Bug 504080: Update NSS to the NSS_3_12_4_RTM CVS tag. r=kaie.
This commit is contained in:
Родитель
4445f47cea
Коммит
d864aaf333
|
@ -113,6 +113,9 @@ ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE))
|
|||
else
|
||||
OPTIMIZER = -O2
|
||||
endif
|
||||
ifdef MOZ_DEBUG_SYMBOLS
|
||||
OPTIMIZER += -gdwarf-2 -gfull
|
||||
endif
|
||||
endif
|
||||
|
||||
ARCH = darwin
|
||||
|
|
|
@ -84,8 +84,12 @@ PROCESS_MAP_FILE = grep -v ';+' $< | grep -v ';-' | \
|
|||
sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' -e 's,^,+e ,' > $@
|
||||
|
||||
DSO_LDOPTS = -b +h $(notdir $@)
|
||||
ifeq ($(USE_64), 1)
|
||||
RPATH = +b '$$ORIGIN'
|
||||
RPATH = +b '$$ORIGIN'
|
||||
ifneq ($(OS_TEST),ia64)
|
||||
# pa-risc
|
||||
ifndef USE_64
|
||||
RPATH =
|
||||
endif
|
||||
endif
|
||||
DSO_LDFLAGS =
|
||||
|
||||
|
|
|
@ -124,7 +124,11 @@ ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE))
|
|||
else
|
||||
OPTIMIZER = -O2
|
||||
endif
|
||||
ifdef MOZ_DEBUG_SYMBOLS
|
||||
OPTIMIZER += -gstabs+
|
||||
endif
|
||||
endif
|
||||
|
||||
|
||||
ifeq ($(USE_PTHREADS),1)
|
||||
OS_PTHREAD = -lpthread
|
||||
|
@ -140,7 +144,12 @@ endif
|
|||
ARCH = linux
|
||||
|
||||
DSO_CFLAGS = -fPIC
|
||||
DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,-z,defs
|
||||
DSO_LDOPTS = -shared $(ARCHFLAG)
|
||||
# The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8)
|
||||
# incorrectly reports undefined references in the libraries we link with, so
|
||||
# we don't use -z defs there.
|
||||
ZDEFS_FLAG = -Wl,-z,defs
|
||||
DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG))
|
||||
DSO_LDFLAGS =
|
||||
LDFLAGS += $(ARCHFLAG)
|
||||
|
||||
|
|
|
@ -45,4 +45,6 @@ ifdef MAPFILE
|
|||
endif
|
||||
PROCESS_MAP_FILE = grep -v ';-' $< | \
|
||||
sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > $@
|
||||
|
||||
NSS_NO_FORK_CHECK=1
|
||||
|
||||
|
|
|
@ -20,6 +20,7 @@
|
|||
# the Initial Developer. All Rights Reserved.
|
||||
#
|
||||
# Contributor(s):
|
||||
# Peter Naulls
|
||||
#
|
||||
# Alternatively, the contents of this file may be used under the terms of
|
||||
# either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
|
@ -37,12 +38,19 @@
|
|||
|
||||
include $(CORE_DEPTH)/coreconf/UNIX.mk
|
||||
|
||||
DLL_SUFFIX = a
|
||||
MKSHLIB = $(GCCSDK_INSTALL_CROSSBIN)/arm-unknown-riscos-ar cr
|
||||
LIB_SUFFIX = a
|
||||
DLL_SUFFIX = so
|
||||
AR = ar cr $@
|
||||
LDOPTS += -L$(SOURCE_LIB_DIR)
|
||||
MKSHLIB = $(CC) $(DSO_LDOPTS) -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so)
|
||||
|
||||
OS_RELEASE =
|
||||
OS_TARGET = RISCOS
|
||||
|
||||
DSO_CFLAGS = -fPIC
|
||||
DSO_LDOPTS = -shared
|
||||
DSO_LDFLAGS =
|
||||
|
||||
ifdef BUILD_OPT
|
||||
OPTIMIZER = -O2 -mpoke-function-name
|
||||
OPTIMIZER = -O3
|
||||
endif
|
||||
|
|
|
@ -63,7 +63,7 @@ else
|
|||
RC = rc.exe
|
||||
MT = mt.exe
|
||||
# Determine compiler version
|
||||
_MSC_VER_6 = 1200 # MSVC 6
|
||||
_MSC_VER_6 = 1200
|
||||
_MSC_VER := $(shell $(CC) 2>&1 | sed -ne \
|
||||
's/.*[^0-9.]\([0-9]\{1,\}\)\.\([0-9]\{1,\}\).*/\1\2/p' )
|
||||
endif
|
||||
|
|
|
@ -194,6 +194,11 @@ ifdef NSS_DISABLE_DBM
|
|||
DEFINES += -DNSS_DISABLE_DBM
|
||||
endif
|
||||
|
||||
ifdef NSS_NO_FORK_CHECK
|
||||
DEFINES += -DNO_FORK_CHECK
|
||||
DEFINES += -DNO_CHECK_FORK
|
||||
endif
|
||||
|
||||
# Avoid building object leak test code for optimized library
|
||||
ifndef BUILD_OPT
|
||||
ifdef PKIX_OBJECT_LEAK_TEST
|
||||
|
|
|
@ -43,5 +43,3 @@
|
|||
|
||||
#error "Do not include this header file."
|
||||
|
||||
/* NSS 3.12.4 Beta */
|
||||
|
||||
|
|
|
@ -337,12 +337,8 @@ ifdef MT
|
|||
fi
|
||||
endif # MSVC with manifest tool
|
||||
endif
|
||||
else
|
||||
ifeq ($(OS_TARGET),RISCOS)
|
||||
$(MKSHLIB) $@ $(OBJS) $(SUB_SHLOBJS)
|
||||
else
|
||||
$(MKSHLIB) -o $@ $(OBJS) $(SUB_SHLOBJS) $(LD_LIBS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)
|
||||
endif
|
||||
chmod +x $@
|
||||
ifeq ($(OS_TARGET),Darwin)
|
||||
ifdef MAPFILE
|
||||
|
|
|
@ -74,7 +74,7 @@ typedef enum {
|
|||
F_Help,
|
||||
F_Quit,
|
||||
F_QuitIf,
|
||||
F_QuitIfString,
|
||||
F_QuitIfString
|
||||
} FunctionType;
|
||||
|
||||
/*
|
||||
|
@ -103,7 +103,7 @@ typedef enum {
|
|||
ArgFile = 0x800,
|
||||
ArgStatic = 0x1000,
|
||||
ArgOpt = 0x2000,
|
||||
ArgFull = 0x4000,
|
||||
ArgFull = 0x4000
|
||||
} ArgType;
|
||||
|
||||
typedef enum _constType
|
||||
|
|
|
@ -5275,13 +5275,14 @@ CK_RV PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList,
|
|||
CK_RV crv = CKR_OK;
|
||||
#ifndef NO_FORK_CHECK
|
||||
int rc = -1;
|
||||
pid_t child, ret;
|
||||
NUMTESTS++; /* increment NUMTESTS */
|
||||
if (forkAssert) {
|
||||
putenv("NSS_STRICT_NOFORK=1");
|
||||
} else {
|
||||
putenv("NSS_STRICT_NOFORK=0");
|
||||
}
|
||||
pid_t child = fork();
|
||||
child = fork();
|
||||
switch (child) {
|
||||
case -1:
|
||||
PKM_Error("Fork failed.\n");
|
||||
|
@ -5316,7 +5317,7 @@ CK_RV PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList,
|
|||
exit(expected & 255);
|
||||
default:
|
||||
PKM_LogIt("Fork succeeded.\n");
|
||||
pid_t ret = wait(&rc);
|
||||
ret = wait(&rc);
|
||||
if (ret != child || (!WIFEXITED(rc)) ||
|
||||
( (expected & 255) != (WEXITSTATUS(rc) & 255)) ) {
|
||||
int retStatus = -1;
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
/*
|
||||
* Test program for SDR (Secret Decoder Ring) functions.
|
||||
*
|
||||
* $Id: pwdecrypt.c,v 1.5 2008/08/08 23:47:58 julien.pierre.boogz%sun.com Exp $
|
||||
* $Id: pwdecrypt.c,v 1.7 2009/08/03 07:07:13 nelson%bolyard.com Exp $
|
||||
*/
|
||||
|
||||
#include "nspr.h"
|
||||
|
@ -116,23 +116,22 @@ long_usage (char *program_name)
|
|||
* base64 table only used to identify the end of a base64 string
|
||||
*/
|
||||
static unsigned char b64[256] = {
|
||||
/* 0: */ 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
/* 8: */ 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
/* 16: */ 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
/* 24: */ 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
/* 32: */ 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
/* 40: */ 0, 0, 0, 1, 0, 0, 0, 1,
|
||||
/* 48: */ 1, 1, 1, 1, 1, 1, 1, 1,
|
||||
/* 56: */ 1, 1, 0, 0, 0, 0, 0, 0,
|
||||
/* 64: */ 0, 1, 1, 1, 1, 1, 1, 1,
|
||||
/* 72: */ 1, 1, 1, 1, 1, 1, 1, 1,
|
||||
/* 80: */ 1, 1, 1, 1, 1, 1, 1, 1,
|
||||
/* 88: */ 1, 1, 1, 0, 0, 0, 0, 0,
|
||||
/* 96: */ 0, 1, 1, 1, 1, 1, 1, 1,
|
||||
/* 104: */ 1, 1, 1, 1, 1, 1, 1, 1,
|
||||
/* 112: */ 1, 1, 1, 1, 1, 1, 1, 1,
|
||||
/* 120: */ 1, 1, 1, 0, 0, 0, 0, 0,
|
||||
/* 128: */ 0, 0, 0, 0, 0, 0, 0, 0
|
||||
/* 00: */ 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
/* 08: */ 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
/* 10: */ 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
/* 18: */ 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
/* 20: */ 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
/* 28: */ 0, 0, 0, 1, 0, 0, 0, 1,
|
||||
/* 30: */ 1, 1, 1, 1, 1, 1, 1, 1,
|
||||
/* 38: */ 1, 1, 0, 0, 0, 0, 0, 0,
|
||||
/* 40: */ 0, 1, 1, 1, 1, 1, 1, 1,
|
||||
/* 48: */ 1, 1, 1, 1, 1, 1, 1, 1,
|
||||
/* 50: */ 1, 1, 1, 1, 1, 1, 1, 1,
|
||||
/* 58: */ 1, 1, 1, 0, 0, 0, 0, 0,
|
||||
/* 60: */ 0, 1, 1, 1, 1, 1, 1, 1,
|
||||
/* 68: */ 1, 1, 1, 1, 1, 1, 1, 1,
|
||||
/* 70: */ 1, 1, 1, 1, 1, 1, 1, 1,
|
||||
/* 78: */ 1, 1, 1, 0, 0, 0, 0, 0,
|
||||
};
|
||||
|
||||
enum {
|
||||
|
@ -140,62 +139,92 @@ enum {
|
|||
true = 1
|
||||
} bool;
|
||||
|
||||
#define isatobchar(c) (b64[c])
|
||||
|
||||
#define MAX_STRING 8192
|
||||
|
||||
int
|
||||
isatobchar(int c) { return b64[c] != 0; }
|
||||
isBase64(char *inString)
|
||||
{
|
||||
unsigned int i;
|
||||
unsigned char c;
|
||||
|
||||
|
||||
#define MAX_STRING 256
|
||||
int
|
||||
getData(FILE *inFile,char **inString) {
|
||||
int len = 0;
|
||||
int space = MAX_STRING;
|
||||
int oneequal = false;
|
||||
int c;
|
||||
char *string = (char *) malloc(space);
|
||||
|
||||
string[len++]='M';
|
||||
|
||||
while ((c = getc(inFile)) != EOF) {
|
||||
if (len >= space) {
|
||||
char *newString;
|
||||
|
||||
space *= 2;
|
||||
newString = (char *)realloc(string,space);
|
||||
if (newString == NULL) {
|
||||
ungetc(c,inFile);
|
||||
break;
|
||||
}
|
||||
string = newString;
|
||||
}
|
||||
string[len++] = c;
|
||||
if (!isatobchar(c)) {
|
||||
if (c == '=') {
|
||||
if (oneequal) {
|
||||
break;
|
||||
}
|
||||
oneequal = true;
|
||||
continue;
|
||||
} else {
|
||||
ungetc(c,inFile);
|
||||
len--;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (oneequal) {
|
||||
ungetc(c,inFile);
|
||||
len--;
|
||||
break;
|
||||
}
|
||||
for (i = 0; (c = inString[i]) != 0 && isatobchar(c); ++i)
|
||||
;
|
||||
if (c == '=') {
|
||||
while ((c = inString[++i]) == '=')
|
||||
; /* skip trailing '=' characters */
|
||||
}
|
||||
if (len >= space) {
|
||||
space += 2;
|
||||
string = (char *)realloc(string,space);
|
||||
}
|
||||
string[len++] = 0;
|
||||
*inString = string;
|
||||
if (c && c != '\n' && c != '\r')
|
||||
return false;
|
||||
if (i == 0 || i % 4)
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
void
|
||||
doDecrypt(char * dataString, FILE *outFile, FILE *logFile, secuPWData *pwdata)
|
||||
{
|
||||
int strLen = strlen(dataString);
|
||||
SECItem *decoded = NSSBase64_DecodeBuffer(NULL, NULL, dataString, strLen);
|
||||
SECStatus rv;
|
||||
int err;
|
||||
unsigned int i;
|
||||
SECItem result = { siBuffer, NULL, 0 };
|
||||
|
||||
if ((decoded == NULL) || (decoded->len == 0)) {
|
||||
if (logFile) {
|
||||
err = PORT_GetError();
|
||||
fprintf(logFile,"Base 64 decode failed on <%s>\n", dataString);
|
||||
fprintf(logFile," Error %d: %s\n", err, SECU_Strerror(err));
|
||||
}
|
||||
fputs(dataString, outFile);
|
||||
if (decoded)
|
||||
SECITEM_FreeItem(decoded, PR_TRUE);
|
||||
return;
|
||||
}
|
||||
|
||||
rv = PK11SDR_Decrypt(decoded, &result, pwdata);
|
||||
SECITEM_ZfreeItem(decoded, PR_TRUE);
|
||||
if (rv == SECSuccess) {
|
||||
/* result buffer has no extra space for a NULL */
|
||||
fprintf(outFile, "Decrypted: \"%.*s\"\n", result.len, result.data);
|
||||
SECITEM_ZfreeItem(&result, PR_FALSE);
|
||||
return;
|
||||
}
|
||||
/* Encryption failed. output raw input. */
|
||||
if (logFile) {
|
||||
err = PORT_GetError();
|
||||
fprintf(logFile,"SDR decrypt failed on <%s>\n", dataString);
|
||||
fprintf(logFile," Error %d: %s\n", err, SECU_Strerror(err));
|
||||
}
|
||||
fputs(dataString,outFile);
|
||||
}
|
||||
|
||||
void
|
||||
doDecode(char * dataString, FILE *outFile, FILE *logFile)
|
||||
{
|
||||
int strLen = strlen(dataString + 1);
|
||||
SECItem *decoded;
|
||||
|
||||
decoded = NSSBase64_DecodeBuffer(NULL, NULL, dataString + 1, strLen);
|
||||
if ((decoded == NULL) || (decoded->len == 0)) {
|
||||
if (logFile) {
|
||||
int err = PORT_GetError();
|
||||
fprintf(logFile,"Base 64 decode failed on <%s>\n", dataString + 1);
|
||||
fprintf(logFile," Error %d: %s\n", err, SECU_Strerror(err));
|
||||
}
|
||||
fputs(dataString, outFile);
|
||||
if (decoded)
|
||||
SECITEM_FreeItem(decoded, PR_TRUE);
|
||||
return;
|
||||
}
|
||||
fprintf(outFile, "Decoded: \"%.*s\"\n", decoded->len, decoded->data);
|
||||
SECITEM_ZfreeItem(decoded, PR_TRUE);
|
||||
}
|
||||
|
||||
char dataString[MAX_STRING + 1];
|
||||
|
||||
int
|
||||
main (int argc, char **argv)
|
||||
{
|
||||
|
@ -210,11 +239,8 @@ main (int argc, char **argv)
|
|||
FILE *outFile = stdout;
|
||||
FILE *logFile = NULL;
|
||||
PLOptStatus optstatus;
|
||||
SECItem result;
|
||||
int c;
|
||||
secuPWData pwdata = { PW_NONE, NULL };
|
||||
|
||||
result.data = 0;
|
||||
|
||||
program_name = PL_strrchr(argv[0], '/');
|
||||
program_name = program_name ? (program_name + 1) : argv[0];
|
||||
|
@ -270,28 +296,31 @@ main (int argc, char **argv)
|
|||
}
|
||||
|
||||
if (input_file) {
|
||||
inFile = fopen(input_file,"r");
|
||||
if (inFile == NULL) {
|
||||
perror(input_file);
|
||||
return 1;
|
||||
}
|
||||
PR_Free(input_file);
|
||||
inFile = fopen(input_file,"r");
|
||||
if (inFile == NULL) {
|
||||
perror(input_file);
|
||||
return 1;
|
||||
}
|
||||
PR_Free(input_file);
|
||||
}
|
||||
if (output_file) {
|
||||
outFile = fopen(output_file,"w+");
|
||||
if (outFile == NULL) {
|
||||
perror(output_file);
|
||||
return 1;
|
||||
}
|
||||
PR_Free(output_file);
|
||||
outFile = fopen(output_file,"w+");
|
||||
if (outFile == NULL) {
|
||||
perror(output_file);
|
||||
return 1;
|
||||
}
|
||||
PR_Free(output_file);
|
||||
}
|
||||
if (log_file) {
|
||||
logFile = fopen(log_file,"w+");
|
||||
if (logFile == NULL) {
|
||||
perror(log_file);
|
||||
return 1;
|
||||
}
|
||||
PR_Free(log_file);
|
||||
if (log_file[0] == '-')
|
||||
logFile = stderr;
|
||||
else
|
||||
logFile = fopen(log_file,"w+");
|
||||
if (logFile == NULL) {
|
||||
perror(log_file);
|
||||
return 1;
|
||||
}
|
||||
PR_Free(log_file);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -308,64 +337,29 @@ main (int argc, char **argv)
|
|||
/* Get the encrypted result, either from the input file
|
||||
* or from encrypting the plaintext value
|
||||
*/
|
||||
while (fgets(dataString, sizeof dataString, inFile)) {
|
||||
unsigned char c = dataString[0];
|
||||
|
||||
while ((c = getc(inFile)) != EOF) {
|
||||
if (c == 'M') {
|
||||
char *dataString = NULL;
|
||||
SECItem *inText;
|
||||
|
||||
rv = getData(inFile, &dataString);
|
||||
if (!rv) {
|
||||
fputs(dataString,outFile);
|
||||
free(dataString);
|
||||
continue;
|
||||
}
|
||||
inText = NSSBase64_DecodeBuffer(NULL, NULL, dataString,
|
||||
strlen(dataString));
|
||||
if ((inText == NULL) || (inText->len == 0)) {
|
||||
if (logFile) {
|
||||
fprintf(logFile,"Base 64 decode failed on <%s>\n",
|
||||
dataString);
|
||||
fprintf(logFile," Error %x: %s\n",PORT_GetError(),
|
||||
SECU_Strerror(PORT_GetError()));
|
||||
}
|
||||
fputs(dataString,outFile);
|
||||
free(dataString);
|
||||
continue;
|
||||
}
|
||||
result.data = NULL;
|
||||
result.len = 0;
|
||||
rv = PK11SDR_Decrypt(inText, &result, &pwdata);
|
||||
SECITEM_FreeItem(inText, PR_TRUE);
|
||||
if (rv != SECSuccess) {
|
||||
if (logFile) {
|
||||
fprintf(logFile,"SDR decrypt failed on <%s>\n",
|
||||
dataString);
|
||||
fprintf(logFile," Error %x: %s\n",PORT_GetError(),
|
||||
SECU_Strerror(PORT_GetError()));
|
||||
}
|
||||
fputs(dataString,outFile);
|
||||
free(dataString);
|
||||
SECITEM_ZfreeItem(&result, PR_FALSE);
|
||||
continue;
|
||||
}
|
||||
/* result buffer has no extra space for a NULL */
|
||||
fprintf(outFile, "%.*s", result.len, result.data);
|
||||
SECITEM_ZfreeItem(&result, PR_FALSE);
|
||||
} else {
|
||||
putc(c,outFile);
|
||||
}
|
||||
if (c == 'M' && isBase64(dataString)) {
|
||||
doDecrypt(dataString, outFile, logFile, &pwdata);
|
||||
} else if (c == '~' && isBase64(dataString + 1)) {
|
||||
doDecode(dataString, outFile, logFile);
|
||||
} else {
|
||||
fputs(dataString, outFile);
|
||||
}
|
||||
}
|
||||
if (pwdata.data)
|
||||
PR_Free(pwdata.data);
|
||||
|
||||
fclose(outFile);
|
||||
fclose(inFile);
|
||||
if (logFile) {
|
||||
if (logFile && logFile != stderr) {
|
||||
fclose(logFile);
|
||||
}
|
||||
|
||||
if (NSS_Shutdown() != SECSuccess) {
|
||||
SECU_PrintError (program_name, "NSS_Shutdown failed");
|
||||
exit(1);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
prdone:
|
||||
|
|
|
@ -80,7 +80,9 @@ endif
|
|||
|
||||
CHECKLIBS = $(DIST)/lib/$(DLL_PREFIX)softokn3.$(DLL_SUFFIX)
|
||||
CHECKLIBS += $(wildcard $(DIST)/lib/$(DLL_PREFIX)freebl*3.$(DLL_SUFFIX))
|
||||
ifndef NSS_DISABLE_DBM
|
||||
CHECKLIBS += $(DIST)/lib/$(DLL_PREFIX)nssdbm3.$(DLL_SUFFIX)
|
||||
endif
|
||||
CHECKLOC = $(CHECKLIBS:.$(DLL_SUFFIX)=.chk)
|
||||
|
||||
MD_LIB_RELEASE_FILES = $(CHECKLOC)
|
||||
|
|
|
@ -1358,18 +1358,35 @@ appendStringToBuf(char *dest, char *src, PRUint32 *pRemaining)
|
|||
return dest;
|
||||
}
|
||||
|
||||
#undef NEEDS_HEX_ESCAPE
|
||||
#define NEEDS_HEX_ESCAPE(c) (c < 0x20)
|
||||
|
||||
static char *
|
||||
appendItemToBuf(char *dest, SECItem *src, PRUint32 *pRemaining)
|
||||
{
|
||||
if (dest && src && src->data && src->len && src->data[0] &&
|
||||
*pRemaining > src->len + 1 ) {
|
||||
if (dest && src && src->data && src->len && src->data[0]) {
|
||||
PRUint32 len = src->len;
|
||||
PRUint32 i;
|
||||
for (i = 0; i < len && src->data[i] ; ++i)
|
||||
dest[i] = tolower(src->data[i]);
|
||||
dest[len] = 0;
|
||||
dest += len + 1;
|
||||
*pRemaining -= len + 1;
|
||||
PRUint32 reqLen = len + 1;
|
||||
/* are there any embedded control characters ? */
|
||||
for (i = 0; i < len; i++) {
|
||||
if (NEEDS_HEX_ESCAPE(src->data[i]))
|
||||
reqLen += 2;
|
||||
}
|
||||
if (*pRemaining > reqLen) {
|
||||
for (i = 0; i < len; ++i) {
|
||||
PRUint8 c = src->data[i];
|
||||
if (NEEDS_HEX_ESCAPE(c)) {
|
||||
*dest++ = C_BACKSLASH;
|
||||
*dest++ = hexChars[ (c >> 4) & 0x0f ];
|
||||
*dest++ = hexChars[ c & 0x0f ];
|
||||
} else {
|
||||
*dest++ = tolower(c);
|
||||
}
|
||||
}
|
||||
*dest++ = '\0';
|
||||
*pRemaining -= reqLen;
|
||||
}
|
||||
}
|
||||
return dest;
|
||||
}
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
/*
|
||||
* certi.h - private data structures for the certificate library
|
||||
*
|
||||
* $Id: certi.h,v 1.30 2009/04/18 05:15:45 alexei.volkov.bugs%sun.com Exp $
|
||||
* $Id: certi.h,v 1.31 2009/07/31 18:35:30 christophe.ravel.bugs%sun.com Exp $
|
||||
*/
|
||||
#ifndef _CERTI_H_
|
||||
#define _CERTI_H_
|
||||
|
@ -368,7 +368,7 @@ struct NamedCRLCacheEntryStr {
|
|||
typedef enum {
|
||||
certRevocationStatusRevoked = 0,
|
||||
certRevocationStatusValid = 1,
|
||||
certRevocationStatusUnknown = 2,
|
||||
certRevocationStatusUnknown = 2
|
||||
} CERTRevocationStatus;
|
||||
|
||||
/* Returns detailed status of the cert(revStatus variable). Tells if
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
/*
|
||||
* Moved from secpkcs7.c
|
||||
*
|
||||
* $Id: crl.c,v 1.67 2009/05/13 22:47:28 julien.pierre.boogz%sun.com Exp $
|
||||
* $Id: crl.c,v 1.68 2009/08/10 22:25:44 julien.pierre.boogz%sun.com Exp $
|
||||
*/
|
||||
|
||||
#include "cert.h"
|
||||
|
@ -1047,48 +1047,38 @@ void PreAllocator_Destroy(PreAllocator* PreAllocator)
|
|||
{
|
||||
PORT_FreeArena(PreAllocator->arena, PR_TRUE);
|
||||
}
|
||||
if (PreAllocator->data)
|
||||
{
|
||||
PORT_Free(PreAllocator->data);
|
||||
}
|
||||
PORT_Free(PreAllocator);
|
||||
}
|
||||
|
||||
/* constructor for PreAllocator object */
|
||||
PreAllocator* PreAllocator_Create(PRSize size)
|
||||
{
|
||||
PreAllocator prebuffer;
|
||||
PreAllocator* prepointer = NULL;
|
||||
memset(&prebuffer, 0, sizeof(PreAllocator));
|
||||
prebuffer.len = size;
|
||||
prebuffer.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
||||
PORT_Assert(prebuffer.arena);
|
||||
if (!prebuffer.arena)
|
||||
PRArenaPool* arena = NULL;
|
||||
PreAllocator* prebuffer = NULL;
|
||||
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
||||
if (!arena)
|
||||
{
|
||||
PreAllocator_Destroy(&prebuffer);
|
||||
return NULL;
|
||||
}
|
||||
if (prebuffer.len)
|
||||
prebuffer = (PreAllocator*)PORT_ArenaZAlloc(arena,
|
||||
sizeof(PreAllocator));
|
||||
if (!prebuffer)
|
||||
{
|
||||
prebuffer.data = PORT_Alloc(prebuffer.len);
|
||||
if (!prebuffer.data)
|
||||
PORT_FreeArena(arena, PR_TRUE);
|
||||
return NULL;
|
||||
}
|
||||
prebuffer->arena = arena;
|
||||
|
||||
if (size)
|
||||
{
|
||||
prebuffer->len = size;
|
||||
prebuffer->data = PORT_ArenaAlloc(arena, size);
|
||||
if (!prebuffer->data)
|
||||
{
|
||||
PreAllocator_Destroy(&prebuffer);
|
||||
PORT_FreeArena(arena, PR_TRUE);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
prebuffer.data = NULL;
|
||||
}
|
||||
prepointer = (PreAllocator*)PORT_Alloc(sizeof(PreAllocator));
|
||||
if (!prepointer)
|
||||
{
|
||||
PreAllocator_Destroy(&prebuffer);
|
||||
return NULL;
|
||||
}
|
||||
*prepointer = prebuffer;
|
||||
return prepointer;
|
||||
return prebuffer;
|
||||
}
|
||||
|
||||
/* global Named CRL cache object */
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.54 $ $Date: 2009/05/21 19:50:27 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.54 $ $Date: 2009/05/21 19:50:27 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.55 $ $Date: 2009/08/13 23:40:29 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.55 $ $Date: 2009/08/13 23:40:29 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#ifndef BUILTINS_H
|
||||
|
@ -908,7 +908,7 @@ static const NSSItem nss_builtins_items_0 [] = {
|
|||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)"CVS ID", (PRUint32)7 },
|
||||
{ (void *)"NSS", (PRUint32)4 },
|
||||
{ (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.54 $ $Date: 2009/05/21 19:50:27 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.54 $ $Date: 2009/05/21 19:50:27 $", (PRUint32)160 }
|
||||
{ (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.55 $ $Date: 2009/08/13 23:40:29 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.55 $ $Date: 2009/08/13 23:40:29 $", (PRUint32)160 }
|
||||
};
|
||||
#endif /* DEBUG */
|
||||
static const NSSItem nss_builtins_items_1 [] = {
|
||||
|
@ -17981,7 +17981,7 @@ static const NSSItem nss_builtins_items_266 [] = {
|
|||
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)"AC Ra+¡z Certic+ímara S.A.", (PRUint32)27 },
|
||||
{ (void *)"AC Ra\xC3\xADz Certic\xC3\xA1mara S.A.", (PRUint32)39 },
|
||||
{ (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
|
||||
{ (void *)"\060\173\061\013\060\011\006\003\125\004\006\023\002\103\117\061"
|
||||
"\107\060\105\006\003\125\004\012\014\076\123\157\143\151\145\144"
|
||||
|
@ -18115,7 +18115,7 @@ static const NSSItem nss_builtins_items_267 [] = {
|
|||
{ (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
|
||||
{ (void *)"AC Ra+¡z Certic+ímara S.A.", (PRUint32)27 },
|
||||
{ (void *)"AC Ra\xC3\xADz Certic\xC3\xA1mara S.A.", (PRUint32)39 },
|
||||
{ (void *)"\313\241\305\370\260\343\136\270\271\105\022\323\371\064\242\351"
|
||||
"\006\020\323\066"
|
||||
, (PRUint32)20 },
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.53 $ $Date: 2009/05/21 19:50:28 $"
|
||||
CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.54 $ $Date: 2009/08/13 23:40:29 $"
|
||||
|
||||
#
|
||||
# certdata.txt
|
||||
|
@ -18481,13 +18481,13 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUST_UNKNOWN
|
|||
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
|
||||
|
||||
#
|
||||
# Certificate "AC Ra+¡z Certic+ímara S.A."
|
||||
# Certificate "AC Ra\xC3\xADz Certic\xC3\xA1mara S.A."
|
||||
#
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "AC Ra+¡z Certic+ímara S.A."
|
||||
CKA_LABEL UTF8 "AC Ra\xC3\xADz Certic\xC3\xA1mara S.A."
|
||||
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
|
||||
CKA_SUBJECT MULTILINE_OCTAL
|
||||
\060\173\061\013\060\011\006\003\125\004\006\023\002\103\117\061
|
||||
|
@ -18620,12 +18620,12 @@ CKA_VALUE MULTILINE_OCTAL
|
|||
\005\211\374\170\326\134\054\046\103\251
|
||||
END
|
||||
|
||||
# Trust for Certificate "AC Ra+¡z Certic+ímara S.A."
|
||||
# Trust for Certificate "AC Ra\xC3\xADz Certic\xC3\xA1mara S.A."
|
||||
CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
|
||||
CKA_TOKEN CK_BBOOL CK_TRUE
|
||||
CKA_PRIVATE CK_BBOOL CK_FALSE
|
||||
CKA_MODIFIABLE CK_BBOOL CK_FALSE
|
||||
CKA_LABEL UTF8 "AC Ra+¡z Certic+ímara S.A."
|
||||
CKA_LABEL UTF8 "AC Ra\xC3\xADz Certic\xC3\xA1mara S.A."
|
||||
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
|
||||
\313\241\305\370\260\343\136\270\271\105\022\323\371\064\242\351
|
||||
\006\020\323\066
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||
#
|
||||
# ***** END LICENSE BLOCK *****
|
||||
MAKEFILE_CVS_ID = "@(#) $RCSfile: Makefile,v $ $Revision: 1.5 $ $Date: 2007/05/09 00:09:37 $"
|
||||
MAKEFILE_CVS_ID = "@(#) $RCSfile: Makefile,v $ $Revision: 1.6 $ $Date: 2009/07/29 20:15:19 $"
|
||||
|
||||
include manifest.mn
|
||||
include $(CORE_DEPTH)/coreconf/config.mk
|
||||
|
@ -54,6 +54,9 @@ EXTRA_LIBS += \
|
|||
-lplc4 \
|
||||
-lplds4 \
|
||||
-lnspr4 \
|
||||
-lcrypt32 \
|
||||
-ladvapi32 \
|
||||
-lrpcrt4 \
|
||||
$(NULL)
|
||||
else
|
||||
EXTRA_SHARED_LIBS += \
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: cobject.c,v $ $Revision: 1.5 $ $Date: 2009/02/25 18:37:49 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: cobject.c,v $ $Revision: 1.6 $ $Date: 2009/07/29 20:15:19 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
#include "ckcapi.h"
|
||||
|
@ -172,7 +172,7 @@ nss_ckcapi_DERUnwrap
|
|||
len = (len << 8) | (unsigned) *src++;
|
||||
}
|
||||
}
|
||||
if (len + (src-start) > (unsigned int)size) {
|
||||
if (len + ((unsigned char *)src-start) > (unsigned int)size) {
|
||||
return start;
|
||||
}
|
||||
if (next) {
|
||||
|
|
|
@ -500,14 +500,14 @@ PKIX_Error* PKIX_ALLOC_ERROR(void);
|
|||
typedef enum PKIX_RevocationMethodTypeEnum {
|
||||
PKIX_RevocationMethod_CRL = 0,
|
||||
PKIX_RevocationMethod_OCSP,
|
||||
PKIX_RevocationMethod_MAX,
|
||||
PKIX_RevocationMethod_MAX
|
||||
} PKIX_RevocationMethodType;
|
||||
|
||||
/* A set of statuses revocation checker operates on */
|
||||
typedef enum PKIX_RevocationStatusEnum {
|
||||
PKIX_RevStatus_NoInfo = 0,
|
||||
PKIX_RevStatus_Revoked,
|
||||
PKIX_RevStatus_Success,
|
||||
PKIX_RevStatus_Success
|
||||
} PKIX_RevocationStatus;
|
||||
|
||||
|
||||
|
|
|
@ -187,7 +187,7 @@ pkix_OcspChecker_CheckLocal(
|
|||
}
|
||||
|
||||
PKIX_CHECK(
|
||||
PKIX_PL_OcspCertID_GetFreshCacheStatus(cid, NULL,
|
||||
PKIX_PL_OcspCertID_GetFreshCacheStatus(cid, date,
|
||||
&hasFreshStatus,
|
||||
&statusIsGood,
|
||||
&resultCode,
|
||||
|
@ -321,7 +321,7 @@ pkix_OcspChecker_CheckExternal(
|
|||
}
|
||||
|
||||
PKIX_CHECK(
|
||||
pkix_pl_OcspResponse_GetStatusForCert(cid, response,
|
||||
pkix_pl_OcspResponse_GetStatusForCert(cid, response, date,
|
||||
&passed, &resultCode,
|
||||
plContext),
|
||||
PKIX_OCSPRESPONSEGETSTATUSFORCERTFAILED);
|
||||
|
|
|
@ -970,10 +970,12 @@ PKIX_Error *
|
|||
pkix_pl_OcspResponse_GetStatusForCert(
|
||||
PKIX_PL_OcspCertID *cid,
|
||||
PKIX_PL_OcspResponse *response,
|
||||
PKIX_PL_Date *validity,
|
||||
PKIX_Boolean *pPassed,
|
||||
SECErrorCodes *pReturnCode,
|
||||
void *plContext)
|
||||
{
|
||||
PRTime time = 0;
|
||||
SECStatus rv = SECFailure;
|
||||
SECStatus rvCache;
|
||||
PRBool certIDWasConsumed = PR_FALSE;
|
||||
|
@ -989,11 +991,19 @@ pkix_pl_OcspResponse_GetStatusForCert(
|
|||
PKIX_NULLCHECK_TWO(response->signerCert, response->request);
|
||||
PKIX_NULLCHECK_TWO(cid, cid->certID);
|
||||
|
||||
if (validity != NULL) {
|
||||
PKIX_Error *er = pkix_pl_Date_GetPRTime(validity, &time, plContext);
|
||||
PKIX_DECREF(er);
|
||||
}
|
||||
if (!time) {
|
||||
time = PR_Now();
|
||||
}
|
||||
|
||||
rv = cert_ProcessOCSPResponse(response->handle,
|
||||
response->nssOCSPResponse,
|
||||
cid->certID,
|
||||
response->signerCert,
|
||||
PR_Now(),
|
||||
time,
|
||||
&certIDWasConsumed,
|
||||
&rvCache);
|
||||
if (certIDWasConsumed) {
|
||||
|
|
|
@ -113,6 +113,7 @@ PKIX_Error *
|
|||
pkix_pl_OcspResponse_GetStatusForCert(
|
||||
PKIX_PL_OcspCertID *cid,
|
||||
PKIX_PL_OcspResponse *response,
|
||||
PKIX_PL_Date *validity,
|
||||
PKIX_Boolean *pPassed,
|
||||
SECErrorCodes *pReturnCode,
|
||||
void *plContext);
|
||||
|
|
|
@ -972,3 +972,10 @@ PK11_GetSymKeyHandle;
|
|||
;+ local:
|
||||
;+ *;
|
||||
;+};
|
||||
;+NSS_3.12.4 { # NSS 3.12.4 release
|
||||
;+ global:
|
||||
PK11_IsInternalKeySlot;
|
||||
SECMOD_OpenNewSlot;
|
||||
;+ local:
|
||||
;+ *;
|
||||
;+};
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: nss.h,v 1.67 2009/07/20 20:06:57 nelson%bolyard.com Exp $ */
|
||||
/* $Id: nss.h,v 1.69 2009/08/13 18:11:22 christophe.ravel.bugs%sun.com Exp $ */
|
||||
|
||||
#ifndef __nss_h_
|
||||
#define __nss_h_
|
||||
|
@ -66,11 +66,11 @@
|
|||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>][ <ECC>][ <Beta>]"
|
||||
*/
|
||||
#define NSS_VERSION "3.12.4.4" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta"
|
||||
#define NSS_VERSION "3.12.4.5" _NSS_ECC_STRING _NSS_CUSTOMIZED
|
||||
#define NSS_VMAJOR 3
|
||||
#define NSS_VMINOR 12
|
||||
#define NSS_VPATCH 4
|
||||
#define NSS_BETA PR_TRUE
|
||||
#define NSS_BETA PR_FALSE
|
||||
|
||||
#ifndef RC_INVOKED
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: nssinit.c,v 1.98 2009/05/29 19:23:30 wtc%google.com Exp $ */
|
||||
/* $Id: nssinit.c,v 1.99 2009/07/23 01:56:40 nelson%bolyard.com Exp $ */
|
||||
|
||||
#include <ctype.h>
|
||||
#include <string.h>
|
||||
|
@ -774,6 +774,7 @@ NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData)
|
|||
(nssShutdownList.allocatedFuncs + NSS_SHUTDOWN_STEP)
|
||||
*sizeof(struct NSSShutdownFuncPair));
|
||||
if (!funcs) {
|
||||
PZ_Unlock(nssShutdownList.lock);
|
||||
return SECFailure;
|
||||
}
|
||||
nssShutdownList.funcs = funcs;
|
||||
|
|
|
@ -483,10 +483,17 @@ PK11_ChangePW(PK11SlotInfo *slot, const char *oldpw, const char *newpw)
|
|||
int oldLen;
|
||||
CK_SESSION_HANDLE rwsession;
|
||||
|
||||
if (newpw == NULL) newpw = "";
|
||||
if (oldpw == NULL) oldpw = "";
|
||||
newLen = PORT_Strlen(newpw);
|
||||
oldLen = PORT_Strlen(oldpw);
|
||||
/* use NULL values to trigger the protected authentication path */
|
||||
if (slot->protectedAuthPath) {
|
||||
if (newpw == NULL) newLen = 0;
|
||||
if (oldpw == NULL) oldLen = 0;
|
||||
} else {
|
||||
if (newpw == NULL) newpw = "";
|
||||
if (oldpw == NULL) oldpw = "";
|
||||
newLen = PORT_Strlen(newpw);
|
||||
oldLen = PORT_Strlen(oldpw);
|
||||
}
|
||||
|
||||
|
||||
/* get a rwsession */
|
||||
rwsession = PK11_GetRWSession(slot);
|
||||
|
|
|
@ -109,6 +109,7 @@ PK11SlotList *PK11_FindSlotsByNames(const char *dllName,
|
|||
const char* slotName, const char* tokenName, PRBool presentOnly);
|
||||
PRBool PK11_IsReadOnly(PK11SlotInfo *slot);
|
||||
PRBool PK11_IsInternal(PK11SlotInfo *slot);
|
||||
PRBool PK11_IsInternalKeySlot(PK11SlotInfo *slot);
|
||||
char * PK11_GetTokenName(PK11SlotInfo *slot);
|
||||
char * PK11_GetSlotName(PK11SlotInfo *slot);
|
||||
PRBool PK11_NeedLogin(PK11SlotInfo *slot);
|
||||
|
@ -237,6 +238,15 @@ int PK11_GetBestKeyLength(PK11SlotInfo *slot, CK_MECHANISM_TYPE type);
|
|||
PK11SlotInfo *SECMOD_OpenUserDB(const char *moduleSpec);
|
||||
SECStatus SECMOD_CloseUserDB(PK11SlotInfo *slot);
|
||||
|
||||
/*
|
||||
* This is exactly the same as OpenUserDB except it can be called on any
|
||||
* module that understands softoken style new slot entries. The resulting
|
||||
* slot can be closed using SECMOD_CloseUserDB above. Value of moduleSpec
|
||||
* is token specific.
|
||||
*/
|
||||
PK11SlotInfo *SECMOD_OpenNewSlot(SECMODModule *mod, const char *moduleSpec);
|
||||
|
||||
|
||||
/*
|
||||
* merge the permanent objects from on token to another
|
||||
*/
|
||||
|
|
|
@ -1538,6 +1538,22 @@ PK11_IsInternal(PK11SlotInfo *slot)
|
|||
return slot->isInternal;
|
||||
}
|
||||
|
||||
PRBool
|
||||
PK11_IsInternalKeySlot(PK11SlotInfo *slot)
|
||||
{
|
||||
PK11SlotInfo *int_slot;
|
||||
PRBool result;
|
||||
|
||||
if (!slot->isInternal) {
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
||||
int_slot = PK11_GetInternalKeySlot();
|
||||
result = (int_slot == slot) ? PR_TRUE : PR_FALSE;
|
||||
PK11_FreeSlot(int_slot);
|
||||
return result;
|
||||
}
|
||||
|
||||
PRBool
|
||||
PK11_NeedLogin(PK11SlotInfo *slot)
|
||||
{
|
||||
|
|
|
@ -1248,13 +1248,12 @@ SECMOD_HasRemovableSlots(SECMODModule *mod)
|
|||
* helper function to actually create and destroy user defined slots
|
||||
*/
|
||||
static SECStatus
|
||||
secmod_UserDBOp(CK_OBJECT_CLASS objClass, const char *sendSpec)
|
||||
secmod_UserDBOp(PK11SlotInfo *slot, CK_OBJECT_CLASS objClass,
|
||||
const char *sendSpec)
|
||||
{
|
||||
PK11SlotInfo *slot = PK11_GetInternalSlot();
|
||||
CK_OBJECT_HANDLE dummy;
|
||||
CK_ATTRIBUTE template[2] ;
|
||||
CK_ATTRIBUTE *attrs = template;
|
||||
SECStatus rv;
|
||||
CK_RV crv;
|
||||
|
||||
PK11_SETATTRS(attrs, CKA_CLASS, &objClass, sizeof(objClass)); attrs++;
|
||||
|
@ -1270,13 +1269,10 @@ secmod_UserDBOp(CK_OBJECT_CLASS objClass, const char *sendSpec)
|
|||
PK11_ExitSlotMonitor(slot);
|
||||
|
||||
if (crv != CKR_OK) {
|
||||
PK11_FreeSlot(slot);
|
||||
PORT_SetError(PK11_MapError(crv));
|
||||
return SECFailure;
|
||||
}
|
||||
rv = SECMOD_UpdateSlotList(slot->module);
|
||||
PK11_FreeSlot(slot);
|
||||
return rv;
|
||||
return SECMOD_UpdateSlotList(slot->module);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1331,6 +1327,112 @@ done:
|
|||
return retValue;
|
||||
}
|
||||
|
||||
/*
|
||||
* return true if the selected slot ID is not present or doesn't exist
|
||||
*/
|
||||
static PRBool
|
||||
secmod_SlotIsEmpty(SECMODModule *mod, CK_SLOT_ID slotID)
|
||||
{
|
||||
PK11SlotInfo *slot = SECMOD_LookupSlot(mod->moduleID, slotID);
|
||||
if (slot) {
|
||||
PRBool present = PK11_IsPresent(slot);
|
||||
PK11_FreeSlot(slot);
|
||||
if (present) {
|
||||
return PR_FALSE;
|
||||
}
|
||||
}
|
||||
/* it doesn't exist or isn't present, it's available */
|
||||
return PR_TRUE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Find an unused slot id in module.
|
||||
*/
|
||||
static CK_SLOT_ID
|
||||
secmod_FindFreeSlot(SECMODModule *mod)
|
||||
{
|
||||
CK_SLOT_ID i, minSlotID, maxSlotID;
|
||||
|
||||
/* look for a free slot id on the internal module */
|
||||
if (mod->internal && mod->isFIPS) {
|
||||
minSlotID = SFTK_MIN_FIPS_USER_SLOT_ID;
|
||||
maxSlotID = SFTK_MAX_FIPS_USER_SLOT_ID;
|
||||
} else {
|
||||
minSlotID = SFTK_MIN_USER_SLOT_ID;
|
||||
maxSlotID = SFTK_MAX_USER_SLOT_ID;
|
||||
}
|
||||
for (i=minSlotID; i < maxSlotID; i++) {
|
||||
if (secmod_SlotIsEmpty(mod,i)) {
|
||||
return i;
|
||||
}
|
||||
}
|
||||
PORT_SetError(SEC_ERROR_NO_SLOT_SELECTED);
|
||||
return (CK_SLOT_ID) -1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Attempt to open a new slot.
|
||||
*
|
||||
* This works the same os OpenUserDB except it can be called against
|
||||
* any module that understands the softoken protocol for opening new
|
||||
* slots, not just the softoken itself. If the selected module does not
|
||||
* understand the protocol, C_CreateObject will fail with
|
||||
* CKR_INVALID_ATTRIBUTE, and SECMOD_OpenNewSlot will return NULL and set
|
||||
* SEC_ERROR_BAD_DATA.
|
||||
*
|
||||
* NewSlots can be closed with SECMOD_CloseUserDB();
|
||||
*
|
||||
* Modulespec is module dependent.
|
||||
*/
|
||||
PK11SlotInfo *
|
||||
SECMOD_OpenNewSlot(SECMODModule *mod, const char *moduleSpec)
|
||||
{
|
||||
CK_SLOT_ID slotID = 0;
|
||||
PK11SlotInfo *slot;
|
||||
char *escSpec;
|
||||
char *sendSpec;
|
||||
SECStatus rv;
|
||||
|
||||
slotID = secmod_FindFreeSlot(mod);
|
||||
if (slotID == (CK_SLOT_ID) -1) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (mod->slotCount == 0) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* just grab the first slot in the module, any present slot should work */
|
||||
slot = PK11_ReferenceSlot(mod->slots[0]);
|
||||
if (slot == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* we've found the slot, now build the moduleSpec */
|
||||
escSpec = nss_doubleEscape(moduleSpec);
|
||||
if (escSpec == NULL) {
|
||||
PK11_FreeSlot(slot);
|
||||
return NULL;
|
||||
}
|
||||
sendSpec = PR_smprintf("tokens=[0x%x=<%s>]", slotID, escSpec);
|
||||
PORT_Free(escSpec);
|
||||
|
||||
if (sendSpec == NULL) {
|
||||
/* PR_smprintf does not set SEC_ERROR_NO_MEMORY on failure. */
|
||||
PK11_FreeSlot(slot);
|
||||
PORT_SetError(SEC_ERROR_NO_MEMORY);
|
||||
return NULL;
|
||||
}
|
||||
rv = secmod_UserDBOp(slot, CKO_NETSCAPE_NEWSLOT, sendSpec);
|
||||
PR_smprintf_free(sendSpec);
|
||||
PK11_FreeSlot(slot);
|
||||
if (rv != SECSuccess) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return SECMOD_FindSlotByID(mod, slotID);
|
||||
}
|
||||
|
||||
/*
|
||||
* Open a new database using the softoken. The caller is responsible for making
|
||||
* sure the module spec is correct and usable. The caller should ask for one
|
||||
|
@ -1383,13 +1485,7 @@ done:
|
|||
PK11SlotInfo *
|
||||
SECMOD_OpenUserDB(const char *moduleSpec)
|
||||
{
|
||||
CK_SLOT_ID slotID = 0;
|
||||
char *escSpec;
|
||||
char *sendSpec;
|
||||
SECStatus rv;
|
||||
SECMODModule *mod;
|
||||
CK_SLOT_ID i, minSlotID, maxSlotID;
|
||||
PRBool found = PR_FALSE;
|
||||
|
||||
if (moduleSpec == NULL) {
|
||||
return NULL;
|
||||
|
@ -1403,76 +1499,21 @@ SECMOD_OpenUserDB(const char *moduleSpec)
|
|||
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* look for a free slot id on the internal module */
|
||||
if (mod->isFIPS) {
|
||||
minSlotID = SFTK_MIN_FIPS_USER_SLOT_ID;
|
||||
maxSlotID = SFTK_MAX_FIPS_USER_SLOT_ID;
|
||||
} else {
|
||||
minSlotID = SFTK_MIN_USER_SLOT_ID;
|
||||
maxSlotID = SFTK_MAX_USER_SLOT_ID;
|
||||
}
|
||||
for (i=minSlotID; i < maxSlotID; i++) {
|
||||
PK11SlotInfo *slot = SECMOD_LookupSlot(mod->moduleID, i);
|
||||
if (slot) {
|
||||
PRBool present = PK11_IsPresent(slot);
|
||||
PK11_FreeSlot(slot);
|
||||
if (present) {
|
||||
continue;
|
||||
}
|
||||
/* not present means it's available */
|
||||
}
|
||||
/* it doesn't exist or isn't present, it's available */
|
||||
slotID = i;
|
||||
found = PR_TRUE;
|
||||
break;
|
||||
}
|
||||
|
||||
if (!found) {
|
||||
/* this could happen if we try to open too many slots */
|
||||
PORT_SetError(SEC_ERROR_NO_SLOT_SELECTED);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* we've found the slot, now build the moduleSpec */
|
||||
|
||||
escSpec = nss_doubleEscape(moduleSpec);
|
||||
if (escSpec == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
sendSpec = PR_smprintf("tokens=[0x%x=<%s>]", slotID, escSpec);
|
||||
PORT_Free(escSpec);
|
||||
|
||||
if (sendSpec == NULL) {
|
||||
/* PR_smprintf does not set no memory error */
|
||||
PORT_SetError(SEC_ERROR_NO_MEMORY);
|
||||
return NULL;
|
||||
}
|
||||
rv = secmod_UserDBOp(CKO_NETSCAPE_NEWSLOT, sendSpec);
|
||||
PR_smprintf_free(sendSpec);
|
||||
if (rv != SECSuccess) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return SECMOD_FindSlotByID(mod, slotID);
|
||||
return SECMOD_OpenNewSlot(mod, moduleSpec);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* close an already opened user database. NOTE: the database must be
|
||||
* in the internal token, and must be one created with SECMOD_OpenUserDB().
|
||||
* Once the database is closed, the slot will remain as an empty slot
|
||||
* until it's used again with SECMOD_OpenUserDB().
|
||||
* until it's used again with SECMOD_OpenUserDB() or SECMOD_OpenNewSlot().
|
||||
*/
|
||||
SECStatus
|
||||
SECMOD_CloseUserDB(PK11SlotInfo *slot)
|
||||
{
|
||||
SECStatus rv;
|
||||
char *sendSpec;
|
||||
|
||||
if (!slot->isInternal) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
sendSpec = PR_smprintf("tokens=[0x%x=<>]", slot->slotID);
|
||||
if (sendSpec == NULL) {
|
||||
|
@ -1480,7 +1521,7 @@ SECMOD_CloseUserDB(PK11SlotInfo *slot)
|
|||
PORT_SetError(SEC_ERROR_NO_MEMORY);
|
||||
return SECFailure;
|
||||
}
|
||||
rv = secmod_UserDBOp(CKO_NETSCAPE_DELSLOT, sendSpec);
|
||||
rv = secmod_UserDBOp(slot, CKO_NETSCAPE_DELSLOT, sendSpec);
|
||||
PR_smprintf_free(sendSpec);
|
||||
return rv;
|
||||
}
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.96 $ $Date: 2008/08/09 01:26:05 $";
|
||||
static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.97 $ $Date: 2009/07/30 22:43:32 $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
|
@ -668,7 +668,7 @@ STAN_GetCERTCertificateNameForInstance (
|
|||
}
|
||||
if (stanNick) {
|
||||
/* fill other fields needed by NSS3 functions using CERTCertificate */
|
||||
if (instance && (!PK11_IsInternal(instance->token->pk11slot) ||
|
||||
if (instance && (!PK11_IsInternalKeySlot(instance->token->pk11slot) ||
|
||||
PORT_Strchr(stanNick, ':') != NULL) ) {
|
||||
tokenName = nssToken_GetName(instance->token);
|
||||
tokenlen = nssUTF8_Size(tokenName, &nssrv);
|
||||
|
@ -734,7 +734,7 @@ fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc, PRBool forced
|
|||
NSSUTF8 *tokenName = NULL;
|
||||
char *nick;
|
||||
if (instance &&
|
||||
(!PK11_IsInternal(instance->token->pk11slot) ||
|
||||
(!PK11_IsInternalKeySlot(instance->token->pk11slot) ||
|
||||
(stanNick && PORT_Strchr(stanNick, ':') != NULL))) {
|
||||
tokenName = nssToken_GetName(instance->token);
|
||||
tokenlen = nssUTF8_Size(tokenName, &nssrv);
|
||||
|
@ -1161,7 +1161,7 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
|
|||
nssTrust->stepUpApproved, PR_TRUE);
|
||||
/* If the selected token can't handle trust, dump the trust on
|
||||
* the internal token */
|
||||
if (!newInstance && !PK11_IsInternal(tok->pk11slot)) {
|
||||
if (!newInstance && !PK11_IsInternalKeySlot(tok->pk11slot)) {
|
||||
PK11SlotInfo *slot = PK11_GetInternalKeySlot();
|
||||
NSSUTF8 *nickname = nssCertificate_GetNickname(c, NULL);
|
||||
NSSASCII7 *email = c->email;
|
||||
|
|
|
@ -57,7 +57,7 @@
|
|||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>][ <ECC>][ <Beta>]"
|
||||
*/
|
||||
#define SOFTOKEN_VERSION "3.12.4.4" SOFTOKEN_ECC_STRING
|
||||
#define SOFTOKEN_VERSION "3.12.4.5" SOFTOKEN_ECC_STRING
|
||||
#define SOFTOKEN_VMAJOR 3
|
||||
#define SOFTOKEN_VMINOR 12
|
||||
#define SOFTOKEN_VPATCH 4
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: softoknt.h,v 1.5 2009/01/27 23:13:21 rrelyea%redhat.com Exp $ */
|
||||
/* $Id: softoknt.h,v 1.6 2009/08/03 16:58:28 christophe.ravel.bugs%sun.com Exp $ */
|
||||
|
||||
#ifndef _SOFTOKNT_H_
|
||||
#define _SOFTOKNT_H_
|
||||
|
@ -88,7 +88,7 @@ typedef enum {
|
|||
NSS_AUDIT_SELF_TEST,
|
||||
NSS_AUDIT_SET_PIN,
|
||||
NSS_AUDIT_UNWRAP_KEY,
|
||||
NSS_AUDIT_WRAP_KEY,
|
||||
NSS_AUDIT_WRAP_KEY
|
||||
} NSSAuditType;
|
||||
|
||||
#endif /* _SOFTOKNT_H_ */
|
||||
|
|
|
@ -51,10 +51,10 @@
|
|||
* The format of the version string should be
|
||||
* "<major version>.<minor version>[.<patch level>][ <Beta>]"
|
||||
*/
|
||||
#define NSSUTIL_VERSION "3.12.4.4 Beta"
|
||||
#define NSSUTIL_VERSION "3.12.4.5"
|
||||
#define NSSUTIL_VMAJOR 3
|
||||
#define NSSUTIL_VMINOR 12
|
||||
#define NSSUTIL_VPATCH 4
|
||||
#define NSSUTIL_BETA PR_TRUE
|
||||
#define NSSUTIL_BETA PR_FALSE
|
||||
|
||||
#endif /* __nssutil_h_ */
|
||||
|
|
|
@ -19,7 +19,9 @@
|
|||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Rob McCool (original author)
|
||||
* Ken Key <key+mozilla@ksquared.net>
|
||||
* Nelson Bolyard <nelson@bolyard.me>
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
|
@ -38,9 +40,7 @@
|
|||
/*
|
||||
* shexp.c: shell-like wildcard match routines
|
||||
*
|
||||
*
|
||||
* See shexp.h for public documentation.
|
||||
*
|
||||
*/
|
||||
|
||||
#include "seccomon.h"
|
||||
|
@ -50,73 +50,75 @@
|
|||
|
||||
|
||||
static int
|
||||
_valid_subexp(const char *exp, char stop)
|
||||
_valid_subexp(const char *exp, char stop1, char stop2)
|
||||
{
|
||||
register int x,y,t;
|
||||
int nsc,np,tld;
|
||||
register int x;
|
||||
int nsc = 0; /* Number of special characters */
|
||||
int np; /* Number of pipe characters in union */
|
||||
int tld = 0; /* Number of tilde characters */
|
||||
|
||||
x=0;nsc=0;tld=0;
|
||||
|
||||
while(exp[x] && (exp[x] != stop)) {
|
||||
for (x = 0; exp[x] && (exp[x] != stop1) && (exp[x] != stop2); ++x) {
|
||||
switch(exp[x]) {
|
||||
case '~':
|
||||
if(tld) return INVALID_SXP;
|
||||
else ++tld;
|
||||
case '*':
|
||||
case '?':
|
||||
case '^':
|
||||
case '$':
|
||||
case '~':
|
||||
if(tld) /* at most one exclusion */
|
||||
return INVALID_SXP;
|
||||
if (stop1) /* no exclusions within unions */
|
||||
return INVALID_SXP;
|
||||
if (!exp[x+1]) /* exclusion cannot be last character */
|
||||
return INVALID_SXP;
|
||||
if (!x) /* exclusion cannot be first character */
|
||||
return INVALID_SXP;
|
||||
++tld;
|
||||
/* fall through */
|
||||
case '*':
|
||||
case '?':
|
||||
case '$':
|
||||
++nsc;
|
||||
break;
|
||||
case '[':
|
||||
case '[':
|
||||
++nsc;
|
||||
if((!exp[++x]) || (exp[x] == ']'))
|
||||
return INVALID_SXP;
|
||||
for(++x;exp[x] && (exp[x] != ']');++x)
|
||||
if(exp[x] == '\\')
|
||||
if(!exp[++x])
|
||||
return INVALID_SXP;
|
||||
for(; exp[x] && (exp[x] != ']'); ++x) {
|
||||
if(exp[x] == '\\' && !exp[++x])
|
||||
return INVALID_SXP;
|
||||
}
|
||||
if(!exp[x])
|
||||
return INVALID_SXP;
|
||||
break;
|
||||
case '(':
|
||||
++nsc;np = 0;
|
||||
while(1) {
|
||||
if(exp[++x] == ')')
|
||||
return INVALID_SXP;
|
||||
for(y=x;(exp[y]) && (exp[y] != '|') && (exp[y] != ')');++y)
|
||||
if(exp[y] == '\\')
|
||||
if(!exp[++y])
|
||||
return INVALID_SXP;
|
||||
if(!exp[y])
|
||||
return INVALID_SXP;
|
||||
if(exp[y] == '|')
|
||||
++np;
|
||||
t = _valid_subexp(&exp[x],exp[y]);
|
||||
if(t == INVALID_SXP)
|
||||
case '(':
|
||||
++nsc;
|
||||
if (stop1) /* no nested unions */
|
||||
return INVALID_SXP;
|
||||
np = -1;
|
||||
do {
|
||||
int t = _valid_subexp(&exp[++x], ')', '|');
|
||||
if(t == 0 || t == INVALID_SXP)
|
||||
return INVALID_SXP;
|
||||
x+=t;
|
||||
if(exp[x] == ')') {
|
||||
if(!np)
|
||||
return INVALID_SXP;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if(!exp[x])
|
||||
return INVALID_SXP;
|
||||
++np;
|
||||
} while (exp[x] == '|' );
|
||||
if(np < 1) /* must be at least one pipe */
|
||||
return INVALID_SXP;
|
||||
break;
|
||||
case ')':
|
||||
case ']':
|
||||
case ')':
|
||||
case '|':
|
||||
case ']':
|
||||
return INVALID_SXP;
|
||||
case '\\':
|
||||
case '\\':
|
||||
++nsc;
|
||||
if(!exp[++x])
|
||||
return INVALID_SXP;
|
||||
default:
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
++x;
|
||||
}
|
||||
if((!stop) && (!nsc))
|
||||
if((!stop1) && (!nsc)) /* must be at least one special character */
|
||||
return NON_SXP;
|
||||
return ((exp[x] == stop) ? x : INVALID_SXP);
|
||||
return ((exp[x] == stop1 || exp[x] == stop2) ? x : INVALID_SXP);
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -124,7 +126,7 @@ PORT_RegExpValid(const char *exp)
|
|||
{
|
||||
int x;
|
||||
|
||||
x = _valid_subexp(exp, '\0');
|
||||
x = _valid_subexp(exp, '\0', '\0');
|
||||
return (x < 0 ? x : VALID_SXP);
|
||||
}
|
||||
|
||||
|
@ -136,156 +138,245 @@ PORT_RegExpValid(const char *exp)
|
|||
#define NOMATCH 1
|
||||
#define ABORTED -1
|
||||
|
||||
static int _shexp_match(const char *str, const char *exp, PRBool case_insensitive);
|
||||
|
||||
static int
|
||||
_handle_union(const char *str, const char *exp, PRBool case_insensitive)
|
||||
{
|
||||
char *e2 = (char *) PORT_Alloc(sizeof(char)*strlen(exp));
|
||||
register int t,p2,p1 = 1;
|
||||
int cp;
|
||||
_shexp_match(const char *str, const char *exp, PRBool case_insensitive,
|
||||
unsigned int level);
|
||||
|
||||
while(1) {
|
||||
for(cp=1;exp[cp] != ')';cp++)
|
||||
if(exp[cp] == '\\')
|
||||
++cp;
|
||||
for(p2 = 0;(exp[p1] != '|') && (p1 != cp);p1++,p2++) {
|
||||
if(exp[p1] == '\\')
|
||||
e2[p2++] = exp[p1++];
|
||||
e2[p2] = exp[p1];
|
||||
}
|
||||
for (t=cp+1; ((e2[p2] = exp[t]) != 0); ++t,++p2) {}
|
||||
if(_shexp_match(str,e2, case_insensitive) == MATCH) {
|
||||
PORT_Free(e2);
|
||||
return MATCH;
|
||||
}
|
||||
if(p1 == cp) {
|
||||
PORT_Free(e2);
|
||||
return NOMATCH;
|
||||
}
|
||||
else ++p1;
|
||||
/* Count characters until we reach a NUL character or either of the
|
||||
* two delimiter characters, stop1 or stop2. If we encounter a bracketed
|
||||
* expression, look only for NUL or ']' inside it. Do not look for stop1
|
||||
* or stop2 inside it. Return ABORTED if bracketed expression is unterminated.
|
||||
* Handle all escaping.
|
||||
* Return index in input string of first stop found, or ABORTED if not found.
|
||||
* If "dest" is non-NULL, copy counted characters to it and NUL terminate.
|
||||
*/
|
||||
static int
|
||||
_scan_and_copy(const char *exp, char stop1, char stop2, char *dest)
|
||||
{
|
||||
register int sx; /* source index */
|
||||
register char cc;
|
||||
|
||||
for (sx = 0; (cc = exp[sx]) && cc != stop1 && cc != stop2; sx++) {
|
||||
if (cc == '\\') {
|
||||
if (!exp[++sx])
|
||||
return ABORTED; /* should be impossible */
|
||||
} else if (cc == '[') {
|
||||
while ((cc = exp[++sx]) && cc != ']') {
|
||||
if(cc == '\\' && !exp[++sx])
|
||||
return ABORTED;
|
||||
}
|
||||
if (!cc)
|
||||
return ABORTED; /* should be impossible */
|
||||
}
|
||||
}
|
||||
if (dest && sx) {
|
||||
/* Copy all but the closing delimiter. */
|
||||
memcpy(dest, exp, sx);
|
||||
dest[sx] = 0;
|
||||
}
|
||||
return cc ? sx : ABORTED; /* index of closing delimiter */
|
||||
}
|
||||
|
||||
/* On input, exp[0] is the opening parenthesis of a union.
|
||||
* See if any of the alternatives in the union matches as a pattern.
|
||||
* The strategy is to take each of the alternatives, in turn, and append
|
||||
* the rest of the expression (after the closing ')' that marks the end of
|
||||
* this union) to that alternative, and then see if the resultant expression
|
||||
* matches the input string. Repeat this until some alternative matches,
|
||||
* or we have an abort.
|
||||
*/
|
||||
static int
|
||||
_handle_union(const char *str, const char *exp, PRBool case_insensitive,
|
||||
unsigned int level)
|
||||
{
|
||||
register int sx; /* source index */
|
||||
int cp; /* source index of closing parenthesis */
|
||||
int count;
|
||||
int ret = NOMATCH;
|
||||
char *e2;
|
||||
|
||||
/* Find the closing parenthesis that ends this union in the expression */
|
||||
cp = _scan_and_copy(exp, ')', '\0', NULL);
|
||||
if (cp == ABORTED || cp < 4) /* must be at least "(a|b" before ')' */
|
||||
return ABORTED;
|
||||
++cp; /* now index of char after closing parenthesis */
|
||||
e2 = (char *) PORT_Alloc(1 + strlen(exp));
|
||||
if (!e2)
|
||||
return ABORTED;
|
||||
for (sx = 1; ; ++sx) {
|
||||
/* Here, exp[sx] is one character past the preceeding '(' or '|'. */
|
||||
/* Copy everything up to the next delimiter to e2 */
|
||||
count = _scan_and_copy(exp + sx, ')', '|', e2);
|
||||
if (count == ABORTED || !count) {
|
||||
ret = ABORTED;
|
||||
break;
|
||||
}
|
||||
sx += count;
|
||||
/* Append everything after closing parenthesis to e2. This is safe. */
|
||||
strcpy(e2+count, exp+cp);
|
||||
ret = _shexp_match(str, e2, case_insensitive, level + 1);
|
||||
if (ret != NOMATCH || !exp[sx] || exp[sx] == ')')
|
||||
break;
|
||||
}
|
||||
PORT_Free(e2);
|
||||
if (sx < 2)
|
||||
ret = ABORTED;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* returns 1 if val is in range from start..end, case insensitive. */
|
||||
static int
|
||||
_is_char_in_range(int start, int end, int val)
|
||||
{
|
||||
char map[256];
|
||||
memset(map, 0, sizeof map);
|
||||
while (start <= end)
|
||||
map[tolower(start++)] = 1;
|
||||
return map[tolower(val)];
|
||||
}
|
||||
|
||||
static int
|
||||
_shexp_match(const char *str, const char *exp, PRBool case_insensitive)
|
||||
_shexp_match(const char *str, const char *exp, PRBool case_insensitive,
|
||||
unsigned int level)
|
||||
{
|
||||
register int x,y;
|
||||
register int x; /* input string index */
|
||||
register int y; /* expression index */
|
||||
int ret,neg;
|
||||
|
||||
ret = 0;
|
||||
for(x=0,y=0;exp[y];++y,++x) {
|
||||
if((!str[x]) && (exp[y] != '(') && (exp[y] != '$') && (exp[y] != '*'))
|
||||
ret = ABORTED;
|
||||
else {
|
||||
switch(exp[y]) {
|
||||
case '$':
|
||||
if( (str[x]) )
|
||||
ret = NOMATCH;
|
||||
else
|
||||
--x; /* we don't want loop to increment x */
|
||||
break;
|
||||
case '*':
|
||||
while(exp[++y] == '*'){}
|
||||
if(!exp[y])
|
||||
return MATCH;
|
||||
while(str[x]) {
|
||||
switch(_shexp_match(&str[x++],&exp[y], case_insensitive)) {
|
||||
case NOMATCH:
|
||||
continue;
|
||||
case ABORTED:
|
||||
ret = ABORTED;
|
||||
break;
|
||||
default:
|
||||
return MATCH;
|
||||
}
|
||||
break;
|
||||
}
|
||||
if((exp[y] == '$') && (exp[y+1] == '\0') && (!str[x]))
|
||||
return MATCH;
|
||||
else
|
||||
ret = ABORTED;
|
||||
break;
|
||||
case '[':
|
||||
neg = ((exp[++y] == '^') && (exp[y+1] != ']'));
|
||||
if (neg)
|
||||
++y;
|
||||
|
||||
if ((isalnum(exp[y])) && (exp[y+1] == '-') &&
|
||||
(isalnum(exp[y+2])) && (exp[y+3] == ']'))
|
||||
{
|
||||
int start = exp[y], end = exp[y+2];
|
||||
|
||||
/* no safeguards here */
|
||||
if(neg ^ ((str[x] < start) || (str[x] > end))) {
|
||||
ret = NOMATCH;
|
||||
break;
|
||||
}
|
||||
y+=3;
|
||||
}
|
||||
else {
|
||||
int matched;
|
||||
|
||||
for (matched=0;exp[y] != ']';y++)
|
||||
matched |= (str[x] == exp[y]);
|
||||
if (neg ^ (!matched))
|
||||
ret = NOMATCH;
|
||||
}
|
||||
break;
|
||||
case '(':
|
||||
return _handle_union(&str[x],&exp[y], case_insensitive);
|
||||
break;
|
||||
case '?':
|
||||
break;
|
||||
case '\\':
|
||||
++y;
|
||||
default:
|
||||
if(case_insensitive)
|
||||
{
|
||||
if(toupper(str[x]) != toupper(exp[y]))
|
||||
ret = NOMATCH;
|
||||
}
|
||||
else
|
||||
{
|
||||
if(str[x] != exp[y])
|
||||
ret = NOMATCH;
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
if(ret)
|
||||
break;
|
||||
if (level > 20) /* Don't let the stack get too deep. */
|
||||
return ABORTED;
|
||||
for(x = 0, y = 0; exp[y]; ++y, ++x) {
|
||||
if((!str[x]) && (exp[y] != '$') && (exp[y] != '*')) {
|
||||
return NOMATCH;
|
||||
}
|
||||
switch(exp[y]) {
|
||||
case '$':
|
||||
if(str[x])
|
||||
return NOMATCH;
|
||||
--x; /* we don't want loop to increment x */
|
||||
break;
|
||||
case '*':
|
||||
while(exp[++y] == '*'){}
|
||||
if(!exp[y])
|
||||
return MATCH;
|
||||
while(str[x]) {
|
||||
ret = _shexp_match(&str[x++], &exp[y], case_insensitive,
|
||||
level + 1);
|
||||
switch(ret) {
|
||||
case NOMATCH:
|
||||
continue;
|
||||
case ABORTED:
|
||||
return ABORTED;
|
||||
default:
|
||||
return MATCH;
|
||||
}
|
||||
}
|
||||
if((exp[y] == '$') && (exp[y+1] == '\0') && (!str[x]))
|
||||
return MATCH;
|
||||
else
|
||||
return NOMATCH;
|
||||
case '[': {
|
||||
int start, end = 0, i;
|
||||
neg = ((exp[++y] == '^') && (exp[y+1] != ']'));
|
||||
if (neg)
|
||||
++y;
|
||||
i = y;
|
||||
start = (unsigned char)(exp[i++]);
|
||||
if (start == '\\')
|
||||
start = (unsigned char)(exp[i++]);
|
||||
if (isalnum(start) && exp[i++] == '-') {
|
||||
end = (unsigned char)(exp[i++]);
|
||||
if (end == '\\')
|
||||
end = (unsigned char)(exp[i++]);
|
||||
}
|
||||
if (isalnum(end) && exp[i] == ']') {
|
||||
/* This is a range form: a-b */
|
||||
int val = (unsigned char)(str[x]);
|
||||
if (end < start) { /* swap them */
|
||||
start ^= end;
|
||||
end ^= start;
|
||||
start ^= end;
|
||||
}
|
||||
if (case_insensitive && isalpha(val)) {
|
||||
val = _is_char_in_range(start, end, val);
|
||||
if (neg == val)
|
||||
return NOMATCH;
|
||||
} else if (neg != ((val < start) || (val > end))) {
|
||||
return NOMATCH;
|
||||
}
|
||||
y = i;
|
||||
} else {
|
||||
/* Not range form */
|
||||
int matched = 0;
|
||||
for (; exp[y] != ']'; y++) {
|
||||
if (exp[y] == '\\')
|
||||
++y;
|
||||
if(case_insensitive) {
|
||||
matched |= (toupper(str[x]) == toupper(exp[y]));
|
||||
} else {
|
||||
matched |= (str[x] == exp[y]);
|
||||
}
|
||||
}
|
||||
if (neg == matched)
|
||||
return NOMATCH;
|
||||
}
|
||||
}
|
||||
break;
|
||||
case '(':
|
||||
if (!exp[y+1])
|
||||
return ABORTED;
|
||||
return _handle_union(&str[x], &exp[y], case_insensitive, level);
|
||||
case '?':
|
||||
break;
|
||||
case '|':
|
||||
case ']':
|
||||
case ')':
|
||||
return ABORTED;
|
||||
case '\\':
|
||||
++y;
|
||||
/* fall through */
|
||||
default:
|
||||
if(case_insensitive) {
|
||||
if(toupper(str[x]) != toupper(exp[y]))
|
||||
return NOMATCH;
|
||||
} else {
|
||||
if(str[x] != exp[y])
|
||||
return NOMATCH;
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
return (ret ? ret : (str[x] ? NOMATCH : MATCH));
|
||||
return (str[x] ? NOMATCH : MATCH);
|
||||
}
|
||||
|
||||
static int
|
||||
port_RegExpMatch(const char *str, const char *xp, PRBool case_insensitive) {
|
||||
register int x;
|
||||
port_RegExpMatch(const char *str, const char *xp, PRBool case_insensitive)
|
||||
{
|
||||
char *exp = 0;
|
||||
int x, ret = MATCH;
|
||||
|
||||
if (!strchr(xp, '~'))
|
||||
return _shexp_match(str, xp, case_insensitive, 0);
|
||||
|
||||
exp = PORT_Strdup(xp);
|
||||
|
||||
if(!exp)
|
||||
return 1;
|
||||
return NOMATCH;
|
||||
|
||||
for(x=strlen(exp)-1;x;--x) {
|
||||
if((exp[x] == '~') && (exp[x-1] != '\\')) {
|
||||
exp[x] = '\0';
|
||||
if(_shexp_match(str,&exp[++x], case_insensitive) == MATCH)
|
||||
goto punt;
|
||||
break;
|
||||
x = _scan_and_copy(exp, '~', '\0', NULL);
|
||||
if (x != ABORTED && exp[x] == '~') {
|
||||
exp[x++] = '\0';
|
||||
ret = _shexp_match(str, &exp[x], case_insensitive, 0);
|
||||
switch (ret) {
|
||||
case NOMATCH: ret = MATCH; break;
|
||||
case MATCH: ret = NOMATCH; break;
|
||||
default: break;
|
||||
}
|
||||
}
|
||||
if(_shexp_match(str,exp, case_insensitive) == MATCH) {
|
||||
PORT_Free(exp);
|
||||
return 0;
|
||||
}
|
||||
if (ret == MATCH)
|
||||
ret = _shexp_match(str, exp, case_insensitive, 0);
|
||||
|
||||
punt:
|
||||
PORT_Free(exp);
|
||||
return 1;
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -19,6 +19,8 @@
|
|||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Rob McCool (original author)
|
||||
* Nelson Bolyard <nelson@bolyard.me>
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
|
@ -37,7 +39,6 @@
|
|||
/*
|
||||
* shexp.h: Defines and prototypes for shell exp. match routines
|
||||
*
|
||||
*
|
||||
* This routine will match a string with a shell expression. The expressions
|
||||
* accepted are based loosely on the expressions accepted by zsh.
|
||||
*
|
||||
|
@ -45,15 +46,34 @@
|
|||
* o ? matches one character
|
||||
* o \ will escape a special character
|
||||
* o $ matches the end of the string
|
||||
* o [abc] matches one occurence of a, b, or c. The only character that needs
|
||||
* to be escaped in this is ], all others are not special.
|
||||
* o [a-z] matches any character between a and z
|
||||
* o [^az] matches any character except a or z
|
||||
* o ~ followed by another shell expression will remove any pattern
|
||||
* matching the shell expression from the match list
|
||||
* o (foo|bar) will match either the substring foo, or the substring bar.
|
||||
* These can be shell expressions as well.
|
||||
*
|
||||
* Bracketed expressions:
|
||||
* o [abc] matches one occurence of a, b, or c.
|
||||
* o [^abc] matches any character except a, b, or c.
|
||||
* To be matched between [ and ], these characters must be escaped: \ ]
|
||||
* No other characters need be escaped between brackets.
|
||||
* Unnecessary escaping is permitted.
|
||||
* o [a-z] matches any character between a and z, inclusive.
|
||||
* The two range-definition characters must be alphanumeric ASCII.
|
||||
* If one is upper case and the other is lower case, then the ASCII
|
||||
* non-alphanumeric characters between Z and a will also be in range.
|
||||
* o [^a-z] matches any character except those between a and z, inclusive.
|
||||
* These forms cannot be combined, e.g [a-gp-z] does not work.
|
||||
* o Exclusions:
|
||||
* As a top level, outter-most expression only, the expression
|
||||
* foo~bar will match the expression foo, provided it does not also
|
||||
* match the expression bar. Either expression or both may be a union.
|
||||
* Except between brackets, any unescaped ~ is an exclusion.
|
||||
* At most one exclusion is permitted.
|
||||
* Exclusions cannot be nested (contain other exclusions).
|
||||
* example: *~abc will match any string except abc
|
||||
* o Unions:
|
||||
* (foo|bar) will match either the expression foo, or the expression bar.
|
||||
* At least one '|' separator is required. More are permitted.
|
||||
* Expressions inside unions may not include unions or exclusions.
|
||||
* Inside a union, to be matched and not treated as a special character,
|
||||
* these characters must be escaped: \ ( | ) [ ~ except when they occur
|
||||
* inside a bracketed expression, where only \ and ] require escaping.
|
||||
*
|
||||
* The public interface to these routines is documented below.
|
||||
*
|
||||
*/
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
*
|
||||
* NOTE - These are not public interfaces
|
||||
*
|
||||
* $Id: secport.c,v 1.23 2008/08/22 01:33:05 wtc%google.com Exp $
|
||||
* $Id: secport.c,v 1.24 2009/07/30 23:28:21 nelson%bolyard.com Exp $
|
||||
*/
|
||||
|
||||
#include "seccomon.h"
|
||||
|
@ -287,6 +287,8 @@ PORT_FreeArena(PLArenaPool *arena, PRBool zero)
|
|||
static const PRVersionDescription * pvd;
|
||||
static PRBool doFreeArenaPool = PR_FALSE;
|
||||
|
||||
if (!pool)
|
||||
return;
|
||||
if (ARENAPOOL_MAGIC == pool->magic ) {
|
||||
len = sizeof *pool;
|
||||
lock = pool->lock;
|
||||
|
|
|
@ -74,7 +74,8 @@ chains_init()
|
|||
CERT_SN_CNT=$(date '+%m%d%H%M%S' | sed "s/^0*//")
|
||||
CERT_SN_FIX=$(expr ${CERT_SN_CNT} - 1000)
|
||||
|
||||
PK7_NONCE=$CERT_SN_CNT;
|
||||
PK7_NONCE=$CERT_SN_CNT
|
||||
SCEN_CNT=0
|
||||
|
||||
AIA_FILES="${HOSTDIR}/aiafiles"
|
||||
|
||||
|
@ -415,16 +416,16 @@ process_crldp()
|
|||
"
|
||||
|
||||
for ITEM in ${CRLDP}; do
|
||||
CRL_PUBLIC="${HOST}-$$-${ITEM}.crl"
|
||||
CRL_PUBLIC="${HOST}-$$-${ITEM}-${SCEN_CNT}.crl"
|
||||
|
||||
EXT_DATA="${EXT_DATA}7
|
||||
${NSS_AIA_HTTP}/${CRL_PUBLIC}
|
||||
"
|
||||
done
|
||||
|
||||
EXT_DATA="${EXT_DATA}0
|
||||
0
|
||||
0
|
||||
EXT_DATA="${EXT_DATA}-1
|
||||
-1
|
||||
-1
|
||||
n
|
||||
n
|
||||
"
|
||||
|
@ -459,7 +460,7 @@ copy_crl()
|
|||
fi
|
||||
|
||||
CRL_LOCAL="${COPYCRL}.crl"
|
||||
CRL_PUBLIC="${HOST}-$$-${COPYCRL}.crl"
|
||||
CRL_PUBLIC="${HOST}-$$-${COPYCRL}-${SCEN_CNT}.crl"
|
||||
|
||||
cp ${CRL_LOCAL} ${NSS_AIA_PATH}/${CRL_PUBLIC} 2> /dev/null
|
||||
chmod a+r ${NSS_AIA_PATH}/${CRL_PUBLIC}
|
||||
|
@ -857,6 +858,7 @@ parse_config()
|
|||
EXT_KU=
|
||||
EXT_NS=
|
||||
EXT_EKU=
|
||||
SERIAL=
|
||||
;;
|
||||
"type")
|
||||
TYPE="${VALUE}"
|
||||
|
@ -978,6 +980,8 @@ parse_config()
|
|||
LOGNAME="libpkix-${VALUE}"
|
||||
LOGFILE="${LOGDIR}/${LOGNAME}"
|
||||
fi
|
||||
|
||||
SCEN_CNT=$(expr ${SCEN_CNT} + 1)
|
||||
;;
|
||||
"sleep")
|
||||
sleep ${VALUE}
|
||||
|
|
|
@ -0,0 +1,97 @@
|
|||
scenario CRLDP
|
||||
|
||||
entity Root
|
||||
type Root
|
||||
|
||||
entity CA0
|
||||
type Intermediate
|
||||
issuer Root
|
||||
|
||||
entity CA1
|
||||
type Intermediate
|
||||
crldp CA0
|
||||
issuer CA0
|
||||
serial 10
|
||||
aia CA0:Root
|
||||
|
||||
entity EE11
|
||||
type EE
|
||||
crldp CA0
|
||||
issuer CA1
|
||||
|
||||
entity CA2
|
||||
type Intermediate
|
||||
crldp CA0
|
||||
issuer CA0
|
||||
serial 20
|
||||
aia CA0:Root
|
||||
|
||||
entity EE21
|
||||
type EE
|
||||
issuer CA2
|
||||
|
||||
entity EE1
|
||||
type EE
|
||||
crldp CA0
|
||||
issuer CA0
|
||||
serial 30
|
||||
aia CA0:Root
|
||||
|
||||
entity EE2
|
||||
type EE
|
||||
crldp CA0
|
||||
issuer CA0
|
||||
serial 40
|
||||
aia CA0:Root
|
||||
|
||||
crl Root
|
||||
crl CA0
|
||||
crl CA1
|
||||
crl CA2
|
||||
|
||||
revoke CA0
|
||||
serial 20
|
||||
|
||||
revoke CA0
|
||||
serial 40
|
||||
|
||||
copycrl CA0
|
||||
|
||||
db All
|
||||
|
||||
import Root::CTu,CTu,CTu
|
||||
|
||||
# intermediate CA - OK, EE - OK
|
||||
verify EE11:CA1
|
||||
cert CA1:CA0
|
||||
trust Root:
|
||||
fetch
|
||||
rev_type chain
|
||||
rev_mtype crl
|
||||
result pass
|
||||
|
||||
# intermediate CA - revoked, EE - OK
|
||||
verify EE21:CA2
|
||||
cert CA2:CA0
|
||||
trust Root:
|
||||
fetch
|
||||
rev_type chain
|
||||
rev_mtype crl
|
||||
result fail
|
||||
|
||||
# direct EE - OK
|
||||
verify EE1:CA0
|
||||
trust Root:
|
||||
fetch
|
||||
rev_type leaf
|
||||
rev_mtype crl
|
||||
result pass
|
||||
|
||||
# direct EE - revoked
|
||||
verify EE2:CA0
|
||||
trust Root:
|
||||
fetch
|
||||
rev_type leaf
|
||||
rev_mtype crl
|
||||
result fail
|
||||
|
|
@ -23,6 +23,7 @@ verify OCSPEE11:x
|
|||
cert OCSPCA1:x
|
||||
trust OCSPRoot
|
||||
rev_type leaf
|
||||
rev_flags requireFreshInfo
|
||||
rev_mtype ocsp
|
||||
result pass
|
||||
|
||||
|
@ -31,6 +32,7 @@ verify OCSPEE12:x
|
|||
cert OCSPCA1:x
|
||||
trust OCSPRoot
|
||||
rev_type leaf
|
||||
rev_flags requireFreshInfo
|
||||
rev_mtype ocsp
|
||||
result fail
|
||||
|
||||
|
@ -51,7 +53,7 @@ verify OCSPEE15:x
|
|||
rev_mtype ocsp
|
||||
result fail
|
||||
|
||||
#EE - OK, CA - revoked, leaf
|
||||
#EE - OK, CA - revoked, leaf, no fresh info
|
||||
verify OCSPEE21:x
|
||||
cert OCSPCA2:x
|
||||
trust OCSPRoot
|
||||
|
@ -59,7 +61,16 @@ verify OCSPEE21:x
|
|||
rev_mtype ocsp
|
||||
result pass
|
||||
|
||||
#EE - OK, CA - revoked, chain
|
||||
#EE - OK, CA - revoked, leaf, requireFreshInfo
|
||||
verify OCSPEE21:x
|
||||
cert OCSPCA2:x
|
||||
trust OCSPRoot
|
||||
rev_type leaf
|
||||
rev_flags requireFreshInfo
|
||||
rev_mtype ocsp
|
||||
result fail
|
||||
|
||||
#EE - OK, CA - revoked, chain, requireFreshInfo
|
||||
verify OCSPEE21:x
|
||||
cert OCSPCA2:x
|
||||
trust OCSPRoot
|
||||
|
@ -112,6 +123,15 @@ verify OCSPEE15:x
|
|||
rev_mflags failIfNoInfo
|
||||
result fail
|
||||
|
||||
#EE - OK, CA - revoked, leaf, failIfNoInfo
|
||||
verify OCSPEE21:x
|
||||
cert OCSPCA2:x
|
||||
trust OCSPRoot
|
||||
rev_type leaf
|
||||
rev_mtype ocsp
|
||||
rev_mflags failIfNoInfo
|
||||
result fail
|
||||
|
||||
testdb OCSPCA1
|
||||
|
||||
#EE - OK on OCSP, revoked locally - should fail ??
|
||||
|
|
Загрузка…
Ссылка в новой задаче