Browse files

Bug 816392: Update NSS to NSS 3_14_1_BETA1, r=me, a=relyea, a=wtc

  • Loading branch information...
1 parent 0c62400 commit 76204b171a632a1965df6b5a1ee3bf2f684f11d0 @briansmith briansmith committed Nov 30, 2012
Showing with 1,392 additions and 25,111 deletions.
  1. +1 −1 configure.in
  2. +0 −5 dbm/include/mcom_db.h
  3. +0 −6 dbm/include/winfile.h
  4. +0 −4 dbm/src/Makefile.in
  5. +0 −8 dbm/src/mktemp.c
  6. +1 −1 security/coreconf/Linux.mk
  7. +0 −6 security/coreconf/README
  8. +1 −1 security/coreconf/WIN95.mk
  9. +0 −182 security/coreconf/WINCE.mk
  10. +1 −1 security/coreconf/WINNT.mk
  11. +1 −1 security/coreconf/config.mk
  12. +0 −1 security/coreconf/coreconf.dep
  13. +8 −17 security/coreconf/rules.mk
  14. +10 −12 security/coreconf/ruleset.mk
  15. +1 −1 security/dbm/Makefile
  16. +7 −9 security/nss/Makefile
  17. +1 −1 security/nss/TAG-INFO
  18. +1 −1 security/nss/TAG-INFO-CKBI
  19. +15 −2 security/nss/cmd/addbuiltin/addbuiltin.c
  20. +1 −0 security/nss/cmd/bltest/blapitest.c
  21. +1 −3 security/nss/cmd/certutil/keystuff.c
  22. +0 −6 security/nss/cmd/lib/basicutil.c
  23. +0 −4 security/nss/cmd/lib/config.mk
  24. +2 −5 security/nss/cmd/lib/secpwd.c
  25. +0 −2 security/nss/cmd/lib/secutil.c
  26. +5 −5 security/nss/cmd/lib/secutil.h
  27. +0 −33 security/nss/cmd/lib/wincemain.c
  28. +1 −0 security/nss/cmd/manifest.mn
  29. +47 −0 security/nss/cmd/ocspresp/Makefile
  30. +15 −0 security/nss/cmd/ocspresp/manifest.mn
  31. +249 −0 security/nss/cmd/ocspresp/ocspresp.c
  32. +2 −2 security/nss/cmd/platlibs.mk
  33. +0 −2 security/nss/cmd/strsclnt/strsclnt.c
  34. +1 −0 security/nss/lib/certhigh/manifest.mn
  35. +7 −7 security/nss/lib/certhigh/ocsp.c
  36. +31 −1 security/nss/lib/certhigh/ocsp.h
  37. +571 −0 security/nss/lib/certhigh/ocspsig.c
  38. +1 −2 security/nss/lib/certhigh/ocspt.h
  39. +2 −2 security/nss/lib/ckfw/Makefile
  40. +9 −3 security/nss/lib/ckfw/builtins/Makefile
  41. +6 −9 security/nss/lib/ckfw/builtins/README
  42. +0 −24,385 security/nss/lib/ckfw/builtins/certdata.c
  43. +30 −34 security/nss/lib/ckfw/builtins/certdata.perl
  44. +4 −1 security/nss/lib/ckfw/builtins/config.mk
  45. +6 −1 security/nss/lib/cryptohi/keythi.h
  46. +1 −2 security/nss/lib/cryptohi/seckey.c
  47. +1 −6 security/nss/lib/freebl/Makefile
  48. +0 −5 security/nss/lib/freebl/arcfour.c
  49. +0 −2 security/nss/lib/freebl/config.mk
  50. +11 −0 security/nss/lib/freebl/genload.c
  51. +4 −2 security/nss/lib/freebl/intel-aes.s
  52. +5 −5 security/nss/lib/freebl/mpi/mpcpucache.c
  53. +1 −5 security/nss/lib/freebl/mpi/mpi.h
  54. +6 −6 security/nss/lib/freebl/mpi/mpi_arm.c
  55. +13 −19 security/nss/lib/freebl/mpi/mpmontg.c
  56. +5 −5 security/nss/lib/freebl/nsslowhash.c
  57. +2 −86 security/nss/lib/freebl/win_rand.c
  58. +10 −0 security/nss/lib/nss/nss.def
  59. +5 −5 security/nss/lib/nss/nss.h
  60. +2 −3 security/nss/lib/nss/nssinit.c
  61. +1 −1 security/nss/lib/nss/utilwrap.c
  62. +3 −3 security/nss/lib/pk11wrap/pk11akey.c
  63. +23 −9 security/nss/lib/pk11wrap/pk11auth.c
  64. +1 −1 security/nss/lib/pk11wrap/pk11cert.c
  65. +7 −5 security/nss/lib/pk11wrap/pk11cxt.c
  66. +14 −14 security/nss/lib/pk11wrap/pk11merge.c
  67. +36 −27 security/nss/lib/pk11wrap/pk11obj.c
  68. +6 −4 security/nss/lib/pk11wrap/pk11priv.h
  69. +9 −8 security/nss/lib/pk11wrap/pk11pub.h
  70. +0 −3 security/nss/lib/pk11wrap/pk11skey.c
  71. +36 −16 security/nss/lib/pk11wrap/pk11slot.c
  72. +0 −1 security/nss/lib/pk11wrap/pk11util.c
  73. +4 −4 security/nss/lib/pkcs7/p7decode.c
  74. +2 −2 security/nss/lib/pkcs7/secpkcs7.h
  75. +1 −1 security/nss/lib/softoken/Makefile
  76. +0 −4 security/nss/lib/softoken/config.mk
  77. +0 −4 security/nss/lib/softoken/legacydb/config.mk
  78. +1 −1 security/nss/lib/softoken/pkcs11u.c
  79. +25 −3 security/nss/lib/softoken/sdb.c
  80. +4 −4 security/nss/lib/softoken/softkver.h
  81. +3 −3 security/nss/lib/ssl/notes.txt
  82. +14 −8 security/nss/lib/ssl/ssl3con.c
  83. +12 −4 security/nss/lib/ssl/ssl3ext.c
  84. +1 −3 security/nss/lib/ssl/sslimpl.h
  85. +3 −3 security/nss/lib/ssl/sslnonce.c
  86. +10 −6 security/nss/lib/ssl/sslsock.c
  87. +2 −2 security/nss/lib/util/base64.h
  88. +2 −2 security/nss/lib/util/nssb64d.c
  89. +4 −4 security/nss/lib/util/nssutil.h
  90. +1 −4 security/nss/lib/util/secder.h
  91. +1 −5 security/nss/lib/util/secport.c
  92. +1 −10 security/nss/lib/util/secport.h
  93. +15 −21 security/nss/lib/util/utilmod.c
  94. +10 −2 security/nss/lib/util/utilpars.c
  95. +1 −0 security/nss/lib/util/utilpars.h
  96. +32 −0 security/nss/tests/cert/cert.sh
  97. +2 −1 security/nss/tests/chains/chains.sh
View
2 configure.in
@@ -3983,7 +3983,7 @@ MOZ_ARG_WITH_BOOL(system-nss,
_USE_SYSTEM_NSS=1 )
if test -n "$_USE_SYSTEM_NSS"; then
- AM_PATH_NSS(3.14, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
+ AM_PATH_NSS(3.14.1, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
fi
if test -n "$MOZ_NATIVE_NSS"; then
View
5 dbm/include/mcom_db.h
@@ -35,11 +35,6 @@
#ifndef _DB_H_
#define _DB_H_
-
-#ifdef WINCE
-#define off_t long
-#endif
-
#ifndef macintosh
#include <sys/types.h>
#endif
View
6 dbm/include/winfile.h
@@ -31,13 +31,7 @@ typedef struct DIR_Struct {
typedef unsigned long mode_t;
typedef long uid_t;
typedef long gid_t;
-
-#ifdef WINCE
- typedef long ino_t;
-#else
typedef long off_t;
-#endif
-
typedef unsigned long nlink_t;
#endif
View
4 dbm/src/Makefile.in
@@ -53,10 +53,6 @@ include $(topsrcdir)/config/rules.mk
DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE $(SECURITY_FLAG)
-ifeq ($(OS_ARCH),WINCE)
-DEFINES += -D__STDC__ -DDBM_REOPEN_ON_FLUSH
-endif
-
ifeq ($(OS_ARCH),AIX)
OS_LIBS += -lc_r
endif
View
8 dbm/src/mktemp.c
@@ -78,14 +78,6 @@ mkstempflags(char *path, int extraFlags)
return (_gettemp(path, &fd, extraFlags) ? fd : -1);
}
-#ifdef WINCE /* otherwise, use the one in libc */
-char *
-mktemp(char *path)
-{
- return(_gettemp(path, (int *)NULL, 0) ? path : (char *)NULL);
-}
-#endif
-
/* NB: This routine modifies its input string, and does not always restore it.
** returns 1 on success, 0 on failure.
*/
View
2 security/coreconf/Linux.mk
@@ -132,7 +132,7 @@ endif
G++INCLUDES = -I/usr/include/g++
#
-# Always set CPU_TAG on Linux, WINCE.
+# Always set CPU_TAG on Linux.
#
CPU_TAG = _$(CPU_ARCH)
View
6 security/coreconf/README
@@ -457,12 +457,6 @@ OVERVIEW of "rules.mk":
MISCELLANEOUS
-------------
- $(DIRS):: specifies a helper method
- used by $(LOOP_THROUGH_DIRS)
- to recursively change
- directories and invoke
- $(MAKE)
-
%.i: build the preprocessor file
associated with the
makefile rule dependency:
View
2 security/coreconf/WIN95.mk
@@ -11,5 +11,5 @@ include $(CORE_DEPTH)/coreconf/WIN32.mk
DEFINES += -DWIN95
-# WINNT uses the lib prefix, Win95 and WinCE don't
+# WINNT uses the lib prefix, Win95 doesn't
NSPR31_LIB_PREFIX = $(NULL)
View
182 security/coreconf/WINCE.mk
@@ -1,182 +0,0 @@
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#
-# Configuration common to all versions of Windows CE and Pocket PC x.
-#
-
-ifeq ($(CPU_ARCH),x86)
- DEFAULT_COMPILER = cl
- CC = cl
- CCC = cl
-else
-ifeq ($(CPU_ARCH),ARM)
- DEFAULT_COMPILER = clarm
- CC = clarm
- CCC = clarm
-else
-include CPU_ARCH_is_not_recognized
-include _$(CPU_ARCH)
-endif
-endif
-
-LINK = link
-AR = lib
-AR += -NOLOGO -OUT:"$@"
-RANLIB = echo
-BSDECHO = echo
-
-ifdef BUILD_TREE
-NSINSTALL_DIR = $(BUILD_TREE)/nss
-else
-NSINSTALL_DIR = $(CORE_DEPTH)/coreconf/nsinstall
-endif
-NSINSTALL = nsinstall
-
-MKDEPEND_DIR = $(CORE_DEPTH)/coreconf/mkdepend
-MKDEPEND = $(MKDEPEND_DIR)/$(OBJDIR_NAME)/mkdepend.exe
-# Note: MKDEPENDENCIES __MUST__ be a relative pathname, not absolute.
-# If it is absolute, gmake will crash unless the named file exists.
-MKDEPENDENCIES = $(OBJDIR_NAME)/depend.mk
-
-INSTALL = $(NSINSTALL)
-MAKE_OBJDIR = mkdir
-MAKE_OBJDIR += $(OBJDIR)
-RC = rc.exe
-GARBAGE += $(OBJDIR)/vc20.pdb $(OBJDIR)/vc40.pdb
-XP_DEFINE += -DXP_PC
-LIB_SUFFIX = lib
-DLL_SUFFIX = dll
-OS_DLLFLAGS += -DLL
-
-EXTRA_EXE_LD_FLAGS += -ENTRY:mainWCRTStartup
-
-ifdef BUILD_OPT
-# OS_CFLAGS += -MD
- OPTIMIZER += -O2
- DEFINES += -UDEBUG -U_DEBUG -DNDEBUG
- DLLFLAGS += -OUT:"$@"
-else
- #
- # Define USE_DEBUG_RTL if you want to use the debug runtime library
- # (RTL) in the debug build
- #
- ifdef USE_DEBUG_RTL
-# OS_CFLAGS += -MDd
- else
-# OS_CFLAGS += -MD
- endif
- OPTIMIZER += -Od -Z7
- #OPTIMIZER += -Zi -Fd$(OBJDIR)/ -Od
- DEFINES += -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USERNAME)
- DLLFLAGS += -DEBUG -DEBUGTYPE:CV -OUT:"$@"
- LDFLAGS += -DEBUG -DEBUGTYPE:CV
-endif
-
-# DEFINES += -DWIN32
-
-ifdef MAPFILE
- DLLFLAGS += -DEF:$(MAPFILE)
-endif
-
-# Change PROCESS to put the mapfile in the correct format for this platform
-PROCESS_MAP_FILE = cp $< $@
-
-#
-# The following is NOT needed for the NSPR 2.0 library.
-#
-
-DEFINES += -D_WINDOWS
-
-# override default, which is ASFLAGS = CFLAGS
-AS = ml.exe
-ASFLAGS = -Cp -Sn -Zi -coff $(INCLUDES)
-
-#
-# override the definitions of RELEASE_TREE found in tree.mk
-#
-ifndef RELEASE_TREE
- ifdef BUILD_SHIP
- ifdef USE_SHIPS
- RELEASE_TREE = $(NTBUILD_SHIP)
- else
- RELEASE_TREE = //redbuild/components
- endif
- else
- RELEASE_TREE = //redbuild/components
- endif
-endif
-
-#
-# override the definitions of LIB_PREFIX and DLL_PREFIX in prefix.mk
-#
-
-ifndef LIB_PREFIX
- LIB_PREFIX = $(NULL)
-endif
-
-ifndef DLL_PREFIX
- DLL_PREFIX = $(NULL)
-endif
-
-#
-# override the definitions of various _SUFFIX symbols in suffix.mk
-#
-
-#
-# Object suffixes
-#
-ifndef OBJ_SUFFIX
- OBJ_SUFFIX = .obj
-endif
-
-#
-# Assembler source suffixes
-#
-ifndef ASM_SUFFIX
- ASM_SUFFIX = .asm
-endif
-
-#
-# Library suffixes
-#
-
-ifndef IMPORT_LIB_SUFFIX
- IMPORT_LIB_SUFFIX = .$(LIB_SUFFIX)
-endif
-
-ifndef DYNAMIC_LIB_SUFFIX_FOR_LINKING
- DYNAMIC_LIB_SUFFIX_FOR_LINKING = $(IMPORT_LIB_SUFFIX)
-endif
-
-#
-# Program suffixes
-#
-ifndef PROG_SUFFIX
- PROG_SUFFIX = .exe
-endif
-
-#
-# override ruleset.mk, removing the "lib" prefix for library names, and
-# adding the "32" after the LIBRARY_VERSION.
-#
-ifdef LIBRARY_NAME
- SHARED_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION)32$(JDK_DEBUG_SUFFIX).dll
- IMPORT_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION)32$(JDK_DEBUG_SUFFIX).lib
-endif
-
-#
-# override the TARGETS defined in ruleset.mk, adding IMPORT_LIBRARY
-#
-ifndef TARGETS
- TARGETS = $(LIBRARY) $(SHARED_LIBRARY) $(IMPORT_LIBRARY) $(PROGRAM)
-endif
-
-
-#
-# Always set CPU_TAG on Linux, WINCE.
-#
-CPU_TAG = _$(CPU_ARCH)
-
View
2 security/coreconf/WINNT.mk
@@ -16,5 +16,5 @@ DEFINES += -DWINNT
#
OS_CFLAGS += -GT
-# WINNT uses the lib prefix, Win95 and WinCE don't
+# WINNT uses the lib prefix, Win95 doesn't
NSPR31_LIB_PREFIX = lib
View
2 security/coreconf/config.mk
@@ -31,7 +31,7 @@ endif
#######################################################################
TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS OpenBSD \
- AIX RISCOS WINNT WIN95 WINCE Linux
+ AIX RISCOS WINNT WIN95 Linux
ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET)))
include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk
View
1 security/coreconf/coreconf.dep
@@ -10,4 +10,3 @@
*/
#error "Do not include this header file."
-
View
25 security/coreconf/rules.mk
@@ -241,7 +241,7 @@ alltags:
$(PROGRAM): $(OBJS) $(EXTRA_LIBS)
@$(MAKE_OBJDIR)
ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
- $(MKPROG) $(subst /,\\,$(OBJS)) -Fe$@ -link $(LDFLAGS) $(subst /,\\,$(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)) $(EXTRA_EXE_LD_FLAGS)
+ $(MKPROG) $(subst /,\\,$(OBJS)) -Fe$@ -link $(LDFLAGS) $(subst /,\\,$(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS))
ifdef MT
if test -f $@.manifest; then \
$(MT) -NOLOGO -MANIFEST $@.manifest -OUTPUTRESOURCE:$@\;1; \
@@ -337,7 +337,7 @@ $(OBJDIR)/$(PROG_PREFIX)%$(PROG_SUFFIX): $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX)
@$(MAKE_OBJDIR)
ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
$(MKPROG) $< -Fe$@ -link \
- $(LDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) $(EXTRA_EXE_LD_FLAGS)
+ $(LDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)
ifdef MT
if test -f $@.manifest; then \
$(MT) -NOLOGO -MANIFEST $@.manifest -OUTPUTRESOURCE:$@\;1; \
@@ -365,12 +365,16 @@ else
# Windows
ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
NEED_ABSOLUTE_PATH := 1
+ifdef .PYMAKE
+PWD := $(CURDIR)
+else
PWD := $(shell pwd)
ifeq (,$(findstring ;,$(PATH)))
ifndef USE_MSYS
PWD := $(subst \,/,$(shell cygpath -w $(PWD)))
endif
endif
+endif
else
# everything else
@@ -476,19 +480,6 @@ endif
%: %.sh
rm -f $@; cp $< $@; chmod +x $@
-ifdef DIRS
-$(DIRS)::
- @if test -d $@; then \
- set $(EXIT_ON_ERROR); \
- echo "cd $@; $(MAKE)"; \
- cd $@; $(MAKE); \
- set +e; \
- else \
- echo "Skipping non-directory $@..."; \
- fi; \
- $(CLICK_STOPWATCH)
-endif
-
################################################################################
# Bunch of things that extend the 'export' rule (in order):
################################################################################
@@ -896,7 +887,7 @@ $(MKDEPENDENCIES)::
$(NOMD_CFLAGS) $(YOPT) $(CSRCS) $(CPPSRCS) $(ASFILES)
$(MKDEPEND):: $(MKDEPEND_DIR)/*.c $(MKDEPEND_DIR)/*.h
- cd $(MKDEPEND_DIR); $(MAKE)
+ $(MAKE) -C $(MKDEPEND_DIR)
ifdef OBJS
depend:: $(MKDEPEND) $(MKDEPENDENCIES)
@@ -958,5 +949,5 @@ $(filter $(OBJDIR)/%$(OBJ_SUFFIX),$(OBJS)): $(OBJDIR)/%$(OBJ_SUFFIX): $(DUMMY_DE
# Fake targets. Always run these rules, even if a file/directory with that
# name already exists.
#
-.PHONY: all all_platforms alltags boot clean clobber clobber_all export install libs program realclean release $(OBJDIR) $(DIRS)
+.PHONY: all all_platforms alltags boot clean clobber clobber_all export install libs program realclean release $(OBJDIR)
View
22 security/coreconf/ruleset.mk
@@ -181,9 +181,11 @@ endif #NS_USE_JDK
ifdef NSS_BUILD_CONTINUE_ON_ERROR
# Try to build everything. I.e., don't exit on errors.
EXIT_ON_ERROR = +e
+ IGNORE_ERROR = -
CLICK_STOPWATCH = date
else
EXIT_ON_ERROR = -e
+ IGNORE_ERROR =
CLICK_STOPWATCH = true
endif
@@ -201,18 +203,14 @@ ifdef SYSTEM_INCL_DIR
endif
ifdef DIRS
- LOOP_OVER_DIRS = \
- @for directory in $(DIRS); do \
- if test -d $$directory; then \
- set $(EXIT_ON_ERROR); \
- echo "cd $$directory; $(MAKE) $@"; \
- $(MAKE) -C $$directory $@; \
- set +e; \
- else \
- echo "Skipping non-directory $$directory..."; \
- fi; \
- $(CLICK_STOPWATCH); \
- done
+define SUBMAKE
++@echo "cd $2; $(MAKE) $1"
+$(IGNORE_ERROR)@$(MAKE) -C $(2) $(1)
+@$(CLICK_STOPWATCH)
+
+endef
+
+ LOOP_OVER_DIRS = $(foreach dir,$(DIRS),$(call SUBMAKE,$@,$(dir)))
endif
MK_RULESET = included
View
2 security/dbm/Makefile
@@ -11,7 +11,7 @@
include manifest.mn
ifdef NSS_DISABLE_DBM
-DIRS = dummy
+DIRS =
endif
#######################################################################
View
16 security/nss/Makefile
@@ -26,9 +26,7 @@ include $(CORE_DEPTH)/coreconf/config.mk
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
-ifeq ($(OS_TARGET),WINCE)
-DIRS = lib # omit cmd since wince has no command line shell
-endif
+
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
@@ -51,10 +49,10 @@ nss_build_all: build_coreconf build_nspr build_dbm all
nss_clean_all: clobber_coreconf clobber_nspr clobber_dbm clobber
build_coreconf:
- cd $(CORE_DEPTH)/coreconf ; $(MAKE)
+ $(MAKE) -C $(CORE_DEPTH)/coreconf
clobber_coreconf:
- cd $(CORE_DEPTH)/coreconf ; $(MAKE) clobber
+ $(MAKE) -C $(CORE_DEPTH)/coreconf clobber
NSPR_CONFIG_STATUS = $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME)/config.status
NSPR_CONFIGURE = $(CORE_DEPTH)/../nsprpub/configure
@@ -109,20 +107,20 @@ $(NSPR_CONFIG_STATUS): $(NSPR_CONFIGURE)
--with-dist-includedir='$(NSPR_PREFIX)/include'
build_nspr: $(NSPR_CONFIG_STATUS)
- cd $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) ; $(MAKE)
+ $(MAKE) -C $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME)
clobber_nspr: $(NSPR_CONFIG_STATUS)
- cd $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) ; $(MAKE) clobber
+ $(MAKE) -C $(CORE_DEPTH)/../nsprpub/$(OBJDIR_NAME) clobber
build_dbm:
ifdef NSS_DISABLE_DBM
@echo "skipping the build of DBM"
else
- cd $(CORE_DEPTH)/dbm ; $(MAKE) export libs
+ $(MAKE) -C $(CORE_DEPTH)/dbm export libs
endif
clobber_dbm:
- cd $(CORE_DEPTH)/dbm ; $(MAKE) clobber
+ $(MAKE) -C $(CORE_DEPTH)/dbm clobber
moz_import::
ifeq (,$(filter-out WIN%,$(OS_TARGET)))
View
2 security/nss/TAG-INFO
@@ -1 +1 @@
-NSS_3_14_RC1
+NSS_3_14_1_BETA1
View
2 security/nss/TAG-INFO-CKBI
@@ -1 +1 @@
-NSS_3_14_RC1
+NSS_3_14_1_BETA1
View
17 security/nss/cmd/addbuiltin/addbuiltin.c
@@ -5,7 +5,7 @@
/*
* Tool for converting builtin CA certs.
*
- * $Id: addbuiltin.c,v 1.19 2012/07/04 15:21:47 gerv%gerv.net Exp $
+ * $Id: addbuiltin.c,v 1.20 2012/11/29 02:11:04 bsmith%mozilla.com Exp $
*/
#include "nssrenam.h"
@@ -266,7 +266,7 @@ void printheader() {
"# License, v. 2.0. If a copy of the MPL was not distributed with this\n"
"# file, You can obtain one at http://mozilla.org/MPL/2.0/.\n"
"#\n"
- "CVS_ID \"@(#) $RCSfile: addbuiltin.c,v $ $Revision: 1.19 $ $Date: 2012/07/04 15:21:47 $\"\n"
+ "CVS_ID \"@(#) $RCSfile: addbuiltin.c,v $ $Revision: 1.20 $ $Date: 2012/11/29 02:11:04 $\"\n"
"\n"
"#\n"
"# certdata.txt\n"
@@ -473,6 +473,19 @@ int main(int argc, char **argv)
infile = PR_STDIN;
}
+#if defined(WIN32)
+ /* We must put stdout into O_BINARY mode or else the output will include
+ ** carriage returns.
+ */
+ {
+ int smrv = _setmode(_fileno(stdout), _O_BINARY);
+ if (smrv == -1) {
+ fprintf(stderr, "%s: Cannot change stdout to binary mode.\n", progName);
+ exit(1);
+ }
+ }
+#endif
+
nickname = strdup(addbuiltin.options[opt_Nickname].arg);
NSS_NoDB_Init(NULL);
View
1 security/nss/cmd/bltest/blapitest.c
@@ -1459,6 +1459,7 @@ bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
return SECSuccess;
}
+SECStatus
blapi_pqg_param_gen(unsigned int keysize, PQGParams **pqg, PQGVerify **vfy)
{
if (keysize < 1024) {
View
4 security/nss/cmd/certutil/keystuff.c
@@ -14,10 +14,8 @@
#if defined(XP_WIN) || defined (XP_PC)
#include <time.h>
-#ifndef WINCE
#include <conio.h>
#endif
-#endif
#if defined(__sun) && !defined(SVR4)
extern int fclose(FILE*);
@@ -96,7 +94,7 @@ UpdateRNG(void)
/* Get random noise from keyboard strokes */
count = 0;
while (count < sizeof randbuf) {
-#if defined(XP_UNIX) || defined(WINCE)
+#if defined(XP_UNIX)
c = getc(stdin);
#else
c = getch();
View
6 security/nss/cmd/lib/basicutil.c
@@ -17,10 +17,8 @@
#include "basicutil.h"
#include <stdarg.h>
-#if !defined(_WIN32_WCE)
#include <sys/stat.h>
#include <errno.h>
-#endif
#ifdef XP_UNIX
#include <unistd.h>
@@ -91,11 +89,7 @@ SECU_PrintSystemError(char *progName, char *msg, ...)
va_start(args, msg);
fprintf(stderr, "%s: ", progName);
vfprintf(stderr, msg, args);
-#if defined(_WIN32_WCE)
- fprintf(stderr, ": %d\n", PR_GetOSError());
-#else
fprintf(stderr, ": %s\n", strerror(errno));
-#endif
va_end(args);
}
View
4 security/nss/cmd/lib/config.mk
@@ -13,7 +13,3 @@ SHARED_LIBRARY =
IMPORT_LIBRARY =
PROGRAM =
-ifeq (WINCE,$(OS_ARCH))
-CSRCS += wincemain.c
-endif
-
View
7 security/nss/cmd/lib/secpwd.c
@@ -20,7 +20,7 @@
#include <unistd.h> /* for isatty() */
#endif
-#if( defined(_WINDOWS) && !defined(_WIN32_WCE))
+#if defined(_WINDOWS)
#include <conio.h>
#include <io.h>
#define QUIET_FGETS quiet_fgets
@@ -144,11 +144,8 @@ static char * quiet_fgets (char *buf, int length, FILE *input)
while (1)
{
-#if defined (_WIN32_WCE)
- c = getchar(); /* gets a character from stdin */
-#else
c = getch(); /* getch gets a character from the console */
-#endif
+
if (c == '\b')
{
if (end > buf)
View
2 security/nss/cmd/lib/secutil.c
@@ -20,10 +20,8 @@
#include "secpkcs7.h"
#include "secpkcs5.h"
#include <stdarg.h>
-#if !defined(_WIN32_WCE)
#include <sys/stat.h>
#include <errno.h>
-#endif
#ifdef XP_UNIX
#include <unistd.h>
View
10 security/nss/cmd/lib/secutil.h
@@ -317,7 +317,7 @@ extern SECStatus SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl,
** "len" the amount of data to sign
** "pk" the private key to encrypt with
*/
-extern SECStatus SECU_DerSignDataCRL(PRArenaPool *arena, CERTSignedData *sd,
+extern SECStatus SECU_DerSignDataCRL(PLArenaPool *arena, CERTSignedData *sd,
unsigned char *buf, int len,
SECKEYPrivateKey *pk, SECOidTag algID);
@@ -334,14 +334,14 @@ SECU_SignAndEncodeCRL(CERTCertificate *issuer, CERTSignedCrl *signCrl,
SECOidTag hashAlgTag, SignAndEncodeFuncExitStat *resCode);
extern SECStatus
-SECU_CopyCRL(PRArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl);
+SECU_CopyCRL(PLArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl);
/*
** Finds the crl Authority Key Id extension. Returns NULL if no such extension
** was found.
*/
CERTAuthKeyID *
-SECU_FindCRLAuthKeyIDExten (PRArenaPool *arena, CERTSignedCrl *crl);
+SECU_FindCRLAuthKeyIDExten (PLArenaPool *arena, CERTSignedCrl *crl);
/*
* Find the issuer of a crl. Cert usage should be checked before signing a crl.
@@ -353,12 +353,12 @@ SECU_FindCrlIssuer(CERTCertDBHandle *dbHandle, SECItem* subject,
/* call back function used in encoding of an extension. Called from
* SECU_EncodeAndAddExtensionValue */
-typedef SECStatus (* EXTEN_EXT_VALUE_ENCODER) (PRArenaPool *extHandleArena,
+typedef SECStatus (* EXTEN_EXT_VALUE_ENCODER) (PLArenaPool *extHandleArena,
void *value, SECItem *encodedValue);
/* Encodes and adds extensions to the CRL or CRL entries. */
SECStatus
-SECU_EncodeAndAddExtensionValue(PRArenaPool *arena, void *extHandle,
+SECU_EncodeAndAddExtensionValue(PLArenaPool *arena, void *extHandle,
void *value, PRBool criticality, int extenType,
EXTEN_EXT_VALUE_ENCODER EncodeValueFn);
View
33 security/nss/cmd/lib/wincemain.c
@@ -1,33 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifdef WINCE
-#include <windows.h>
-
-int
-wmain(int argc, WCHAR **wargv)
-{
- char **argv;
- int i, ret;
-
- argv = malloc(argc * sizeof(char*));
-
- for (i = 0; i < argc; i++) {
- int len = WideCharToMultiByte(CP_ACP, 0, wargv[i], -1, NULL, 0, 0, 0);
- argv[i] = malloc(len * sizeof(char));
- WideCharToMultiByte(CP_ACP, 0, wargv[i], -1, argv[i], len, 0, 0);
- }
-
- ret = main(argc, argv);
-
- for (i = 0; i < argc; i++) {
- free(argv[i]);
- }
- free(argv);
-
- return ret;
-}
-
-#endif
-
View
1 security/nss/cmd/manifest.mn
@@ -29,6 +29,7 @@ DIRS = lib \
makepqg \
multinit \
ocspclnt \
+ ocspresp \
oidcalc \
p7content \
p7env \
View
47 security/nss/cmd/ocspresp/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY). #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL) #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL). #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL) #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL). #
+#######################################################################
+
+
+include ../platrules.mk
+
View
15 security/nss/cmd/ocspresp/manifest.mn
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../../..
+
+MODULE = nss
+
+CSRCS = ocspresp.c
+
+REQUIRES = seccmd
+
+PROGRAM = ocspresp
+
View
249 security/nss/cmd/ocspresp/ocspresp.c
@@ -0,0 +1,249 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * ocspresp - self test for OCSP response creation
+ */
+
+#include "nspr.h"
+#include "secutil.h"
+#include "secpkcs7.h"
+#include "cert.h"
+#include "certdb.h"
+#include "nss.h"
+#include "pk11func.h"
+#include "cryptohi.h"
+#include "ocsp.h"
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+
+secuPWData pwdata = { PW_NONE, 0 };
+
+static PRBool
+getCaAndSubjectCert(CERTCertDBHandle *certHandle,
+ const char *caNick, const char *eeNick,
+ CERTCertificate **outCA, CERTCertificate **outCert)
+{
+ *outCA = CERT_FindCertByNickname(certHandle, caNick);
+ *outCert = CERT_FindCertByNickname(certHandle, eeNick);
+ return *outCA && *outCert;
+}
+
+static SECItem *
+encode(PRArenaPool *arena, CERTOCSPCertID *cid,
+ CERTCertificate *ca, CERTCertificate *cert)
+{
+ SECItem *response;
+ PRTime now = PR_Now();
+ PRTime nextUpdate;
+ CERTOCSPSingleResponse **responses;
+ CERTOCSPSingleResponse *sr;
+
+ if (!arena)
+ return NULL;
+
+ nextUpdate = now + 10 * PR_USEC_PER_SEC; /* in the future */
+
+ sr = OCSP_CreateSingleResponseGood(arena, cid, now, &nextUpdate);
+
+ /* meaning of value 2: one entry + one end marker */
+ responses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse*, 2);
+ if (responses == NULL)
+ return NULL;
+
+ responses[0] = sr;
+ responses[1] = NULL;
+
+ response = OCSP_CreateSuccessResponseEncodedBasicV1(
+ arena, ca, PR_TRUE, now, responses, &pwdata);
+
+ return response;
+}
+
+static SECItem *
+encodeRevoked(PRArenaPool *arena, CERTOCSPCertID *cid,
+ CERTCertificate *ca, CERTCertificate *cert)
+{
+ SECItem *response;
+ PRTime now = PR_Now();
+ PRTime revocationTime;
+ CERTOCSPSingleResponse **responses;
+ CERTOCSPSingleResponse *sr;
+
+ if (!arena)
+ return NULL;
+
+ revocationTime = now - 10 * PR_USEC_PER_SEC; /* in the past */
+
+ sr = OCSP_CreateSingleResponseRevoked(arena, cid, now, NULL,
+ revocationTime);
+
+ /* meaning of value 2: one entry + one end marker */
+ responses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse*, 2);
+ if (responses == NULL)
+ return NULL;
+
+ responses[0] = sr;
+ responses[1] = NULL;
+
+ response = OCSP_CreateSuccessResponseEncodedBasicV1(
+ arena, ca, PR_TRUE, now, responses, &pwdata);
+
+ return response;
+}
+
+int Usage()
+{
+ PRFileDesc *pr_stderr = PR_STDERR;
+ PR_fprintf (pr_stderr, "ocspresp runs an internal selftest for OCSP response creation");
+ PR_fprintf (pr_stderr, "Usage:");
+ PR_fprintf (pr_stderr,
+ "\tocspresp <dbdir> <CA-nick> <EE-nick> [-p <pass>] [-f <file>]\n");
+ PR_fprintf (pr_stderr,
+ "\tdbdir: Find security databases in \"dbdir\"\n");
+ PR_fprintf (pr_stderr,
+ "\tCA-nick: nickname of a trusted CA certificate with private key\n");
+ PR_fprintf (pr_stderr,
+ "\tEE-nick: nickname of a entity cert issued by CA\n");
+ PR_fprintf (pr_stderr,
+ "\t-p: a password for db\n");
+ PR_fprintf (pr_stderr,
+ "\t-f: a filename containing the password for db\n");
+ return -1;
+}
+
+int
+main(int argc, char **argv)
+{
+ SECStatus rv;
+ int retval = -1;
+ CERTCertDBHandle *certHandle = NULL;
+ CERTCertificate *caCert = NULL, *cert = NULL;
+ CERTOCSPCertID *cid = NULL;
+ PRArenaPool *arena = NULL;
+ PRTime now = PR_Now();
+
+ SECItem *encoded = NULL;
+ CERTOCSPResponse *decoded = NULL;
+ SECStatus statusDecoded;
+
+ SECItem *encodedRev = NULL;
+ CERTOCSPResponse *decodedRev = NULL;
+ SECStatus statusDecodedRev;
+
+ SECItem *encodedFail = NULL;
+ CERTOCSPResponse *decodedFail = NULL;
+ SECStatus statusDecodedFail;
+
+ CERTCertificate *obtainedSignerCert = NULL;
+
+ if (argc != 4 && argc != 6) {
+ return Usage();
+ }
+
+ if (argc == 6) {
+ if (!strcmp(argv[4], "-p")) {
+ pwdata.source = PW_PLAINTEXT;
+ pwdata.data = PORT_Strdup(argv[5]);
+ }
+ else if (!strcmp(argv[4], "-f")) {
+ pwdata.source = PW_FROMFILE;
+ pwdata.data = PORT_Strdup(argv[5]);
+ }
+ else
+ return Usage();
+ }
+
+ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+ /*rv = NSS_Init(SECU_ConfigDirectory(NULL));*/
+ rv = NSS_Init(argv[1]);
+ if (rv != SECSuccess) {
+ SECU_PrintPRandOSError(argv[0]);
+ goto loser;
+ }
+
+ PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+ certHandle = CERT_GetDefaultCertDB();
+ if (!certHandle)
+ goto loser;
+
+ if (!getCaAndSubjectCert(certHandle, argv[2], argv[3], &caCert, &cert))
+ goto loser;
+
+ cid = CERT_CreateOCSPCertID(cert, now);
+
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ encoded = encode(arena, cid, caCert, cert);
+ PORT_Assert(encoded);
+ decoded = CERT_DecodeOCSPResponse(encoded);
+ statusDecoded = CERT_GetOCSPResponseStatus(decoded);
+ PORT_Assert(statusDecoded == SECSuccess);
+
+ statusDecoded = CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata,
+ &obtainedSignerCert, caCert);
+ PORT_Assert(statusDecoded == SECSuccess);
+ statusDecoded = CERT_GetOCSPStatusForCertID(certHandle, decoded, cid,
+ obtainedSignerCert, now);
+ PORT_Assert(statusDecoded == SECSuccess);
+ CERT_DestroyCertificate(obtainedSignerCert);
+
+ encodedRev = encodeRevoked(arena, cid, caCert, cert);
+ PORT_Assert(encodedRev);
+ decodedRev = CERT_DecodeOCSPResponse(encodedRev);
+ statusDecodedRev = CERT_GetOCSPResponseStatus(decodedRev);
+ PORT_Assert(statusDecodedRev == SECSuccess);
+
+ statusDecodedRev = CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata,
+ &obtainedSignerCert, caCert);
+ PORT_Assert(statusDecodedRev == SECSuccess);
+ statusDecodedRev = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid,
+ obtainedSignerCert, now);
+ PORT_Assert(statusDecodedRev == SECFailure);
+ PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE);
+ CERT_DestroyCertificate(obtainedSignerCert);
+
+ encodedFail = OCSP_CreateFailureResponse(arena, SEC_ERROR_OCSP_TRY_SERVER_LATER);
+ PORT_Assert(encodedFail);
+ decodedFail = CERT_DecodeOCSPResponse(encodedFail);
+ statusDecodedFail = CERT_GetOCSPResponseStatus(decodedFail);
+ PORT_Assert(statusDecodedFail == SECFailure);
+ PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER);
+
+ retval = 0;
+loser:
+ if (retval != 0)
+ SECU_PrintError(argv[0], "tests failed");
+
+ if (cid)
+ CERT_DestroyOCSPCertID(cid);
+ if (cert)
+ CERT_DestroyCertificate(cert);
+ if (caCert)
+ CERT_DestroyCertificate(caCert);
+ if (arena)
+ PORT_FreeArena(arena, PR_FALSE);
+ if (decoded)
+ CERT_DestroyOCSPResponse(decoded);
+ if (decodedRev)
+ CERT_DestroyOCSPResponse(decodedRev);
+ if (decodedFail)
+ CERT_DestroyOCSPResponse(decodedFail);
+ if (pwdata.data) {
+ PORT_Free(pwdata.data);
+ }
+
+ if (NSS_Shutdown() != SECSuccess) {
+ SECU_PrintError(argv[0], "NSS shutdown:");
+ if (retval == 0)
+ retval = -2;
+ }
+
+ return retval;
+}
View
4 security/nss/cmd/platlibs.mk
@@ -53,7 +53,7 @@ PKIXLIB = \
$(DIST)/lib/$(LIB_PREFIX)pkixcertsel.$(LIB_SUFFIX)
# can't do this in manifest.mn because OS_ARCH isn't defined there.
-ifeq (,$(filter-out WINNT WINCE,$(OS_ARCH)))
+ifeq ($(OS_ARCH), WINNT)
EXTRA_LIBS += \
$(DIST)/lib/$(LIB_PREFIX)smime.$(LIB_SUFFIX) \
@@ -139,7 +139,7 @@ endif
else # USE_STATIC_LIBS
# can't do this in manifest.mn because OS_ARCH isn't defined there.
-ifeq (,$(filter-out WINNT WINCE,$(OS_ARCH)))
+ifeq ($(OS_ARCH), WINNT)
# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
EXTRA_LIBS += \
View
2 security/nss/cmd/strsclnt/strsclnt.c
@@ -11,10 +11,8 @@
#include <unistd.h>
#endif
#include <stdlib.h>
-#if !defined(_WIN32_WCE)
#include <errno.h>
#include <fcntl.h>
-#endif
#include <stdarg.h>
#include "plgetopt.h"
View
1 security/nss/lib/certhigh/manifest.mn
@@ -21,6 +21,7 @@ CSRCS = \
certreq.c \
crlv2.c \
ocsp.c \
+ ocspsig.c \
certhigh.c \
certvfy.c \
certvfypkix.c \
View
14 security/nss/lib/certhigh/ocsp.c
@@ -6,7 +6,7 @@
* Implementation of OCSP services, for both client and server.
* (XXX, really, mostly just for client right now, but intended to do both.)
*
- * $Id: ocsp.c,v 1.72 2012/09/22 13:41:58 wtc%google.com Exp $
+ * $Id: ocsp.c,v 1.74 2012/11/17 11:52:38 kaie%kuix.de Exp $
*/
#include "prerror.h"
@@ -151,8 +151,8 @@ ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, int64 time);
#define OCSP_TRACE_CERT(cert) dumpCertificate(cert)
#define OCSP_TRACE_CERTID(certid) dumpCertID(certid)
-#if (defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS) \
- || defined(XP_MACOSX)) && !defined(_WIN32_WCE)
+#if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS) \
+ || defined(XP_MACOSX)
#define NSS_HAVE_GETENV 1
#endif
@@ -1161,7 +1161,7 @@ const SEC_ASN1Template ocsp_CertIDTemplate[] = {
* responseStatus OCSPResponseStatus,
* responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
*/
-static const SEC_ASN1Template ocsp_OCSPResponseTemplate[] = {
+const SEC_ASN1Template ocsp_OCSPResponseTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTOCSPResponse) },
{ SEC_ASN1_ENUMERATED,
@@ -1178,7 +1178,7 @@ static const SEC_ASN1Template ocsp_OCSPResponseTemplate[] = {
* responseType OBJECT IDENTIFIER,
* response OCTET STRING }
*/
-static const SEC_ASN1Template ocsp_ResponseBytesTemplate[] = {
+const SEC_ASN1Template ocsp_ResponseBytesTemplate[] = {
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(ocspResponseBytes) },
{ SEC_ASN1_OBJECT_ID,
@@ -1275,12 +1275,12 @@ const SEC_ASN1Template ocsp_ResponseDataTemplate[] = {
* can all be simplified down into a single template. Anyway, for
* now we list each choice as its own template:
*/
-static const SEC_ASN1Template ocsp_ResponderIDByNameTemplate[] = {
+const SEC_ASN1Template ocsp_ResponderIDByNameTemplate[] = {
{ SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
offsetof(ocspResponderID, responderIDValue.name),
CERT_NameTemplate }
};
-static const SEC_ASN1Template ocsp_ResponderIDByKeyTemplate[] = {
+const SEC_ASN1Template ocsp_ResponderIDByKeyTemplate[] = {
{ SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
SEC_ASN1_XTRN | 2,
offsetof(ocspResponderID, responderIDValue.keyHash),
View
32 security/nss/lib/certhigh/ocsp.h
@@ -5,7 +5,7 @@
/*
* Interface to the OCSP implementation.
*
- * $Id: ocsp.h,v 1.22 2012/09/22 13:41:58 wtc%google.com Exp $
+ * $Id: ocsp.h,v 1.23 2012/11/17 11:52:38 kaie%kuix.de Exp $
*/
#ifndef _OCSP_H_
@@ -18,6 +18,7 @@
#include "keyt.h"
#include "certt.h"
#include "ocspt.h"
+#include "prerror.h"
/************************************************************************/
@@ -632,6 +633,35 @@ CERT_CreateOCSPCertID(CERTCertificate *cert, PRTime time);
*/
extern SECStatus
CERT_DestroyOCSPCertID(CERTOCSPCertID* certID);
+
+
+extern CERTOCSPSingleResponse*
+OCSP_CreateSingleResponseGood(PLArenaPool *arena,
+ CERTOCSPCertID *id,
+ PRTime thisUpdate, PRTime *nextUpdate);
+
+extern CERTOCSPSingleResponse*
+OCSP_CreateSingleResponseUnknown(PLArenaPool *arena,
+ CERTOCSPCertID *id,
+ PRTime thisUpdate, PRTime *nextUpdate);
+
+extern CERTOCSPSingleResponse*
+OCSP_CreateSingleResponseRevoked(PLArenaPool *arena,
+ CERTOCSPCertID *id,
+ PRTime thisUpdate, PRTime *nextUpdate,
+ PRTime revocationTime);
+
+extern SECItem*
+OCSP_CreateSuccessResponseEncodedBasicV1(PLArenaPool *arena,
+ CERTCertificate *responderCert,
+ PRBool idByName, /* false: by key */
+ PRTime producedAt,
+ CERTOCSPSingleResponse **responses,
+ void *wincx);
+
+extern SECItem*
+OCSP_CreateFailureResponse(PLArenaPool *arena, PRErrorCode reason);
+
/************************************************************************/
SEC_END_PROTOS
View
571 security/nss/lib/certhigh/ocspsig.c
@@ -0,0 +1,571 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "prerror.h"
+#include "prprf.h"
+#include "plarena.h"
+#include "prnetdb.h"
+
+#include "seccomon.h"
+#include "secitem.h"
+#include "secoidt.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "cert.h"
+#include "xconst.h"
+#include "secerr.h"
+#include "secoid.h"
+#include "hasht.h"
+#include "sechash.h"
+#include "secasn1.h"
+#include "keyhi.h"
+#include "cryptohi.h"
+#include "ocsp.h"
+#include "ocspti.h"
+#include "ocspi.h"
+#include "genname.h"
+#include "certxutl.h"
+#include "pk11func.h" /* for PK11_HashBuf */
+#include <stdarg.h>
+#include <plhash.h>
+
+
+extern const SEC_ASN1Template ocsp_ResponderIDByNameTemplate[];
+extern const SEC_ASN1Template ocsp_ResponderIDByKeyTemplate[];
+extern const SEC_ASN1Template ocsp_OCSPResponseTemplate[];
+
+ocspCertStatus*
+ocsp_CreateCertStatus(PLArenaPool *arena,
+ ocspCertStatusType status,
+ PRTime revocationTime)
+{
+ ocspCertStatus *cs;
+
+ if (!arena) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
+ }
+
+ switch (status) {
+ case ocspCertStatus_good:
+ case ocspCertStatus_unknown:
+ case ocspCertStatus_revoked:
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
+ }
+
+ cs = PORT_ArenaZNew(arena, ocspCertStatus);
+ if (!cs)
+ return NULL;
+ cs->certStatusType = status;
+ switch (status) {
+ case ocspCertStatus_good:
+ cs->certStatusInfo.goodInfo = SECITEM_AllocItem(arena, NULL, 0);
+ if (!cs->certStatusInfo.goodInfo)
+ return NULL;
+ break;
+ case ocspCertStatus_unknown:
+ cs->certStatusInfo.unknownInfo = SECITEM_AllocItem(arena, NULL, 0);
+ if (!cs->certStatusInfo.unknownInfo)
+ return NULL;
+ break;
+ case ocspCertStatus_revoked:
+ cs->certStatusInfo.revokedInfo =
+ PORT_ArenaZNew(arena, ocspRevokedInfo);
+ if (!cs->certStatusInfo.revokedInfo)
+ return NULL;
+ cs->certStatusInfo.revokedInfo->revocationReason =
+ SECITEM_AllocItem(arena, NULL, 0);
+ if (!cs->certStatusInfo.revokedInfo->revocationReason)
+ return NULL;
+ if (DER_TimeToGeneralizedTimeArena(arena,
+ &cs->certStatusInfo.revokedInfo->revocationTime,
+ revocationTime) != SECSuccess)
+ return NULL;
+ break;
+ default:
+ PORT_Assert(PR_FALSE);
+ }
+ return cs;
+}
+
+#ifdef DEBUG_kaie
+void dump_item_to_file(SECItem *item, const char *filename)
+{
+ FILE *fp = fopen(filename, "wb");
+ if (fp) {
+ fwrite(item->data, item->len, 1, fp);
+ fclose(fp);
+ fprintf(stderr, "wrote item with %d bytes\n", item->len);
+ }
+}
+#endif
+
+const SEC_ASN1Template mySEC_EnumeratedTemplate[] = {
+ { SEC_ASN1_ENUMERATED, 0, NULL, sizeof(SECItem) }
+};
+
+const SEC_ASN1Template mySEC_PointerToEnumeratedTemplate[] = {
+ { SEC_ASN1_POINTER, 0, mySEC_EnumeratedTemplate }
+};
+
+const SEC_ASN1Template ocsp_EncodeRevokedInfoTemplate[] = {
+ { SEC_ASN1_GENERALIZED_TIME,
+ offsetof(ocspRevokedInfo, revocationTime) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC| 0,
+ offsetof(ocspRevokedInfo, revocationReason),
+ mySEC_PointerToEnumeratedTemplate },
+ { 0 }
+};
+
+const SEC_ASN1Template ocsp_PointerToEncodeRevokedInfoTemplate[] = {
+ { SEC_ASN1_POINTER, 0,
+ ocsp_EncodeRevokedInfoTemplate }
+};
+
+const SEC_ASN1Template mySEC_NullTemplate[] = {
+ { SEC_ASN1_NULL, 0, NULL, sizeof(SECItem) }
+};
+
+const SEC_ASN1Template ocsp_CertStatusTemplate[] = {
+ { SEC_ASN1_CHOICE, offsetof(ocspCertStatus, certStatusType),
+ 0, sizeof(ocspCertStatus) },
+ { SEC_ASN1_CONTEXT_SPECIFIC | 0,
+ 0, mySEC_NullTemplate, ocspCertStatus_good },
+ { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
+ SEC_ASN1_CONTEXT_SPECIFIC | 1,
+ offsetof(ocspCertStatus, certStatusInfo.revokedInfo),
+ ocsp_PointerToEncodeRevokedInfoTemplate, ocspCertStatus_revoked },
+ { SEC_ASN1_CONTEXT_SPECIFIC | 2,
+ 0, mySEC_NullTemplate, ocspCertStatus_unknown },
+ { 0 }
+};
+
+const SEC_ASN1Template mySECOID_AlgorithmIDTemplate[] = {
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(SECAlgorithmID) },
+ { SEC_ASN1_OBJECT_ID,
+ offsetof(SECAlgorithmID,algorithm), },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
+ offsetof(SECAlgorithmID,parameters), },
+ { 0, }
+};
+
+const SEC_ASN1Template mySEC_AnyTemplate[] = {
+ { SEC_ASN1_ANY | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
+};
+
+const SEC_ASN1Template mySEC_SequenceOfAnyTemplate[] = {
+ { SEC_ASN1_SEQUENCE_OF, 0, mySEC_AnyTemplate }
+};
+
+const SEC_ASN1Template mySEC_PointerToSequenceOfAnyTemplate[] = {
+ { SEC_ASN1_POINTER, 0, mySEC_SequenceOfAnyTemplate }
+};
+
+const SEC_ASN1Template mySEC_IntegerTemplate[] = {
+ { SEC_ASN1_INTEGER, 0, NULL, sizeof(SECItem) }
+};
+
+const SEC_ASN1Template mySEC_PointerToIntegerTemplate[] = {
+ { SEC_ASN1_POINTER, 0, mySEC_IntegerTemplate }
+};
+
+const SEC_ASN1Template mySEC_GeneralizedTimeTemplate[] = {
+ { SEC_ASN1_GENERALIZED_TIME | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem)}
+};
+
+const SEC_ASN1Template mySEC_PointerToGeneralizedTimeTemplate[] = {
+ { SEC_ASN1_POINTER, 0, mySEC_GeneralizedTimeTemplate }
+};
+
+const SEC_ASN1Template ocsp_myCertIDTemplate[] = {
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(CERTOCSPCertID) },
+ { SEC_ASN1_INLINE,
+ offsetof(CERTOCSPCertID, hashAlgorithm),
+ mySECOID_AlgorithmIDTemplate },
+ { SEC_ASN1_OCTET_STRING,
+ offsetof(CERTOCSPCertID, issuerNameHash) },
+ { SEC_ASN1_OCTET_STRING,
+ offsetof(CERTOCSPCertID, issuerKeyHash) },
+ { SEC_ASN1_INTEGER,
+ offsetof(CERTOCSPCertID, serialNumber) },
+ { 0 }
+};
+
+const SEC_ASN1Template myCERT_CertExtensionTemplate[] = {
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(CERTCertExtension) },
+ { SEC_ASN1_OBJECT_ID,
+ offsetof(CERTCertExtension,id) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
+ offsetof(CERTCertExtension,critical) },
+ { SEC_ASN1_OCTET_STRING,
+ offsetof(CERTCertExtension,value) },
+ { 0, }
+};
+
+const SEC_ASN1Template myCERT_SequenceOfCertExtensionTemplate[] = {
+ { SEC_ASN1_SEQUENCE_OF, 0, myCERT_CertExtensionTemplate }
+};
+
+const SEC_ASN1Template myCERT_PointerToSequenceOfCertExtensionTemplate[] = {
+ { SEC_ASN1_POINTER, 0, myCERT_SequenceOfCertExtensionTemplate }
+};
+
+const SEC_ASN1Template ocsp_mySingleResponseTemplate[] = {
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(CERTOCSPSingleResponse) },
+ { SEC_ASN1_POINTER,
+ offsetof(CERTOCSPSingleResponse, certID),
+ ocsp_myCertIDTemplate },
+ { SEC_ASN1_ANY,
+ offsetof(CERTOCSPSingleResponse, derCertStatus) },
+ { SEC_ASN1_GENERALIZED_TIME,
+ offsetof(CERTOCSPSingleResponse, thisUpdate) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+ offsetof(CERTOCSPSingleResponse, nextUpdate),
+ mySEC_PointerToGeneralizedTimeTemplate },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+ offsetof(CERTOCSPSingleResponse, singleExtensions),
+ myCERT_PointerToSequenceOfCertExtensionTemplate },
+ { 0 }
+};
+
+const SEC_ASN1Template ocsp_myResponseDataTemplate[] = {
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(ocspResponseData) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | /* XXX DER_DEFAULT */
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+ offsetof(ocspResponseData, version),
+ mySEC_PointerToIntegerTemplate },
+ { SEC_ASN1_ANY,
+ offsetof(ocspResponseData, derResponderID) },
+ { SEC_ASN1_GENERALIZED_TIME,
+ offsetof(ocspResponseData, producedAt) },
+ { SEC_ASN1_SEQUENCE_OF,
+ offsetof(ocspResponseData, responses),
+ ocsp_mySingleResponseTemplate },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+ offsetof(ocspResponseData, responseExtensions),
+ myCERT_PointerToSequenceOfCertExtensionTemplate },
+ { 0 }
+};
+
+
+const SEC_ASN1Template ocsp_EncodeBasicOCSPResponseTemplate[] = {
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(ocspBasicOCSPResponse) },
+ { SEC_ASN1_POINTER,
+ offsetof(ocspBasicOCSPResponse, tbsResponseData),
+ ocsp_myResponseDataTemplate },
+ { SEC_ASN1_INLINE,
+ offsetof(ocspBasicOCSPResponse, responseSignature.signatureAlgorithm),
+ mySECOID_AlgorithmIDTemplate },
+ { SEC_ASN1_BIT_STRING,
+ offsetof(ocspBasicOCSPResponse, responseSignature.signature) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+ SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+ offsetof(ocspBasicOCSPResponse, responseSignature.derCerts),
+ mySEC_PointerToSequenceOfAnyTemplate },
+ { 0 }
+};
+
+CERTOCSPSingleResponse*
+ocsp_CreateSingleResponse(PLArenaPool *arena,
+ CERTOCSPCertID *id, ocspCertStatus *status,
+ PRTime thisUpdate, PRTime *nextUpdate)
+{
+ CERTOCSPSingleResponse *sr;
+
+ if (!arena || !id || !status) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
+ }
+
+ sr = PORT_ArenaZNew(arena, CERTOCSPSingleResponse);
+ if (!sr)
+ return NULL;
+ sr->arena = arena;
+ sr->certID = id;
+ sr->certStatus = status;
+ if (DER_TimeToGeneralizedTimeArena(arena, &sr->thisUpdate, thisUpdate)
+ != SECSuccess)
+ return NULL;
+ sr->nextUpdate = NULL;
+ if (nextUpdate) {
+ sr->nextUpdate = SECITEM_AllocItem(arena, NULL, 0);
+ if (!sr->nextUpdate)
+ return NULL;
+ if (DER_TimeToGeneralizedTimeArena(arena, sr->nextUpdate, *nextUpdate)
+ != SECSuccess)
+ return NULL;
+ }
+
+ sr->singleExtensions = PORT_ArenaNewArray(arena, CERTCertExtension*, 1);
+ if (!sr->singleExtensions)
+ return NULL;
+
+ sr->singleExtensions[0] = NULL;
+
+ if (!SEC_ASN1EncodeItem(arena, &sr->derCertStatus,
+ status, ocsp_CertStatusTemplate))
+ return NULL;
+
+ return sr;
+}
+
+CERTOCSPSingleResponse*
+OCSP_CreateSingleResponseGood(PLArenaPool *arena,
+ CERTOCSPCertID *id,
+ PRTime thisUpdate, PRTime *nextUpdate)
+{
+ ocspCertStatus * cs;
+ if (!arena) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
+ }
+ cs = ocsp_CreateCertStatus(arena, ocspCertStatus_good, 0);
+ if (!cs)
+ return NULL;
+ return ocsp_CreateSingleResponse(arena, id, cs, thisUpdate, nextUpdate);
+}
+
+CERTOCSPSingleResponse*
+OCSP_CreateSingleResponseUnknown(PLArenaPool *arena,
+ CERTOCSPCertID *id,
+ PRTime thisUpdate, PRTime *nextUpdate)
+{
+ ocspCertStatus * cs;
+ if (!arena) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
+ }
+ cs = ocsp_CreateCertStatus(arena, ocspCertStatus_unknown, 0);
+ if (!cs)
+ return NULL;
+ return ocsp_CreateSingleResponse(arena, id, cs, thisUpdate, nextUpdate);
+}
+
+CERTOCSPSingleResponse*
+OCSP_CreateSingleResponseRevoked(PLArenaPool *arena,
+ CERTOCSPCertID *id,
+ PRTime thisUpdate, PRTime *nextUpdate,
+ PRTime revocationTime)
+{
+ ocspCertStatus * cs;
+ if (!arena) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
+ }
+ cs = ocsp_CreateCertStatus(arena, ocspCertStatus_revoked, revocationTime);
+ if (!cs)
+ return NULL;
+ return ocsp_CreateSingleResponse(arena, id, cs, thisUpdate, nextUpdate);
+}
+
+SECItem*
+OCSP_CreateSuccessResponseEncodedBasicV1(PLArenaPool *arena,
+ CERTCertificate *responderCert,
+ PRBool idByName, /* false: by key */
+ PRTime producedAt,
+ CERTOCSPSingleResponse **responses,
+ void *wincx)
+{
+ PLArenaPool *tmpArena;
+ ocspResponseData *rd = NULL;
+ ocspResponderID *rid = NULL;
+ ocspBasicOCSPResponse *br = NULL;
+ ocspResponseBytes *rb = NULL;
+ CERTOCSPResponse *response = NULL;
+
+ SECOidTag algID;
+ SECOidData *od = NULL;
+ SECKEYPrivateKey *privKey = NULL;
+ SECItem *result = NULL;
+
+ if (!arena || !responderCert || !responses) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
+ }
+
+ tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (!tmpArena)
+ return NULL;
+
+ rd = PORT_ArenaZNew(tmpArena, ocspResponseData);
+ if (!rd)
+ goto done;
+ rid = PORT_ArenaZNew(tmpArena, ocspResponderID);
+ if (!rid)
+ goto done;
+ br = PORT_ArenaZNew(tmpArena, ocspBasicOCSPResponse);
+ if (!br)
+ goto done;
+ rb = PORT_ArenaZNew(tmpArena, ocspResponseBytes);
+ if (!rb)
+ goto done;
+ response = PORT_ArenaZNew(tmpArena, CERTOCSPResponse);
+ if (!response)
+ goto done;
+
+ rd->version.data=NULL;
+ rd->version.len=0;
+ rd->responseExtensions = NULL;
+ rd->responses = responses;
+ if (DER_TimeToGeneralizedTimeArena(tmpArena, &rd->producedAt, producedAt)
+ != SECSuccess)
+ goto done;
+ if (idByName) {
+ rid->responderIDType = ocspResponderID_byName;
+ if (CERT_CopyName(tmpArena, &rid->responderIDValue.name,
+ &responderCert->subject) != SECSuccess)
+ goto done;
+ }
+ else {
+ rid->responderIDType = ocspResponderID_byKey;
+ if (!CERT_GetSPKIDigest(tmpArena, responderCert, SEC_OID_SHA1,
+ &rid->responderIDValue.keyHash))
+ goto done;
+ }
+
+ if (!SEC_ASN1EncodeItem(tmpArena, &rd->derResponderID, rid,
+ idByName ? ocsp_ResponderIDByNameTemplate : ocsp_ResponderIDByKeyTemplate))
+ goto done;
+
+ br->tbsResponseData = rd;
+
+ if (!SEC_ASN1EncodeItem(tmpArena, &br->tbsResponseDataDER, br->tbsResponseData,
+ ocsp_myResponseDataTemplate))
+ goto done;
+
+ br->responseSignature.derCerts = PORT_ArenaNewArray(tmpArena, SECItem*, 1);
+ if (!br->responseSignature.derCerts)
+ goto done;
+ br->responseSignature.derCerts[0] = NULL;
+
+ privKey = PK11_FindKeyByAnyCert(responderCert, wincx);
+ if (!privKey)
+ goto done;
+
+ algID = SEC_GetSignatureAlgorithmOidTag(privKey->keyType, SEC_OID_SHA1);
+ if (algID == SEC_OID_UNKNOWN)
+ goto done;
+
+ if (SEC_SignData(&br->responseSignature.signature,
+ br->tbsResponseDataDER.data, br->tbsResponseDataDER.len,
+ privKey, algID)
+ != SECSuccess)
+ goto done;
+
+#ifdef DEBUG_kaie
+ dump_item_to_file(&br->responseSignature.signature, "/tmp/sig");
+#endif
+
+ /* convert len-in-bytes to len-in-bits */
+ br->responseSignature.signature.len = br->responseSignature.signature.len << 3;
+
+ /* br->responseSignature.signature wasn't allocated from arena,
+ * we must free it when done. */
+
+ if (SECOID_SetAlgorithmID(tmpArena, &br->responseSignature.signatureAlgorithm, algID, 0)
+ != SECSuccess)
+ goto done;
+
+ if (!SEC_ASN1EncodeItem(tmpArena, &rb->response, br,
+ ocsp_EncodeBasicOCSPResponseTemplate))
+ goto done;
+
+#ifdef DEBUG_kaie
+ dump_item_to_file(&rb->response, "/tmp/basic");
+#endif
+
+ rb->responseTypeTag = SEC_OID_PKIX_OCSP_BASIC_RESPONSE;
+
+ od = SECOID_FindOIDByTag(rb->responseTypeTag);
+ if (!od)
+ goto done;
+
+ rb->responseType = od->oid;
+ rb->decodedResponse.basic = br;
+
+ response->arena = tmpArena;
+ response->responseBytes = rb;
+ response->statusValue = ocspResponse_successful;
+
+ if (!SEC_ASN1EncodeInteger(tmpArena, &response->responseStatus,
+ response->statusValue))
+ goto done;
+
+ result = SEC_ASN1EncodeItem(arena, NULL, response, ocsp_OCSPResponseTemplate);
+
+#ifdef DEBUG_kaie
+ if (result)
+ dump_item_to_file(result, "/tmp/item");
+#endif
+
+done:
+ if (privKey)
+ SECKEY_DestroyPrivateKey(privKey);
+ if (br->responseSignature.signature.data)
+ SECITEM_FreeItem(&br->responseSignature.signature, PR_FALSE);
+ PORT_FreeArena(tmpArena, PR_FALSE);
+
+ return result;
+}
+
+static const SEC_ASN1Template ocsp_OCSPFailureResponseTemplate[] = {
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(CERTOCSPResponse) },
+ { SEC_ASN1_ENUMERATED,
+ offsetof(CERTOCSPResponse, responseStatus) },
+ { 0, 0,
+ mySEC_NullTemplate },
+ { 0 }
+};
+
+SECItem*
+OCSP_CreateFailureResponse(PLArenaPool *arena, PRErrorCode reason)
+{
+ CERTOCSPResponse response;
+ SECItem *result = NULL;
+
+ switch (reason) {
+ case SEC_ERROR_OCSP_MALFORMED_REQUEST:
+ response.statusValue = ocspResponse_malformedRequest;
+ break;
+ case SEC_ERROR_OCSP_SERVER_ERROR:
+ response.statusValue = ocspResponse_internalError;
+ break;
+ case SEC_ERROR_OCSP_TRY_SERVER_LATER:
+ response.statusValue = ocspResponse_tryLater;
+ break;
+ case SEC_ERROR_OCSP_REQUEST_NEEDS_SIG:
+ response.statusValue = ocspResponse_sigRequired;
+ break;
+ case SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST:
+ response.statusValue = ocspResponse_unauthorized;
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
+ }
+
+ if (!SEC_ASN1EncodeInteger(NULL, &response.responseStatus,
+ response.statusValue))
+ return NULL;
+
+ result = SEC_ASN1EncodeItem(arena, NULL, &response, ocsp_OCSPFailureResponseTemplate);
+
+ SECITEM_FreeItem(&response.responseStatus, PR_FALSE);
+
+ return result;
+}
View
3 security/nss/lib/certhigh/ocspt.h
@@ -5,7 +5,7 @@
/*
* Public header for exported OCSP types.
*
- * $Id: ocspt.h,v 1.10 2012/04/25 14:49:27 gerv%gerv.net Exp $
+ * $Id: ocspt.h,v 1.11 2012/11/17 11:52:38 kaie%kuix.de Exp $
*/
#ifndef _OCSPT_H_
@@ -24,7 +24,6 @@ typedef struct CERTOCSPResponseStr CERTOCSPResponse;
* but until I know for certain I am leaving the rest of these here, too.
*/
typedef struct CERTOCSPCertIDStr CERTOCSPCertID;
-typedef struct CERTOCSPCertStatusStr CERTOCSPCertStatus;
typedef struct CERTOCSPSingleResponseStr CERTOCSPSingleResponse;
/*
View
4 security/nss/lib/ckfw/Makefile
@@ -2,7 +2,7 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-MAKEFILE_CVS_ID = "@(#) $RCSfile: Makefile,v $ $Revision: 1.18 $ $Date: 2012/04/25 14:49:28 $"
+MAKEFILE_CVS_ID = "@(#) $RCSfile: Makefile,v $ $Revision: 1.19 $ $Date: 2012/11/14 01:14:10 $"
include manifest.mn
include $(CORE_DEPTH)/coreconf/config.mk
@@ -29,7 +29,7 @@ endif
export:: private_export
# can't do this in manifest.mn because OS_TARGET isn't defined there.
-ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET))) # list omits WINCE
+ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET)))
ifdef NSS_BUILD_CAPI
DIRS += capi
endif
View
12 security/nss/lib/ckfw/builtins/Makefile
@@ -2,7 +2,7 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-MAKEFILE_CVS_ID = "@(#) $RCSfile: Makefile,v $ $Revision: 1.21 $ $Date: 2012/04/25 14:49:29 $"
+MAKEFILE_CVS_ID = "@(#) $RCSfile: Makefile,v $ $Revision: 1.22 $ $Date: 2012/11/30 02:40:52 $"
include manifest.mn
include $(CORE_DEPTH)/coreconf/config.mk
@@ -44,5 +44,11 @@ endif
include $(CORE_DEPTH)/coreconf/rules.mk
# Generate certdata.c.
-generate:
- $(PERL) certdata.perl < certdata.txt
+
+# By default, use the unmodified certdata.txt.
+ifndef NSS_CERTDATA_TXT
+NSS_CERTDATA_TXT = certdata.txt
+endif
+
+$(OBJDIR)/certdata.c: $(NSS_CERTDATA_TXT) certdata.perl
+ $(PERL) certdata.perl < $(NSS_CERTDATA_TXT) > $@
View
15 security/nss/lib/ckfw/builtins/README
@@ -20,29 +20,26 @@ variants), SHLIB_PATH (32-bit HP-UX), LIBPATH (AIX), or PATH (Windows).
3. In this directory, run addbuiltin to add the new root certificate. The
argument to the -n option should be replaced by the nickname of the root
-certificate. Then run "gmake generate".
+certificate.
% addbuiltin -n "Nickname of the Root Certificate" -t C,C,C < newroot.der >> certdata.txt
- % gmake generate
4. Edit nssckbi.h to bump the version of the module.
5. Run gmake in this directory to build the nssckbi module.
6. After you verify that the new nssckbi module is correct, check in
-certdata.txt, certdata.c, and nssckbi.h.
+certdata.txt and nssckbi.h.
II. Removing a Builtin Root CA Certificate
1. Change directory to this directory.
2. Edit certdata.txt and remove the root CA certificate.
-3. Run "gmake generate".
+3. Edit nssckbi.h to bump the version of the module.
-4. Edit nssckbi.h to bump the version of the module.
-
-5. Run gmake in this directory to build the nssckbi module.
+4. Run gmake in this directory to build the nssckbi module.
-6. After you verify that the new nssckbi module is correct, check in
-certdata.txt, certdata.c, and nssckbi.h.
+5. After you verify that the new nssckbi module is correct, check in
+certdata.txt and nssckbi.h.
View
24,385 security/nss/lib/ckfw/builtins/certdata.c
0 additions, 24,385 deletions not shown because the diff is too large. Please use a local Git client to view these changes.
View
64 security/nss/lib/ckfw/builtins/certdata.perl
@@ -3,7 +3,7 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-my $cvs_id = '@(#) $RCSfile: certdata.perl,v $ $Revision: 1.15 $ $Date: 2012/07/04 15:21:49 $';
+my $cvs_id = '@(#) $RCSfile: certdata.perl,v $ $Revision: 1.16 $ $Date: 2012/11/30 02:40:52 $';
use strict;
my %constants;
@@ -25,7 +25,6 @@
next if (/^\s*$/);
if( /(^CVS_ID\s+)(.*)/ ) {
-# print "The CVS ID is $2\n";
$cvsid = $2 . "\"; $cvs_id\"";
my $scratch = $cvsid;
$size = 1 + $scratch =~ s/[^"\n]//g;
@@ -129,9 +128,7 @@ sub dudump {
sub doprint {
my $i;
-open(CFILE, ">certdata.c") || die "Can't open certdata.c: $!";
-
-print CFILE <<EOD
+print <<EOD
/* THIS IS A GENERATED FILE */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -148,88 +145,87 @@ sub doprint {
;
foreach $b (sort values(%constants)) {
- print CFILE $b;
+ print $b;
}
for( $i = 0; $i <= $count; $i++ ) {
if( 0 == $i ) {
- print CFILE "#ifdef DEBUG\n";
+ print "#ifdef DEBUG\n";
}
- print CFILE "static const CK_ATTRIBUTE_TYPE nss_builtins_types_$i [] = {\n";
+ print "static const CK_ATTRIBUTE_TYPE nss_builtins_types_$i [] = {\n";
$o = $objects[$i];
- # print STDOUT "type $i object $o \n";
my @ob = @{$o};
my $j;
for( $j = 0; $j < @ob; $j++ ) {
my $l = $ob[$j];
my @a = @{$l};
- print CFILE " $a[0]";
+ print " $a[0]";
if( $j+1 != @ob ) {
- print CFILE ", ";
+ print ", ";
}
}
- print CFILE "\n};\n";
+ print "\n};\n";
if( 0 == $i ) {
- print CFILE "#endif /* DEBUG */\n";
+ print "#endif /* DEBUG */\n";
}
}
for( $i = 0; $i <= $count; $i++ ) {
if( 0 == $i ) {
- print CFILE "#ifdef DEBUG\n";
+ print "#ifdef DEBUG\n";
}
- print CFILE "static const NSSItem nss_builtins_items_$i [] = {\n";
+ print "static const NSSItem nss_builtins_items_$i [] = {\n";
$o = $objects[$i];
my @ob = @{$o};
my $j;
for( $j = 0; $j < @ob; $j++ ) {
my $l = $ob[$j];
my @a = @{$l};
- print CFILE " { (void *)$a[1], (PRUint32)$a[2] }";
+ print " { (void *)$a[1], (PRUint32)$a[2] }";
if( $j+1 != @ob ) {
- print CFILE ",\n";
+ print ",\n";
} else {
- print CFILE "\n";
+ print "\n";
}
}
- print CFILE "};\n";
+ print "};\n";
if( 0 == $i ) {
- print CFILE "#endif /* DEBUG */\n";
+ print "#endif /* DEBUG */\n";
}
}
-print CFILE "\nbuiltinsInternalObject\n";
-print CFILE "nss_builtins_data[] = {\n";
+print "\nbuiltinsInternalObject\n";
+print "nss_builtins_data[] = {\n";
for( $i = 0; $i <= $count; $i++ ) {