHash;
nameHash = &certID1->issuerSHA1NameHash;
break;
case SEC_OID_MD5:
keyHash = &certID1->issuerMD5KeyHash;
nameHash = &certID1->issuerMD5NameHash;
break;
case SEC_OID_MD2:
keyHash = &certID1->issuerMD2KeyHash;
nameHash = &certID1->issuerMD2NameHash;
break;
default:
foundHash == NULL;
}
if (issuer1 != NULL && issuer2 != NULL) {
/* If we found a cert for each hash, we can just compare them. */
if (issuer1 == issuer2)
match = PR_TRUE;
goto done;
}
/*
* We found one issuer, but not both. So we have to use the other certID
* hash algorithm on the key in the found issuer cert to see if they match.
*/
if (issuer1 != NULL) {
found = issuer1;
hashAlg = SECOID_FindOIDTag(&certID2->hashAlgorithm.algorithm);
givenHash = &certID2->issuerKeyHash;
} else {
found = issuer2;
hashAlg = SECOID_FindOIDTag(&certID1->hashAlgorithm.algorithm);
givenHash = &certID1->issuerKeyHash;
}
foundHash = CERT_SPKDigestValueForCert(NULL, found, hashAlg, NULL);
if (foundHash == NULL) {
goto done;
}
if (SECITEM_CompareItem(foundHash, givenHash) == SECEqual) {
/*
* Strictly speaking, we should compare the issuerNameHash, too,
* but I think the added complexity doesn't actually buy anything.
*/
if ((SECITEM_CompareItem(nameHash, &certID2->issuerNameHash) == SECEqual)
&& (SECITEM_CompareItem(keyHash, &certID2->issuerKeyHash) == SECEqual)) {
match = PR_TRUE;
}
done:
if (issuer1 != NULL) {
CERT_DestroyCertificate(issuer1);
}
if (issuer2 != NULL) {
CERT_DestroyCertificate(issuer2);
}
if (foundHash != NULL) {
SECITEM_FreeItem(foundHash, PR_TRUE);
}
return match;
}
@ -2788,15 +2846,12 @@ ocsp_GetCheckingContext(CERTCertDBHandle *handle)
return ocspcx;
}
/*
* Return true if the given signerCert is the default responder for
* the given certID. If not, or if any error, return false.
*/
static PRBool
ocsp_CertIsDefaultResponderForCertID(CERTCertDBHandle *handle,
CERTCertificate *signerCert,
CERTOCSPCertID *certID)
static CERTCertificate *
ocsp_CertGetDefaultResponder(CERTCertDBHandle *handle,CERTOCSPCertID *certID)
{
ocspCheckingContext *ocspcx;
@ -2814,12 +2869,26 @@ ocsp_CertIsDefaultResponderForCertID(CERTCertDBHandle *handle,
*/
if (ocspcx->useDefaultResponder) {
PORT_Assert(ocspcx->defaultResponderCert != NULL);
if (ocspcx->defaultResponderCert == signerCert)
return PR_TRUE;
return ocspcx->defaultResponderCert;
}
loser:
return PR_FALSE;
return NULL;
}
/*
* Return true if the given signerCert is the default responder for
* the given certID. If not, or if any error, return false.
*/
static PRBool
ocsp_CertIsDefaultResponderForCertID(CERTCertDBHandle *handle,
CERTCertificate *signerCert,
CERTOCSPCertID *certID)
{
CERTCertificate *defaultResponderCert;
defaultResponderCert = ocsp_CertGetDefaultResponder(handle, certID);
return (PRBool) (defaultResponderCert == signerCert);
}
/*
@ -3300,6 +3369,7 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
CERTOCSPRequest *request = NULL;
CERTOCSPResponse *response = NULL;
CERTCertificate *signerCert = NULL;
CERTCertificate *issuerCert = NULL;
ocspResponseData *responseData;
int64 producedAt;
CERTOCSPCertID *certID;
@ -3413,7 +3483,9 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
* If we've made it this far, we expect a response with a good signature.
* So, check for that.
*/
rv = CERT_VerifyOCSPResponseSignature(response, handle, pwArg, &signerCert);
issuerCert = CERT_FindCertIssuer(cert, time, certUsageAnyCA);
rv = CERT_VerifyOCSPResponseSignature(response, handle, pwArg, &signerCert,
issuerCert);
if (rv != SECSuccess)
goto loser;
@ -3471,6 +3543,8 @@ CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
rv = ocsp_CertHasGoodStatus(single, time);
loser:
if (issuerCert != NULL)
CERT_DestroyCertificate(issuerCert);
if (signerCert != NULL)
CERT_DestroyCertificate(signerCert);
if (response != NULL)
@ -3905,3 +3979,97 @@ CERT_DisableOCSPDefaultResponder(CERTCertDBHandle *handle)
statusContext->useDefaultResponder = PR_FALSE;
return SECSuccess;
}
static const SECHashObject *
OidTagToDigestObject(SECOidTag digestAlg)
{
const SECHashObject *rawDigestObject;
switch (digestAlg) {
case SEC_OID_MD2:
rawDigestObject = &SECHashObjects[HASH_AlgMD2];
break;
case SEC_OID_MD5:
rawDigestObject = &SECHashObjects[HASH_AlgMD5];
break;
case SEC_OID_SHA1:
rawDigestObject = &SECHashObjects[HASH_AlgSHA1];
break;
default:
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
rawDigestObject = NULL;
break;
}
return(rawDigestObject);
}
/*
* Digest the cert's subject public key using the specified algorithm.
* The necessary storage for the digest data is allocated. If "fill" is
* non-null, the data is put there, otherwise a SECItem is allocated.
* Allocation from "arena" if it is non-null, heap otherwise. Any problem
* results in a NULL being returned (and an appropriate error set).
*/
SECItem *
CERT_SPKDigestValueForCert(PRArenaPool *arena, CERTCertificate *cert,
SECOidTag digestAlg, SECItem *fill)
{
const SECHashObject *digestObject;
void *digestContext;
SECItem *result = NULL;
void *mark = NULL;
SECItem spk;
if ( arena != NULL ) {
mark = PORT_ArenaMark(arena);
}
digestObject = OidTagToDigestObject(digestAlg);
if ( digestObject == NULL ) {
goto loser;
}
if ((fill == NULL) || (fill->data == NULL)) {
result = SECITEM_AllocItem(arena, fill, digestObject->length);
if ( result == NULL ) {
goto loser;
}
fill = result;
}
/*
* Copy just the length and data pointer (nothing needs to be freed)
* of the subject public key so we can convert the length from bits
* to bytes, which is what the digest function expects.
*/
spk = cert->subjectPublicKeyInfo.subjectPublicKey;
DER_ConvertBitString(&spk);
/*
* Now digest the value, using the specified algorithm.
*/
digestContext = digestObject->create();
if ( digestContext == NULL ) {
goto loser;
}
digestObject->begin(digestContext);
digestObject->update(digestContext, spk.data, spk.len);
digestObject->end(digestContext, fill->data, &(fill->len), fill->len);
digestObject->destroy(digestContext, PR_TRUE);
if ( arena != NULL ) {
PORT_ArenaUnmark(arena, mark);
}
return(fill);
loser:
if ( arena != NULL ) {
PORT_ArenaRelease(arena, mark);
} else {
if ( result != NULL ) {
SECITEM_FreeItem(result, (fill == NULL) ? PR_TRUE : PR_FALSE);
}
}
return(NULL);
}

7
security/nss/lib/certhigh/ocsp.h
Просмотреть файл

@ -34,7 +34,7 @@
/*
* Interface to the OCSP implementation.
*
* $Id: ocsp.h,v 1.1 2000/03/31 19:43:02 relyea%netscape.com Exp $
* $Id: ocsp.h,v 1.2 2001/11/08 00:14:45 relyea%netscape.com Exp $
*/
#ifndef _OCSP_H_
@ -353,6 +353,8 @@ CERT_GetEncodedOCSPResponse(PRArenaPool *arena, CERTCertList *certList,
* Pointer to CERTCertDBHandle for certificate DB to use for verification.
* void *pwArg
* Pointer to argument for password prompting, if needed.
* CERTCertificate *issuerCert
* Issuer of the certificate that generated the OCSP request.
* OUTPUTS:
* CERTCertificate **pSignerCert
* Pointer in which to store signer's certificate; only filled-in if
@ -371,7 +373,8 @@ CERT_GetEncodedOCSPResponse(PRArenaPool *arena, CERTCertList *certList,
extern SECStatus
CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
CERTCertDBHandle *handle, void *pwArg,
CERTCertificate **pSignerCert);
CERTCertificate **pSignerCert,
CERTCertificate *issuerCert);
/*
* FUNCTION: CERT_GetOCSPAuthorityInfoAccessLocation

8
security/nss/lib/certhigh/ocspti.h
Просмотреть файл

@ -34,7 +34,7 @@
/*
* Private header defining OCSP types.
*
* $Id: ocspti.h,v 1.1 2000/03/31 19:43:04 relyea%netscape.com Exp $
* $Id: ocspti.h,v 1.2 2001/11/08 00:14:45 relyea%netscape.com Exp $
*/
#ifndef _OCSPTI_H_
@ -194,6 +194,12 @@ struct CERTOCSPCertIDStr {
SECItem issuerNameHash; /* an OCTET STRING */
SECItem issuerKeyHash; /* an OCTET STRING */
SECItem serialNumber; /* an INTEGER */
SECItem issuerSHA1NameHash; /* keep other hashes around when */
SECItem issuerMD5NameHash; /* we have them */
SECItem issuerMD2NameHash;
SECItem issuerSHA1KeyHash; /* keep other hashes around when */
SECItem issuerMD5KeyHash; /* we have them */
SECItem issuerMD2KeyHash;
};
/*

170
security/nss/lib/ckfw/ckt.h
Просмотреть файл

@ -31,169 +31,7 @@
* GPL.
*/
#ifndef CKT_H
#define CKT_H
#ifdef DEBUG
static const char CKT_CVS_ID[] = "@(#) $RCSfile: ckt.h,v $ $Revision: 1.2 $ $Date: 2000/09/06 22:23:55 $ $Name: $";
#endif /* DEBUG */
/*
* ckt.h
*
* This file contains the NSS-specific type definitions for Cryptoki
* (PKCS#11).
*/
#ifndef NSSCKT_H
#include "nssckt.h"
#endif /* NSSCKT_H */
/*
* NSSCK_VENDOR_NETSCAPE
*
* Cryptoki reserves the high half of all the number spaces for
* vendor-defined use. I'd like to keep all of our Netscape-
* specific values together, but not in the oh-so-obvious
* 0x80000001, 0x80000002, etc. area. So I've picked an offset,
* and constructed values for the beginnings of our spaces.
*
* Note that some "historical" Netscape values don't fall within
* this range.
*/
#define NSSCK_VENDOR_NETSCAPE 0x4E534350 /* NSCP */
/*
* Netscape-defined object classes
*
*/
#define CKO_NETSCAPE (CKO_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
#define CKO_NETSCAPE_CRL (CKO_NETSCAPE + 1)
#define CKO_NETSCAPE_SMIME (CKO_NETSCAPE + 2)
#define CKO_NETSCAPE_TRUST (CKO_NETSCAPE + 3)
#define CKO_NETSCAPE_BUILTIN_ROOT_LIST (CKO_NETSCAPE + 4)
/*
* Netscape-defined key types
*
*/
#define CKK_NETSCAPE (CKK_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
#define CKK_NETSCAPE_PKCS8 (CKK_NETSCAPE + 1)
/*
* Netscape-defined certificate types
*
*/
#define CKC_NETSCAPE (CKC_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
/*
* Netscape-defined object attributes
*
*/
#define CKA_NETSCAPE (CKA_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
#define CKA_NETSCAPE_URL (CKA_NETSCAPE + 1)
#define CKA_NETSCAPE_EMAIL (CKA_NETSCAPE + 2)
#define CKA_NETSCAPE_SMIME_INFO (CKA_NETSCAPE + 3)
#define CKA_NETSCAPE_SMIME_TIMESTAMP (CKA_NETSCAPE + 4)
#define CKA_NETSCAPE_PKCS8_SALT (CKA_NETSCAPE + 5)
#define CKA_NETSCAPE_PASSWORD_CHECK (CKA_NETSCAPE + 6)
#define CKA_NETSCAPE_EXPIRES (CKA_NETSCAPE + 7)
/*
* Trust attributes:
*
* If trust goes standard, these probably will too. So I'll
* put them all in one place.
*/
#define CKA_TRUST (CKA_NETSCAPE + 0x2000)
/* "Usage" key information */
#define CKA_TRUST_DIGITAL_SIGNATURE (CKA_TRUST + 1)
#define CKA_TRUST_NON_REPUDIATION (CKA_TRUST + 2)
#define CKA_TRUST_KEY_ENCIPHERMENT (CKA_TRUST + 3)
#define CKA_TRUST_DATA_ENCIPHERMENT (CKA_TRUST + 4)
#define CKA_TRUST_KEY_AGREEMENT (CKA_TRUST + 5)
#define CKA_TRUST_KEY_CERT_SIGN (CKA_TRUST + 6)
#define CKA_TRUST_CRL_SIGN (CKA_TRUST + 7)
/* "Purpose" trust information */
#define CKA_TRUST_SERVER_AUTH (CKA_TRUST + 8)
#define CKA_TRUST_CLIENT_AUTH (CKA_TRUST + 9)
#define CKA_TRUST_CODE_SIGNING (CKA_TRUST + 10)
#define CKA_TRUST_EMAIL_PROTECTION (CKA_TRUST + 11)
#define CKA_TRUST_IPSEC_END_SYSTEM (CKA_TRUST + 12)
#define CKA_TRUST_IPSEC_TUNNEL (CKA_TRUST + 13)
#define CKA_TRUST_IPSEC_USER (CKA_TRUST + 14)
#define CKA_TRUST_TIME_STAMPING (CKA_TRUST + 15)
#define CKA_CERT_SHA1_HASH (CKA_TRUST + 100)
#define CKA_CERT_MD5_HASH (CKA_TRUST + 101)
/* Netscape trust stuff */
/* XXX fgmr new ones here-- step-up, etc. */
/* HISTORICAL: define used to pass in the database key for DSA private keys */
#define CKA_NETSCAPE_DB 0xD5A0DB00L
#define CKA_NETSCAPE_TRUST 0x80000001L
/*
* Netscape-defined crypto mechanisms
*
*/
#define CKM_NETSCAPE (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
/*
* HISTORICAL:
* Do not attempt to use these. They are only used by NETSCAPE's internal
* PKCS #11 interface. Most of these are place holders for other mechanism
* and will change in the future.
*/
#define CKM_NETSCAPE_PBE_KEY_GEN 0x80000001L
#define CKM_NETSCAPE_PBE_SHA1_DES_CBC 0x80000002L
#define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC 0x80000003L
#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC 0x80000004L
#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC 0x80000005L
#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4 0x80000006L
#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4 0x80000007L
#define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC 0x80000008L
#define CKM_TLS_MASTER_KEY_DERIVE 0x80000371L
#define CKM_TLS_KEY_AND_MAC_DERIVE 0x80000372L
/*
* Netscape-defined return values
*
*/
#define CKR_NETSCAPE (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
/*
* Trust info
*
* This isn't part of the Cryptoki standard (yet), so I'm putting
* all the definitions here. Some of this would move to nssckt.h
* if trust info were made part of the standard. In view of this
* possibility, I'm putting my (Netscape) values in the netscape
* vendor space, like everything else.
*/
typedef CK_ULONG CK_TRUST;
/* The following trust types are defined: */
#define CKT_VENDOR_DEFINED 0x80000000
#define CKT_NETSCAPE (CKT_VENDOR_DEFINED|NSSCK_VENDOR_NETSCAPE)
/* If trust goes standard, these'll probably drop out of vendor space. */
#define CKT_NETSCAPE_TRUSTED (CKT_NETSCAPE + 1)
#define CKT_NETSCAPE_TRUSTED_DELEGATOR (CKT_NETSCAPE + 2)
#define CKT_NETSCAPE_UNTRUSTED (CKT_NETSCAPE + 3)
/*
* These may well remain Netscape-specific; I'm only using them
* to cache resolution data.
*/
#define CKT_NETSCAPE_VALID (CKT_NETSCAPE + 4)
#define CKT_NETSCAPE_VALID_DELEGATOR (CKT_NETSCAPE + 5)
#endif /* CKT_H */
/* get back to just one set of PKCS #11 headers. Use the onese that
* are easiest to maintain from the RSA website */
/* this one is the one that defines NSS specific data */
#include "pkcs11n.h"

4
security/nss/lib/ckfw/manifest.mn
Просмотреть файл

@ -30,7 +30,7 @@
# may use your version of this file under either the MPL or the
# GPL.
#
MANIFEST_CVS_ID = "@(#) $RCSfile: manifest.mn,v $ $Revision: 1.3 $ $Date: 2000/09/06 22:23:56 $ $Name: $"
MANIFEST_CVS_ID = "@(#) $RCSfile: manifest.mn,v $ $Revision: 1.4 $ $Date: 2001/11/08 00:14:47 $ $Name: $"
CORE_DEPTH = ../../..
@ -54,9 +54,7 @@ EXPORTS = \
nssckfwt.h \
nssckg.h \
nssckmdt.h \
nssckp.h \
nssckt.h \
nsscku.h \
$(NULL)
MODULE = security

100
security/nss/lib/ckfw/nssckepv.h
Просмотреть файл

@ -31,102 +31,4 @@
* may use your version of this file under either the MPL or the
* GPL.
*/
#ifndef NSSCKEPV_H
#define NSSCKEPV_H
#ifdef DEBUG
static const char NSSCKEPV_CVS_ID[] = "@(#) $RCSfile: nssckepv.h,v $ $Revision: 1.2 $ $Date: 2000/10/14 01:29:11 $ $Name: $ ; @(#) $RCSfile: nssckepv.h,v $ $Revision: 1.2 $ $Date: 2000/10/14 01:29:11 $ $Name: $";
#endif /* DEBUG */
/*
* nssckepv.h
*
* This automatically-generated header file defines the type
* CK_FUNCTION_LIST specified by PKCS#11.
*/
#ifndef NSSCKT_H
#include "nssckt.h"
#endif /* NSSCKT_H */
#ifndef NSSCKFT_H
#include "nssckft.h"
#endif /* NSSCKFT_H */
#include "nssckp.h"
struct CK_FUNCTION_LIST {
CK_VERSION version;
CK_C_Initialize C_Initialize;
CK_C_Finalize C_Finalize;
CK_C_GetInfo C_GetInfo;
CK_C_GetFunctionList C_GetFunctionList;
CK_C_GetSlotList C_GetSlotList;
CK_C_GetSlotInfo C_GetSlotInfo;
CK_C_GetTokenInfo C_GetTokenInfo;
CK_C_GetMechanismList C_GetMechanismList;
CK_C_GetMechanismInfo C_GetMechanismInfo;
CK_C_InitToken C_InitToken;
CK_C_InitPIN C_InitPIN;
CK_C_SetPIN C_SetPIN;
CK_C_OpenSession C_OpenSession;
CK_C_CloseSession C_CloseSession;
CK_C_CloseAllSessions C_CloseAllSessions;
CK_C_GetSessionInfo C_GetSessionInfo;
CK_C_GetOperationState C_GetOperationState;
CK_C_SetOperationState C_SetOperationState;
CK_C_Login C_Login;
CK_C_Logout C_Logout;
CK_C_CreateObject C_CreateObject;
CK_C_CopyObject C_CopyObject;
CK_C_DestroyObject C_DestroyObject;
CK_C_GetObjectSize C_GetObjectSize;
CK_C_GetAttributeValue C_GetAttributeValue;
CK_C_SetAttributeValue C_SetAttributeValue;
CK_C_FindObjectsInit C_FindObjectsInit;
CK_C_FindObjects C_FindObjects;
CK_C_FindObjectsFinal C_FindObjectsFinal;
CK_C_EncryptInit C_EncryptInit;
CK_C_Encrypt C_Encrypt;
CK_C_EncryptUpdate C_EncryptUpdate;
CK_C_EncryptFinal C_EncryptFinal;
CK_C_DecryptInit C_DecryptInit;
CK_C_Decrypt C_Decrypt;
CK_C_DecryptUpdate C_DecryptUpdate;
CK_C_DecryptFinal C_DecryptFinal;
CK_C_DigestInit C_DigestInit;
CK_C_Digest C_Digest;
CK_C_DigestUpdate C_DigestUpdate;
CK_C_DigestKey C_DigestKey;
CK_C_DigestFinal C_DigestFinal;
CK_C_SignInit C_SignInit;
CK_C_Sign C_Sign;
CK_C_SignUpdate C_SignUpdate;
CK_C_SignFinal C_SignFinal;
CK_C_SignRecoverInit C_SignRecoverInit;
CK_C_SignRecover C_SignRecover;
CK_C_VerifyInit C_VerifyInit;
CK_C_Verify C_Verify;
CK_C_VerifyUpdate C_VerifyUpdate;
CK_C_VerifyFinal C_VerifyFinal;
CK_C_VerifyRecoverInit C_VerifyRecoverInit;
CK_C_VerifyRecover C_VerifyRecover;
CK_C_DigestEncryptUpdate C_DigestEncryptUpdate;
CK_C_DecryptDigestUpdate C_DecryptDigestUpdate;
CK_C_SignEncryptUpdate C_SignEncryptUpdate;
CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate;
CK_C_GenerateKey C_GenerateKey;
CK_C_GenerateKeyPair C_GenerateKeyPair;
CK_C_WrapKey C_WrapKey;
CK_C_UnwrapKey C_UnwrapKey;
CK_C_DeriveKey C_DeriveKey;
CK_C_SeedRandom C_SeedRandom;
CK_C_GenerateRandom C_GenerateRandom;
CK_C_GetFunctionStatus C_GetFunctionStatus;
CK_C_CancelFunction C_CancelFunction;
CK_C_WaitForSlotEvent C_WaitForSlotEvent;
};
#include "nsscku.h"
#endif /* NSSCKEPV_H */
#include "pkcs11.h"

459
security/nss/lib/ckfw/nssckft.h
Просмотреть файл

@ -31,462 +31,5 @@
* may use your version of this file under either the MPL or the
* GPL.
*/
#ifndef NSSCKFT_H
#define NSSCKFT_H
#ifdef DEBUG
static const char NSSCKFT_CVS_ID[] = "@(#) $RCSfile: nssckft.h,v $ $Revision: 1.2 $ $Date: 2000/10/14 01:29:12 $ $Name: $ ; @(#) $RCSfile: nssckft.h,v $ $Revision: 1.2 $ $Date: 2000/10/14 01:29:12 $ $Name: $";
#endif /* DEBUG */
/*
* nssckft.h
*
* The automatically-generated header file declares a typedef
* each of the Cryptoki functions specified by PKCS#11.
*/
#ifndef NSSCKT_H
#include "nssckt.h"
#endif /* NSSCKT_H */
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_Initialize)(
CK_VOID_PTR pInitArgs
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_Finalize)(
CK_VOID_PTR pReserved
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_GetInfo)(
CK_INFO_PTR pInfo
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_GetFunctionList)(
CK_FUNCTION_LIST_PTR_PTR ppFunctionList
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_GetSlotList)(
CK_BBOOL tokenPresent,
CK_SLOT_ID_PTR pSlotList,
CK_ULONG_PTR pulCount
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_GetSlotInfo)(
CK_SLOT_ID slotID,
CK_SLOT_INFO_PTR pInfo
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_GetTokenInfo)(
CK_SLOT_ID slotID,
CK_TOKEN_INFO_PTR pInfo
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_GetMechanismList)(
CK_SLOT_ID slotID,
CK_MECHANISM_TYPE_PTR pMechanismList,
CK_ULONG_PTR pulCount
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_GetMechanismInfo)(
CK_SLOT_ID slotID,
CK_MECHANISM_TYPE type,
CK_MECHANISM_INFO_PTR pInfo
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_InitToken)(
CK_SLOT_ID slotID,
CK_CHAR_PTR pPin,
CK_ULONG ulPinLen,
CK_CHAR_PTR pLabel
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_InitPIN)(
CK_SESSION_HANDLE hSession,
CK_CHAR_PTR pPin,
CK_ULONG ulPinLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_SetPIN)(
CK_SESSION_HANDLE hSession,
CK_CHAR_PTR pOldPin,
CK_ULONG ulOldLen,
CK_CHAR_PTR pNewPin,
CK_ULONG ulNewLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_OpenSession)(
CK_SLOT_ID slotID,
CK_FLAGS flags,
CK_VOID_PTR pApplication,
CK_NOTIFY Notify,
CK_SESSION_HANDLE_PTR phSession
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_CloseSession)(
CK_SESSION_HANDLE hSession
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_CloseAllSessions)(
CK_SLOT_ID slotID
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_GetSessionInfo)(
CK_SESSION_HANDLE hSession,
CK_SESSION_INFO_PTR pInfo
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_GetOperationState)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pOperationState,
CK_ULONG_PTR pulOperationStateLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_SetOperationState)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pOperationState,
CK_ULONG ulOperationStateLen,
CK_OBJECT_HANDLE hEncryptionKey,
CK_OBJECT_HANDLE hAuthenticationKey
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_Login)(
CK_SESSION_HANDLE hSession,
CK_USER_TYPE userType,
CK_CHAR_PTR pPin,
CK_ULONG ulPinLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_Logout)(
CK_SESSION_HANDLE hSession
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_CreateObject)(
CK_SESSION_HANDLE hSession,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phObject
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_CopyObject)(
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phNewObject
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_DestroyObject)(
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_GetObjectSize)(
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ULONG_PTR pulSize
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_GetAttributeValue)(
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_SetAttributeValue)(
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_FindObjectsInit)(
CK_SESSION_HANDLE hSession,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_FindObjects)(
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE_PTR phObject,
CK_ULONG ulMaxObjectCount,
CK_ULONG_PTR pulObjectCount
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_FindObjectsFinal)(
CK_SESSION_HANDLE hSession
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_EncryptInit)(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_Encrypt)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pEncryptedData,
CK_ULONG_PTR pulEncryptedDataLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_EncryptUpdate)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_EncryptFinal)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pLastEncryptedPart,
CK_ULONG_PTR pulLastEncryptedPartLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_DecryptInit)(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_Decrypt)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedData,
CK_ULONG ulEncryptedDataLen,
CK_BYTE_PTR pData,
CK_ULONG_PTR pulDataLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_DecryptUpdate)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart,
CK_ULONG_PTR pulPartLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_DecryptFinal)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pLastPart,
CK_ULONG_PTR pulLastPartLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_DigestInit)(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_Digest)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pDigest,
CK_ULONG_PTR pulDigestLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_DigestUpdate)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_DigestKey)(
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_DigestFinal)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pDigest,
CK_ULONG_PTR pulDigestLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_SignInit)(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_Sign)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_SignUpdate)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_SignFinal)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_SignRecoverInit)(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_SignRecover)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_VerifyInit)(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_Verify)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_VerifyUpdate)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_VerifyFinal)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_VerifyRecoverInit)(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_VerifyRecover)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen,
CK_BYTE_PTR pData,
CK_ULONG_PTR pulDataLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_DigestEncryptUpdate)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_DecryptDigestUpdate)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart,
CK_ULONG_PTR pulPartLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_SignEncryptUpdate)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_DecryptVerifyUpdate)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart,
CK_ULONG_PTR pulPartLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_GenerateKey)(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phKey
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_GenerateKeyPair)(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_ATTRIBUTE_PTR pPublicKeyTemplate,
CK_ULONG ulPublicKeyAttributeCount,
CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
CK_ULONG ulPrivateKeyAttributeCount,
CK_OBJECT_HANDLE_PTR phPublicKey,
CK_OBJECT_HANDLE_PTR phPrivateKey
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_WrapKey)(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hWrappingKey,
CK_OBJECT_HANDLE hKey,
CK_BYTE_PTR pWrappedKey,
CK_ULONG_PTR pulWrappedKeyLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_UnwrapKey)(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hUnwrappingKey,
CK_BYTE_PTR pWrappedKey,
CK_ULONG ulWrappedKeyLen,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_OBJECT_HANDLE_PTR phKey
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_DeriveKey)(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hBaseKey,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_OBJECT_HANDLE_PTR phKey
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_SeedRandom)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSeed,
CK_ULONG ulSeedLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_GenerateRandom)(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR RandomData,
CK_ULONG ulRandomLen
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_GetFunctionStatus)(
CK_SESSION_HANDLE hSession
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_CancelFunction)(
CK_SESSION_HANDLE hSession
);
typedef CK_CALLBACK_FUNCTION(CK_RV, CK_C_WaitForSlotEvent)(
CK_FLAGS flags,
CK_SLOT_ID_PTR pSlot,
CK_VOID_PTR pRserved
);
#endif /* NSSCKFT_H */
#include "pkcs11t.h"

528
security/nss/lib/ckfw/nssckg.h
Просмотреть файл

@ -31,530 +31,4 @@
* may use your version of this file under either the MPL or the
* GPL.
*/
#ifndef NSSCKG_H
#define NSSCKG_H
#ifdef DEBUG
static const char NSSCKG_CVS_ID[] = "@(#) $RCSfile: nssckg.h,v $ $Revision: 1.2 $ $Date: 2000/10/14 01:29:12 $ $Name: $ ; @(#) $RCSfile: nssckg.h,v $ $Revision: 1.2 $ $Date: 2000/10/14 01:29:12 $ $Name: $";
#endif /* DEBUG */
/*
* nssckg.h
*
* This automatically-generated header file prototypes the Cryptoki
* functions specified by PKCS#11.
*/
#ifndef NSSCKT_H
#include "nssckt.h"
#endif /* NSSCKT_H */
CK_RV CK_ENTRY C_Initialize
(
CK_VOID_PTR pInitArgs
);
CK_RV CK_ENTRY C_Finalize
(
CK_VOID_PTR pReserved
);
CK_RV CK_ENTRY C_GetInfo
(
CK_INFO_PTR pInfo
);
CK_RV CK_ENTRY C_GetFunctionList
(
CK_FUNCTION_LIST_PTR_PTR ppFunctionList
);
CK_RV CK_ENTRY C_GetSlotList
(
CK_BBOOL tokenPresent,
CK_SLOT_ID_PTR pSlotList,
CK_ULONG_PTR pulCount
);
CK_RV CK_ENTRY C_GetSlotInfo
(
CK_SLOT_ID slotID,
CK_SLOT_INFO_PTR pInfo
);
CK_RV CK_ENTRY C_GetTokenInfo
(
CK_SLOT_ID slotID,
CK_TOKEN_INFO_PTR pInfo
);
CK_RV CK_ENTRY C_GetMechanismList
(
CK_SLOT_ID slotID,
CK_MECHANISM_TYPE_PTR pMechanismList,
CK_ULONG_PTR pulCount
);
CK_RV CK_ENTRY C_GetMechanismInfo
(
CK_SLOT_ID slotID,
CK_MECHANISM_TYPE type,
CK_MECHANISM_INFO_PTR pInfo
);
CK_RV CK_ENTRY C_InitToken
(
CK_SLOT_ID slotID,
CK_CHAR_PTR pPin,
CK_ULONG ulPinLen,
CK_CHAR_PTR pLabel
);
CK_RV CK_ENTRY C_InitPIN
(
CK_SESSION_HANDLE hSession,
CK_CHAR_PTR pPin,
CK_ULONG ulPinLen
);
CK_RV CK_ENTRY C_SetPIN
(
CK_SESSION_HANDLE hSession,
CK_CHAR_PTR pOldPin,
CK_ULONG ulOldLen,
CK_CHAR_PTR pNewPin,
CK_ULONG ulNewLen
);
CK_RV CK_ENTRY C_OpenSession
(
CK_SLOT_ID slotID,
CK_FLAGS flags,
CK_VOID_PTR pApplication,
CK_NOTIFY Notify,
CK_SESSION_HANDLE_PTR phSession
);
CK_RV CK_ENTRY C_CloseSession
(
CK_SESSION_HANDLE hSession
);
CK_RV CK_ENTRY C_CloseAllSessions
(
CK_SLOT_ID slotID
);
CK_RV CK_ENTRY C_GetSessionInfo
(
CK_SESSION_HANDLE hSession,
CK_SESSION_INFO_PTR pInfo
);
CK_RV CK_ENTRY C_GetOperationState
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pOperationState,
CK_ULONG_PTR pulOperationStateLen
);
CK_RV CK_ENTRY C_SetOperationState
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pOperationState,
CK_ULONG ulOperationStateLen,
CK_OBJECT_HANDLE hEncryptionKey,
CK_OBJECT_HANDLE hAuthenticationKey
);
CK_RV CK_ENTRY C_Login
(
CK_SESSION_HANDLE hSession,
CK_USER_TYPE userType,
CK_CHAR_PTR pPin,
CK_ULONG ulPinLen
);
CK_RV CK_ENTRY C_Logout
(
CK_SESSION_HANDLE hSession
);
CK_RV CK_ENTRY C_CreateObject
(
CK_SESSION_HANDLE hSession,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phObject
);
CK_RV CK_ENTRY C_CopyObject
(
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phNewObject
);
CK_RV CK_ENTRY C_DestroyObject
(
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject
);
CK_RV CK_ENTRY C_GetObjectSize
(
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ULONG_PTR pulSize
);
CK_RV CK_ENTRY C_GetAttributeValue
(
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount
);
CK_RV CK_ENTRY C_SetAttributeValue
(
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount
);
CK_RV CK_ENTRY C_FindObjectsInit
(
CK_SESSION_HANDLE hSession,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount
);
CK_RV CK_ENTRY C_FindObjects
(
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE_PTR phObject,
CK_ULONG ulMaxObjectCount,
CK_ULONG_PTR pulObjectCount
);
CK_RV CK_ENTRY C_FindObjectsFinal
(
CK_SESSION_HANDLE hSession
);
CK_RV CK_ENTRY C_EncryptInit
(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey
);
CK_RV CK_ENTRY C_Encrypt
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pEncryptedData,
CK_ULONG_PTR pulEncryptedDataLen
);
CK_RV CK_ENTRY C_EncryptUpdate
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen
);
CK_RV CK_ENTRY C_EncryptFinal
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pLastEncryptedPart,
CK_ULONG_PTR pulLastEncryptedPartLen
);
CK_RV CK_ENTRY C_DecryptInit
(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey
);
CK_RV CK_ENTRY C_Decrypt
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedData,
CK_ULONG ulEncryptedDataLen,
CK_BYTE_PTR pData,
CK_ULONG_PTR pulDataLen
);
CK_RV CK_ENTRY C_DecryptUpdate
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart,
CK_ULONG_PTR pulPartLen
);
CK_RV CK_ENTRY C_DecryptFinal
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pLastPart,
CK_ULONG_PTR pulLastPartLen
);
CK_RV CK_ENTRY C_DigestInit
(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism
);
CK_RV CK_ENTRY C_Digest
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pDigest,
CK_ULONG_PTR pulDigestLen
);
CK_RV CK_ENTRY C_DigestUpdate
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen
);
CK_RV CK_ENTRY C_DigestKey
(
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hKey
);
CK_RV CK_ENTRY C_DigestFinal
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pDigest,
CK_ULONG_PTR pulDigestLen
);
CK_RV CK_ENTRY C_SignInit
(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey
);
CK_RV CK_ENTRY C_Sign
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen
);
CK_RV CK_ENTRY C_SignUpdate
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen
);
CK_RV CK_ENTRY C_SignFinal
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen
);
CK_RV CK_ENTRY C_SignRecoverInit
(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey
);
CK_RV CK_ENTRY C_SignRecover
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen
);
CK_RV CK_ENTRY C_VerifyInit
(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey
);
CK_RV CK_ENTRY C_Verify
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pData,
CK_ULONG ulDataLen,
CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen
);
CK_RV CK_ENTRY C_VerifyUpdate
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen
);
CK_RV CK_ENTRY C_VerifyFinal
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen
);
CK_RV CK_ENTRY C_VerifyRecoverInit
(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey
);
CK_RV CK_ENTRY C_VerifyRecover
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSignature,
CK_ULONG ulSignatureLen,
CK_BYTE_PTR pData,
CK_ULONG_PTR pulDataLen
);
CK_RV CK_ENTRY C_DigestEncryptUpdate
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen
);
CK_RV CK_ENTRY C_DecryptDigestUpdate
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart,
CK_ULONG_PTR pulPartLen
);
CK_RV CK_ENTRY C_SignEncryptUpdate
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pPart,
CK_ULONG ulPartLen,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG_PTR pulEncryptedPartLen
);
CK_RV CK_ENTRY C_DecryptVerifyUpdate
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pEncryptedPart,
CK_ULONG ulEncryptedPartLen,
CK_BYTE_PTR pPart,
CK_ULONG_PTR pulPartLen
);
CK_RV CK_ENTRY C_GenerateKey
(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount,
CK_OBJECT_HANDLE_PTR phKey
);
CK_RV CK_ENTRY C_GenerateKeyPair
(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_ATTRIBUTE_PTR pPublicKeyTemplate,
CK_ULONG ulPublicKeyAttributeCount,
CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
CK_ULONG ulPrivateKeyAttributeCount,
CK_OBJECT_HANDLE_PTR phPublicKey,
CK_OBJECT_HANDLE_PTR phPrivateKey
);
CK_RV CK_ENTRY C_WrapKey
(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hWrappingKey,
CK_OBJECT_HANDLE hKey,
CK_BYTE_PTR pWrappedKey,
CK_ULONG_PTR pulWrappedKeyLen
);
CK_RV CK_ENTRY C_UnwrapKey
(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hUnwrappingKey,
CK_BYTE_PTR pWrappedKey,
CK_ULONG ulWrappedKeyLen,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_OBJECT_HANDLE_PTR phKey
);
CK_RV CK_ENTRY C_DeriveKey
(
CK_SESSION_HANDLE hSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hBaseKey,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulAttributeCount,
CK_OBJECT_HANDLE_PTR phKey
);
CK_RV CK_ENTRY C_SeedRandom
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR pSeed,
CK_ULONG ulSeedLen
);
CK_RV CK_ENTRY C_GenerateRandom
(
CK_SESSION_HANDLE hSession,
CK_BYTE_PTR RandomData,
CK_ULONG ulRandomLen
);
CK_RV CK_ENTRY C_GetFunctionStatus
(
CK_SESSION_HANDLE hSession
);
CK_RV CK_ENTRY C_CancelFunction
(
CK_SESSION_HANDLE hSession
);
CK_RV CK_ENTRY C_WaitForSlotEvent
(
CK_FLAGS flags,
CK_SLOT_ID_PTR pSlot,
CK_VOID_PTR pRserved
);
#endif /* NSSCKG_H */
#include "pkcs11.h"

1091
security/nss/lib/ckfw/nssckt.h
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

71
security/nss/lib/ckfw/nsscku.h
Просмотреть файл

@ -1,71 +0,0 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
/*
* This file is in part derived from a file "pkcs11t.h" made available
* by RSA Security at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/pkcs11t.h
*
* Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
* is granted provided that it is identified as "RSA Security Inc. Public-Key
* Cryptography Standards (PKCS)" in all material mentioning or referencing
* this document.
*/
#ifndef NSSCKU_H
#define NSSCKU_H
#ifdef DEBUG
static const char NSSCKU_CVS_ID[] = "@(#) $RCSfile: nsscku.h,v $ $Revision: 1.2 $ $Date: 2000/04/03 21:58:34 $ $Name: $";
#endif /* DEBUG */
#endif /* NSSCKU_H */
/*
* These platform-dependent packing rules are required by all PKCS#11
* modules, to be binary compatible. These rules have been placed in
* separate header files (nssckp.h to enable the packing, nsscku.h to
* disable) for consistancy. These files can be included many times,
* so the bodies should *NOT* be in the multiple-inclusion-preventing
* #ifndef/#endif area above.
*/
/*
* WIN32 is defined (when appropriate) in NSPR's prcpucfg.h.
*/
#ifdef WIN32
#pragma warning(disable:4103)
#pragma pack(pop, cryptoki)
#endif /* WIN32 */
/* End of nsscku.h */

8
security/nss/lib/cryptohi/seckey.c
Просмотреть файл

@ -860,7 +860,7 @@ seckey_ExtractPublicKey(CERTSubjectPublicKeyInfo *spki)
pubk->arena = arena;
pubk->pkcs11Slot = 0;
pubk->pkcs11ID = CK_INVALID_KEY;
pubk->pkcs11ID = CK_INVALID_HANDLE;
/* Convert bit string length from bits to bytes */
@ -1037,7 +1037,7 @@ SECKEY_CopyPrivateKey(SECKEYPrivateKey *privk)
if (privk->pkcs11IsTemp) {
copyk->pkcs11ID =
PK11_CopyKey(privk->pkcs11Slot,privk->pkcs11ID);
if (copyk->pkcs11ID == CK_INVALID_KEY) goto fail;
if (copyk->pkcs11ID == CK_INVALID_HANDLE) goto fail;
} else {
copyk->pkcs11ID = privk->pkcs11ID;
}
@ -1072,7 +1072,7 @@ SECKEY_CopyPublicKey(SECKEYPublicKey *pubk)
copyk->arena = arena;
copyk->keyType = pubk->keyType;
copyk->pkcs11Slot = NULL; /* go get own reference */
copyk->pkcs11ID = CK_INVALID_KEY;
copyk->pkcs11ID = CK_INVALID_HANDLE;
switch (pubk->keyType) {
case rsaKey:
rv = SECITEM_CopyItem(arena, &copyk->u.rsa.modulus,
@ -1201,7 +1201,7 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privk)
}
pubk->keyType = privk->keyType;
pubk->pkcs11Slot = NULL;
pubk->pkcs11ID = CK_INVALID_KEY;
pubk->pkcs11ID = CK_INVALID_HANDLE;
pubk->arena = arena;
/*

6
security/nss/lib/dev/ckhelper.h
Просмотреть файл

@ -41,16 +41,12 @@
#define CKHELPER_H
#ifdef DEBUG
static const char CKHELPER_CVS_ID[] = "@(#) $RCSfile: ckhelper.h,v $ $Revision: 1.9 $ $Date: 2001/11/05 17:18:47 $ $Name: $";
static const char CKHELPER_CVS_ID[] = "@(#) $RCSfile: ckhelper.h,v $ $Revision: 1.10 $ $Date: 2001/11/08 00:14:52 $ $Name: $";
#endif /* DEBUG */
#ifdef NSS_3_4_CODE
#include "pkcs11t.h"
#else
#ifndef NSSCKT_H
#include "nssckt.h"
#endif /* NSSCKT_H */
#endif /* NSS_3_4_CODE */
PR_BEGIN_EXTERN_C

6
security/nss/lib/dev/dev.h
Просмотреть файл

@ -35,20 +35,16 @@
#define DEV_H
#ifdef DEBUG
static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.11 $ $Date: 2001/10/19 18:10:58 $ $Name: $";
static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.12 $ $Date: 2001/11/08 00:14:52 $ $Name: $";
#endif /* DEBUG */
#ifndef DEVT_H
#include "devt.h"
#endif /* DEVT_H */
#ifdef NSS_3_4_CODE
#include "pkcs11t.h"
#else
#ifndef NSSCKT_H
#include "nssckt.h"
#endif /* NSSCKT_H */
#endif /* NSS_3_4_CODE */
#ifndef NSSPKIT_H
#include "nsspkit.h"

6
security/nss/lib/dev/devm.h
Просмотреть файл

@ -35,20 +35,16 @@
#define DEVM_H
#ifdef DEBUG
static const char DEVM_CVS_ID[] = "@(#) $RCSfile: devm.h,v $ $Revision: 1.3 $ $Date: 2001/10/11 16:33:38 $ $Name: $";
static const char DEVM_CVS_ID[] = "@(#) $RCSfile: devm.h,v $ $Revision: 1.4 $ $Date: 2001/11/08 00:14:52 $ $Name: $";
#endif /* DEBUG */
#ifndef DEVT_H
#include "devt.h"
#endif /* DEVT_H */
#ifdef NSS_3_4_CODE
#include "pkcs11t.h"
#else
#ifndef NSSCKT_H
#include "nssckt.h"
#endif /* NSSCKT_H */
#endif /* NSS_3_4_CODE */
#ifndef BASE_H
#include "base.h"

10
security/nss/lib/dev/module.c → security/nss/lib/dev/devmod.c
Просмотреть файл

@ -32,9 +32,11 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: module.c,v $ $Revision: 1.5 $ $Date: 2001/10/08 20:19:30 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: devmod.c,v $ $Revision: 1.1 $ $Date: 2001/11/08 00:14:52 $ $Name: $";
#endif /* DEBUG */
#include "nspr.h"
#ifndef DEV_H
#include "dev.h"
#endif /* DEV_H */
@ -43,13 +45,9 @@ static const char CVS_ID[] = "@(#) $RCSfile: module.c,v $ $Revision: 1.5 $ $Date
#include "devm.h"
#endif /* DEVM_H */
#ifdef NSS_3_4_CODE
#include "pkcs11.h"
#else
#ifndef NSSCKEPV_H
#include "nssckepv.h"
#endif /* NSSCKEPV_H */
#endif /* NSS_3_4_CODE */
#ifndef CKHELPER_H
#include "ckhelper.h"
@ -252,7 +250,7 @@ nssModule_Load
CK_C_GetFunctionList ep;
CK_RV ckrv;
/* Use NSPR to load the library */
library = PR_LoadLibrary(mod->libraryPath);
library = PR_LoadLibrary((char *)mod->libraryPath);
if (!library) {
/* what's the error to set? */
return PR_FAILURE;

2
security/nss/lib/dev/slot.c → security/nss/lib/dev/devslot.c
Просмотреть файл

@ -32,7 +32,7 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: slot.c,v $ $Revision: 1.10 $ $Date: 2001/11/05 17:18:48 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: devslot.c,v $ $Revision: 1.1 $ $Date: 2001/11/08 00:14:53 $ $Name: $";
#endif /* DEBUG */
#ifndef DEV_H

9
security/nss/lib/dev/devt.h
Просмотреть файл

@ -35,7 +35,7 @@
#define DEVT_H
#ifdef DEBUG
static const char DEVT_CVS_ID[] = "@(#) $RCSfile: devt.h,v $ $Revision: 1.5 $ $Date: 2001/10/11 16:33:38 $ $Name: $";
static const char DEVT_CVS_ID[] = "@(#) $RCSfile: devt.h,v $ $Revision: 1.6 $ $Date: 2001/11/08 00:14:53 $ $Name: $";
#endif /* DEBUG */
/*
@ -56,13 +56,12 @@ static const char DEVT_CVS_ID[] = "@(#) $RCSfile: devt.h,v $ $Revision: 1.5 $ $D
#include "nssdevt.h"
#endif /* NSSDEVT_H */
#ifdef NSS_3_4_CODE
#include "pkcs11t.h"
#include "secmodt.h"
#else
#ifndef NSSCKT_H
#include "nssckt.h"
#endif /* NSSCKT_H */
#ifdef NSS_3_4_CODE
#include "secmodt.h"
#endif /* NSS_3_4_CODE */
PR_BEGIN_EXTERN_C

51
security/nss/lib/dev/token.c → security/nss/lib/dev/devtoken.c
Просмотреть файл

@ -32,7 +32,7 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: token.c,v $ $Revision: 1.14 $ $Date: 2001/11/07 16:15:29 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: devtoken.c,v $ $Revision: 1.1 $ $Date: 2001/11/08 00:14:53 $ $Name: $";
#endif /* DEBUG */
#ifndef DEV_H
@ -48,13 +48,9 @@ static const char CVS_ID[] = "@(#) $RCSfile: token.c,v $ $Revision: 1.14 $ $Date
#include "pki.h"
#endif /* PKI_H */
#ifdef NSS_3_4_CODE
#include "pkcs11.h"
#else
#ifndef NSSCKEPV_H
#include "nssckepv.h"
#endif /* NSSCKEPV_H */
#endif /* NSS_3_4_CODE */
#ifndef NSSPKI_H
#include "nsspki.h"
@ -219,25 +215,30 @@ nssToken_DeleteStoredObject
CK_OBJECT_HANDLE object
)
{
nssSession *session;
nssSession *session = NULL;
CK_RV ckrv;
PRStatus nssrv;
PRBool createdSession;
if (nssCKObject_IsAttributeTrue(object, CKA_TOKEN, tok->defaultSession,
tok->slot, &nssrv)) {
if (sessionOpt) {
if (!nssSession_IsReadWrite(sessionOpt)) {
return PR_FAILURE;;
} else {
session = sessionOpt;
}
} else if (nssSession_IsReadWrite(tok->defaultSession)) {
session = tok->defaultSession;
} else {
session = nssSlot_CreateSession(tok->slot, NULL, PR_TRUE);
createdSession = PR_TRUE;
}
tok->slot, &nssrv)) {
if (sessionOpt) {
if (!nssSession_IsReadWrite(sessionOpt)) {
return PR_FAILURE;;
} else {
session = sessionOpt;
}
} else if (nssSession_IsReadWrite(tok->defaultSession)) {
session = tok->defaultSession;
} else {
session = nssSlot_CreateSession(tok->slot, NULL, PR_TRUE);
createdSession = PR_TRUE;
}
}
if (session == NULL) {
return PR_FAILURE;
}
nssSession_EnterMonitor(session);
ckrv = CKAPI(tok->slot)->C_DestroyObject(session->handle, object);
nssSession_ExitMonitor(session);
@ -259,10 +260,11 @@ nssToken_ImportObject
CK_ULONG otsize
)
{
nssSession *session;
nssSession *session = NULL;
PRBool createdSession = PR_FALSE;
CK_OBJECT_HANDLE object;
CK_RV ckrv;
if (nssCKObject_IsTokenObjectTemplate(objectTemplate, otsize)) {
if (sessionOpt) {
if (!nssSession_IsReadWrite(sessionOpt)) {
@ -277,6 +279,9 @@ nssToken_ImportObject
createdSession = PR_TRUE;
}
}
if (session == NULL) {
return PR_FAILURE;
}
nssSession_EnterMonitor(session);
ckrv = CKAPI(tok->slot)->C_CreateObject(session->handle,
objectTemplate, otsize,
@ -311,17 +316,17 @@ nssToken_FindObjectByTemplate
ckrv = CKAPI(tok)->C_FindObjectsInit(hSession, cktemplate, ctsize);
if (ckrv != CKR_OK) {
nssSession_ExitMonitor(session);
return CK_INVALID_KEY;
return CK_INVALID_HANDLE;
}
ckrv = CKAPI(tok)->C_FindObjects(hSession, &rvObject, 1, &count);
if (ckrv != CKR_OK) {
nssSession_ExitMonitor(session);
return CK_INVALID_KEY;
return CK_INVALID_HANDLE;
}
ckrv = CKAPI(tok)->C_FindObjectsFinal(hSession);
nssSession_ExitMonitor(session);
if (ckrv != CKR_OK) {
return CK_INVALID_KEY;
return CK_INVALID_HANDLE;
}
return rvObject;
}

2
security/nss/lib/dev/util.c → security/nss/lib/dev/devutil.c
Просмотреть файл

@ -32,7 +32,7 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: util.c,v $ $Revision: 1.1 $ $Date: 2001/09/13 22:06:10 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: devutil.c,v $ $Revision: 1.1 $ $Date: 2001/11/08 00:14:53 $ $Name: $";
#endif /* DEBUG */
#ifndef DEVM_H

12
security/nss/lib/dev/manifest.mn
Просмотреть файл

@ -30,7 +30,7 @@
# may use your version of this file under either the MPL or the
# GPL.
#
MANIFEST_CVS_ID = "@(#) $RCSfile: manifest.mn,v $ $Revision: 1.2 $ $Date: 2001/10/11 16:33:38 $ $Name: $"
MANIFEST_CVS_ID = "@(#) $RCSfile: manifest.mn,v $ $Revision: 1.3 $ $Date: 2001/11/08 00:14:53 $ $Name: $"
CORE_DEPTH = ../../..
@ -47,17 +47,15 @@ EXPORTS = \
MODULE = security
CSRCS = \
module.c \
slot.c \
token.c \
util.c \
devmod.c \
devslot.c \
devtoken.c \
devutil.c \
ckhelper.c \
$(NULL)
# here is where the 3.4 glue code is added
ifndef PURE_STAN_BUILD
CSRCS += nss3hack.c
PRIVATE_EXPORTS += devnss3hack.h
DEFINES = -DNSS_3_4_CODE
endif

11
security/nss/lib/dev/nssdevt.h
Просмотреть файл

@ -35,7 +35,7 @@
#define NSSDEVT_H
#ifdef DEBUG
static const char NSSDEVT_CVS_ID[] = "@(#) $RCSfile: nssdevt.h,v $ $Revision: 1.1 $ $Date: 2001/10/11 16:43:06 $ $Name: $";
static const char NSSDEVT_CVS_ID[] = "@(#) $RCSfile: nssdevt.h,v $ $Revision: 1.2 $ $Date: 2001/11/08 00:14:54 $ $Name: $";
#endif /* DEBUG */
/*
@ -52,15 +52,6 @@ static const char NSSDEVT_CVS_ID[] = "@(#) $RCSfile: nssdevt.h,v $ $Revision: 1.
#include "nsspkit.h"
#endif /* NSSPKIT_H */
#ifdef NSS_3_4_CODE
#include "pkcs11t.h"
#include "secmodt.h"
#else
#ifndef NSSCKT_H
#include "nssckt.h"
#endif /* NSSCKT_H */
#endif /* NSS_3_4_CODE */
PR_BEGIN_EXTERN_C
/*

4
security/nss/lib/fortcrypt/swfort/pkcs11/Makefile
Просмотреть файл

@ -55,7 +55,7 @@ endif
# $(DIST)/lib/$(NSPR31_LIB_PREFIX)nspr4.lib
EXTRA_LIBS = \
$(DIST)/lib/swfci.lib \
$(DIST)/lib/softoken.lib \
$(DIST)/lib/softokn.lib \
$(CRYPTO_LIB) \
$(DIST)/lib/secutil.lib \
$(DIST)/lib/$(NSPR31_LIB_PREFIX)plc4_s.lib \
@ -89,7 +89,7 @@ endif
EXTRA_LIBS += \
$(DIST)/lib/libswfci.$(LIB_SUFFIX) \
$(DIST)/lib/libsoftoken.$(LIB_SUFFIX) \
$(DIST)/lib/libsoftokn.$(LIB_SUFFIX) \
$(CRYPTO_LIB) \
$(DIST)/lib/libsecutil.$(LIB_SUFFIX) \
$(PLC_STATIC_LIB) \

7
security/nss/lib/jar/jarevil.c
Просмотреть файл

@ -394,7 +394,7 @@ struct EVIL_certkey
int error;
CERTCertificate *cert;
CERTCertDBHandle *certdb;
SECItem *seckey;
CERTIssuerAndSN *seckey;
};
@ -407,7 +407,7 @@ PR_STATIC_CALLBACK(void) jar_moz_certkey_fn (void *data)
PORT_SetError (certkey_data->error);
cert = CERT_FindCertByKey (certkey_data->certdb, certkey_data->seckey);
cert=CERT_FindCertByIssuerAndSN(certkey_data->certdb, certkey_data->seckey);
certkey_data->cert = cert;
certkey_data->error = PORT_GetError();
@ -416,7 +416,8 @@ PR_STATIC_CALLBACK(void) jar_moz_certkey_fn (void *data)
/* Wrapper for the ET_MOZ call */
CERTCertificate *jar_moz_certkey (CERTCertDBHandle *certdb, SECItem *seckey)
CERTCertificate *jar_moz_certkey (CERTCertDBHandle *certdb,
CERTIssuerAndSN *seckey)
{
CERTCertificate *cert;
ALLOC_OR_DEFINE(struct EVIL_certkey, certkey_data, NULL);

2
security/nss/lib/jar/jarevil.h
Просмотреть файл

@ -68,7 +68,7 @@ extern SECStatus jar_moz_perm
(CERTCertificate *cert, char *nickname, CERTCertTrust *trust);
extern CERTCertificate *jar_moz_certkey
(CERTCertDBHandle *certdb, SECItem *seckey);
(CERTCertDBHandle *certdb, CERTIssuerAndSN *seckey);
extern CERTCertificate *jar_moz_issuer (CERTCertificate *cert);

2
security/nss/lib/jar/jarint.h
Просмотреть файл

@ -36,7 +36,7 @@
#include "nspr.h"
/* definitely required */
#include "certdb.h"
/*#include "certdb.h" */
#include "key.h"
#include "base64.h"

46
security/nss/lib/jar/jarver.c
Просмотреть файл

@ -45,7 +45,7 @@
#ifdef USE_MOZ_THREAD
#include "jarevil.h"
#endif
#include "cdbhdl.h"
/*#include "cdbhdl.h" */
#include "secder.h"
/* to use huge pointers in win16 */
@ -74,11 +74,12 @@ extern SECStatus SEC_AddTempNickname
(CERTCertDBHandle *handle, char *nickname, SECItem *certKey);
/* from certdb.h */
typedef SECStatus (* PermCertCallback)(CERTCertificate *cert, SECItem *k, void *pdata);
#endif
/* from certdb.h */
SECStatus SEC_TraversePermCerts
(CERTCertDBHandle *handle, PermCertCallback certfunc, void *udata);
#endif
#define SZ 512
@ -856,6 +857,7 @@ static int jar_add_cert
(JAR *jar, JAR_Signer *signer, int type, CERTCertificate *cert)
{
JAR_Cert *fing;
unsigned char *keyData;
if (cert == NULL)
return JAR_ERR_ORDER;
@ -873,14 +875,18 @@ static int jar_add_cert
/* get the certkey */
fing->length = cert->certKey.len;
fing->length = cert->derIssuer.len + 2 + cert->serialNumber.len;
fing->key = (char *) PORT_ZAlloc (fing->length);
keyData = (unsigned char *) PORT_ZAlloc (fing->length);
fing->key = keyData;
if (fing->key == NULL)
goto loser;
PORT_Memcpy (fing->key, cert->certKey.data, fing->length);
keyData[0] = ((cert->derIssuer.len) >> 8) & 0xff;
keyData[1] = ((cert->derIssuer.len) & 0xff);
PORT_Memcpy (&keyData[2], cert->derIssuer.data, cert->derIssuer.len);
PORT_Memcpy (&keyData[2+cert->derIssuer.len], cert->serialNumber.data,
cert->serialNumber.len);
ADDITEM (signer->certs, type,
/* pathname */ NULL, fing, sizeof (JAR_Cert));
@ -1518,7 +1524,7 @@ extern int PR_CALLBACK JAR_stash_cert
void *JAR_fetch_cert (long length, void *key)
{
SECItem seckey;
CERTIssuerAndSN issuerSN;
CERTCertificate *cert = NULL;
CERTCertDBHandle *certdb;
@ -1527,13 +1533,16 @@ void *JAR_fetch_cert (long length, void *key)
if (certdb)
{
seckey.len = length;
seckey.data = (unsigned char*)key;
unsigned char *keyData = (unsigned char *)key;
issuerSN.derIssuer.len = (keyData[0] << 8) + keyData[0];
issuerSN.derIssuer.data = &keyData[2];
issuerSN.serialNumber.len = length - (2 + issuerSN.derIssuer.len);
issuerSN.serialNumber.data = &keyData[2+issuerSN.derIssuer.len];
#ifdef USE_MOZ_THREAD
cert = jar_moz_certkey (certdb, &seckey);
cert = jar_moz_certkey (certdb, &issuerSN);
#else
cert = CERT_FindCertByKey (certdb, &seckey);
cert = CERT_FindCertByIssuerAndSN (certdb, &issuerSN);
#endif
JAR_close_database (certdb);
@ -1816,21 +1825,8 @@ CERTCertDBHandle *JAR_open_database (void)
int keepcerts = 0;
CERTCertDBHandle *certdb;
/* local_certdb will only be used if calling from a command line tool */
static CERTCertDBHandle local_certdb;
certdb = CERT_GetDefaultCertDB();
if (certdb == NULL)
{
if (CERT_OpenCertDBFilename (&local_certdb, NULL, (PRBool)!keepcerts) !=
SECSuccess)
{
return NULL;
}
certdb = &local_certdb;
}
return certdb;
}
@ -1844,6 +1840,7 @@ CERTCertDBHandle *JAR_open_database (void)
int JAR_close_database (CERTCertDBHandle *certdb)
{
#ifdef notdef
CERTCertDBHandle *defaultdb;
/* This really just retrieves the handle, nothing more */
@ -1854,6 +1851,7 @@ int JAR_close_database (CERTCertDBHandle *certdb)
if (defaultdb == NULL && certdb != NULL)
CERT_ClosePermCertDB (certdb);
#endif
return 0;
}

40
security/nss/lib/manifest.mn
Просмотреть файл

@ -33,29 +33,25 @@
CORE_DEPTH = ../..
DEPTH = ../..
DIRS = \
base \
asn1 \
dev \
pki \
pki1 \
crmf \
jar \
certhigh \
pk11wrap \
cryptohi \
softoken \
certdb \
crypto \
util \
freebl \
nss \
pkcs12 \
fortcrypt \
pkcs7 \
smime \
ssl \
#
# organized by DLL
#
# softoken and prereqs.
# stan (not a separate dll yet)
# nss base (traditional)
# ssl
# smime
# ckfw (builtins module)
# crmf jar (not dll's)
# fortcrypt
DIRS = util freebl softoken \
base asn1 dev pki pki1 \
certdb certhigh pk11wrap cryptohi crypto nss \
ssl \
pkcs12 pkcs7 smime \
crmf jar \
ckfw \
fortcrypt \
$(NULL)
# NSS 4.0 build - pure stan libraries

89
security/nss/lib/nss/config.mk
Просмотреть файл

@ -48,25 +48,15 @@ ifeq ($(OS_ARCH), WINNT)
SHARED_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION).dll
IMPORT_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION).lib
DLLFLAGS += -DEF:nss.def
RES = $(OBJDIR)/nss.res
RESNAME = nss.rc
RES = $(OBJDIR)/$(LIBRARY_NAME).res
RESNAME = $(LIBRARY_NAME).rc
# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
CRYPTOLIB=$(DIST)/lib/freebl.lib
CRYPTODIR=../freebl
ifdef MOZILLA_SECURITY_BUILD
CRYPTOLIB=$(DIST)/lib/crypto.lib
CRYPTODIR=../crypto
endif
SHARED_LIBRARY_LIBS = \
$(DIST)/lib/certhi.lib \
$(DIST)/lib/cryptohi.lib \
$(DIST)/lib/pk11wrap.lib \
$(DIST)/lib/certdb.lib \
$(DIST)/lib/softoken.lib \
$(CRYPTOLIB) \
$(DIST)/lib/secutil.lib \
$(DIST)/lib/nsspki.lib \
$(DIST)/lib/nssdev.lib \
@ -78,67 +68,37 @@ SHARED_LIBRARY_DIRS = \
../cryptohi \
../pk11wrap \
../certdb \
../softoken \
$(CRYPTODIR) \
../util \
../pki \
../dev \
../base \
$(NULL)
EXTRA_LIBS += \
$(DIST)/lib/dbm.lib \
$(NULL)
ifdef MOZILLA_BSAFE_BUILD
EXTRA_LIBS+=$(DIST)/lib/bsafe$(BSAFEVER).lib
endif
EXTRA_SHARED_LIBS += \
$(DIST)/lib/softokn3.lib \
$(DIST)/lib/$(NSPR31_LIB_PREFIX)plc4.lib \
$(DIST)/lib/$(NSPR31_LIB_PREFIX)plds4.lib \
$(DIST)/lib/$(NSPR31_LIB_PREFIX)nspr4.lib \
$(NULL)
# $(PROGRAM) has NO explicit dependencies on $(OS_LIBS)
#OS_LIBS += \
# wsock32.lib \
# winmm.lib \
# $(NULL)
else
# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
CRYPTOLIB=$(DIST)/lib/libfreebl.$(LIB_SUFFIX)
CRYPTODIR=../freebl
ifdef MOZILLA_SECURITY_BUILD
CRYPTOLIB=$(DIST)/lib/libcrypto.$(LIB_SUFFIX)
CRYPTODIR=../crypto
endif
SHARED_LIBRARY_LIBS = \
$(DIST)/lib/libcerthi.$(LIB_SUFFIX) \
$(DIST)/lib/libpk11wrap.$(LIB_SUFFIX) \
$(DIST)/lib/libcryptohi.$(LIB_SUFFIX) \
$(DIST)/lib/libsoftoken.$(LIB_SUFFIX) \
$(DIST)/lib/libcertdb.$(LIB_SUFFIX) \
$(CRYPTOLIB) \
$(DIST)/lib/libsecutil.$(LIB_SUFFIX) \
$(DIST)/lib/libnsspki.$(LIB_SUFFIX) \
$(DIST)/lib/libnssdev.$(LIB_SUFFIX) \
$(DIST)/lib/libnssb.$(LIB_SUFFIX) \
$(NULL)
EXTRA_LIBS += \
$(DIST)/lib/libdbm.$(LIB_SUFFIX) \
$(NULL)
ifdef MOZILLA_BSAFE_BUILD
EXTRA_LIBS+=$(DIST)/lib/libbsafe.$(LIB_SUFFIX)
endif
SHARED_LIBRARY_DIRS = \
../certhigh \
../pk11wrap \
../cryptohi \
../softoken \
../certdb \
$(CRYPTODIR) \
../util \
../pki \
../dev \
@ -149,49 +109,10 @@ SHARED_LIBRARY_DIRS = \
# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
EXTRA_SHARED_LIBS += \
-L$(DIST)/lib/ \
-lsoftokn3 \
-lplc4 \
-lplds4 \
-lnspr4 \
$(NULL)
endif
ifeq ($(OS_ARCH),SunOS)
MAPFILE = $(OBJDIR)/nssmap.sun
ALL_TRASH += $(MAPFILE)
MKSHLIB += -M $(MAPFILE)
ifndef USE_64
ifeq ($(CPU_ARCH),sparc)
# The -R '$ORIGIN' linker option instructs libnss3.so to search for its
# dependencies (libfreebl_*.so) in the same directory where it resides.
MKSHLIB += -R '$$ORIGIN'
endif
endif
endif
ifeq ($(OS_ARCH),AIX)
MAPFILE = $(OBJDIR)/nssmap.aix
ALL_TRASH += $(MAPFILE)
EXPORT_RULES = -bexport:$(MAPFILE)
endif
ifeq ($(OS_ARCH),HP-UX)
MAPFILE = $(OBJDIR)/nssmap.hp
ALL_TRASH += $(MAPFILE)
MKSHLIB += -c $(MAPFILE)
endif
ifeq ($(OS_ARCH), OSF1)
MAPFILE = $(OBJDIR)/nssmap.osf
ALL_TRASH += $(MAPFILE)
MKSHLIB += -hidden -input $(MAPFILE)
endif
ifeq ($(OS_ARCH),Linux)
MAPFILE = $(OBJDIR)/nssmap.linux
ALL_TRASH += $(MAPFILE)
MKSHLIB += -Wl,--version-script,$(MAPFILE)
endif

2
security/nss/lib/nss/manifest.mn
Просмотреть файл

@ -49,5 +49,7 @@ CSRCS = \
REQUIRES = security dbm
MAPFILE = $(OBJDIR)/nss.def
LIBRARY_NAME = nss
LIBRARY_VERSION = 3

1
security/nss/lib/nss/nss.def
Просмотреть файл

@ -564,6 +564,7 @@ SECMOD_LoadModule;
SECMOD_GetModuleSpecList;
SECMOD_FreeModuleSpecList;
SECMOD_UpdateModule;
PK11_RawPBEKeyGen;
;+ local:
;+ *;
;+};

6
security/nss/lib/nss/nssinit.c
Просмотреть файл

@ -32,7 +32,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
# $Id: nssinit.c,v 1.25 2001/10/11 16:31:29 ian.mcgreer%sun.com Exp $
# $Id: nssinit.c,v 1.26 2001/11/08 00:15:03 relyea%netscape.com Exp $
*/
#include <ctype.h>
@ -50,7 +50,7 @@
#include "secrng.h"
#include "pk11func.h"
#include "pkinss3hack.h"
#include "pki3hack.h"
#define NSS_MAX_FLAG_SIZE sizeof("readOnly")+sizeof("noCertDB")+ \
sizeof("noModDB")+sizeof("forceOpen")+sizeof("passwordRequired")
@ -241,6 +241,8 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix,
}
STAN_LoadDefaultNSS3TrustDomain();
CERT_SetDefaultCertDB((CERTCertDBHandle *)
STAN_GetDefaultTrustDomain());
return rv;
}

429
security/nss/lib/nss/nsssym.c
Просмотреть файл

@ -1,429 +0,0 @@
#define INC_SSL 1
#define INC_SMIME 1
#ifdef INC_SSL
extern int nss_InitLock;
extern void ATOB_AsciiToData();
extern void BTOA_DataToAscii();
extern void CERT_CertChainFromCert();
extern void CERT_CheckCertValidTimes();
extern void CERT_DestroyCertificate();
extern void CERT_DestroyCertificateList();
extern void CERT_DupCertList();
extern void CERT_DupCertificate();
extern void CERT_ExtractPublicKey();
extern void CERT_FindCertByName();
extern void CERT_FreeNicknames();
extern void CERT_GetCertNicknames();
extern void CERT_GetDefaultCertDB();
extern void CERT_GetSSLCACerts();
extern void CERT_NameToAscii();
extern void CERT_NewTempCertificate();
extern void CERT_VerifyCertName();
extern void CERT_VerifyCertNow();
extern void DER_Lengths();
extern void DSAU_DecodeDerSig();
extern void DSAU_EncodeDerSig();
extern void NSSRWLock_Destroy();
extern void NSSRWLock_HaveWriteLock();
extern void NSSRWLock_LockRead();
extern void NSSRWLock_LockWrite();
extern void NSSRWLock_New();
extern void NSSRWLock_UnlockRead();
extern void NSSRWLock_UnlockWrite();
extern void NSS_PutEnv();
extern void PK11_CipherOp();
extern void PK11_CloneContext();
extern void PK11_CreateContextByRawKey();
extern void PK11_CreateContextBySymKey();
extern void PK11_CreateDigestContext();
extern void PK11_Derive();
extern void PK11_DeriveWithFlags();
extern void PK11_DestroyContext();
extern void PK11_DigestBegin();
extern void PK11_DigestFinal();
extern void PK11_DigestKey();
extern void PK11_DigestOp();
extern void PK11_FindBestKEAMatch();
extern void PK11_FindCertFromNickname();
extern void PK11_FindFixedKey();
extern void PK11_FindKeyByAnyCert();
extern void PK11_FreeSlot();
extern void PK11_FreeSymKey();
extern void PK11_GenerateFortezzaIV();
extern void PK11_GenerateRandom();
extern void PK11_GetBestKeyLength();
extern void PK11_GetBestSlot();
extern void PK11_GetBestSlotMultiple();
extern void PK11_GetBestWrapMechanism();
extern void PK11_GetCurrentWrapIndex();
extern void PK11_GetInternalSlot();
extern void PK11_GetKeyData();
extern void PK11_GetMechanism();
extern void PK11_GetModuleID();
extern void PK11_GetPrivateModulusLen();
extern void PK11_GetSlotFromKey();
extern void PK11_GetSlotFromPrivateKey();
extern void PK11_GetSlotID();
extern void PK11_GetSlotSeries();
extern void PK11_GetTokenInfo();
extern void PK11_GetWindow();
extern void PK11_GetWrapKey();
extern void PK11_IVFromParam();
extern void PK11_IsPresent();
extern void PK11_KeyGen();
extern void PK11_MakeKEAPubKey();
extern void PK11_ParamFromIV();
extern void PK11_PubDecryptRaw();
extern void PK11_PubDerive();
extern void PK11_PubEncryptRaw();
extern void PK11_PubUnwrapSymKey();
extern void PK11_PubWrapSymKey();
extern void PK11_ReferenceSymKey();
extern void PK11_RestoreContext();
extern void PK11_SaveContext();
extern void PK11_SetFortezzaHack();
extern void PK11_SetWrapKey();
extern void PK11_Sign();
extern void PK11_SignatureLen();
extern void PK11_SymKeyFromHandle();
extern void PK11_TokenExists();
extern void PK11_UnwrapSymKey();
extern void PK11_UnwrapSymKeyWithFlags();
extern void PK11_Verify();
extern void PK11_VerifyKeyOK();
extern void PK11_WrapSymKey();
extern void PORT_Alloc();
extern void PORT_ArenaAlloc();
extern void PORT_ArenaZAlloc();
extern void PORT_Free();
extern void PORT_FreeArena();
extern void PORT_GetError();
extern void PORT_NewArena();
extern void PORT_Realloc();
extern void PORT_SetError();
extern void PORT_ZAlloc();
extern void PORT_ZFree();
extern void RSA_FormatBlock();
extern void SECITEM_CompareItem();
extern void SECITEM_CopyItem();
extern void SECITEM_FreeItem();
extern void SECITEM_ZfreeItem();
extern void SECKEY_CopyPrivateKey();
extern void SECKEY_CreateRSAPrivateKey();
extern void SECKEY_DestroyPrivateKey();
extern void SECKEY_DestroyPublicKey();
extern void SECKEY_PublicKeyStrength();
extern void SECKEY_UpdateCertPQG();
extern void SECMOD_LookupSlot();
extern void SECOID_GetAlgorithmTag();
extern void SGN_Begin();
extern void SGN_DestroyContext();
extern void SGN_End();
extern void SGN_NewContext();
extern void SGN_Update();
extern void VFY_Begin();
extern void VFY_CreateContext();
extern void VFY_DestroyContext();
extern void VFY_End();
extern void VFY_Update();
void
nss_referenceNSSFunctionsForSSL() {
int tmp2 = nss_InitLock;
ATOB_AsciiToData();
BTOA_DataToAscii();
CERT_CertChainFromCert();
CERT_CheckCertValidTimes();
CERT_DestroyCertificate();
CERT_DestroyCertificateList();
CERT_DupCertList();
CERT_DupCertificate();
CERT_ExtractPublicKey();
CERT_FindCertByName();
CERT_FreeNicknames();
CERT_GetCertNicknames();
CERT_GetDefaultCertDB();
CERT_GetSSLCACerts();
CERT_NameToAscii();
CERT_NewTempCertificate();
CERT_VerifyCertName();
CERT_VerifyCertNow();
DER_Lengths();
DSAU_DecodeDerSig();
DSAU_EncodeDerSig();
NSSRWLock_Destroy();
NSSRWLock_HaveWriteLock();
NSSRWLock_LockRead();
NSSRWLock_LockWrite();
NSSRWLock_New();
NSSRWLock_UnlockRead();
NSSRWLock_UnlockWrite();
NSS_PutEnv();
PK11_CipherOp();
PK11_CloneContext();
PK11_CreateContextByRawKey();
PK11_CreateContextBySymKey();
PK11_CreateDigestContext();
PK11_Derive();
PK11_DeriveWithFlags();
PK11_DestroyContext();
PK11_DigestBegin();
PK11_DigestFinal();
PK11_DigestKey();
PK11_DigestOp();
PK11_FindBestKEAMatch();
PK11_FindCertFromNickname();
PK11_FindFixedKey();
PK11_FindKeyByAnyCert();
PK11_FreeSlot();
PK11_FreeSymKey();
PK11_GenerateFortezzaIV();
PK11_GenerateRandom();
PK11_GetBestKeyLength();
PK11_GetBestSlot();
PK11_GetBestSlotMultiple();
PK11_GetBestWrapMechanism();
PK11_GetCurrentWrapIndex();
PK11_GetInternalSlot();
PK11_GetKeyData();
PK11_GetMechanism();
PK11_GetModuleID();
PK11_GetPrivateModulusLen();
PK11_GetSlotFromKey();
PK11_GetSlotFromPrivateKey();
PK11_GetSlotID();
PK11_GetSlotSeries();
PK11_GetTokenInfo();
PK11_GetWindow();
PK11_GetWrapKey();
PK11_IVFromParam();
PK11_IsPresent();
PK11_KeyGen();
PK11_MakeKEAPubKey();
PK11_ParamFromIV();
PK11_PubDecryptRaw();
PK11_PubDerive();
PK11_PubEncryptRaw();
PK11_PubUnwrapSymKey();
PK11_PubWrapSymKey();
PK11_ReferenceSymKey();
PK11_RestoreContext();
PK11_SaveContext();
PK11_SetFortezzaHack();
PK11_SetWrapKey();
PK11_Sign();
PK11_SignatureLen();
PK11_SymKeyFromHandle();
PK11_TokenExists();
PK11_UnwrapSymKey();
PK11_UnwrapSymKeyWithFlags();
PK11_Verify();
PK11_VerifyKeyOK();
PK11_WrapSymKey();
PORT_Alloc();
PORT_ArenaAlloc();
PORT_ArenaZAlloc();
PORT_Free();
PORT_FreeArena();
PORT_GetError();
PORT_NewArena();
PORT_Realloc();
PORT_SetError();
PORT_ZAlloc();
PORT_ZFree();
RSA_FormatBlock();
SECITEM_CompareItem();
SECITEM_CopyItem();
SECITEM_FreeItem();
SECITEM_ZfreeItem();
SECKEY_CopyPrivateKey();
SECKEY_CreateRSAPrivateKey();
SECKEY_DestroyPrivateKey();
SECKEY_DestroyPublicKey();
SECKEY_PublicKeyStrength();
SECKEY_UpdateCertPQG();
SECMOD_LookupSlot();
SECOID_GetAlgorithmTag();
SGN_Begin();
SGN_DestroyContext();
SGN_End();
SGN_NewContext();
SGN_Update();
VFY_Begin();
VFY_CreateContext();
VFY_DestroyContext();
VFY_End();
VFY_Update();
}
#endif
#ifdef INC_SMIME
extern int CERT_IssuerAndSNTemplate;
extern int CERT_SetOfSignedCrlTemplate;
extern int SEC_PointerToAnyTemplate;
extern int SEC_PointerToOctetStringTemplate;
extern int SEC_SetOfAnyTemplate;
extern void CERT_CertListFromCert();
extern void CERT_DestroyCertArray();
extern void CERT_FindSMimeProfile();
extern void CERT_GetCertIssuerAndSN();
extern void CERT_ImportCerts();
extern void CERT_OpenCertDBFilename();
extern void CERT_SaveSMimeProfile();
extern void CERT_VerifyCert();
extern void DER_TimeToUTCTime();
extern void PK11_CreatePBEAlgorithmID();
extern void PK11_FindCertAndKeyByRecipientList();
extern void PK11_FindCertAndKeyByRecipientListNew();
extern void PK11_FortezzaHasKEA();
extern void PK11_FortezzaMapSig();
extern void PK11_GenerateNewParam();
extern void PK11_GetKeyStrength();
extern void PK11_IsHW();
extern void PK11_PBEKeyGen();
extern void PK11_ParamToAlgid();
extern void PK11_SetPasswordFunc();
extern void SEC_ASN1DecodeInteger();
extern void SEC_ASN1DecoderClearFilterProc();
extern void SEC_ASN1DecoderClearNotifyProc();
extern void SEC_ASN1DecoderFinish();
extern void SEC_ASN1DecoderSetFilterProc();
extern void SEC_ASN1DecoderSetNotifyProc();
extern void SEC_ASN1DecoderStart();
extern void SEC_ASN1DecoderUpdate();
extern void SEC_ASN1EncoderClearNotifyProc();
extern void SEC_ASN1EncoderClearStreaming();
extern void SEC_ASN1EncoderClearTakeFromBuf();
extern void SEC_ASN1EncoderFinish();
extern void SEC_ASN1EncoderSetNotifyProc();
extern void SEC_ASN1EncoderSetStreaming();
extern void SEC_ASN1EncoderSetTakeFromBuf();
extern void SEC_ASN1EncoderStart();
extern void SEC_ASN1EncoderUpdate();
extern void SEC_PKCS5IsAlgorithmPBEAlg();
extern void SEC_SignData();
extern void SGN_Digest();
extern void VFY_VerifyDigest();
nss_referenceNSSFunctionsForSMIME() {
int tmp1=CERT_IssuerAndSNTemplate;
int tmp2=CERT_SetOfSignedCrlTemplate;
int tmp3=SEC_PointerToAnyTemplate;
int tmp4=SEC_PointerToOctetStringTemplate;
int tmp5=SEC_SetOfAnyTemplate;
CERT_CertListFromCert();
CERT_FindSMimeProfile();
CERT_GetCertIssuerAndSN();
CERT_ImportCerts();
CERT_SaveSMimeProfile();
CERT_VerifyCert();
DER_TimeToUTCTime();
PK11_CreatePBEAlgorithmID();
PK11_FindCertAndKeyByRecipientListNew();
PK11_FortezzaHasKEA();
PK11_FortezzaMapSig();
PK11_GenerateNewParam();
PK11_GetKeyStrength();
PK11_IsHW();
PK11_ParamToAlgid();
PK11_SetPasswordFunc();
SEC_ASN1DecodeInteger();
SEC_ASN1DecoderClearFilterProc();
SEC_ASN1DecoderFinish();
SEC_ASN1DecoderSetFilterProc();
SEC_ASN1DecoderSetNotifyProc();
SEC_ASN1DecoderStart();
SEC_ASN1DecoderUpdate();
SEC_ASN1EncoderClearNotifyProc();
SEC_ASN1EncoderClearStreaming();
SEC_ASN1EncoderClearTakeFromBuf();
SEC_ASN1EncoderFinish();
SEC_ASN1EncoderSetNotifyProc();
SEC_ASN1EncoderSetStreaming();
SEC_ASN1EncoderSetTakeFromBuf();
SEC_ASN1EncoderStart();
SEC_ASN1EncoderUpdate();
SEC_PKCS5IsAlgorithmPBEAlg();
SEC_SignData();
SGN_Digest();
VFY_VerifyDigest();
CERT_OpenCertDBFilename();
CERT_DestroyCertArray();
PK11_PBEKeyGen();
PK11_FindCertAndKeyByRecipientList();
SEC_ASN1DecoderClearNotifyProc();
}
#endif
extern int CERT_CertificateRequestTemplate;
extern void CERT_DecodeCertificatePoliciesExtension();
extern void CERT_DecodeUserNotice();
extern void CERT_DestroyCertificatePoliciesExtension();
extern void CERT_GenTime2FormattedAscii();
extern void CERT_Hexify();
extern void DER_GeneralizedTimeToTime();
extern void HASH_GetHashObject();
extern void MD2_Flatten();
extern void MD2_Resurrect();
extern void MD5_Flatten();
extern void MD5_Resurrect();
extern void NSSBase64Decoder_Create();
extern void NSSBase64Decoder_Destroy();
extern void NSSBase64Decoder_Update();
extern void NSSBase64Encoder_Create();
extern void NSSBase64Encoder_Destroy();
extern void NSSBase64Encoder_Update();
extern void PK11_ChangePW();
extern void PK11_CheckUserPassword();
extern void PK11_DoPassword();
extern void PK11_FindKeyByKeyID();
extern void PK11_InitPin();
extern void PK11_NeedUserInit();
extern void PQG_ParamGen();
extern void PQG_VerifyParams();
extern void SECITEM_ReallocItem();
extern void SECKEY_DeriveKeyDBPassword();
extern void SECKEY_GetKeyDBVersion();
nss_CMDExports() {
int tmp1 = CERT_CertificateRequestTemplate;
CERT_DecodeCertificatePoliciesExtension();
CERT_DecodeUserNotice();
CERT_DestroyCertificatePoliciesExtension();
CERT_GenTime2FormattedAscii();
CERT_Hexify();
DER_GeneralizedTimeToTime();
HASH_GetHashObject();
MD2_Flatten();
MD2_Resurrect();
MD5_Flatten();
MD5_Resurrect();
NSSBase64Decoder_Create();
NSSBase64Decoder_Destroy();
NSSBase64Decoder_Update();
NSSBase64Encoder_Create();
NSSBase64Encoder_Destroy();
NSSBase64Encoder_Update();
PK11_ChangePW();
PK11_CheckUserPassword();
PK11_DoPassword();
PK11_FindKeyByKeyID();
PK11_InitPin();
PK11_NeedUserInit();
PQG_ParamGen();
PQG_VerifyParams();
SECITEM_ReallocItem();
SECKEY_DeriveKeyDBPassword();
SECKEY_GetKeyDBVersion();
}

17
security/nss/lib/dev/nss3hack.c → security/nss/lib/pk11wrap/dev3hack.c
Просмотреть файл

@ -32,9 +32,13 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: nss3hack.c,v $ $Revision: 1.2 $ $Date: 2001/11/05 17:18:48 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: dev3hack.c,v $ $Revision: 1.1 $ $Date: 2001/11/08 00:15:05 $ $Name: $";
#endif /* DEBUG */
#ifndef NSS_3_4_CODE
#define NSS_3_4_CODE
#endif /* NSS_3_4_CODE */
#ifndef PKIT_H
#include "pkit.h"
#endif /* PKIT_H */
@ -43,9 +47,7 @@ static const char CVS_ID[] = "@(#) $RCSfile: nss3hack.c,v $ $Revision: 1.2 $ $Da
#include "devt.h"
#endif /* DEVT_H */
#ifndef DEVM_H
#include "devm.h"
#endif /* DEVM_H */
#include "dev3hack.h"
#ifndef BASE_H
#include "base.h"
@ -160,6 +162,13 @@ nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
return rvToken;
}
NSSTrustDomain *
nssToken_GetTrustDomain(NSSToken *token)
{
return token->trustDomain;
}
typedef enum {
nssPK11Event_DefaultSessionRO = 0,
nssPK11Event_DefaultSessionRW = 1

10
security/nss/lib/dev/devnss3hack.h → security/nss/lib/pk11wrap/dev3hack.h
Просмотреть файл

@ -35,7 +35,7 @@
#define DEVNSS3HACK_H
#ifdef DEBUG
static const char DEVNSS3HACK_CVS_ID[] = "@(#) $RCSfile: devnss3hack.h,v $ $Revision: 1.1 $ $Date: 2001/10/11 16:33:38 $ $Name: $";
static const char DEVNSS3HACK_CVS_ID[] = "@(#) $RCSfile: dev3hack.h,v $ $Revision: 1.1 $ $Date: 2001/11/08 00:15:06 $ $Name: $";
#endif /* DEBUG */
#include "cert.h"
@ -45,6 +45,14 @@ PR_BEGIN_EXTERN_C
NSS_EXTERN NSSToken *
nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot);
NSSTrustDomain *
nssToken_GetTrustDomain(NSSToken *token);
void PK11Slot_SetNSSToken(PK11SlotInfo *sl, NSSToken *nsst);
NSSToken * PK11Slot_GetNSSToken(PK11SlotInfo *sl);
PR_END_EXTERN_C
#endif /* DEVNSS3HACK_H */

6
security/nss/lib/pk11wrap/manifest.mn
Просмотреть файл

@ -41,13 +41,14 @@ EXPORTS = \
$(NULL)
PRIVATE_EXPORTS = \
secmodi.h \
secmodti.h \
pk11init.h \
dev3hack.h \
$(NULL)
MODULE = security
CSRCS = \
dev3hack.c \
pk11cert.c \
pk11err.c \
pk11load.c \
@ -60,6 +61,7 @@ CSRCS = \
pk11sdr.c \
pk11pqg.c \
pk11pk12.c \
pk11pbe.c \
$(NULL)
REQUIRES = security dbm

892
security/nss/lib/pk11wrap/pk11cert.c
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

18
security/nss/lib/pk11wrap/pk11func.h
Просмотреть файл

@ -477,6 +477,9 @@ PK11_CreatePBEAlgorithmID(SECOidTag algorithm, int iteration, SECItem *salt);
PK11SymKey *
PK11_PBEKeyGen(PK11SlotInfo *slot, SECAlgorithmID *algid, SECItem *pwitem,
PRBool faulty3DES, void *wincx);
PK11SymKey *
PK11_RawPBEKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *params,
SECItem *pwitem, PRBool faulty3DES, void *wincx);
SECItem *
PK11_GetPBEIV(SECAlgorithmID *algid, SECItem *pwitem);
@ -489,6 +492,21 @@ PK11_GetLowLevelKeyIDForCert(PK11SlotInfo *slot,
SECItem *
PK11_GetLowLevelKeyIDForPrivateKey(SECKEYPrivateKey *key);
SECItem *
PK11_FindCrlByName(PK11SlotInfo **slot, CK_OBJECT_HANDLE *handle,
SECItem *derName, int type);
CK_OBJECT_HANDLE
PK11_PutCrl(PK11SlotInfo *slot, SECItem *crl,
SECItem *name, char *url, int type);
SECItem *
PK11_FindSMimeProfile(PK11SlotInfo **slotp, char *emailAddr, SECItem *derSubj,
SECItem **profileTime);
SECStatus
PK11_SaveSMimeProfile(PK11SlotInfo *slot, char *emailAddr, SECItem *derSubj,
SECItem *emailProfile, SECItem *profileTime);
SEC_END_PROTOS
#endif

51
security/nss/lib/ckfw/nssckp.h → security/nss/lib/pk11wrap/pk11init.h
Просмотреть файл

@ -1,4 +1,4 @@
/*
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
@ -30,37 +30,34 @@
* may use your version of this file under either the MPL or the
* GPL.
*/
/*
* This file is in part derived from a file "pkcs11t.h" made available
* by RSA Security at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/pkcs11t.h
* Internal header file included in pk11wrap dir, or in softoken
*/
#ifndef _PK11_INIT_H_
#define _PK11_INIT_H_ 1
#ifndef NSSCKP_H
#define NSSCKP_H
/* hold slot default flags until we initialize a slot. This structure is only
* useful between the time we define a module (either by hand or from the
* database) and the time the module is loaded. Not reference counted */
struct PK11PreSlotInfoStr {
CK_SLOT_ID slotID; /* slot these flags are for */
unsigned long defaultFlags; /* bit mask of default implementation this slot
* provides */
int askpw; /* slot specific password bits */
long timeout; /* slot specific timeout value */
char hasRootCerts; /* is this the root cert PKCS #11 module? */
char hasRootTrust; /* is this the root cert PKCS #11 module? */
};
#ifdef DEBUG
static const char NSSCKP_CVS_ID[] = "@(#) $RCSfile: nssckp.h,v $ $Revision: 1.1 $ $Date: 2000/03/31 19:43:33 $ $Name: $";
#endif /* DEBUG */
#define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES]"
#endif /* NSSCKP_H */
#define SECMOD_MAKE_NSS_FLAGS(fips,slot) \
"Flags=internal,critical"fips" slotparams=("#slot"={"SECMOD_SLOT_FLAGS"})"
/*
* These platform-dependent packing rules are required by all PKCS#11
* modules, to be binary compatible. These rules have been placed in
* separate header files (nssckp.h to enable the packing, nsscku.h to
* disable) for consistancy. These files can be included many times,
* so the bodies should *NOT* be in the multiple-inclusion-preventing
* #ifndef/#endif area above.
*/
#define SECMOD_INT_NAME "NSS Internal PKCS #11 Module"
#define SECMOD_INT_FLAGS SECMOD_MAKE_NSS_FLAGS("",1)
#define SECMOD_FIPS_NAME "NSS Internal FIPS PKCS #11 Module"
#define SECMOD_FIPS_FLAGS SECMOD_MAKE_NSS_FLAGS(",fips",3)
/*
* WIN32 is defined (when appropriate) in NSPR's prcpucfg.h.
*/
#ifdef WIN32
#pragma warning(disable:4103)
#pragma pack(push, cryptoki, 1)
#endif /* WIN32 */
/* End of nssckp.h */
#endif /* _PK11_INIT_H_ 1 */

10
security/nss/lib/pk11wrap/pk11kea.c
Просмотреть файл

@ -85,8 +85,8 @@ pk11_KeyExchange(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
/* RSA */
if (PK11_DoesMechanism(symKey->slot, CKM_RSA_PKCS) &&
PK11_DoesMechanism(slot,CKM_RSA_PKCS)) {
CK_OBJECT_HANDLE pubKeyHandle = CK_INVALID_KEY;
CK_OBJECT_HANDLE privKeyHandle = CK_INVALID_KEY;
CK_OBJECT_HANDLE pubKeyHandle = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE privKeyHandle = CK_INVALID_HANDLE;
SECKEYPublicKey *pubKey = NULL;
SECKEYPrivateKey *privKey = NULL;
SECItem wrapData;
@ -95,12 +95,12 @@ pk11_KeyExchange(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
/* find RSA Public Key on target */
pubKeyHandle = pk11_FindRSAPubKey(slot);
if (pubKeyHandle != CK_INVALID_KEY) {
if (pubKeyHandle != CK_INVALID_HANDLE) {
privKeyHandle = PK11_MatchItem(slot,pubKeyHandle,CKO_PRIVATE_KEY);
}
/* if no key exists, generate a key pair */
if (privKeyHandle == CK_INVALID_KEY) {
if (privKeyHandle == CK_INVALID_HANDLE) {
unsigned int symKeyLength = PK11_GetKeyLength(symKey);
PK11RSAGenParams rsaParams;
@ -125,7 +125,7 @@ pk11_KeyExchange(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
if (pubKey && pubKey->pkcs11Slot) {
PK11_FreeSlot(pubKey->pkcs11Slot);
pubKey->pkcs11Slot = NULL;
pubKey->pkcs11ID = CK_INVALID_KEY;
pubKey->pkcs11ID = CK_INVALID_HANDLE;
}
}
}

689
security/nss/lib/pk11wrap/pk11pbe.c Normal file
Просмотреть файл

@ -0,0 +1,689 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*/
#include "plarena.h"
#include "seccomon.h"
#include "secitem.h"
#include "secport.h"
#include "hasht.h"
#include "pkcs11t.h"
/*#include "blapi.h" */
#include "sechash.h"
#include "secasn1.h"
#include "secder.h"
#include "secoid.h"
#include "alghmac.h"
#include "secerr.h"
#include "secmod.h"
#include "pk11func.h"
/* stuff for the new secpkcs5.h */
/* used for V2 PKCS 12 Draft Spec */
typedef enum {
pbeBitGenIDNull = 0,
pbeBitGenCipherKey = 0x01,
pbeBitGenCipherIV = 0x02,
pbeBitGenIntegrityKey = 0x03
} PBEBitGenID;
typedef struct PBEBitGenContextStr PBEBitGenContext;
/* end new secpkcs5.h */
typedef struct SEC_PKCS5PBEParameterStr SEC_PKCS5PBEParameter;
struct SEC_PKCS5PBEParameterStr {
PRArenaPool *poolp;
SECItem salt; /* octet string */
SECItem iteration; /* integer */
};
/* template for PKCS 5 PBE Parameter. This template has been expanded
* based upon the additions in PKCS 12. This should eventually be moved
* if RSA updates PKCS 5.
*/
const SEC_ASN1Template SEC_PKCS5PBEParameterTemplate[] =
{
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(SEC_PKCS5PBEParameter) },
{ SEC_ASN1_OCTET_STRING,
offsetof(SEC_PKCS5PBEParameter, salt) },
{ SEC_ASN1_INTEGER,
offsetof(SEC_PKCS5PBEParameter, iteration) },
{ 0 }
};
const SEC_ASN1Template SEC_V2PKCS12PBEParameterTemplate[] =
{
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS5PBEParameter) },
{ SEC_ASN1_OCTET_STRING, offsetof(SEC_PKCS5PBEParameter, salt) },
{ SEC_ASN1_INTEGER, offsetof(SEC_PKCS5PBEParameter, iteration) },
{ 0 }
};
/* maps crypto algorithm from PBE algorithm.
*/
SECOidTag
SEC_PKCS5GetCryptoAlgorithm(SECAlgorithmID *algid)
{
SECOidTag algorithm;
if(algid == NULL)
return SEC_OID_UNKNOWN;
algorithm = SECOID_GetAlgorithmTag(algid);
switch(algorithm)
{
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC:
case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC:
return SEC_OID_DES_EDE3_CBC;
case SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC:
case SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC:
case SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC:
return SEC_OID_DES_CBC;
case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
return SEC_OID_RC2_CBC;
case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4:
case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4:
return SEC_OID_RC4;
default:
break;
}
return SEC_OID_UNKNOWN;
}
/* check to see if an oid is a pbe algorithm
*/
PRBool
SEC_PKCS5IsAlgorithmPBEAlg(SECAlgorithmID *algid)
{
return (PRBool)(SEC_PKCS5GetCryptoAlgorithm(algid) != SEC_OID_UNKNOWN);
}
/* maps PBE algorithm from crypto algorithm, assumes SHA1 hashing.
*/
SECOidTag
SEC_PKCS5GetPBEAlgorithm(SECOidTag algTag, int keyLen)
{
switch(algTag)
{
case SEC_OID_DES_EDE3_CBC:
switch(keyLen) {
case 168:
case 192:
return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC;
case 128:
case 92:
return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC;
default:
break;
}
break;
case SEC_OID_DES_CBC:
return SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC;
case SEC_OID_RC2_CBC:
switch(keyLen) {
case 40:
return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
case 128:
return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC;
default:
break;
}
break;
case SEC_OID_RC4:
switch(keyLen) {
case 40:
return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4;
case 128:
return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4;
default:
break;
}
break;
default:
break;
}
return SEC_OID_UNKNOWN;
}
/* get the key length needed for the PBE algorithm
*/
int
SEC_PKCS5GetKeyLength(SECAlgorithmID *algid)
{
SECOidTag algorithm;
if(algid == NULL)
return SEC_OID_UNKNOWN;
algorithm = SECOID_GetAlgorithmTag(algid);
switch(algorithm)
{
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC:
case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC:
return 24;
case SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC:
case SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC:
case SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC:
return 8;
case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
return 5;
case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4:
return 16;
default:
break;
}
return -1;
}
/* the V2 algorithms only encode the salt, there is no iteration
* count so we need a check for V2 algorithm parameters.
*/
static PRBool
sec_pkcs5_is_algorithm_v2_pkcs12_algorithm(SECOidTag algorithm)
{
switch(algorithm)
{
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
return PR_TRUE;
default:
break;
}
return PR_FALSE;
}
/* destroy a pbe parameter. it assumes that the parameter was
* generated using the appropriate create function and therefor
* contains an arena pool.
*/
static void
sec_pkcs5_destroy_pbe_param(SEC_PKCS5PBEParameter *pbe_param)
{
if(pbe_param != NULL)
PORT_FreeArena(pbe_param->poolp, PR_TRUE);
}
/* creates a PBE parameter based on the PBE algorithm. the only required
* parameters are algorithm and interation. the return is a PBE parameter
* which conforms to PKCS 5 parameter unless an extended parameter is needed.
* this is primarily if keyLen and a variable key length algorithm are
* specified.
* salt - if null, a salt will be generated from random bytes.
* iteration - number of iterations to perform hashing.
* keyLen - only used in variable key length algorithms
* iv - if null, the IV will be generated based on PKCS 5 when needed.
* params - optional, currently unsupported additional parameters.
* once a parameter is allocated, it should be destroyed calling
* sec_pkcs5_destroy_pbe_parameter or SEC_PKCS5DestroyPBEParameter.
*/
static SEC_PKCS5PBEParameter *
sec_pkcs5_create_pbe_parameter(SECOidTag algorithm,
SECItem *salt,
int iteration)
{
PRArenaPool *poolp = NULL;
SEC_PKCS5PBEParameter *pbe_param = NULL;
SECStatus rv;
void *dummy = NULL;
if(iteration < 0) {
return NULL;
}
if(!salt || !salt->data) {
return NULL;
}
poolp = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
if(poolp == NULL)
return NULL;
pbe_param = (SEC_PKCS5PBEParameter *)PORT_ArenaZAlloc(poolp,
sizeof(SEC_PKCS5PBEParameter));
if(!pbe_param) {
PORT_FreeArena(poolp, PR_TRUE);
return NULL;
}
pbe_param->poolp = poolp;
rv = SECITEM_CopyItem(poolp, &pbe_param->salt, salt);
if(rv != SECSuccess) {
PORT_FreeArena(poolp, PR_TRUE);
return NULL;
}
/* encode the integer */
dummy = SEC_ASN1EncodeInteger(poolp, &pbe_param->iteration,
iteration);
rv = (dummy) ? SECSuccess : SECFailure;
if(rv != SECSuccess) {
PORT_FreeArena(poolp, PR_FALSE);
return NULL;
}
return pbe_param;
}
/* creates a algorithm ID containing the PBE algorithm and appropriate
* parameters. the required parameter is the algorithm. if salt is
* not specified, it is generated randomly. if IV is specified, it overrides
* the PKCS 5 generation of the IV.
*
* the returned SECAlgorithmID should be destroyed using
* SECOID_DestroyAlgorithmID
*/
SECAlgorithmID *
SEC_PKCS5CreateAlgorithmID(SECOidTag algorithm,
SECItem *salt,
int iteration)
{
PRArenaPool *poolp = NULL;
SECAlgorithmID *algid, *ret_algid;
SECItem der_param;
SECStatus rv = SECFailure;
SEC_PKCS5PBEParameter *pbe_param;
#ifdef nodef
if(sec_pkcs5_hash_algorithm(algorithm) == SEC_OID_UNKNOWN)
return NULL;
#endif
if(iteration <= 0) {
return NULL;
}
der_param.data = NULL;
der_param.len = 0;
/* generate the parameter */
pbe_param = sec_pkcs5_create_pbe_parameter(algorithm, salt, iteration);
if(!pbe_param) {
return NULL;
}
poolp = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
if(!poolp) {
sec_pkcs5_destroy_pbe_param(pbe_param);
return NULL;
}
/* generate the algorithm id */
algid = (SECAlgorithmID *)PORT_ArenaZAlloc(poolp, sizeof(SECAlgorithmID));
if(algid != NULL) {
void *dummy;
if(!sec_pkcs5_is_algorithm_v2_pkcs12_algorithm(algorithm)) {
dummy = SEC_ASN1EncodeItem(poolp, &der_param, pbe_param,
SEC_PKCS5PBEParameterTemplate);
} else {
dummy = SEC_ASN1EncodeItem(poolp, &der_param, pbe_param,
SEC_V2PKCS12PBEParameterTemplate);
}
if(dummy) {
rv = SECOID_SetAlgorithmID(poolp, algid, algorithm, &der_param);
}
}
ret_algid = NULL;
if(algid != NULL) {
ret_algid = (SECAlgorithmID *)PORT_ZAlloc(sizeof(SECAlgorithmID));
if(ret_algid != NULL) {
rv = SECOID_CopyAlgorithmID(NULL, ret_algid, algid);
if(rv != SECSuccess) {
SECOID_DestroyAlgorithmID(ret_algid, PR_TRUE);
ret_algid = NULL;
}
}
}
if(poolp != NULL) {
PORT_FreeArena(poolp, PR_TRUE);
algid = NULL;
}
sec_pkcs5_destroy_pbe_param(pbe_param);
return ret_algid;
}
SECStatus
pbe_PK11AlgidToParam(SECAlgorithmID *algid,SECItem *mech)
{
CK_PBE_PARAMS *pbe_params = NULL;
SEC_PKCS5PBEParameter p5_param;
SECItem *salt = NULL;
SECOidTag algorithm = SECOID_GetAlgorithmTag(algid);
PRArenaPool *arena = NULL;
SECStatus rv = SECFailure;
int iv_len;
arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
if (arena == NULL) {
goto loser;
}
iv_len = PK11_GetIVLength(PK11_AlgtagToMechanism(algorithm));
if (iv_len < 0) {
goto loser;
}
if (sec_pkcs5_is_algorithm_v2_pkcs12_algorithm(algorithm)) {
rv = SEC_ASN1DecodeItem(arena, &p5_param,
SEC_V2PKCS12PBEParameterTemplate, &algid->parameters);
} else {
rv = SEC_ASN1DecodeItem(arena,&p5_param,SEC_PKCS5PBEParameterTemplate,
&algid->parameters);
}
if (rv != SECSuccess) {
goto loser;
}
salt = &p5_param.salt;
pbe_params = (CK_PBE_PARAMS *)PORT_ZAlloc(sizeof(CK_PBE_PARAMS)+
salt->len+iv_len);
if (pbe_params == NULL) {
goto loser;
}
/* get salt */
pbe_params->pSalt = ((CK_CHAR_PTR) pbe_params)+sizeof(CK_PBE_PARAMS);
if (iv_len) {
pbe_params->pInitVector = ((CK_CHAR_PTR) pbe_params)+
sizeof(CK_PBE_PARAMS)+salt->len;
}
PORT_Memcpy(pbe_params->pSalt, salt->data, salt->len);
pbe_params->ulSaltLen = (CK_ULONG) salt->len;
/* get iteration count */
pbe_params->ulIteration = (CK_ULONG) DER_GetInteger(&p5_param.iteration);
/* copy into the mechanism sec item */
mech->data = (unsigned char *)pbe_params;
mech->len = sizeof(*pbe_params);
if (arena) {
PORT_FreeArena(arena,PR_TRUE);
}
return SECSuccess;
loser:
if (pbe_params) {
PORT_Free(pbe_params);
}
if (arena) {
PORT_FreeArena(arena,PR_TRUE);
}
return SECFailure;
}
SECStatus
PBE_PK11ParamToAlgid(SECOidTag algTag, SECItem *param, PRArenaPool *arena,
SECAlgorithmID *algId)
{
CK_PBE_PARAMS *pbe_param;
SECItem pbeSalt;
SECAlgorithmID *pbeAlgID = NULL;
SECStatus rv;
if(!param || !algId) {
return SECFailure;
}
pbe_param = (CK_PBE_PARAMS *)param->data;
pbeSalt.data = (unsigned char *)pbe_param->pSalt;
pbeSalt.len = pbe_param->ulSaltLen;
pbeAlgID = SEC_PKCS5CreateAlgorithmID(algTag, &pbeSalt,
(int)pbe_param->ulIteration);
if(!pbeAlgID) {
return SECFailure;
}
rv = SECOID_CopyAlgorithmID(arena, algId, pbeAlgID);
SECOID_DestroyAlgorithmID(pbeAlgID, PR_TRUE);
return rv;
}
PBEBitGenContext *
PBE_CreateContext(SECOidTag hashAlgorithm, PBEBitGenID bitGenPurpose,
SECItem *pwitem, SECItem *salt, unsigned int bitsNeeded,
unsigned int iterations)
{
SECItem *context = NULL;
SECItem mechItem;
CK_PBE_PARAMS pbe_params;
CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM;
PK11SymKey *symKey = NULL;
unsigned char ivData[8];
/* use the purpose to select the low level keygen algorithm */
switch (bitGenPurpose) {
case pbeBitGenIntegrityKey:
switch (hashAlgorithm) {
case SEC_OID_SHA1:
mechanism = CKM_PBA_SHA1_WITH_SHA1_HMAC;
break;
case SEC_OID_MD2:
mechanism = CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN;
break;
case SEC_OID_MD5:
mechanism = CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN;
break;
default:
break;
}
break;
case pbeBitGenCipherIV:
if (bitsNeeded > 64) {
break;
}
if (hashAlgorithm != SEC_OID_SHA1) {
break;
}
mechanism = CKM_PBE_SHA1_DES3_EDE_CBC;
case pbeBitGenCipherKey:
if (hashAlgorithm != SEC_OID_SHA1) {
break;
}
switch (bitsNeeded) {
case 40:
mechanism = CKM_PBE_SHA1_RC4_40;
break;
case 128:
mechanism = CKM_PBE_SHA1_RC4_128;
break;
default:
break;
}
case pbeBitGenIDNull:
break;
}
if (mechanism == CKM_INVALID_MECHANISM) {
/* we should set an error, but this is a depricated function, and
* we are keeping bug for bug compatibility;)... */
return NULL;
}
pbe_params.pInitVector = ivData;
pbe_params.pPassword = pwitem->data;
pbe_params.ulPasswordLen = pwitem->len;
pbe_params.pSalt = salt->data;
pbe_params.ulSaltLen = salt->len;
pbe_params.ulIteration = iterations;
mechItem.data = (unsigned char *) &pbe_params;
mechItem.len = sizeof(pbe_params);
symKey = PK11_RawPBEKeyGen(PK11_GetInternalSlot(),mechanism,
&mechItem, pwitem, PR_FALSE, NULL);
if (symKey == NULL) {
if (bitGenPurpose == pbeBitGenCipherIV) {
/* NOTE: this assumes that bitsNeeded is a multiple of 8! */
SECItem ivItem;
ivItem.data = ivData;
ivItem.len = bitsNeeded/8;
context = SECITEM_DupItem(&ivItem);
} else {
SECItem *keyData;
PK11_ExtractKeyValue(symKey);
keyData = PK11_GetKeyData(symKey);
/* assert bitsNeeded with length? */
if (keyData) {
context = SECITEM_DupItem(keyData);
}
}
PK11_FreeSymKey(symKey);
}
return (PBEBitGenContext *)context;
}
SECItem *
PBE_GenerateBits(PBEBitGenContext *context)
{
return (SECItem *)context;
}
void
PBE_DestroyContext(PBEBitGenContext *context)
{
SECITEM_FreeItem((SECItem *)context,PR_TRUE);
}
SECItem *
SEC_PKCS5GetIV(SECAlgorithmID *algid, SECItem *pwitem, PRBool faulty3DES)
{
SECItem mechItem;
SECOidTag algorithm = SECOID_GetAlgorithmTag(algid);
CK_PBE_PARAMS *pbe_params;
CK_MECHANISM_TYPE mechanism;
SECItem *iv = NULL;
SECStatus rv;
int iv_len;
PK11SymKey *symKey;
rv = pbe_PK11AlgidToParam(algid,&mechItem);
if (rv != SECSuccess) {
return NULL;
}
mechanism = PK11_AlgtagToMechanism(algorithm);
iv_len = PK11_GetIVLength(mechanism);
pbe_params = (CK_PBE_PARAMS_PTR)mechItem.data;
symKey = PK11_RawPBEKeyGen(PK11_GetInternalSlot(),mechanism,
&mechItem, pwitem, faulty3DES,NULL);
if (symKey) {
SECItem tmp;
tmp.data = pbe_params->pInitVector;
tmp.len = iv_len;
iv = SECITEM_DupItem(&tmp);
PK11_FreeSymKey(symKey);
}
if (mechItem.data) {
PORT_ZFree(mechItem.data,mechItem.len);
}
return iv;
}
/*
* Subs from nss 3.x that are depricated
*/
PBEBitGenContext *
__PBE_CreateContext(SECOidTag hashAlgorithm, PBEBitGenID bitGenPurpose,
SECItem *pwitem, SECItem *salt, unsigned int bitsNeeded,
unsigned int iterations)
{
PORT_Assert("__PBE_CreateContext is Depricated" == NULL);
return NULL;
}
SECItem *
__PBE_GenerateBits(PBEBitGenContext *context)
{
PORT_Assert("__PBE_GenerateBits is Depricated" == NULL);
return NULL;
}
void
__PBE_DestroyContext(PBEBitGenContext *context)
{
PORT_Assert("__PBE_DestroyContext is Depricated" == NULL);
}
SECStatus
RSA_FormatBlock(SECItem *result, unsigned modulusLen,
int blockType, SECItem *data)
{
PORT_Assert("RSA_FormatBlock is Depricated" == NULL);
return SECFailure;
}

53
security/nss/lib/pk11wrap/pk11pk12.c
Просмотреть файл

@ -106,9 +106,41 @@ struct SECKEYRawPrivateKeyStr {
} u;
};
typedef struct SECKEYRawPrivateKeyStr SECKEYRawPrivateKey;
/*const SEC_ASN1Template SECKEY_PrivateKeyInfoTemplate[];*/
/* ASN1 Templates for new decoder/encoder */
/*
* Attribute value for PKCS8 entries (static?)
*/
const SEC_ASN1Template SECKEY_AttributeTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(SECKEYAttribute) },
{ SEC_ASN1_OBJECT_ID, offsetof(SECKEYAttribute, attrType) },
{ SEC_ASN1_SET_OF, offsetof(SECKEYAttribute, attrValue),
SEC_AnyTemplate },
{ 0 }
};
const SEC_ASN1Template SECKEY_SetOfAttributeTemplate[] = {
{ SEC_ASN1_SET_OF, 0, SECKEY_AttributeTemplate },
};
const SEC_ASN1Template SECKEY_PrivateKeyInfoTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPrivateKeyInfo) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYPrivateKeyInfo,version) },
{ SEC_ASN1_INLINE, offsetof(SECKEYPrivateKeyInfo,algorithm),
SECOID_AlgorithmIDTemplate },
{ SEC_ASN1_OCTET_STRING, offsetof(SECKEYPrivateKeyInfo,privateKey) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
offsetof(SECKEYPrivateKeyInfo,attributes),
SECKEY_SetOfAttributeTemplate },
{ 0 }
};
const SEC_ASN1Template SECKEY_PointerToPrivateKeyInfoTemplate[] = {
{ SEC_ASN1_POINTER, 0, SECKEY_PrivateKeyInfoTemplate }
};
const SEC_ASN1Template SECKEY_RSAPrivateKeyExportTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYRawPrivateKey) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.rsa.version) },
@ -133,6 +165,25 @@ const SEC_ASN1Template SECKEY_DHPrivateKeyExportTemplate[] = {
{ SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey,u.dh.prime) },
};
const SEC_ASN1Template SECKEY_EncryptedPrivateKeyInfoTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(SECKEYEncryptedPrivateKeyInfo) },
{ SEC_ASN1_INLINE,
offsetof(SECKEYEncryptedPrivateKeyInfo,algorithm),
SECOID_AlgorithmIDTemplate },
{ SEC_ASN1_OCTET_STRING,
offsetof(SECKEYEncryptedPrivateKeyInfo,encryptedData) },
{ 0 }
};
const SEC_ASN1Template SECKEY_PointerToEncryptedPrivateKeyInfoTemplate[] = {
{ SEC_ASN1_POINTER, 0, SECKEY_EncryptedPrivateKeyInfoTemplate }
};
SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_EncryptedPrivateKeyInfoTemplate)
SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_PointerToEncryptedPrivateKeyInfoTemplate)
SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_PrivateKeyInfoTemplate)
SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_PointerToPrivateKeyInfoTemplate)
SECStatus

12
security/nss/lib/pk11wrap/pk11pqg.c
Просмотреть файл

@ -42,7 +42,11 @@
*/
extern SECStatus
PK11_PQG_ParamGen(unsigned int j, PQGParams **pParams, PQGVerify **pVfy) {
#ifdef notdef
return PQG_ParamGen(j, pParams, pVfy);
#else
return SECFailure;
#endif
}
/* Generate PQGParams and PQGVerify structs.
@ -53,7 +57,11 @@ PK11_PQG_ParamGen(unsigned int j, PQGParams **pParams, PQGVerify **pVfy) {
extern SECStatus
PK11_PQG_ParamGenSeedLen( unsigned int j, unsigned int seedBytes,
PQGParams **pParams, PQGVerify **pVfy) {
#ifdef notdef
return PQG_ParamGenSeedLen(j, seedBytes, pParams, pVfy);
#else
return SECFailure;
#endif
}
/* Test PQGParams for validity as DSS PQG values.
@ -85,7 +93,11 @@ PK11_PQG_ParamGenSeedLen( unsigned int j, unsigned int seedBytes,
extern SECStatus
PK11_PQG_VerifyParams(const PQGParams *params,
const PQGVerify *vfy, SECStatus *result) {
#ifdef notdef
return PQG_VerifyParams(params, vfy, result);
#else
return SECFailure;
#endif
}

71
security/nss/lib/pk11wrap/pk11skey.c
Просмотреть файл

@ -49,7 +49,7 @@
#include "sechash.h"
#include "cert.h"
#include "secerr.h"
#include "secpkcs5.h"
/*#include "secpkcs5.h" */
#define PAIRWISE_SECITEM_TYPE siBuffer
#define PAIRWISE_DIGEST_LENGTH SHA1_LENGTH /* 160-bits */
@ -225,7 +225,7 @@ PK11_CreateSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, void *wincx)
symKey->data.data = NULL;
symKey->data.len = 0;
symKey->owner = PR_TRUE;
symKey->objectID = CK_INVALID_KEY;
symKey->objectID = CK_INVALID_HANDLE;
symKey->slot = slot;
symKey->series = slot->series;
symKey->cx = wincx;
@ -253,7 +253,7 @@ PK11_FreeSymKey(PK11SymKey *symKey)
}
PK11_USE_THREADS(PZ_Unlock(symKey->refLock);)
if (destroy) {
if ((symKey->owner) && symKey->objectID != CK_INVALID_KEY) {
if ((symKey->owner) && symKey->objectID != CK_INVALID_HANDLE) {
pk11_EnterKeyMonitor(symKey);
(void) PK11_GETTAB(symKey->slot)->
C_DestroyObject(symKey->session, symKey->objectID);
@ -301,7 +301,7 @@ PK11_SymKeyFromHandle(PK11SlotInfo *slot, PK11SymKey *parent, PK11Origin origin,
{
PK11SymKey *symKey;
if (keyID == CK_INVALID_KEY) {
if (keyID == CK_INVALID_HANDLE) {
return NULL;
}
@ -338,7 +338,7 @@ PK11_GetWrapKey(PK11SlotInfo *slot, int wrap, CK_MECHANISM_TYPE type,
PK11SymKey *symKey = NULL;
if (slot->series != series) return NULL;
if (slot->refKeys[wrap] == CK_INVALID_KEY) return NULL;
if (slot->refKeys[wrap] == CK_INVALID_HANDLE) return NULL;
if (type == CKM_INVALID_MECHANISM) type = slot->wrapMechanism;
symKey = PK11_SymKeyFromHandle(slot, NULL, PK11_OriginDerive,
@ -535,7 +535,7 @@ PK11_ImportPublicKey(PK11SlotInfo *slot, SECKEYPublicKey *pubKey,
/* what about fortezza??? */
default:
PORT_SetError( SEC_ERROR_BAD_KEY );
return CK_INVALID_KEY;
return CK_INVALID_HANDLE;
}
templateCount = attrs - theTemplate;
@ -547,7 +547,7 @@ PK11_ImportPublicKey(PK11SlotInfo *slot, SECKEYPublicKey *pubKey,
rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION, theTemplate,
templateCount, isToken, &objectID);
if ( rv != SECSuccess) {
return CK_INVALID_KEY;
return CK_INVALID_HANDLE;
}
}
@ -588,7 +588,7 @@ PK11_FindFixedKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *keyID,
PORT_Assert(tsize <= sizeof(findTemp)/sizeof(CK_ATTRIBUTE));
key_id = pk11_FindObjectByTemplate(slot,findTemp,tsize);
if (key_id == CK_INVALID_KEY) {
if (key_id == CK_INVALID_HANDLE) {
return NULL;
}
return PK11_SymKeyFromHandle(slot, NULL, PK11_OriginDerive, type, key_id,
@ -1140,7 +1140,7 @@ PK11_CopyKey(PK11SlotInfo *slot, CK_OBJECT_HANDLE srcObject)
PK11_ExitSlotMonitor(slot);
if (crv == CKR_OK) return destObject;
PORT_SetError( PK11_MapError(crv) );
return CK_INVALID_KEY;
return CK_INVALID_HANDLE;
}
@ -1374,7 +1374,7 @@ pk11_PairwiseConsistencyCheck(SECKEYPublicKey *pubKey,
}
id = PK11_ImportPublicKey(slot,pubKey,PR_FALSE);
if (id == CK_INVALID_KEY) {
if (id == CK_INVALID_HANDLE) {
PK11_FreeSlot(slot);
return SECFailure;
}
@ -1702,7 +1702,7 @@ pk11_loadPrivKey(PK11SlotInfo *slot,SECKEYPrivateKey *privKey,
if (pubKey->pkcs11Slot) {
PK11_FreeSlot(pubKey->pkcs11Slot);
pubKey->pkcs11Slot = NULL;
pubKey->pkcs11ID = CK_INVALID_KEY;
pubKey->pkcs11ID = CK_INVALID_HANDLE;
}
}
@ -2491,7 +2491,7 @@ PK11_MakeKEAPubKey(unsigned char *keyData,int length)
pubk->arena = arena;
pubk->pkcs11Slot = 0;
pubk->pkcs11ID = CK_INVALID_KEY;
pubk->pkcs11ID = CK_INVALID_HANDLE;
pubk->keyType = fortezzaKey;
rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.KEAKey, &pkData);
if (rv != SECSuccess) {
@ -3226,7 +3226,7 @@ pk11_restoreContext(PK11Context *context,void *space, unsigned long savedLength)
{
CK_RV crv;
CK_OBJECT_HANDLE objectID = (context->key) ? context->key->objectID:
CK_INVALID_KEY;
CK_INVALID_HANDLE;
PORT_Assert(space != NULL);
if (space == NULL) {
@ -4096,24 +4096,21 @@ PK11_DestroyPBEParams(SECItem *params)
SECAlgorithmID *
PK11_CreatePBEAlgorithmID(SECOidTag algorithm, int iteration, SECItem *salt)
{
SECAlgorithmID *algid;
SECAlgorithmID *algid = NULL;
#ifdef notdef
algid = SEC_PKCS5CreateAlgorithmID(algorithm, salt, iteration);
#endif
return algid;
}
PK11SymKey *
PK11_PBEKeyGen(PK11SlotInfo *slot, SECAlgorithmID *algid, SECItem *pwitem,
PRBool faulty3DES, void *wincx)
PK11_RawPBEKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *mech,
SECItem *pwitem, PRBool faulty3DES, void *wincx)
{
/* pbe stuff */
CK_PBE_PARAMS *pbe_params;
CK_MECHANISM_TYPE type;
SECItem *mech;
PK11SymKey *symKey;
mech = PK11_ParamFromAlgid(algid);
type = PK11_AlgtagToMechanism(SECOID_FindOIDTag(&algid->algorithm));
if(faulty3DES && (type == CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC)) {
type = CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC;
}
@ -4134,6 +4131,30 @@ PK11_PBEKeyGen(PK11SlotInfo *slot, SECAlgorithmID *algid, SECItem *pwitem,
symKey = PK11_KeyGen(slot, type, mech, 0, wincx);
PORT_ZFree(pbe_params->pPassword, pwitem->len);
pbe_params->pPassword = NULL;
pbe_params->ulPasswordLen = 0;
return symKey;
}
PK11SymKey *
PK11_PBEKeyGen(PK11SlotInfo *slot, SECAlgorithmID *algid, SECItem *pwitem,
PRBool faulty3DES, void *wincx)
{
/* pbe stuff */
CK_MECHANISM_TYPE type;
SECItem *mech;
PK11SymKey *symKey;
mech = PK11_ParamFromAlgid(algid);
type = PK11_AlgtagToMechanism(SECOID_FindOIDTag(&algid->algorithm));
if(faulty3DES && (type == CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC)) {
type = CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC;
}
if(mech == NULL) {
return NULL;
}
symKey = PK11_RawPBEKeyGen(slot, type, mech, pwitem, faulty3DES, wincx);
SECITEM_ZfreeItem(mech, PR_TRUE);
return symKey;
}
@ -4205,7 +4226,8 @@ PK11_ImportEncryptedPrivateKeyInfo(PK11SlotInfo *slot,
try_faulty_3des:
pbe_param = PK11_ParamFromAlgid(&epki->algorithm);
key = PK11_PBEKeyGen(slot, &epki->algorithm, pwitem, faulty3DES, wincx);
key = PK11_RawPBEKeyGen(slot, mechanism, pbe_param, pwitem,
faulty3DES, wincx);
if((key == NULL) || (pbe_param == NULL)) {
rv = SECFailure;
goto done;
@ -4372,7 +4394,9 @@ PK11_ExportEncryptedPrivateKeyInfo(PK11SlotInfo *slot, SECOidTag algTag,
goto loser;
}
epki->arena = arena;
#ifdef notdef
algid = SEC_PKCS5CreateAlgorithmID(algTag, NULL, iteration);
#endif
if(algid == NULL) {
rv = SECFailure;
goto loser;
@ -4383,7 +4407,8 @@ PK11_ExportEncryptedPrivateKeyInfo(PK11SlotInfo *slot, SECOidTag algTag,
pbeMech.mechanism = mechanism;
pbeMech.pParameter = pbe_param->data;
pbeMech.ulParameterLen = pbe_param->len;
key = PK11_PBEKeyGen(slot, algid, pwitem, PR_FALSE, wincx);
key = PK11_RawPBEKeyGen(slot, mechanism, pbe_param, pwitem,
PR_FALSE, wincx);
if((key == NULL) || (pbe_param == NULL)) {
rv = SECFailure;

175
security/nss/lib/pk11wrap/pk11slot.c
Просмотреть файл

@ -49,9 +49,7 @@
#include "prtime.h"
#include "prlong.h"
#include "secerr.h"
#include "secpkcs5.h"
#define NSSCKT_H /* we included pkcs11t.h, so block ckt.h from including nssckt.h */
#include "ckt.h"
/*#include "secpkcs5.h" */
/*************************************************************
@ -419,7 +417,7 @@ PK11_NewSlotInfo(void)
slot->series = 0;
slot->wrapKey = 0;
slot->wrapMechanism = CKM_INVALID_MECHANISM;
slot->refKeys[0] = CK_INVALID_KEY;
slot->refKeys[0] = CK_INVALID_HANDLE;
slot->reason = PK11_DIS_NONE;
slot->readOnly = PR_TRUE;
slot->needLogin = PR_FALSE;
@ -467,9 +465,6 @@ PK11_DestroySlot(PK11SlotInfo *slot)
PK11_GETTAB(slot)->C_CloseAllSessions(slot->slotID);
}
/* now free up all the certificates we grabbed on this slot */
PK11_FreeSlotCerts(slot);
/* free up the cached keys and sessions */
PK11_CleanKeyList(slot);
@ -1082,9 +1077,6 @@ PK11_DoPassword(PK11SlotInfo *slot, PRBool loadCerts, void *wincx)
if (rv != SECWouldBlock) break;
}
if (rv == SECSuccess) {
if ((loadCerts) && (!slot->isInternal) && (slot->cert_count == 0)) {
PK11_ReadSlotCerts(slot);
}
rv = pk11_CheckVerifyTest(slot);
} else if (!attempt) PORT_SetError(SEC_ERROR_BAD_PASSWORD);
return rv;
@ -1715,14 +1707,6 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
}
/*if we have cached slotcerts, free them they are almost certainly stale*/
PK11_FreeSlotCerts(slot);
if (loadCerts && (!slot->isInternal) &&
((!slot->needLogin) || (slot->defaultFlags & SECMOD_FRIENDLY_FLAG))) {
PK11_ReadSlotCerts(slot);
}
if (!(slot->needLogin)) {
return pk11_CheckVerifyTest(slot);
}
@ -1783,7 +1767,7 @@ pk11_isRootSlot(PK11SlotInfo *slot)
PORT_Assert(tsize <= sizeof(findTemp)/sizeof(CK_ATTRIBUTE));
handle = pk11_FindObjectByTemplate(slot,findTemp,tsize);
if (handle == CK_INVALID_KEY) {
if (handle == CK_INVALID_HANDLE) {
return PR_FALSE;
}
return PR_TRUE;
@ -1891,7 +1875,6 @@ pk11_IsPresentCertLoad(PK11SlotInfo *slot, PRBool loadCerts)
PK11_GETTAB(slot)->C_CloseSession(slot->session);
slot->session = CK_INVALID_SESSION;
/* force certs to be freed */
PK11_FreeSlotCerts(slot);
}
if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
return PR_FALSE;
@ -1904,7 +1887,6 @@ pk11_IsPresentCertLoad(PK11SlotInfo *slot, PRBool loadCerts)
if (crv != CKR_OK) {
PK11_GETTAB(slot)->C_CloseSession(slot->session);
slot->session = CK_INVALID_SESSION;
PK11_FreeSlotCerts(slot);
}
}
if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
@ -3334,59 +3316,6 @@ static unsigned long rc2_unmap(unsigned long x)
}
/*
* Helper function to decode a PKCS5 DER encode paramter block into a PKCS #11
* PBE_Parameter structure.
*/
SECStatus
pk11_pbe_decode(SECAlgorithmID *algid, SECItem *mech)
{
CK_PBE_PARAMS *pbe_params = NULL;
SEC_PKCS5PBEParameter *p5_param;
SECItem *p5_misc = NULL;
int paramSize = 0;
p5_param = SEC_PKCS5GetPBEParameter(algid);
if(p5_param == NULL) {
return SECFailure;
}
p5_misc = &p5_param->salt;
paramSize = sizeof(CK_PBE_PARAMS);
pbe_params = (CK_PBE_PARAMS *)PORT_ZAlloc(paramSize);
if (pbe_params == NULL) {
SEC_PKCS5DestroyPBEParameter(p5_param);
return SECFailure;
}
/* get salt */
pbe_params->pSalt = (CK_CHAR_PTR)PORT_ZAlloc(p5_misc->len);
if (pbe_params->pSalt == CK_NULL_PTR) {
goto loser;
}
PORT_Memcpy(pbe_params->pSalt, p5_misc->data, p5_misc->len);
pbe_params->ulSaltLen = (CK_ULONG) p5_misc->len;
/* get iteration count */
p5_misc = &p5_param->iteration;
pbe_params->ulIteration = (CK_ULONG) DER_GetInteger(p5_misc);
/* copy into the mechanism sec item */
mech->data = (unsigned char *)pbe_params;
mech->len = paramSize;
SEC_PKCS5DestroyPBEParameter(p5_param);
return SECSuccess;
loser:
if (pbe_params->pSalt != CK_NULL_PTR) {
PORT_Free(pbe_params->pSalt);
}
PORT_Free(pbe_params);
SEC_PKCS5DestroyPBEParameter(p5_param);
return SECFailure;
}
/* Generate a mechaism param from a type, and iv. */
SECItem *
@ -3520,7 +3449,7 @@ PK11_ParamFromAlgid(SECAlgorithmID *algid)
case CKM_PBE_SHA1_RC2_128_CBC:
case CKM_PBE_SHA1_RC4_40:
case CKM_PBE_SHA1_RC4_128:
rv = pk11_pbe_decode(algid,mech);
rv = pbe_PK11AlgidToParam(algid,mech);
if (rv != SECSuccess) {
PORT_Free(mech);
return NULL;
@ -4285,7 +4214,6 @@ PK11_ResetToken(PK11SlotInfo *slot, char *sso_pwd)
/* first shutdown the token. Existing sessions will get closed here */
PK11_GETTAB(slot)->C_CloseAllSessions(slot->slotID);
slot->session = CK_INVALID_SESSION;
PK11_FreeSlotCerts(slot);
/* now re-init the token */
crv = PK11_GETTAB(slot)->C_InitToken(slot->slotID,
@ -4301,47 +4229,14 @@ PK11_ResetToken(PK11SlotInfo *slot, char *sso_pwd)
return SECSuccess;
}
static SECOidTag
pk11_MapPBEMechanismTypeToAlgtag(CK_MECHANISM_TYPE mech)
{
switch(mech) {
case CKM_PBE_MD2_DES_CBC:
return SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC;
case CKM_PBE_MD5_DES_CBC:
return SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC;
case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
return SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC;
case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
return SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC;
case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
return SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC;
case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
return SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4;
case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
return SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4;
case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
return SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
return SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC;
case CKM_PBE_SHA1_RC2_128_CBC:
return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC;
case CKM_PBE_SHA1_RC2_40_CBC:
return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
case CKM_PBE_SHA1_RC4_40:
return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4;
case CKM_PBE_SHA1_RC4_128:
return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4;
case CKM_PBE_SHA1_DES3_EDE_CBC:
return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC;
case CKM_PBE_SHA1_DES2_EDE_CBC:
return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC;
default:
break;
static PRBool
pk11_isAllZero(unsigned char *data,int len) {
while (len--) {
if (*data++) {
return PR_FALSE;
}
}
return SEC_OID_UNKNOWN;
return PR_TRUE;
}
CK_RV
@ -4353,9 +4248,6 @@ PK11_MapPBEMechanismToCryptoMechanism(CK_MECHANISM_PTR pPBEMechanism,
CK_PBE_PARAMS_PTR pPBEparams;
CK_RC2_CBC_PARAMS_PTR rc2_params;
CK_ULONG rc2_key_len;
SECStatus rv = SECFailure;
SECAlgorithmID temp_algid;
SECItem param, *iv;
if((pPBEMechanism == CK_NULL_PTR) || (pCryptoMechanism == CK_NULL_PTR)) {
return CKR_HOST_MEMORY;
@ -4364,32 +4256,20 @@ PK11_MapPBEMechanismToCryptoMechanism(CK_MECHANISM_PTR pPBEMechanism,
pPBEparams = (CK_PBE_PARAMS_PTR)pPBEMechanism->pParameter;
iv_len = PK11_GetIVLength(pPBEMechanism->mechanism);
if(pPBEparams->pInitVector == CK_NULL_PTR) {
pPBEparams->pInitVector = (CK_CHAR_PTR)PORT_ZAlloc(iv_len);
if(pPBEparams->pInitVector == NULL) {
return CKR_HOST_MEMORY;
}
param.data = (unsigned char*)pPBEMechanism->pParameter;
param.len = pPBEMechanism->ulParameterLen;
rv = PK11_ParamToAlgid(pk11_MapPBEMechanismTypeToAlgtag(
pPBEMechanism->mechanism),
&param, NULL, &temp_algid);
if(rv != SECSuccess) {
SECOID_DestroyAlgorithmID(&temp_algid, PR_FALSE);
return CKR_HOST_MEMORY;
} else {
iv = SEC_PKCS5GetIV(&temp_algid, pbe_pwd, faulty3DES);
if((iv == NULL) && (iv_len != 0)) {
SECOID_DestroyAlgorithmID(&temp_algid, PR_FALSE);
return CKR_HOST_MEMORY;
}
SECOID_DestroyAlgorithmID(&temp_algid, PR_FALSE);
if(iv != NULL) {
PORT_Memcpy((char *)pPBEparams->pInitVector,
(char *)iv->data,
iv->len);
SECITEM_ZfreeItem(iv, PR_TRUE);
if (iv_len) {
if (pk11_isAllZero(pPBEparams->pInitVector,iv_len)) {
SECItem param;
PK11SymKey *symKey;
param.data = pPBEMechanism->pParameter;
param.len = pPBEMechanism->ulParameterLen;
symKey = PK11_RawPBEKeyGen(PK11_GetInternalSlot(),
pPBEMechanism->mechanism, &param, pbe_pwd, faulty3DES, NULL);
if (symKey== NULL) {
return CKR_DEVICE_ERROR; /* sigh */
}
PK11_FreeSymKey(symKey);
}
}
@ -4430,9 +4310,10 @@ have_crypto_mechanism:
rc2_key_len = 128;
have_key_len:
pCryptoMechanism->mechanism = CKM_RC2_CBC;
pCryptoMechanism->ulParameterLen = (CK_ULONG)sizeof(CK_RC2_CBC_PARAMS);
pCryptoMechanism->pParameter =
(CK_RC2_CBC_PARAMS_PTR)PORT_ZAlloc(sizeof(CK_RC2_CBC_PARAMS));
pCryptoMechanism->ulParameterLen = (CK_ULONG)
sizeof(CK_RC2_CBC_PARAMS);
pCryptoMechanism->pParameter = (CK_RC2_CBC_PARAMS_PTR)
PORT_ZAlloc(sizeof(CK_RC2_CBC_PARAMS));
if(pCryptoMechanism->pParameter == NULL) {
return CKR_HOST_MEMORY;
}

2
security/nss/lib/pk11wrap/pk11util.c
Просмотреть файл

@ -460,8 +460,8 @@ SECStatus SECMOD_UpdateModule(SECMODModule *module)
result = SECMOD_DeletePermDB(module);
if (result == SECSuccess) {
result = SECMOD_AddPermDB(module);
}
result = SECMOD_AddPermDB(module);
return result;
}

9
security/nss/lib/pk11wrap/secmodt.h
Просмотреть файл

@ -162,8 +162,6 @@ struct PK11DefaultArrayEntryStr {
#define CKM_FAKE_RANDOM 0x80000efeL
#define CKM_INVALID_MECHANISM 0xffffffffL
#define CKA_DIGEST 0x81000000L
#define CK_INVALID_KEY 0
#define CK_INVALID_SESSION 0
/* Cryptographic module types */
#define SECMOD_EXTERNAL 0 /* external module */
@ -206,11 +204,11 @@ typedef PRBool (*PK11IsLoggedInFunc)(PK11SlotInfo *slot, void *arg);
/*
** Attributes
*/
struct SECKEYPrivAttributeStr {
struct SECKEYAttributeStr {
SECItem attrType;
SECItem **attrValue;
};
typedef struct SECKEYPrivAttributeStr SECKEYPrivAttribute;
typedef struct SECKEYAttributeStr SECKEYAttribute;
/*
** A PKCS#8 private key info object
@ -220,10 +218,9 @@ struct SECKEYPrivateKeyInfoStr {
SECItem version;
SECAlgorithmID algorithm;
SECItem privateKey;
SECKEYPrivAttribute **attributes;
SECKEYAttribute **attributes;
};
typedef struct SECKEYPrivateKeyInfoStr SECKEYPrivateKeyInfo;
#define SEC_PRIVATE_KEY_INFO_VERSION 0 /* what we *create* */
/*
** A PKCS#8 private key info object

18
security/nss/lib/pk11wrap/secmodti.h
Просмотреть файл

@ -35,8 +35,12 @@
* pkcs11 specific client and server files.
*/
#ifndef _SECMODTI_H_
#define _SECMODTI_H_ 1
#include "prmon.h"
#include "prtypes.h"
#include "nssilckt.h"
#include "pk11init.h"
#ifndef NSS_3_4_CODE
#define NSS_3_4_CODE
@ -129,19 +133,6 @@ struct PK11SlotInfoStr {
NSSToken *nssToken;
};
/* hold slot default flags until we initialize a slot. This structure is only
* useful between the time we define a module (either by hand or from the
* database) and the time the module is loaded. Not reference counted */
struct PK11PreSlotInfoStr {
CK_SLOT_ID slotID; /* slot these flags are for */
unsigned long defaultFlags; /* bit mask of default implementation this slot
* provides */
int askpw; /* slot specific password bits */
long timeout; /* slot specific timeout value */
char hasRootCerts; /* is this the root cert PKCS #11 module? */
char hasRootTrust; /* is this the root cert PKCS #11 module? */
};
#define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES]"
#define SECMOD_MAKE_NSS_FLAGS(fips,slot) \
@ -203,3 +194,4 @@ struct PK11ContextStr {
* non-standard semantics*/
};
#endif /* _SECMODTI_H_ */

44
security/nss/lib/pkcs12/p12d.c
Просмотреть файл

@ -1976,8 +1976,7 @@ sec_pkcs12_get_existing_nick_for_dn(sec_PKCS12SafeBag *cert, void *wincx)
return NULL;
}
tempCert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), derCert, NULL,
PR_FALSE, PR_TRUE);
tempCert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL);
if(!tempCert) {
returnDn = NULL;
goto loser;
@ -2002,15 +2001,6 @@ sec_pkcs12_get_existing_nick_for_dn(sec_PKCS12SafeBag *cert, void *wincx)
/* if the token is local, first traverse the cert database
* then traverse the token.
*/
if(PK11_IsInternal(cert->slot)) {
if(CERT_TraversePermCertsForSubject(CERT_GetDefaultCertDB(),
&tempCert->derSubject, gatherNicknames,
nickArg) != SECSuccess) {
returnDn = NULL;
goto loser;
}
}
if(PK11_TraverseCertsForSubjectInSlot(tempCert, cert->slot, gatherNicknames,
(void *)nickArg) != SECSuccess) {
returnDn = NULL;
@ -2071,12 +2061,6 @@ sec_pkcs12_certs_for_nickname_exist(SECItem *nickname, PK11SlotInfo *slot)
}
/* we want to check the local database first if we are importing to it */
if(PK11_IsInternal(slot)) {
CERT_TraversePermCertsForNickname(CERT_GetDefaultCertDB(),
(char *)nickname->data,
countCertificate, (void *)&nCerts);
}
PK11_TraverseCertsForNicknameInSlot(nickname, slot, countCertificate,
(void *)&nCerts);
if(nCerts) return PR_TRUE;
@ -2243,9 +2227,8 @@ sec_pkcs12_validate_cert(sec_PKCS12SafeBag *cert,
cert->problem = PR_FALSE;
cert->error = 0;
leafCert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
&cert->safeBagContent.certBag->value.x509Cert,
NULL, PR_FALSE, PR_TRUE);
leafCert = CERT_DecodeDERCertificate(
&cert->safeBagContent.certBag->value.x509Cert, PR_FALSE, NULL);
if(!leafCert) {
cert->noInstall = PR_TRUE;
cert->problem = PR_TRUE;
@ -2297,9 +2280,8 @@ sec_pkcs12_validate_key_by_cert(sec_PKCS12SafeBag *cert, sec_PKCS12SafeBag *key,
return;
}
leafCert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
&(cert->safeBagContent.certBag->value.x509Cert),
NULL, PR_FALSE, PR_TRUE);
leafCert = CERT_DecodeDERCertificate(
&(cert->safeBagContent.certBag->value.x509Cert), PR_FALSE, NULL);
if(!leafCert) {
key->problem = PR_TRUE;
key->noInstall = PR_TRUE;
@ -2337,8 +2319,7 @@ sec_pkcs12_remove_existing_cert(sec_PKCS12SafeBag *cert,
cert->removeExisting = PR_FALSE;
derCert = &cert->safeBagContent.certBag->value.x509Cert;
tempCert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), derCert,
NULL, PR_FALSE, PR_TRUE);
tempCert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL);
if(!tempCert) {
return SECFailure;
}
@ -2347,7 +2328,7 @@ sec_pkcs12_remove_existing_cert(sec_PKCS12SafeBag *cert,
CERT_DestroyCertificate(tempCert);
tempCert = NULL;
if(certObj != CK_INVALID_KEY) {
if(certObj != CK_INVALID_HANDLE) {
PK11_DestroyObject(cert->slot, certObj);
removed = PR_TRUE;
} else if(PK11_IsInternal(cert->slot)) {
@ -2408,8 +2389,7 @@ sec_pkcs12_add_cert(sec_PKCS12SafeBag *cert, PRBool keyExists, void *wincx)
if(keyExists) {
CERTCertificate *newCert;
newCert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
derCert, NULL, PR_FALSE, PR_TRUE);
newCert = CERT_DecodeDERCertificate( derCert, PR_FALSE, NULL);
if(!newCert) {
if(nickName) SECITEM_ZfreeItem(nickName, PR_TRUE);
cert->error = SEC_ERROR_NO_MEMORY;
@ -2591,8 +2571,7 @@ SEC_PKCS12DecoderGetCerts(SEC_PKCS12DecoderContext *p12dcx)
CERTCertificate *tempCert = NULL;
if (derCert == NULL) continue;
tempCert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
derCert, NULL, PR_FALSE, PR_TRUE);
tempCert=CERT_DecodeDERCertificate(derCert, PR_TRUE, NULL);
if (tempCert) {
CERT_AddCertToListTail(certList,tempCert);
@ -2777,9 +2756,8 @@ sec_pkcs12_get_public_value_and_type(sec_PKCS12SafeBag *certBag,
return NULL;
}
cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
&certBag->safeBagContent.certBag->value.x509Cert,
NULL, PR_FALSE, PR_FALSE);
cert = CERT_DecodeDERCertificate(
&certBag->safeBagContent.certBag->value.x509Cert, PR_FALSE, NULL);
if(!cert) {
return NULL;
}

4
security/nss/lib/pkcs12/p12dec.c
Просмотреть файл

@ -44,8 +44,8 @@
#include "cert.h"
#include "certdb.h"
#include "p12plcy.h"
#include "p12.h"
#include "secpkcs5.h"
#include "p12.h"
/*#include "secpkcs5.h" */
/* PFX extraction and validation routines */

13
security/nss/lib/pkcs12/p12e.c
Просмотреть файл

@ -1029,17 +1029,17 @@ SEC_PKCS12AddCert(SEC_PKCS12ExportContext *p12ctxt, SEC_PKCS12SafeInfo *safe,
CERTCertificate *tempCert;
/* decode the certificate */
tempCert = CERT_NewTempCertificate(certDb,
&certList->certs[count], NULL,
PR_FALSE, PR_TRUE);
tempCert =
CERT_DecodeDERCertificate( &certList->certs[count],
PR_FALSE, NULL);
if(!tempCert) {
CERT_DestroyCertificateList(certList);
goto loser;
}
/* add the certificate */
if(SEC_PKCS12AddCert(p12ctxt, safe, nestedDest, tempCert, certDb,
NULL, PR_FALSE) != SECSuccess) {
if(SEC_PKCS12AddCert(p12ctxt, safe, nestedDest, tempCert,
certDb, NULL, PR_FALSE) != SECSuccess) {
CERT_DestroyCertificate(tempCert);
CERT_DestroyCertificateList(certList);
goto loser;
@ -1400,8 +1400,7 @@ SEC_PKCS12AddDERCertAndEncryptedKey(SEC_PKCS12ExportContext *p12ctxt,
mark = PORT_ArenaMark(p12ctxt->arena);
cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), derCert,
NULL, PR_FALSE, PR_TRUE);
cert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL);
if(!cert) {
PORT_ArenaRelease(p12ctxt->arena, mark);
PORT_SetError(SEC_ERROR_NO_MEMORY);

2
security/nss/lib/pkcs12/p12plcy.c
Просмотреть файл

@ -35,7 +35,7 @@
#include "p12plcy.h"
#include "secoid.h"
#include "secport.h"
#include "secpkcs5.h" /* LOTS of PKCS5 calls below. XXX EVIL. */
/*#include "secpkcs5.h" LOTS of PKCS5 calls below. XXX EVIL. */
#define PKCS12_NULL 0x0000

32
security/nss/lib/pkcs7/p7common.c
Просмотреть файл

@ -35,7 +35,7 @@
* PKCS7 implementation -- the exported parts that are used whether
* creating or decoding.
*
* $Id: p7common.c,v 1.2 2001/09/20 21:37:15 relyea%netscape.com Exp $
* $Id: p7common.c,v 1.3 2001/11/08 00:15:15 relyea%netscape.com Exp $
*/
#include "p7local.h"
@ -485,16 +485,22 @@ SEC_PKCS7EncryptContents(PRArenaPool *poolp,
rv = SECFailure;
goto loser;
}
eKey = PK11_PBEKeyGen(slot, algid, key, PR_FALSE, wincx);
pbeMech.mechanism = PK11_AlgtagToMechanism(algtag);
result = PK11_ParamFromAlgid(algid);
if (result == NULL) {
rv = SECFailure;
goto loser;
}
pbeMech.pParameter = result->data;
pbeMech.ulParameterLen = result->len;
eKey = PK11_RawPBEKeyGen(slot, pbeMech.mechanism, result, key, PR_FALSE,
wincx);
if(eKey == NULL) {
rv = SECFailure;
goto loser;
}
pbeMech.mechanism = PK11_AlgtagToMechanism(algtag);
result = PK11_ParamFromAlgid(algid);
pbeMech.pParameter = result->data;
pbeMech.ulParameterLen = result->len;
if(PK11_MapPBEMechanismToCryptoMechanism(&pbeMech, &cryptoMech, key,
PR_FALSE) != CKR_OK) {
rv = SECFailure;
@ -646,16 +652,20 @@ SEC_PKCS7DecryptContents(PRArenaPool *poolp,
rv = SECFailure;
goto loser;
}
eKey = PK11_PBEKeyGen(slot, algid, key, PR_FALSE, wincx);
pbeMech.mechanism = PK11_AlgtagToMechanism(algtag);
result = PK11_ParamFromAlgid(algid);
if (result == NULL) {
rv = SECFailure;
goto loser;
}
pbeMech.pParameter = result->data;
pbeMech.ulParameterLen = result->len;
eKey = PK11_RawPBEKeyGen(slot,pbeMech.mechanism,result,key,PR_FALSE,wincx);
if(eKey == NULL) {
rv = SECFailure;
goto loser;
}
pbeMech.mechanism = PK11_AlgtagToMechanism(algtag);
result = PK11_ParamFromAlgid(algid);
pbeMech.pParameter = result->data;
pbeMech.ulParameterLen = result->len;
if(PK11_MapPBEMechanismToCryptoMechanism(&pbeMech, &cryptoMech, key,
PR_FALSE) != CKR_OK) {
rv = SECFailure;

16
security/nss/lib/pkcs7/p7decode.c
Просмотреть файл

@ -34,7 +34,7 @@
/*
* PKCS7 decoding, verification.
*
* $Id: p7decode.c,v 1.5 2001/09/20 21:37:16 relyea%netscape.com Exp $
* $Id: p7decode.c,v 1.6 2001/11/08 00:15:16 relyea%netscape.com Exp $
*/
#include "nssrenam.h"
@ -47,7 +47,7 @@
/* the add certificate code needs to get */
/* rewritten/abstracted and then this */
/* include should be removed! */
#include "cdbhdl.h"
/*#include "cdbhdl.h" */
#include "cryptohi.h"
#include "key.h"
#include "secasn1.h"
@ -58,7 +58,7 @@
#include "secerr.h"
#include "sechash.h" /* for HASH_GetHashObject() */
#include "secder.h"
#include "secpkcs5.h"
/*#include "secpkcs5.h" */
struct sec_pkcs7_decoder_worker {
int depth;
@ -1449,7 +1449,7 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo,
SEC_PKCS7SignerInfo **signerinfos, *signerinfo;
CERTCertificate *cert, **certs;
PRBool goodsig;
CERTCertDBHandle local_certdb, *certdb, *defaultdb;
CERTCertDBHandle *certdb, *defaultdb;
SECOidData *algiddata;
int i, certcount;
SECKEYPublicKey *publickey;
@ -1541,10 +1541,7 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo,
*/
certdb = defaultdb;
if (certdb == NULL) {
if (CERT_OpenCertDBFilename (&local_certdb, NULL,
(PRBool)!keepcerts) != SECSuccess)
goto done;
certdb = &local_certdb;
goto done;
}
certcount = 0;
@ -1915,9 +1912,6 @@ done:
if (certs != NULL)
CERT_DestroyCertArray (certs, certcount);
if (defaultdb == NULL && certdb != NULL)
CERT_ClosePermCertDB (certdb);
if (publickey != NULL)
SECKEY_DestroyPublicKey (publickey);

3
security/nss/lib/pkcs7/p7encode.c
Просмотреть файл

@ -34,7 +34,7 @@
/*
* PKCS7 encoding.
*
* $Id: p7encode.c,v 1.4 2001/09/20 21:37:16 relyea%netscape.com Exp $
* $Id: p7encode.c,v 1.5 2001/11/08 00:15:16 relyea%netscape.com Exp $
*/
#include "nssrenam.h"
@ -96,7 +96,6 @@ sec_pkcs7_encoder_start_encrypt (SEC_PKCS7ContentInfo *cinfo,
void *mark, *wincx;
int i;
PRArenaPool *arena = NULL;
unsigned char zero = 0;
/* Get the context in case we need it below. */
wincx = cinfo->pwfn_arg;

4
security/nss/lib/pkcs7/p7local.c
Просмотреть файл

@ -37,7 +37,7 @@
* encoding/creation side *and* the decoding/decryption side. Anything
* else should be static routines in the appropriate file.
*
* $Id: p7local.c,v 1.2 2001/01/07 08:13:04 nelsonb%netscape.com Exp $
* $Id: p7local.c,v 1.3 2001/11/08 00:15:16 relyea%netscape.com Exp $
*/
#include "p7local.h"
@ -47,7 +47,7 @@
#include "secoid.h"
#include "secitem.h"
#include "pk11func.h"
#include "secpkcs5.h"
/*#include "secpkcs5.h" */
#include "secerr.h"
/*

4
security/nss/lib/pki/certdecode.c
Просмотреть файл

@ -32,7 +32,7 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: certdecode.c,v $ $Revision: 1.2 $ $Date: 2001/10/19 20:06:28 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: certdecode.c,v $ $Revision: 1.3 $ $Date: 2001/11/08 00:15:19 $ $Name: $";
#endif /* DEBUG */
#ifndef PKIT_H
@ -114,7 +114,7 @@ nssDecodedCert_Destroy
#if 0
nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
#endif
return PR_FAILURE;
break;
}
return PR_FAILURE;
}

31
security/nss/lib/pki/certificate.c
Просмотреть файл

@ -32,7 +32,7 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.12 $ $Date: 2001/11/05 17:29:27 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.13 $ $Date: 2001/11/08 00:15:19 $ $Name: $";
#endif /* DEBUG */
#ifndef NSSPKI_H
@ -135,7 +135,7 @@ NSSCertificate_Create
if (!arenaOpt) {
rvCert->arena = arena;
}
rvCert->handle = CK_INVALID_KEY;
rvCert->handle = CK_INVALID_HANDLE;
return rvCert;
loser:
if (!arenaOpt && arena) {
@ -191,27 +191,30 @@ nssCertificate_GetCertTrust
)
{
PRStatus nssrv;
CK_TRUST saTrust, epTrust, csTrust;
CK_TRUST saTrust, caTrust, epTrust, csTrust;
CK_OBJECT_HANDLE tobjID;
CK_ULONG trust_size;
CK_ATTRIBUTE trust_template[] = {
{ CKA_TRUST_SERVER_AUTH, NULL, 0 },
{ CKA_TRUST_CLIENT_AUTH, NULL, 0 },
{ CKA_TRUST_EMAIL_PROTECTION, NULL, 0 },
{ CKA_TRUST_CODE_SIGNING, NULL, 0 }
};
trust_size = sizeof(trust_template) / sizeof(trust_template[0]);
tobjID = get_cert_trust_handle(c, session);
if (tobjID == CK_INVALID_KEY) {
if (tobjID == CK_INVALID_HANDLE) {
return PR_FAILURE;
}
/* Then use the trust object to find the trust settings */
NSS_CK_SET_ATTRIBUTE_VAR(trust_template, 0, saTrust);
NSS_CK_SET_ATTRIBUTE_VAR(trust_template, 1, epTrust);
NSS_CK_SET_ATTRIBUTE_VAR(trust_template, 2, csTrust);
NSS_CK_SET_ATTRIBUTE_VAR(trust_template, 1, caTrust);
NSS_CK_SET_ATTRIBUTE_VAR(trust_template, 2, epTrust);
NSS_CK_SET_ATTRIBUTE_VAR(trust_template, 3, csTrust);
nssrv = nssCKObject_GetAttributes(tobjID,
trust_template, trust_size,
NULL, session, c->slot);
c->trust.serverAuth = saTrust;
c->trust.clientAuth = caTrust;
c->trust.emailProtection = epTrust;
c->trust.codeSigning = csTrust;
return PR_SUCCESS;
@ -371,9 +374,17 @@ nssCertificate_SetCertTrust
}
session = c->token->defaultSession;
tobjID = get_cert_trust_handle(c, session);
if (tobjID == CK_INVALID_KEY) {
if (tobjID == CK_INVALID_HANDLE) {
/* trust object doesn't exist yet, create one */
return create_cert_trust_object(c, trust);
tobjID = create_cert_trust_object(c, trust);
if (tobjID == CK_INVALID_HANDLE) {
return PR_FAILURE;
}
c->trust.serverAuth = trust->serverAuth;
c->trust.clientAuth = trust->clientAuth;
c->trust.emailProtection = trust->emailProtection;
c->trust.codeSigning = trust->codeSigning;
return PR_SUCCESS;
}
NSS_CK_SET_ATTRIBUTE_VAR(trust_template, 0, trust->serverAuth);
NSS_CK_SET_ATTRIBUTE_VAR(trust_template, 1, trust->clientAuth);
@ -754,13 +765,15 @@ NSSCertificate_GetPublicKey
NSSCertificate *c
)
{
PRStatus nssrv;
CK_ATTRIBUTE pubktemplate[] = {
{ CKA_CLASS, NULL, 0 },
{ CKA_ID, NULL, 0 },
{ CKA_SUBJECT, NULL, 0 }
};
#if 0
PRStatus nssrv;
CK_ULONG count = sizeof(pubktemplate) / sizeof(pubktemplate[0]);
#endif
NSS_CK_SET_ATTRIBUTE_ITEM(pubktemplate, 0, &g_ck_class_pubkey);
if (c->id.size > 0) {
/* CKA_ID */

6
security/nss/lib/pki/manifest.mn
Просмотреть файл

@ -30,7 +30,7 @@
# may use your version of this file under either the MPL or the
# GPL.
#
MANIFEST_CVS_ID = "@(#) $RCSfile: manifest.mn,v $ $Revision: 1.5 $ $Date: 2001/10/19 20:10:51 $ $Name: $"
MANIFEST_CVS_ID = "@(#) $RCSfile: manifest.mn,v $ $Revision: 1.6 $ $Date: 2001/11/08 00:15:20 $ $Name: $"
CORE_DEPTH = ../../..
@ -57,8 +57,8 @@ CSRCS = \
$(NULL)
ifndef PURE_STAN_BUILD
CSRCS += nss3hack.c
PRIVATE_EXPORTS += pkinss3hack.h pkitm.h pkim.h
CSRCS += pki3hack.c
PRIVATE_EXPORTS += pki3hack.h pkitm.h pkim.h
DEFINES = -DNSS_3_4_CODE
endif

78
security/nss/lib/pki/nss3hack.c → security/nss/lib/pki/pki3hack.c
Просмотреть файл

@ -32,7 +32,7 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: nss3hack.c,v $ $Revision: 1.5 $ $Date: 2001/11/05 17:29:27 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.1 $ $Date: 2001/11/08 00:15:20 $ $Name: $";
#endif /* DEBUG */
/*
@ -56,11 +56,11 @@ static const char CVS_ID[] = "@(#) $RCSfile: nss3hack.c,v $ $Revision: 1.5 $ $Da
#endif /* CKHELPER_H */
#ifndef DEVNSS3HACK_H
#include "devnss3hack.h"
#include "dev3hack.h"
#endif /* DEVNSS3HACK_H */
#ifndef PKINSS3HACK_H
#include "pkinss3hack.h"
#include "pki3hack.h"
#endif /* PKINSS3HACK_H */
#include "secitem.h"
@ -95,13 +95,10 @@ STAN_LoadDefaultNSS3TrustDomain
td->tokenList = nssList_Create(td->arena, PR_TRUE);
list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL);
if (list) {
/* XXX this doesn't work until softoken is a true PKCS#11 mod */
for (le = list->head; le; le = le->next) {
if (!PK11_IsInternal(le->slot)) {
token = nssToken_CreateFromPK11SlotInfo(td, le->slot);
PK11Slot_SetNSSToken(le->slot, token);
nssList_Add(td->tokenList, token);
}
token = nssToken_CreateFromPK11SlotInfo(td, le->slot);
PK11Slot_SetNSSToken(le->slot, token);
nssList_Add(td->tokenList, token);
}
}
td->tokens = nssList_CreateIterator(td->tokenList);
@ -322,7 +319,14 @@ static CERTCertTrust *
nssTrust_GetCERTCertTrust(NSSTrust *t, CERTCertificate *cc)
{
CERTCertTrust *rvTrust = PORT_ArenaAlloc(cc->arena, sizeof(CERTCertTrust));
unsigned int client;
rvTrust->sslFlags = get_nss3trust_from_cktrust(t->serverAuth);
client = get_nss3trust_from_cktrust(t->clientAuth);
if (client & (CERTDB_TRUSTED_CA|CERTDB_NS_TRUSTED_CA)) {
client &= ~(CERTDB_TRUSTED_CA|CERTDB_NS_TRUSTED_CA);
rvTrust->sslFlags |= CERTDB_TRUSTED_CLIENT_CA;
}
rvTrust->sslFlags |= client;
rvTrust->emailFlags = get_nss3trust_from_cktrust(t->emailProtection);
rvTrust->objectSigningFlags = get_nss3trust_from_cktrust(t->codeSigning);
if (PK11_IsUserCert(cc->slot, cc, cc->pkcs11ID)) {
@ -347,7 +351,7 @@ fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc)
}
/* trust */
cc->trust = nssTrust_GetCERTCertTrust(&c->trust, cc);
/* referenceCount addref? */
cc->referenceCount++;
/* subjectList ? */
/* pkcs11ID */
cc->pkcs11ID = c->handle;
@ -378,14 +382,55 @@ NSS_EXTERN NSSCertificate *
STAN_GetNSSCertificate(CERTCertificate *cc)
{
NSSCertificate *c;
NSSArena *arena;
c = cc->nssCertificate;
if (!c) {
/* i don't think this should happen. but if it can, need to create
* NSSCertificate from CERTCertificate values here.
*/
if (c) {
return c;
}
/* i don't think this should happen. but if it can, need to create
* NSSCertificate from CERTCertificate values here. */
/* Yup, it can happen. */
arena = NSSArena_Create();
if (!arena) {
return NULL;
}
c = NSSCertificate_Create(arena);
if (!c) {
goto loser;
}
NSSITEM_FROM_SECITEM(&c->encoding, &cc->derCert);
c->type = NSSCertificateType_PKIX;
c->arena = arena;
nssItem_Create(arena,
&c->issuer, cc->derIssuer.len, cc->derIssuer.data);
nssItem_Create(arena,
&c->subject, cc->derSubject.len, cc->derSubject.data);
nssItem_Create(arena,
&c->serial, cc->serialNumber.len, cc->serialNumber.data);
if (cc->nickname) {
c->nickname = nssUTF8_Create(arena,
nssStringType_UTF8String,
(NSSUTF8 *)cc->nickname,
PORT_Strlen(cc->nickname));
}
if (cc->emailAddr) {
c->email = nssUTF8_Create(arena,
nssStringType_PrintableString,
(NSSUTF8 *)cc->emailAddr,
PORT_Strlen(cc->emailAddr));
}
c->trustDomain = (NSSTrustDomain *)cc->dbhandle;
if (cc->slot) {
c->token = PK11Slot_GetNSSToken(cc->slot);
c->slot = c->token->slot;
}
cc->nssCertificate = c;
return c;
loser:
nssArena_Destroy(arena);
return NULL;
}
static CK_TRUST
@ -545,7 +590,8 @@ get_cert_type(NSSCertificateType nssType)
case NSSCertificateType_PKIX:
return CKC_X_509;
default:
return CK_INVALID_KEY;
return CK_INVALID_HANDLE; /* Not really! CK_INVALID_HANDLE is not a
* type CK_CERTIFICATE_TYPE */
}
}
@ -591,7 +637,7 @@ nssTrustDomain_AddTempCertToPerm
/* This is a hack, ignoring the 4.0 token ordering scheme */
token = STAN_GetInternalToken();
c->handle = nssToken_ImportObject(token, NULL, cert_template, ctsize);
if (c->handle == CK_INVALID_KEY) {
if (c->handle == CK_INVALID_HANDLE) {
return PR_FAILURE;
}
c->token = token;

2
security/nss/lib/pki/pkinss3hack.h → security/nss/lib/pki/pki3hack.h
Просмотреть файл

@ -35,7 +35,7 @@
#define PKINSS3HACK_H
#ifdef DEBUG
static const char PKINSS3HACK_CVS_ID[] = "@(#) $RCSfile: pkinss3hack.h,v $ $Revision: 1.3 $ $Date: 2001/10/19 18:16:44 $ $Name: $";
static const char PKINSS3HACK_CVS_ID[] = "@(#) $RCSfile: pki3hack.h,v $ $Revision: 1.1 $ $Date: 2001/11/08 00:15:20 $ $Name: $";
#endif /* DEBUG */
#ifndef NSSPKIT_H

8
security/nss/lib/pki/tdcache.c
Просмотреть файл

@ -32,7 +32,7 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: tdcache.c,v $ $Revision: 1.7 $ $Date: 2001/11/05 17:29:27 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: tdcache.c,v $ $Revision: 1.8 $ $Date: 2001/11/08 00:15:20 $ $Name: $";
#endif /* DEBUG */
#ifndef PKIM_H
@ -398,7 +398,7 @@ collect_subject_certs
)
{
NSSCertificate *c;
NSSCertificate **rvArray;
NSSCertificate **rvArray = NULL;
PRUint32 count;
if (rvCertListOpt) {
nssListIterator *iter = nssList_CreateIterator(subjectList);
@ -409,15 +409,13 @@ collect_subject_certs
}
nssListIterator_Finish(iter);
nssListIterator_Destroy(iter);
return (NSSCertificate **)NULL;
} else {
count = nssList_Count(subjectList);
rvArray = nss_ZNEWARRAY(NULL, NSSCertificate *, count);
if (!rvArray) return (NSSCertificate **)NULL;
nssList_GetArray(subjectList, (void **)rvArray, count);
return rvArray;
}
return (NSSCertificate **)NULL;
return rvArray;
}
/*

11
security/nss/lib/pki/trustdomain.c
Просмотреть файл

@ -32,7 +32,7 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: trustdomain.c,v $ $Revision: 1.11 $ $Date: 2001/10/19 18:16:45 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: trustdomain.c,v $ $Revision: 1.12 $ $Date: 2001/11/08 00:15:20 $ $Name: $";
#endif /* DEBUG */
#ifndef NSSPKI_H
@ -393,11 +393,8 @@ get_best_cert(NSSCertificate *c, void *arg)
}
/* either they are both valid at time, or neither valid; take the newer */
/* XXX later -- defer to policies */
if (bestdc->isNewerThan(bestdc, dc)) {
return PR_SUCCESS;
} else {
if (!bestdc->isNewerThan(bestdc, dc)) {
best->cert = c;
return PR_SUCCESS;
}
/* policies */
return PR_SUCCESS;
@ -721,7 +718,7 @@ NSSTrustDomain_FindCertificateByIssuerAndSerialNumber
{
object = nssToken_FindObjectByTemplate(tok, NULL,
cert_template, ctsize);
if (object != CK_INVALID_KEY) {
if (object != CK_INVALID_HANDLE) {
/* Could not find cert, so create it */
rvCert = nssCertificate_CreateFromHandle(NULL, object,
NULL, tok->slot);
@ -864,7 +861,7 @@ NSSTrustDomain_FindCertificateByEncodedCertificate
{
object = nssToken_FindObjectByTemplate(tok, NULL,
cert_template, ctsize);
if (object != CK_INVALID_KEY) {
if (object != CK_INVALID_HANDLE) {
/* Could not find cert, so create it */
rvCert = nssCertificate_CreateFromHandle(NULL, object,
NULL, tok->slot);

10
security/nss/lib/pki1/Makefile
Просмотреть файл

@ -30,7 +30,7 @@
# may use your version of this file under either the MPL or the
# GPL.
#
MAKEFILE_CVS_ID = "@(#) $RCSfile: Makefile,v $ $Revision: 1.3 $ $Date: 2001/10/11 17:41:46 $ $Name: $"
MAKEFILE_CVS_ID = "@(#) $RCSfile: Makefile,v $ $Revision: 1.4 $ $Date: 2001/11/08 00:15:23 $ $Name: $"
include manifest.mn
include $(CORE_DEPTH)/coreconf/config.mk
@ -38,8 +38,10 @@ include config.mk
include $(CORE_DEPTH)/coreconf/rules.mk
# Generate oiddata.h and oiddata.c.
generate:
perl oidgen.perl < oids.txt
$(OBJDIR)/oiddata.c $(OBJDIR)/oiddata.h: oidgen.perl oids.txt
@$(MAKE_OBJDIR)
rm -f $(OBJDIR)/oiddata.c $(OBJDIR)/oiddata.h
perl oidgen.perl $(OBJDIR)/oiddata.c $(OBJDIR)/oiddata.h oids.txt
export:: generate private_export
export:: private_export

15
security/nss/lib/pki1/atav.c
Просмотреть файл

@ -32,7 +32,7 @@
*/
#ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: atav.c,v $ $Revision: 1.3 $ $Date: 2001/10/15 15:01:59 $ $Name: $";
static const char CVS_ID[] = "@(#) $RCSfile: atav.c,v $ $Revision: 1.4 $ $Date: 2001/11/08 00:15:24 $ $Name: $";
#endif /* DEBUG */
/*
@ -961,13 +961,13 @@ nss_atav_utf8_string_is_hex
return PR_TRUE;
}
static PRUint8
static NSSUTF8
nss_atav_fromhex
(
PRUint8 *d
NSSUTF8 *d
)
{
PRUint8 rv;
NSSUTF8 rv;
if( d[0] <= '9' ) {
rv = (d[0] - '0') * 16;
@ -1105,8 +1105,8 @@ nssATAV_CreateFromUTF8
if( '#' == *value ) { /* XXX fgmr.. was it '#'? or backslash? */
PRUint32 size;
PRUint32 len;
PRUint8 *c;
PRUint8 *d;
NSSUTF8 *c;
NSSUTF8 *d;
PRStatus status;
/* It's in hex */
@ -1717,6 +1717,9 @@ nssATAV_Compare
break;
case nssStringType_BMPString:
break;
case nssStringType_GeneralString:
/* what to do here? */
break;
case nssStringType_UTF8String:
break;
case nssStringType_PHGString:

7
security/nss/lib/pki1/manifest.mn
Просмотреть файл

@ -30,12 +30,12 @@
# may use your version of this file under either the MPL or the
# GPL.
#
MANIFEST_CVS_ID = "@(#) $RCSfile: manifest.mn,v $ $Revision: 1.2 $ $Date: 2001/09/14 18:07:54 $ $Name: $"
MANIFEST_CVS_ID = "@(#) $RCSfile: manifest.mn,v $ $Revision: 1.3 $ $Date: 2001/11/08 00:15:25 $ $Name: $"
CORE_DEPTH = ../../..
PRIVATE_EXPORTS = \
oiddata.h \
$(OBJDIR)/oiddata.h \
pki1.h \
pki1t.h \
$(NULL)
@ -47,6 +47,9 @@ EXPORTS = \
MODULE = security
BUILT_CSRCS = oiddata.c \
$(NULL)
CSRCS = \
atav.c \
genname.c \

12
security/nss/lib/pki1/oidgen.perl
Просмотреть файл

@ -31,8 +31,9 @@
# may use your version of this file under either the MPL or the
# GPL.
#
$cvs_id = '@(#) $RCSfile: oidgen.perl,v $ $Revision: 1.1 $ $Date: 2000/03/31 19:16:22 $ $Name: $';
$cvs_id = '@(#) $RCSfile: oidgen.perl,v $ $Revision: 1.2 $ $Date: 2001/11/08 00:15:25 $ $Name: $';
$cfile = shift;
$hfile = shift;
$count = -1;
while(<>) {
s/^((?:[^"#]+|"[^"]*")*)(\s*#.*$)/$1/;
@ -60,7 +61,8 @@ while(<>) {
}
# dodump();
doprint();
doprint($cfile,$hfile);
sub dodump {
for( $i = 0; $i <= $count; $i++ ) {
@ -73,8 +75,8 @@ for( $i = 0; $i <= $count; $i++ ) {
}
sub doprint {
open(CFILE, ">oiddata.c") || die "Can't open oiddata.c: $!";
open(HFILE, ">oiddata.h") || die "Can't open oiddata.h: $!";
open(CFILE, "> $cfile") || die "Can't open $cfile: $!";
open(HFILE, "> $hfile") || die "Can't open $hfile: $!";
print CFILE <<EOD
/* THIS IS A GENERATED FILE */

4
security/nss/lib/smime/cmscipher.c
Просмотреть файл

@ -34,7 +34,7 @@
/*
* Encryption/decryption routines for CMS implementation, none of which are exported.
*
* $Id: cmscipher.c,v 1.2 2000/06/13 21:56:27 chrisk%netscape.com Exp $
* $Id: cmscipher.c,v 1.3 2001/11/08 00:15:26 relyea%netscape.com Exp $
*/
#include "cmslocal.h"
@ -43,7 +43,7 @@
#include "secitem.h"
#include "pk11func.h"
#include "secerr.h"
#include "secpkcs5.h"
/*#include "secpkcs5.h" */
/*
* -------------------------------------------------------------------

4
security/nss/lib/smime/cmsenvdata.c
Просмотреть файл

@ -34,7 +34,7 @@
/*
* CMS envelopedData methods.
*
* $Id: cmsenvdata.c,v 1.4 2001/09/20 22:15:32 relyea%netscape.com Exp $
* $Id: cmsenvdata.c,v 1.5 2001/11/08 00:15:26 relyea%netscape.com Exp $
*/
#include "cmslocal.h"
@ -46,7 +46,7 @@
#include "secoid.h"
#include "pk11func.h"
#include "secerr.h"
#include "secpkcs5.h"
/*#include "secpkcs5.h" */
/*
* NSS_CMSEnvelopedData_Create - create an enveloped data message

4
security/nss/lib/smime/cmssigdata.c
Просмотреть файл

@ -34,13 +34,13 @@
/*
* CMS signedData methods.
*
* $Id: cmssigdata.c,v 1.12 2001/11/02 00:03:32 ddrinan%netscape.com Exp $
* $Id: cmssigdata.c,v 1.13 2001/11/08 00:15:27 relyea%netscape.com Exp $
*/
#include "cmslocal.h"
#include "cert.h"
#include "cdbhdl.h"
/*#include "cdbhdl.h"*/
#include "secasn1.h"
#include "secitem.h"
#include "secoid.h"

Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше