[nss-softokn] - Update to NSS_3_13_RC0
Elio Maldonado
emaldonado at fedoraproject.org
Sat Oct 8 17:21:21 UTC 2011
commit 8a852a4bab41dc686bf7161215556ae5e1798636
Author: Elio Maldonado <emaldona at redhat.com>
Date: Sat Oct 8 10:20:39 2011 -0700
- Update to NSS_3_13_RC0
- split script copies util headers until next update
- Remove unwanted util headers from the install
- Update the prelink patch for new sources
- Update the tests related patches for new sources
- Disable excuting tests until next update
.gitignore | 2 +-
nss-softokn-3.12.4-prelink.patch | 67 +--
nss-softokn.spec | 77 +++-
softoken-minimal-test-dependencies.patch | 868 ++++++++++++++++++++++--------
sources | 2 +-
temporary-rebase.patch | 34 ++
6 files changed, 748 insertions(+), 302 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 2782aa8..e2e0b52 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-nss-softokn-3.12.11-stripped.tar.bz2
+nss-softokn-3.13-stripped.tar.bz2
diff --git a/nss-softokn-3.12.4-prelink.patch b/nss-softokn-3.12.4-prelink.patch
index 6480a28..07358c6 100644
--- a/nss-softokn-3.12.4-prelink.patch
+++ b/nss-softokn-3.12.4-prelink.patch
@@ -1,28 +1,18 @@
diff -up mozilla/security/nss/lib/freebl/stubs.c.prelink mozilla/security/nss/lib/freebl/stubs.c
---- mozilla/security/nss/lib/freebl/stubs.c.prelink 2011-03-30 11:39:44.000000000 -0700
-+++ mozilla/security/nss/lib/freebl/stubs.c 2011-04-25 18:20:24.013948568 -0700
-@@ -70,6 +70,7 @@
- #include <secport.h>
- #include <secitem.h>
- #include <blapi.h>
-+#include <private/pprio.h>
-
- #define FREEBL_NO_WEAK 1
-
-@@ -162,6 +163,8 @@ STUB_DECLARE(PRStatus,PR_NotifyCondVar,(
- STUB_DECLARE(PRStatus,PR_NotifyAllCondVar,(PRCondVar *cvar));
- STUB_DECLARE(PRFileDesc *,PR_Open,(const char *name, PRIntn flags,
- PRIntn mode));
+--- mozilla/security/nss/lib/freebl/stubs.c.prelink 2011-03-29 18:20:12.000000000 -0700
++++ mozilla/security/nss/lib/freebl/stubs.c 2011-10-07 10:02:54.851452105 -0700
+@@ -156,6 +156,7 @@ STUB_DECLARE(void,PR_DestroyCondVar,(PRC
+ STUB_DECLARE(void,PR_Free,(void *ptr));
+ STUB_DECLARE(char * ,PR_GetLibraryFilePathname,(const char *name,
+ PRFuncPtr addr));
+STUB_DECLARE(PRFileDesc *,PR_ImportFile,(PROsfd osfd));
-+STUB_DECLARE(PRFileDesc *,PR_ImportPipe,(PROsfd osfd));
- STUB_DECLARE(PRInt32,PR_Read,(PRFileDesc *fd, void *buf, PRInt32 amount));
- STUB_DECLARE(PROffset32,PR_Seek,(PRFileDesc *fd, PROffset32 offset,
- PRSeekWhence whence));
-@@ -303,6 +306,34 @@ PR_Open_stub(const char *name, PRIntn fl
- return (PRFileDesc *)lfd;
+ STUB_DECLARE(PRFileDesc *,PR_ImportPipe,(PROsfd osfd));
+ STUB_DECLARE(void,PR_Lock,(PRLock *lock));
+ STUB_DECLARE(PRCondVar *,PR_NewCondVar,(PRLock *lock));
+@@ -307,6 +308,20 @@ PR_Open_stub(const char *name, PRIntn fl
}
-+extern PRFileDesc *
+ extern PRFileDesc *
+PR_ImportFile_stub(PROsfd fd)
+{
+ int *lfd = NULL;
@@ -37,41 +27,14 @@ diff -up mozilla/security/nss/lib/freebl/stubs.c.prelink mozilla/security/nss/li
+}
+
+extern PRFileDesc *
-+PR_ImportPipe_stub(PROsfd fd)
-+{
-+ int *lfd = NULL;
-+
-+ STUB_SAFE_CALL1(PR_ImportPipe, fd);
-+
-+ lfd = PORT_New_stub(int);
-+ if (lfd != NULL) {
-+ *lfd = fd;
-+ }
-+ return (PRFileDesc *)lfd;
-+}
-+
- extern PRStatus
- PR_Close_stub(PRFileDesc *fd)
+ PR_ImportPipe_stub(PROsfd fd)
{
-@@ -549,6 +580,8 @@ freebl_InitNSPR(void *lib)
+ int *lfd = NULL;
+@@ -566,6 +581,7 @@ freebl_InitNSPR(void *lib)
{
STUB_FETCH_FUNCTION(PR_Free);
STUB_FETCH_FUNCTION(PR_Open);
+ STUB_FETCH_FUNCTION(PR_ImportFile);
-+ STUB_FETCH_FUNCTION(PR_ImportPipe);
+ STUB_FETCH_FUNCTION(PR_ImportPipe);
STUB_FETCH_FUNCTION(PR_Close);
STUB_FETCH_FUNCTION(PR_Read);
- STUB_FETCH_FUNCTION(PR_Seek);
-diff -up mozilla/security/nss/lib/freebl/stubs.h.prelink mozilla/security/nss/lib/freebl/stubs.h
---- mozilla/security/nss/lib/freebl/stubs.h.prelink 2011-04-25 18:16:32.075083232 -0700
-+++ mozilla/security/nss/lib/freebl/stubs.h 2011-04-25 18:19:48.109634458 -0700
-@@ -84,6 +84,8 @@
- #define PR_NotifyCondVar PR_NotifyCondVar_stub
- #define PR_NotifyAllCondVar PR_NotifyAllCondVar_stub
- #define PR_Open PR_Open_stub
-+#define PR_ImportFile PR_ImportFile_stub
-+#define PR_ImportPipe PR_ImportPipe_stub
- #define PR_Read PR_Read_stub
- #define PR_Seek PR_Seek_stub
- #define PR_Sleep PR_Sleep_stub
-diff -up mozilla/security/nss/lib/freebl/stubs.prelink mozilla/security/nss/lib/freebl/stubs
diff --git a/nss-softokn.spec b/nss-softokn.spec
index e008154..5a98949 100644
--- a/nss-softokn.spec
+++ b/nss-softokn.spec
@@ -1,6 +1,6 @@
-%global nspr_version 4.8.9
+%global nspr_version 4.9
%global nss_name nss
-%global nss_util_version 3.12.11
+%global nss_util_version 3.13
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global saved_files_dir %{_libdir}/nss/saved
@@ -16,8 +16,8 @@
Summary: Network Security Services Softoken Module
Name: nss-softokn
-Version: 3.12.11
-Release: 3%{?dist}
+Version: 3.13
+Release: 0.1%{?dist}.rc0.1
License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -51,6 +51,7 @@ Source3: nss-softokn-config.in
Patch2: nss-softokn-3.12.4-prelink.patch
Patch4: softoken-minimal-test-dependencies.patch
+Patch5: temporary-rebase.patch
%description
Network Security Services Softoken Cryptographic Module
@@ -100,9 +101,15 @@ Header and Library files for doing development with Network Security Services.
%prep
%setup -q
+#cp ./mozilla/security/nss/lib/util/seccomon.h ./mozilla/security/nss/freebl
+
%patch2 -p0 -b .prelink
-%patch4 -p0 -b .crypto
+# FIXME uncomment these when we are ready
+# to resume testing of part of the build
+#%patch4 -p0 -b .crypto
+#%patch5 -p0 -b .temporary
+#rm -rf ./mozilla/security/nss/lib/util
%build
@@ -136,11 +143,14 @@ NSPR_LIB_DIR=`/usr/bin/pkg-config --libs-only-L nspr | sed 's/-L//'`
export NSPR_INCLUDE_DIR
export NSPR_LIB_DIR
-NSSUTIL_INCLUDE_DIR=`/usr/bin/pkg-config --cflags-only-I nss-util | sed 's/-I//'`
-NSSUTIL_LIB_DIR=%{_libdir}
-
-export NSSUTIL_INCLUDE_DIR
-export NSSUTIL_LIB_DIR
+# FIXME Change NSSUTIL_INCLUDE_DIR_LAST back to NSSUTIL_INCLUDE_DIR
+# when we are ready for it again. This is diabled because the headers
+# in the sytem are the old ones and they have changes with 3.13
+# The -I$NSSUTIL_INCLUDE_DIR appears first in list and the sytem headers
+# get selected instead of the ones in the tree. We can use gcc's -iquote
+# as CFLAGS += -iquote${NSSUTIL_INCLUDE_DIR_LAST} and have it included last
+export NSSUTIL_INCLUDE_DIR_LAST=`/usr/bin/pkg-config --cflags-only-I nss-util | sed 's/-I//'`
+export NSSUTIL_LIB_DIR=%{_libdir}
NSS_USE_SYSTEM_SQLITE=1
export NSS_USE_SYSTEM_SQLITE
@@ -172,8 +182,8 @@ SOFTOKEN_VMAJOR=`cat mozilla/security/nss/lib/softoken/softkver.h | grep "#defin
SOFTOKEN_VMINOR=`cat mozilla/security/nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMINOR" | awk '{print $3}'`
SOFTOKEN_VPATCH=`cat mozilla/security/nss/lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VPATCH" | awk '{print $3}'`
-export SOFTOKEN_VMAJOR
-export SOFTOKEN_VMINOR
+export SOFTOKEN_VMAJOR
+export SOFTOKEN_VMINOR
export SOFTOKEN_VPATCH
%{__cat} %{SOURCE3} | sed -e "s, at libdir@,%{_libdir},g" \
@@ -233,11 +243,13 @@ cd ./mozilla/security/nss/tests/
%global nss_ssl_tests " "
%global nss_ssl_run " "
-HOST=localhost DOMSUF=localdomain PORT=$MYRAND NSS_CYCLES=%{?nss_cycles} NSS_TESTS=%{?nss_tests} NSS_SSL_TESTS=%{?nss_ssl_tests} NSS_SSL_RUN=%{?nss_ssl_run} ./all.sh
+# FIXME uncomment thse when we are ready
+# to resume testing of part of the build
+#HOST=localhost DOMSUF=localdomain PORT=$MYRAND NSS_CYCLES=%{?nss_cycles} NSS_TESTS=%{?nss_tests} NSS_SSL_TESTS=%{?nss_ssl_tests} NSS_SSL_RUN=%{?nss_ssl_run} ./all.sh
cd ../../../../
-killall $RANDSERV || :
+#killall $RANDSERV || :
TEST_FAILURES=`grep -c FAILED ./mozilla/tests_results/security/localhost.1/output.log` || :
# test suite is failing on arm and has for awhile let's run the test suite but make it non fatal on arm
@@ -312,6 +324,40 @@ done
%{__install} -p -m 644 ./mozilla/dist/pkgconfig/nss-softokn.pc $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/nss-softokn.pc
%{__install} -p -m 755 ./mozilla/dist/pkgconfig/nss-softokn-config $RPM_BUILD_ROOT/%{_bindir}/nss-softokn-config
+# this is temporary until the new version of nss-util-devel is installed
+# remove the nss-util-devel headers
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/base64.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/ciferfam.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssb64.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssb64t.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslocks.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssilock.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssilckt.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssrwlk.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssrwlkt.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nssutil.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11f.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11n.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11p.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11t.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/pkcs11u.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/portreg.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secasn1.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secasn1t.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/seccomon.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secder.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secdert.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secdig.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secdigt.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secerr.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secitem.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secoid.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secoidt.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secport.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/utilrename.h
+
+
%clean
%{__rm} -rf $RPM_BUILD_ROOT
@@ -371,6 +417,9 @@ done
%{_includedir}/nss3/shsign.h
%changelog
+* Sat Oct 08 2011 Elio Maldonado <emaldona at redhat.com> - 3.13-0.rc0.1
+- Update to NSS_3_13_RC0
+
* Thu Sep 8 2011 Ville Skyttä <ville.skytta at iki.fi> - 3.12.11-3
- Avoid %%post/un shell invocations and dependencies.
diff --git a/softoken-minimal-test-dependencies.patch b/softoken-minimal-test-dependencies.patch
index a0c12d7..b7bd3e6 100644
--- a/softoken-minimal-test-dependencies.patch
+++ b/softoken-minimal-test-dependencies.patch
@@ -1,21 +1,7 @@
-diff -up ./mozilla/security/nss/cmd/lib/manifest.mn.crypto ./mozilla/security/nss/cmd/lib/manifest.mn
---- ./mozilla/security/nss/cmd/lib/manifest.mn.crypto 2009-03-30 16:40:51.000000000 -0700
-+++ ./mozilla/security/nss/cmd/lib/manifest.mn 2011-08-09 16:31:01.940756000 -0700
-@@ -36,7 +36,7 @@
- # ***** END LICENSE BLOCK *****
- CORE_DEPTH = ../../..
-
--LIBRARY_NAME = sectool
-+LIBRARY_NAME = sectoolcrypto
-
- # MODULE public and private header directories are implicitly REQUIRED.
- MODULE = nss
-@@ -46,17 +46,11 @@ DEFINES = -DNSPR20
- PRIVATE_EXPORTS = secutil.h \
- NSPRerrs.h \
- SECerrs.h \
-- SSLerrs.h \
- pk11table.h \
+diff -up mozilla/security/nss/cmd/lib/manifest.mn.crypto mozilla/security/nss/cmd/lib/manifest.mn
+--- mozilla/security/nss/cmd/lib/manifest.mn.crypto 2011-09-16 12:16:50.000000000 -0700
++++ mozilla/security/nss/cmd/lib/manifest.mn 2011-10-07 21:26:36.015938933 -0700
+@@ -48,11 +48,6 @@ PRIVATE_EXPORTS = secutil.h \
$(NULL)
CSRCS = secutil.c \
@@ -23,42 +9,23 @@ diff -up ./mozilla/security/nss/cmd/lib/manifest.mn.crypto ./mozilla/security/ns
- derprint.c \
- moreoids.c \
- pppolicy.c \
- secerror.c \
- ffs.c \
pk11table.c \
$(NULL)
-diff -up ./mozilla/security/nss/cmd/lib/secerror.c.crypto ./mozilla/security/nss/cmd/lib/secerror.c
---- ./mozilla/security/nss/cmd/lib/secerror.c.crypto 2004-04-25 08:02:46.000000000 -0700
-+++ ./mozilla/security/nss/cmd/lib/secerror.c 2011-08-09 16:31:01.943755000 -0700
-@@ -46,12 +46,10 @@ typedef struct tuple_str tuple_str;
- #define ER3(a,b,c) {a, c},
-
- #include "secerr.h"
--#include "sslerr.h"
-
- const tuple_str errStrings[] = {
+diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/lib/secutil.c
+--- mozilla/security/nss/cmd/lib/secutil.c.crypto 2011-09-16 12:16:50.000000000 -0700
++++ mozilla/security/nss/cmd/lib/secutil.c 2011-10-07 21:31:05.678457483 -0700
+@@ -50,8 +50,6 @@
- /* keep this list in asceding order of error numbers */
--#include "SSLerrs.h"
- #include "SECerrs.h"
- #include "NSPRerrs.h"
-
-diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/cmd/lib/secutil.c
---- ./mozilla/security/nss/cmd/lib/secutil.c.crypto 2011-05-07 11:30:45.000000000 -0700
-+++ ./mozilla/security/nss/cmd/lib/secutil.c 2011-08-09 16:38:03.146334000 -0700
-@@ -48,10 +48,7 @@
- #include "prenv.h"
- #include "prnetdb.h"
-
--#include "cryptohi.h"
+ #include "cryptohi.h"
#include "secutil.h"
-#include "secpkcs7.h"
-#include "secpkcs5.h"
#include <stdarg.h>
#if !defined(_WIN32_WCE)
#include <sys/stat.h>
-@@ -62,15 +59,11 @@
+@@ -62,37 +60,20 @@
#include <unistd.h>
#endif
@@ -70,26 +37,58 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
-/* #include "secmod.h" */
-#include "pk11func.h"
#include "secoid.h"
-
-+extern long DER_GetInteger(SECItem *src);
-+
-+/*
- static char consoleName[] = {
- #ifdef XP_UNIX
- "/dev/tty"
-@@ -82,7 +75,7 @@ static char consoleName[] = {
- #endif
- #endif
- };
-
-+*/
+-static char consoleName[] = {
+-#ifdef XP_UNIX
+- "/dev/tty"
+-#else
+-#ifdef XP_OS2
+- "\\DEV\\CON"
+-#else
+- "CON:"
+-#endif
+-#endif
+-};
++#include "secoidt.h"
- char *
- SECU_GetString(int16 error_number)
-@@ -157,436 +150,6 @@ secu_ClearPassword(char *p)
- }
+ #include "nssutil.h"
+-#include "ssl.h"
+
++void
++SECU_Indent(FILE *out, int level);
+
+ void
+ SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...)
+ {
+ va_list args;
+ PRErrorCode err = PORT_GetError();
+- const char * errString = SECU_Strerror(err);
++ const char * errString = PORT_ErrorToString(err);
+
+ va_start(args, msg);
+
+@@ -112,7 +93,7 @@ SECU_PrintError(char *progName, char *ms
+ {
+ va_list args;
+ PRErrorCode err = PORT_GetError();
+- const char * errString = SECU_Strerror(err);
++ const char * errString = PORT_ErrorToString(err);
+
+ va_start(args, msg);
+
+@@ -142,445 +123,6 @@ SECU_PrintSystemError(char *progName, ch
+ va_end(args);
}
+-static void
+-secu_ClearPassword(char *p)
+-{
+- if (p) {
+- PORT_Memset(p, 0, PORT_Strlen(p));
+- PORT_Free(p);
+- }
+-}
+-
-char *
-SECU_GetPasswordString(void *arg, char *prompt)
-{
@@ -523,7 +522,7 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
SECStatus
secu_StdinToItem(SECItem *dst)
-@@ -709,64 +272,6 @@ loser:
+@@ -703,64 +245,6 @@ loser:
return SECFailure;
}
@@ -588,7 +587,19 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
#define INDENT_MULT 4
void
-@@ -981,2433 +486,93 @@ SECU_PrintInteger(FILE *out, SECItem *i,
+@@ -931,6 +415,11 @@ SECU_StripTagAndLength(SECItem *i)
+ return SECSuccess;
+ }
+
++/* Revert #define DER_GetInteger DER_GetInteger_Util */
++#ifdef DER_GetInteger
++#define DER_GetInteger_Util DER_GetInteger
++extern long DER_GetInteger(SECItem *src);
++#endif
+
+ /* This expents i->data[0] to be the MSB of the integer.
+ ** if you want to print a DER-encoded integer (with the tag and length)
+@@ -975,2493 +464,63 @@ SECU_PrintInteger(FILE *out, SECItem *i,
}
static void
@@ -632,108 +643,75 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
-void
-SECU_PrintString(FILE *out, SECItem *si, char *m, int level)
-+static void
-+secu_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
- {
+-{
- SECItem my = *si;
-
- if (SECSuccess != SECU_StripTagAndLength(&my) || !my.len)
- return;
- secu_PrintRawString(out, &my, m, level);
-+ SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-+ SECU_PrintInteger(out, &pk->u.dsa.params.prime, "Prime", level+1);
-+ SECU_PrintInteger(out, &pk->u.dsa.params.subPrime, "Subprime", level+1);
-+ SECU_PrintInteger(out, &pk->u.dsa.params.base, "Base", level+1);
-+ SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level+1);
- }
-
+-}
+-
-/* print an unencoded boolean */
-+#ifdef NSS_ENABLE_ECC
static void
-secu_PrintBoolean(FILE *out, SECItem *i, const char *m, int level)
-+secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
++secu_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
{
- int val = 0;
-
- if ( i->data && i->len ) {
- val = i->data[0];
- }
-+ SECItem curveOID = { siBuffer, NULL, 0};
-
+-
- if (!m) {
- m = "Boolean";
-+ SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-+ SECU_PrintInteger(out, &pk->u.ec.publicValue, "PublicValue", level+1);
-+ /* For named curves, the DEREncodedParams field contains an
-+ * ASN Object ID (0x06 is SEC_ASN1_OBJECT_ID).
-+ */
-+ if ((pk->u.ec.DEREncodedParams.len > 2) &&
-+ (pk->u.ec.DEREncodedParams.data[0] == 0x06)) {
-+ curveOID.len = pk->u.ec.DEREncodedParams.data[1];
-+ curveOID.data = pk->u.ec.DEREncodedParams.data + 2;
-+ SECU_PrintObjectID(out, &curveOID, "Curve", level +1);
- }
+- }
- SECU_Indent(out, level);
- fprintf(out, "%s: %s\n", m, (val ? "True" : "False"));
++ SECU_Indent(out, level); fprintf(out, "%s:\n", m);
++ SECU_PrintInteger(out, &pk->u.dsa.params.prime, "Prime", level+1);
++ SECU_PrintInteger(out, &pk->u.dsa.params.subPrime, "Subprime", level+1);
++ SECU_PrintInteger(out, &pk->u.dsa.params.base, "Base", level+1);
++ SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level+1);
}
-+#endif /* NSS_ENABLE_ECC */
-/*
- * Format and print "time". If the tag message "m" is not NULL,
- * do indent formatting based on "level" and add a newline afterward;
- * otherwise just print the formatted time string only.
- */
--static void
++#ifdef NSS_ENABLE_ECC
+ static void
-secu_PrintTime(FILE *out, int64 time, char *m, int level)
--{
++secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
+ {
- PRExplodedTime printableTime;
- char *timeString;
-
+-
- /* Convert to local time */
- PR_ExplodeTime(time, PR_GMTParameters, &printableTime);
-+SECStatus
-+SECU_ParseCommandLine(int argc, char **argv, char *progName,
-+ const secuCommand *cmd)
-+{
-+ PRBool found;
-+ PLOptState *optstate;
-+ PLOptStatus status;
-+ char *optstring;
-+ PLLongOpt *longopts = NULL;
-+ int i, j;
-+ int lcmd = 0, lopt = 0;
-
+-
- timeString = PORT_Alloc(256);
- if (timeString == NULL)
- return;
-+ PR_ASSERT(HasNoDuplicates(cmd->commands, cmd->numCommands));
-+ PR_ASSERT(HasNoDuplicates(cmd->options, cmd->numOptions));
-
+-
- if (m != NULL) {
- SECU_Indent(out, level);
- fprintf(out, "%s: ", m);
-+ optstring = (char *)PORT_Alloc(cmd->numCommands + 2*cmd->numOptions+1);
-+ if (optstring == NULL)
-+ return SECFailure;
-+
-+ j = 0;
-+ for (i=0; i<cmd->numCommands; i++) {
-+ if (cmd->commands[i].flag) /* single character option ? */
-+ optstring[j++] = cmd->commands[i].flag;
-+ if (cmd->commands[i].longform)
-+ lcmd++;
- }
--
+- }
++ SECItem curveOID = { siBuffer, NULL, 0};
+
- if (PR_FormatTime(timeString, 256, "%a %b %d %H:%M:%S %Y", &printableTime)) {
- fputs(timeString, out);
-+ for (i=0; i<cmd->numOptions; i++) {
-+ if (cmd->options[i].flag) {
-+ optstring[j++] = cmd->options[i].flag;
-+ if (cmd->options[i].needsArg)
-+ optstring[j++] = ':';
-+ }
-+ if (cmd->options[i].longform)
-+ lopt++;
++ SECU_Indent(out, level); fprintf(out, "%s:\n", m);
++ SECU_PrintInteger(out, &pk->u.ec.publicValue, "PublicValue", level+1);
++ /* For named curves, the DEREncodedParams field contains an
++ * ASN Object ID (0x06 is SEC_ASN1_OBJECT_ID).
++ */
++ if ((pk->u.ec.DEREncodedParams.len > 2) &&
++ (pk->u.ec.DEREncodedParams.data[0] == 0x06)) {
++ curveOID.len = pk->u.ec.DEREncodedParams.data[1];
++ curveOID.data = pk->u.ec.DEREncodedParams.data + 2;
++ SECU_PrintObjectID(out, &curveOID, "Curve", level +1);
}
-
- if (m != NULL)
@@ -758,8 +736,9 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
- return;
-
- secu_PrintTime(out, time, m, level);
--}
--
+ }
++#endif /* NSS_ENABLE_ECC */
+
-/*
- * Format and print the Generalized Time "t". If the tag message "m"
- * is not NULL, * do indent formatting based on "level" and add a newline
@@ -778,7 +757,7 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
-
- secu_PrintTime(out, time, m, level);
-}
--
+
-/*
- * Format and print the UTC or Generalized Time "t". If the tag message
- * "m" is not NULL, do indent formatting based on "level" and add a newline
@@ -786,7 +765,10 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
- */
-void
-SECU_PrintTimeChoice(FILE *out, SECItem *t, char *m, int level)
--{
++SECStatus
++SECU_ParseCommandLine(int argc, char **argv, char *progName,
++ const secuCommand *cmd)
+ {
- switch (t->type) {
- case siUTCTime:
- SECU_PrintUTCTime(out, t, m, level);
@@ -801,7 +783,14 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
- break;
- }
-}
--
++ PRBool found;
++ PLOptState *optstate;
++ PLOptStatus status;
++ char *optstring;
++ PLLongOpt *longopts = NULL;
++ int i, j;
++ int lcmd = 0, lopt = 0;
+
-
-/* This prints a SET or SEQUENCE */
-void
@@ -1186,6 +1175,70 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
-};
-
-void
+-secu_PrintRSAPSSParams(FILE *out, SECItem *value, char *m, int level)
+-{
+- PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+- SECStatus rv;
+- SECKEYRSAPSSParams param;
+- SECAlgorithmID maskHashAlg;
+-
+- if (m) {
+- SECU_Indent(out, level);
+- fprintf (out, "%s:\n", m);
+- }
+-
+- if (!pool) {
+- SECU_Indent(out, level);
+- fprintf(out, "Out of memory\n");
+- return;
+- }
+-
+- PORT_Memset(¶m, 0, sizeof param);
+-
+- rv = SEC_QuickDERDecodeItem(pool, ¶m,
+- SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate),
+- value);
+- if (rv == SECSuccess) {
+- if (!param.hashAlg) {
+- SECU_Indent(out, level+1);
+- fprintf(out, "Hash algorithm: default, SHA-1\n");
+- } else {
+- SECU_PrintObjectID(out, ¶m.hashAlg->algorithm,
+- "Hash algorithm", level+1);
+- }
+- if (!param.maskAlg) {
+- SECU_Indent(out, level+1);
+- fprintf(out, "Mask algorithm: default, MGF1\n");
+- SECU_Indent(out, level+1);
+- fprintf(out, "Mask hash algorithm: default, SHA-1\n");
+- } else {
+- SECU_PrintObjectID(out, ¶m.maskAlg->algorithm,
+- "Mask algorithm", level+1);
+- rv = SEC_QuickDERDecodeItem(pool, &maskHashAlg,
+- SEC_ASN1_GET(SECOID_AlgorithmIDTemplate),
+- ¶m.maskAlg->parameters);
+- if (rv == SECSuccess) {
+- SECU_PrintObjectID(out, &maskHashAlg.algorithm,
+- "Mask hash algorithm", level+1);
+- } else {
+- SECU_Indent(out, level+1);
+- fprintf(out, "Invalid mask generation algorithm parameters\n");
+- }
+- }
+- if (!param.saltLength.data) {
+- SECU_Indent(out, level+1);
+- fprintf(out, "Salt length: default, %i (0x%2X)\n", 20, 20);
+- } else {
+- SECU_PrintInteger(out, ¶m.saltLength, "Salt Length", level+1);
+- }
+- } else {
+- SECU_Indent(out, level+1);
+- fprintf(out, "Invalid RSA-PSS parameters\n");
+- }
+- PORT_FreeArena(pool, PR_FALSE);
+-}
+-
+-void
-secu_PrintKDF2Params(FILE *out, SECItem *value, char *m, int level)
-{
- PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
@@ -1295,7 +1348,11 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
- }
- return;
- }
--
+-
+- if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
+- secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level+1);
+- return;
+- }
-
- if (a->parameters.len == 0
- || (a->parameters.len == 2
@@ -2054,7 +2111,7 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
- if (!(flags & CERTDB_TRUSTED_CA) &&
- !(flags & CERTDB_TRUSTED_CLIENT_CA))
- PORT_Strcat(trusts, "c");
-- if (flags & CERTDB_VALID_PEER)
+- if (flags & CERTDB_TERMINAL_RECORD)
- if (!(flags & CERTDB_TRUSTED))
- PORT_Strcat(trusts, "p");
- if (flags & CERTDB_TRUSTED_CA)
@@ -2879,8 +2936,8 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
-void
-printFlags(FILE *out, unsigned int flags, int level)
-{
-- if ( flags & CERTDB_VALID_PEER ) {
-- SECU_Indent(out, level); fprintf(out, "Valid Peer\n");
+- if ( flags & CERTDB_TERMINAL_RECORD ) {
+- SECU_Indent(out, level); fprintf(out, "Terminal Record\n");
- }
- if ( flags & CERTDB_TRUSTED ) {
- SECU_Indent(out, level); fprintf(out, "Trusted\n");
@@ -2920,6 +2977,29 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
- printFlags(out, trust->objectSigningFlags, level+2);
-}
-
+-int SECU_PrintDERName(FILE *out, SECItem *der, const char *m, int level)
+-{
+- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+- CERTName *name;
+- int rv = SEC_ERROR_NO_MEMORY;
+-
+- if (!arena)
+- return rv;
+-
+- name = PORT_ArenaZNew(arena, CERTName);
+- if (!name)
+- goto loser;
+-
+- rv = SEC_ASN1DecodeItem(arena, name, SEC_ASN1_GET(CERT_NameTemplate), der);
+- if (rv)
+- goto loser;
+-
+- SECU_PrintName(out, name, m, level);
+-loser:
+- PORT_FreeArena(arena, PR_FALSE);
+- return rv;
+-}
+-
-int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m,
- int level, SECU_PPFunc inner)
-{
@@ -2951,7 +3031,6 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
-loser:
- PORT_FreeArena(arena, PR_FALSE);
- return rv;
--
-}
-
-SECStatus
@@ -3048,74 +3127,12 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
-
- PR_ASSERT(HasNoDuplicates(cmd->commands, cmd->numCommands));
- PR_ASSERT(HasNoDuplicates(cmd->options, cmd->numOptions));
--
-- optstring = (char *)PORT_Alloc(cmd->numCommands + 2*cmd->numOptions+1);
-- if (optstring == NULL)
-- return SECFailure;
--
-- j = 0;
-- for (i=0; i<cmd->numCommands; i++) {
-- if (cmd->commands[i].flag) /* single character option ? */
-- optstring[j++] = cmd->commands[i].flag;
-- if (cmd->commands[i].longform)
-- lcmd++;
-- }
-- for (i=0; i<cmd->numOptions; i++) {
-- if (cmd->options[i].flag) {
-- optstring[j++] = cmd->options[i].flag;
-- if (cmd->options[i].needsArg)
-- optstring[j++] = ':';
-- }
-- if (cmd->options[i].longform)
-- lopt++;
-- }
--
-- optstring[j] = '\0';
--
-- if (lcmd + lopt > 0) {
-- longopts = PORT_NewArray(PLLongOpt, lcmd+lopt+1);
-- if (!longopts) {
-- PORT_Free(optstring);
-- return SECFailure;
-- }
-+
-+ optstring[j] = '\0';
-+
-+ if (lcmd + lopt > 0) {
-+ longopts = PORT_NewArray(PLLongOpt, lcmd+lopt+1);
-+ if (!longopts) {
-+ PORT_Free(optstring);
-+ return SECFailure;
-+ }
-
- j = 0;
- for (i=0; j<lcmd && i<cmd->numCommands; i++) {
-@@ -3560,24 +725,6 @@ SECU_ErrorStringRaw(int16 err)
- sprintf(SECUErrorBuf, "Untrusted certificate");
- else if (err == SEC_ERROR_UNTRUSTED_ISSUER)
- sprintf(SECUErrorBuf, "Untrusted issuer");
-- else if (err == SSL_ERROR_BAD_CERTIFICATE)
-- sprintf(SECUErrorBuf, "Bad certificate");
-- else if (err == SSL_ERROR_BAD_CLIENT)
-- sprintf(SECUErrorBuf, "Bad client");
-- else if (err == SSL_ERROR_BAD_SERVER)
-- sprintf(SECUErrorBuf, "Bad server");
-- else if (err == SSL_ERROR_EXPORT_ONLY_SERVER)
-- sprintf(SECUErrorBuf, "Export only server");
-- else if (err == SSL_ERROR_NO_CERTIFICATE)
-- sprintf(SECUErrorBuf, "No certificate");
-- else if (err == SSL_ERROR_NO_CYPHER_OVERLAP)
-- sprintf(SECUErrorBuf, "No cypher overlap");
-- else if (err == SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE)
-- sprintf(SECUErrorBuf, "Unsupported certificate type");
-- else if (err == SSL_ERROR_UNSUPPORTED_VERSION)
-- sprintf(SECUErrorBuf, "Unsupported version");
-- else if (err == SSL_ERROR_US_ONLY_SERVER)
-- sprintf(SECUErrorBuf, "U.S. only server");
- else if (err == PR_IO_ERROR)
- sprintf(SECUErrorBuf, "I/O error");
++ PR_ASSERT(HasNoDuplicates(cmd->commands, cmd->numCommands));
++ PR_ASSERT(HasNoDuplicates(cmd->options, cmd->numOptions));
-@@ -3644,144 +791,6 @@ SECU_PrintPRandOSError(char *progName)
+ optstring = (char *)PORT_Alloc(cmd->numCommands + 2*cmd->numOptions+1);
+ if (optstring == NULL)
+@@ -3611,144 +670,6 @@ SECU_PrintPRandOSError(char *progName)
}
@@ -3187,8 +3204,8 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
- }
- }
- }
-- fprintf(outfile," ERROR %ld: %s\n", node->error,
-- SECU_Strerror(node->error));
+- fprintf(outfile, " ERROR %ld: %s\n", node->error,
+- SECU_Strerror(node->error));
- errstr = NULL;
- switch (node->error) {
- case SEC_ERROR_INADEQUATE_KEY_USAGE:
@@ -3260,7 +3277,7 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
SECOidTag
SECU_StringToSignatureAlgTag(const char *alg)
{
-@@ -3807,232 +816,6 @@ SECU_StringToSignatureAlgTag(const char
+@@ -3774,299 +695,6 @@ SECU_StringToSignatureAlgTag(const char
return hashAlgTag;
}
@@ -3490,13 +3507,13 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
-
-#endif
-
- /*
- * Find the issuer of a Crl. Use the authorityKeyID if it exists.
- */
-@@ -4040,64 +823,6 @@ CERTCertificate *
- SECU_FindCrlIssuer(CERTCertDBHandle *dbhandle, SECItem* subject,
- CERTAuthKeyID* authorityKeyID, PRTime validTime)
- {
+-/*
+- * Find the issuer of a Crl. Use the authorityKeyID if it exists.
+- */
+-CERTCertificate *
+-SECU_FindCrlIssuer(CERTCertDBHandle *dbhandle, SECItem* subject,
+- CERTAuthKeyID* authorityKeyID, PRTime validTime)
+-{
- CERTCertificate *issuerCert = NULL;
- CERTCertList *certList = NULL;
-
@@ -3555,10 +3572,12 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
- } while (0);
-
- return (rv);
- }
-
+-}
+-
/* Caller ensures that dst is at least item->len*2+1 bytes long */
-@@ -4163,39 +888,3 @@ SECU_SECItemHexStringToBinary(SECItem* s
+ void
+ SECU_SECItemToHex(const SECItem * item, char * dst)
+@@ -4130,39 +758,3 @@ SECU_SECItemHexStringToBinary(SECItem* s
return SECSuccess;
}
@@ -3598,10 +3617,388 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
-}
-
-
-diff -up ./mozilla/security/nss/cmd/manifest.mn.crypto ./mozilla/security/nss/cmd/manifest.mn
---- ./mozilla/security/nss/cmd/manifest.mn.crypto 2009-11-06 21:57:40.000000000 -0800
-+++ ./mozilla/security/nss/cmd/manifest.mn 2011-08-09 16:31:01.954757000 -0700
-@@ -41,45 +41,8 @@ DEPTH = ../..
+diff -up mozilla/security/nss/cmd/lib/secutil.h.crypto mozilla/security/nss/cmd/lib/secutil.h
+--- mozilla/security/nss/cmd/lib/secutil.h.crypto 2011-09-16 12:16:50.000000000 -0700
++++ mozilla/security/nss/cmd/lib/secutil.h 2011-10-07 21:26:36.019938985 -0700
+@@ -38,118 +38,14 @@
+
+ #include "seccomon.h"
+ #include "secitem.h"
++#include "secoid.h"
++#include "secoidt.h"
+ #include "secport.h"
+ #include "prerror.h"
+ #include "base64.h"
+-#include "key.h"
+-#include "secpkcs7.h"
+-#include "secasn1.h"
+-#include "secder.h"
++/*#include "key.h"*/
+ #include <stdio.h>
+
+-#define SEC_CT_PRIVATE_KEY "private-key"
+-#define SEC_CT_PUBLIC_KEY "public-key"
+-#define SEC_CT_CERTIFICATE "certificate"
+-#define SEC_CT_CERTIFICATE_REQUEST "certificate-request"
+-#define SEC_CT_PKCS7 "pkcs7"
+-#define SEC_CT_CRL "crl"
+-#define SEC_CT_NAME "name"
+-
+-#define NS_CERTREQ_HEADER "-----BEGIN NEW CERTIFICATE REQUEST-----"
+-#define NS_CERTREQ_TRAILER "-----END NEW CERTIFICATE REQUEST-----"
+-
+-#define NS_CERT_HEADER "-----BEGIN CERTIFICATE-----"
+-#define NS_CERT_TRAILER "-----END CERTIFICATE-----"
+-
+-#define NS_CRL_HEADER "-----BEGIN CRL-----"
+-#define NS_CRL_TRAILER "-----END CRL-----"
+-
+-#define SECU_Strerror PORT_ErrorToString
+-
+-#ifdef SECUTIL_NEW
+-typedef int (*SECU_PPFunc)(PRFileDesc *out, SECItem *item,
+- char *msg, int level);
+-#else
+-typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level);
+-#endif
+-
+-typedef struct {
+- enum {
+- PW_NONE = 0,
+- PW_FROMFILE = 1,
+- PW_PLAINTEXT = 2,
+- PW_EXTERNAL = 3
+- } source;
+- char *data;
+-} secuPWData;
+-
+-/*
+-** Change a password on a token, or initialize a token with a password
+-** if it does not already have one.
+-** Use passwd to send the password in plaintext, pwFile to specify a
+-** file containing the password, or NULL for both to prompt the user.
+-*/
+-SECStatus SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile);
+-
+-/*
+-** Change a password on a token, or initialize a token with a password
+-** if it does not already have one.
+-** In this function, you can specify both the old and new passwords
+-** as either a string or file. NOTE: any you don't specify will
+-** be prompted for
+-*/
+-SECStatus SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass,
+- char *oldPwFile, char *newPwFile);
+-
+-/* These were stolen from the old sec.h... */
+-/*
+-** Check a password for legitimacy. Passwords must be at least 8
+-** characters long and contain one non-alphabetic. Return DSTrue if the
+-** password is ok, DSFalse otherwise.
+-*/
+-extern PRBool SEC_CheckPassword(char *password);
+-
+-/*
+-** Blind check of a password. Complement to SEC_CheckPassword which
+-** ignores length and content type, just retuning DSTrue is the password
+-** exists, DSFalse if NULL
+-*/
+-extern PRBool SEC_BlindCheckPassword(char *password);
+-
+-/*
+-** Get a password.
+-** First prompt with "msg" on "out", then read the password from "in".
+-** The password is then checked using "chkpw".
+-*/
+-extern char *SEC_GetPassword(FILE *in, FILE *out, char *msg,
+- PRBool (*chkpw)(char *));
+-
+-char *SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg);
+-
+-char *SECU_GetPasswordString(void *arg, char *prompt);
+-
+-/*
+-** Write a dongle password.
+-** Uses MD5 to hash constant system data (hostname, etc.), and then
+-** creates RC4 key to encrypt a password "pw" into a file "fd".
+-*/
+-extern SECStatus SEC_WriteDongleFile(int fd, char *pw);
+-
+-/*
+-** Get a dongle password.
+-** Uses MD5 to hash constant system data (hostname, etc.), and then
+-** creates RC4 key to decrypt and return a password from file "fd".
+-*/
+-extern char *SEC_ReadDongleFile(int fd);
+-
+-
+-/* End stolen headers */
+-
+-/* Just sticks the two strings together with a / if needed */
+-char *SECU_AppendFilenameToDir(char *dir, char *filename);
+-
+-/* Returns result of getenv("SSL_DIR") or NULL */
+-extern char *SECU_DefaultSSLDir(void);
+
+ /*
+ ** Should be called once during initialization to set the default
+@@ -159,14 +55,6 @@ extern char *SECU_DefaultSSLDir(void);
+ */
+ extern char *SECU_ConfigDirectory(const char* base);
+
+-/*
+-** Basic callback function for SSL_GetClientAuthDataHook
+-*/
+-extern int
+-SECU_GetClientAuthData(void *arg, PRFileDesc *fd,
+- struct CERTDistNamesStr *caNames,
+- struct CERTCertificateStr **pRetCert,
+- struct SECKEYPrivateKeyStr **pRetKey);
+
+ /* print out an error message */
+ extern void SECU_PrintError(char *progName, char *msg, ...);
+@@ -174,99 +62,19 @@ extern void SECU_PrintError(char *progNa
+ /* print out a system error message */
+ extern void SECU_PrintSystemError(char *progName, char *msg, ...);
+
+-/* revalidate the cert and print information about cert verification
+- * failure at time == now */
+-extern void
+-SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle,
+- CERTCertificate *cert, PRBool checksig,
+- SECCertificateUsage certUsage, void *pinArg, PRBool verbose);
+-
+-/* revalidate the cert and print information about cert verification
+- * failure at specified time */
+-extern void
+-SECU_printCertProblemsOnDate(FILE *outfile, CERTCertDBHandle *handle,
+- CERTCertificate *cert, PRBool checksig, SECCertificateUsage certUsage,
+- void *pinArg, PRBool verbose, PRTime datetime);
+-
+-/* print out CERTVerifyLog info. */
+-extern void
+-SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log,
+- PRBool verbose);
+-
+ /* Read the contents of a file into a SECItem */
+ extern SECStatus SECU_FileToItem(SECItem *dst, PRFileDesc *src);
+ extern SECStatus SECU_TextFileToItem(SECItem *dst, PRFileDesc *src);
+
+-/* Read in a DER from a file, may be ascii */
+-extern SECStatus
+-SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii);
+-
+-/* Indent based on "level" */
+-extern void SECU_Indent(FILE *out, int level);
+-
+ /* Print integer value and hex */
+ extern void SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level);
+
+-/* Print ObjectIdentifier symbolically */
+-extern SECOidTag SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level);
+-
+-/* Print AlgorithmIdentifier symbolically */
+-extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m,
+- int level);
+-
+ /* Print SECItem as hex */
+ extern void SECU_PrintAsHex(FILE *out, SECItem *i, const char *m, int level);
+
+ /* dump a buffer in hex and ASCII */
+ extern void SECU_PrintBuf(FILE *out, const char *msg, const void *vp, int len);
+
+-/*
+- * Format and print the UTC Time "t". If the tag message "m" is not NULL,
+- * do indent formatting based on "level" and add a newline afterward;
+- * otherwise just print the formatted time string only.
+- */
+-extern void SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level);
+-
+-/*
+- * Format and print the Generalized Time "t". If the tag message "m"
+- * is not NULL, * do indent formatting based on "level" and add a newline
+- * afterward; otherwise just print the formatted time string only.
+- */
+-extern void SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m,
+- int level);
+-
+-/*
+- * Format and print the UTC or Generalized Time "t". If the tag message
+- * "m" is not NULL, do indent formatting based on "level" and add a newline
+- * afterward; otherwise just print the formatted time string only.
+- */
+-extern void SECU_PrintTimeChoice(FILE *out, SECItem *t, char *m, int level);
+-
+-/* callback for listing certs through pkcs11 */
+-extern SECStatus SECU_PrintCertNickname(CERTCertListNode* cert, void *data);
+-
+-/* Dump all certificate nicknames in a database */
+-extern SECStatus
+-SECU_PrintCertificateNames(CERTCertDBHandle *handle, PRFileDesc* out,
+- PRBool sortByName, PRBool sortByTrust);
+-
+-/* See if nickname already in database. Return 1 true, 0 false, -1 error */
+-int SECU_CheckCertNameExists(CERTCertDBHandle *handle, char *nickname);
+-
+-/* Dump contents of cert req */
+-extern int SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m,
+- int level);
+-
+-/* Dump contents of certificate */
+-extern int SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level);
+-
+-/* Dump contents of a DER certificate name (issuer or subject) */
+-extern int SECU_PrintDERName(FILE *out, SECItem *der, const char *m, int level);
+-
+-/* print trust flags on a cert */
+-extern void SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m,
+- int level);
+-
+ /* Dump contents of an RSA public key */
+ extern int SECU_PrintRSAPublicKey(FILE *out, SECItem *der, char *m, int level);
+
+@@ -282,52 +90,9 @@ extern int SECU_PrintPrivateKey(FILE *ou
+ extern int SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m,
+ int level);
+
+-/* Pretty-print any PKCS7 thing */
+-extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m,
+- int level);
+-
+ /* Init PKCS11 stuff */
+ extern SECStatus SECU_PKCS11Init(PRBool readOnly);
+
+-/* Dump contents of signed data */
+-extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m,
+- int level, SECU_PPFunc inner);
+-
+-/* Print cert data and its trust flags */
+-extern SECStatus SEC_PrintCertificateAndTrust(CERTCertificate *cert,
+- const char *label,
+- CERTCertTrust *trust);
+-
+-extern int SECU_PrintCrl(FILE *out, SECItem *der, char *m, int level);
+-
+-extern void
+-SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level);
+-
+-extern void SECU_PrintString(FILE *out, SECItem *si, char *m, int level);
+-extern void SECU_PrintAny(FILE *out, SECItem *i, char *m, int level);
+-
+-extern void SECU_PrintPolicy(FILE *out, SECItem *value, char *msg, int level);
+-extern void SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value,
+- char *msg, int level);
+-
+-extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
+- char *msg, int level);
+-
+-extern void SECU_PrintName(FILE *out, CERTName *name, const char *msg,
+- int level);
+-extern void SECU_PrintRDN(FILE *out, CERTRDN *rdn, const char *msg, int level);
+-
+-#ifdef SECU_GetPassword
+-/* Convert a High public Key to a Low public Key */
+-extern SECKEYLowPublicKey *SECU_ConvHighToLow(SECKEYPublicKey *pubHighKey);
+-#endif
+-
+-extern char *SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg);
+-
+-extern SECStatus DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw);
+-
+-extern char *SECU_SECModDBName(void);
+-
+ extern void SECU_PrintPRandOSError(char *progName);
+
+ extern SECStatus SECU_RegisterDynamicOids(void);
+@@ -335,70 +100,6 @@ extern SECStatus SECU_RegisterDynamicOid
+ /* Identifies hash algorithm tag by its string representation. */
+ extern SECOidTag SECU_StringToSignatureAlgTag(const char *alg);
+
+-/* Store CRL in output file or pk11 db. Also
+- * encodes with base64 and exports to file if ascii flag is set
+- * and file is not NULL. */
+-extern SECStatus SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl,
+- PRFileDesc *outFile, PRBool ascii, char *url);
+-
+-
+-/*
+-** DER sign a single block of data using private key encryption and the
+-** MD5 hashing algorithm. This routine first computes a digital signature
+-** using SEC_SignData, then wraps it with an CERTSignedData and then der
+-** encodes the result.
+-** "arena" is the memory arena to use to allocate data from
+-** "sd" returned CERTSignedData
+-** "result" the final der encoded data (memory is allocated)
+-** "buf" the input data to sign
+-** "len" the amount of data to sign
+-** "pk" the private key to encrypt with
+-*/
+-extern SECStatus SECU_DerSignDataCRL(PRArenaPool *arena, CERTSignedData *sd,
+- unsigned char *buf, int len,
+- SECKEYPrivateKey *pk, SECOidTag algID);
+-
+-typedef enum {
+- noKeyFound = 1,
+- noSignatureMatch = 2,
+- failToEncode = 3,
+- failToSign = 4,
+- noMem = 5
+-} SignAndEncodeFuncExitStat;
+-
+-extern SECStatus
+-SECU_SignAndEncodeCRL(CERTCertificate *issuer, CERTSignedCrl *signCrl,
+- SECOidTag hashAlgTag, SignAndEncodeFuncExitStat *resCode);
+-
+-extern SECStatus
+-SECU_CopyCRL(PRArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl);
+-
+-/*
+-** Finds the crl Authority Key Id extension. Returns NULL if no such extension
+-** was found.
+-*/
+-CERTAuthKeyID *
+-SECU_FindCRLAuthKeyIDExten (PRArenaPool *arena, CERTSignedCrl *crl);
+-
+-/*
+- * Find the issuer of a crl. Cert usage should be checked before signing a crl.
+- */
+-CERTCertificate *
+-SECU_FindCrlIssuer(CERTCertDBHandle *dbHandle, SECItem* subject,
+- CERTAuthKeyID* id, PRTime validTime);
+-
+-
+-/* call back function used in encoding of an extension. Called from
+- * SECU_EncodeAndAddExtensionValue */
+-typedef SECStatus (* EXTEN_EXT_VALUE_ENCODER) (PRArenaPool *extHandleArena,
+- void *value, SECItem *encodedValue);
+-
+-/* Encodes and adds extensions to the CRL or CRL entries. */
+-SECStatus
+-SECU_EncodeAndAddExtensionValue(PRArenaPool *arena, void *extHandle,
+- void *value, PRBool criticality, int extenType,
+- EXTEN_EXT_VALUE_ENCODER EncodeValueFn);
+-
+ /* Caller ensures that dst is at least item->len*2+1 bytes long */
+ void
+ SECU_SECItemToHex(const SECItem * item, char * dst);
+@@ -452,13 +153,6 @@ void printflags(char *trusts, unsigned i
+ extern int ffs(unsigned int i);
+ #endif
+
+-/* Finds certificate by searching it in the DB or by examinig file
+- * in the local directory. */
+-CERTCertificate*
+-SECU_FindCertByNicknameOrFilename(CERTCertDBHandle *handle,
+- char *name, PRBool ascii,
+- void *pwarg);
+ #include "secerr.h"
+-#include "sslerr.h"
+
+ #endif /* _SEC_UTIL_H_ */
+diff -up mozilla/security/nss/cmd/manifest.mn.crypto mozilla/security/nss/cmd/manifest.mn
+--- mozilla/security/nss/cmd/manifest.mn.crypto 2010-12-06 09:22:48.000000000 -0800
++++ mozilla/security/nss/cmd/manifest.mn 2011-10-07 21:26:36.020938998 -0700
+@@ -41,46 +41,8 @@ DEPTH = ../..
REQUIRES = nss nspr libdbm
DIRS = lib \
@@ -3612,6 +4009,7 @@ diff -up ./mozilla/security/nss/cmd/manifest.mn.crypto ./mozilla/security/nss/cm
- certcgi \
- certutil \
- checkcert \
+- chktest \
- crlutil \
- crmftest \
- dbtest \
@@ -3647,9 +4045,16 @@ diff -up ./mozilla/security/nss/cmd/manifest.mn.crypto ./mozilla/security/nss/cm
$(NULL)
TEMPORARILY_DONT_BUILD = \
-diff -up ./mozilla/security/nss/cmd/platlibs.mk.crypto ./mozilla/security/nss/cmd/platlibs.mk
---- ./mozilla/security/nss/cmd/platlibs.mk.crypto 2010-06-11 17:58:33.000000000 -0700
-+++ ./mozilla/security/nss/cmd/platlibs.mk 2011-08-09 16:31:01.957755000 -0700
+@@ -95,5 +57,6 @@ TEMPORARILY_DONT_BUILD = \
+ # to build (requires allxpstr.h)
+ #
+ DONT_BULD = jar \
++ fipstest \
+ perror \
+ $(NULL)
+diff -up mozilla/security/nss/cmd/platlibs.mk.crypto mozilla/security/nss/cmd/platlibs.mk
+--- mozilla/security/nss/cmd/platlibs.mk.crypto 2010-06-11 17:58:33.000000000 -0700
++++ mozilla/security/nss/cmd/platlibs.mk 2011-10-07 21:26:36.020938998 -0700
@@ -92,44 +92,13 @@ DEFINES += -DNSS_USE_STATIC_LIBS
# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
CRYPTOLIB=$(SOFTOKEN_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
@@ -3676,14 +4081,13 @@ diff -up ./mozilla/security/nss/cmd/platlibs.mk.crypto ./mozilla/security/nss/cm
- $(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
-- $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)pkcs12.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)pkcs7.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
-+ $(DIST)/lib/$(LIB_PREFIX)sectoolcrypto.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX) \
$(CRYPTOLIB) \
- $(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
@@ -3704,7 +4108,7 @@ diff -up ./mozilla/security/nss/cmd/platlibs.mk.crypto ./mozilla/security/nss/cm
- $(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
-- $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)pkcs12.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)pkcs7.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
@@ -3713,7 +4117,6 @@ diff -up ./mozilla/security/nss/cmd/platlibs.mk.crypto ./mozilla/security/nss/cm
- $(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
-+ $(DIST)/lib/$(LIB_PREFIX)sectoolcrypto.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
@@ -3728,12 +4131,9 @@ diff -up ./mozilla/security/nss/cmd/platlibs.mk.crypto ./mozilla/security/nss/cm
$(NULL)
ifeq ($(OS_ARCH), AIX)
-@@ -197,11 +145,8 @@ ifeq (,$(filter-out WINNT WINCE,$(OS_ARC
-
- # $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
+@@ -199,9 +147,6 @@ ifeq (,$(filter-out WINNT WINCE,$(OS_ARC
EXTRA_LIBS += \
-- $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
-+ $(DIST)/lib/$(LIB_PREFIX)sectoolcrypto.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
$(DIST)/lib/$(IMPORT_LIB_PREFIX)nssutil3$(IMPORT_LIB_SUFFIX) \
- $(DIST)/lib/$(IMPORT_LIB_PREFIX)smime3$(IMPORT_LIB_SUFFIX) \
- $(DIST)/lib/$(IMPORT_LIB_PREFIX)ssl3$(IMPORT_LIB_SUFFIX) \
@@ -3751,9 +4151,9 @@ diff -up ./mozilla/security/nss/cmd/platlibs.mk.crypto ./mozilla/security/nss/cm
-L$(NSSUTIL_LIB_DIR) \
-lnssutil3 \
-L$(NSPR_LIB_DIR) \
-diff -up ./mozilla/security/nss/tests/all.sh.onlycrypto ./mozilla/security/nss/tests/all.sh
---- ./mozilla/security/nss/tests/all.sh.onlycrypto 2010-01-29 11:58:40.000000000 -0800
-+++ ./mozilla/security/nss/tests/all.sh 2011-05-30 16:06:11.613049500 -0700
+diff -up mozilla/security/nss/tests/all.sh.crypto mozilla/security/nss/tests/all.sh
+--- mozilla/security/nss/tests/all.sh.crypto 2010-01-29 11:58:40.000000000 -0800
++++ mozilla/security/nss/tests/all.sh 2011-10-07 21:26:36.021939011 -0700
@@ -303,18 +303,18 @@ run_cycles()
############################## main code ###############################
diff --git a/sources b/sources
index d21fa91..db35e3c 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-51443c66846a91e6ead08f19e715b4c5 nss-softokn-3.12.11-stripped.tar.bz2
+4e3ccff60f56943056a5538ae9d38a17 nss-softokn-3.13-stripped.tar.bz2
diff --git a/temporary-rebase.patch b/temporary-rebase.patch
new file mode 100644
index 0000000..7be06b7
--- /dev/null
+++ b/temporary-rebase.patch
@@ -0,0 +1,34 @@
+diff -up mozilla/security/nss/cmd/lib/Makefile.rebase mozilla/security/nss/cmd/lib/Makefile
+--- mozilla/security/nss/cmd/lib/Makefile.rebase 2011-10-07 17:56:36.413744292 -0700
++++ mozilla/security/nss/cmd/lib/Makefile 2011-10-07 17:57:21.112408690 -0700
+@@ -76,6 +76,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+ # (7) Execute "local" rules. (OPTIONAL). #
+ #######################################################################
+
++CFLAGS += -iquote${NSSUTIL_INCLUDE_DIR_LAST}
++
+ export:: private_export
+
+
+diff -up mozilla/security/nss/cmd/Makefile.rebase mozilla/security/nss/cmd/Makefile
+--- mozilla/security/nss/cmd/Makefile.rebase 2009-11-06 21:57:40.000000000 -0800
++++ mozilla/security/nss/cmd/Makefile 2011-10-07 17:54:10.868581431 -0700
+@@ -53,5 +53,7 @@ INCLUDES += \
+
+ include $(CORE_DEPTH)/coreconf/rules.mk
+
++CFLAGS += -iquote${NSSUTIL_INCLUDE_DIR_LAST}
++
+ symbols::
+ @echo "TARGETS = $(TARGETS)"
+diff -up mozilla/security/nss/lib/Makefile.rebase mozilla/security/nss/lib/Makefile
+--- mozilla/security/nss/lib/Makefile.rebase 2011-10-07 17:52:36.000000000 -0700
++++ mozilla/security/nss/lib/Makefile 2011-10-07 17:54:10.868581431 -0700
+@@ -85,6 +85,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+ #######################################################################
+
+
++CFLAGS += -iquote${NSSUTIL_INCLUDE_DIR_LAST}
+
+ #######################################################################
+ # (7) Execute "local" rules. (OPTIONAL). #
More information about the scm-commits
mailing list