[nss-softokn] Update to NSS_3_13_3_RTM
Elio Maldonado
emaldonado at fedoraproject.org
Thu Mar 1 20:44:59 UTC 2012
commit b38729ba686e9ad3692255a5a0456cdcc0e79700
Author: Elio Maldonado Batiz <emaldona at redhat.com>
Date: Thu Mar 1 12:37:27 2012 -0800
Update to NSS_3_13_3_RTM
nss-softokn-fix-gcc47-secmodt.patch updated for new sources
nss-split-softokn.sh copies include some tests in the split off
minimal-test-dependencies.patch iupdated for new sources
sources and .gitignore refer to new sources
.gitignore | 2 +-
nss-softokn-fix-gcc47-secmodt.patch | 8 +-
nss-softokn.spec | 11 +-
nss-split-softokn.sh | 17 +-
softoken-minimal-test-dependencies.patch | 2190 ++++--------------------------
sources | 2 +-
6 files changed, 269 insertions(+), 1961 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 2c62a64..40e7163 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-nss-softokn-3.13.1-stripped.tar.bz2
+nss-softokn-3.13.3-stripped.tar.bz2
diff --git a/nss-softokn-fix-gcc47-secmodt.patch b/nss-softokn-fix-gcc47-secmodt.patch
index 38a5555..30f3fbb 100644
--- a/nss-softokn-fix-gcc47-secmodt.patch
+++ b/nss-softokn-fix-gcc47-secmodt.patch
@@ -1,11 +1,11 @@
diff -up ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47 ./mozilla/security/nss/lib/softoken/secmodt.h
---- ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47 2012-01-30 20:16:06.196616050 -0500
-+++ ./mozilla/security/nss/lib/softoken/secmodt.h 2012-01-30 20:16:15.777521577 -0500
-@@ -338,7 +338,7 @@ typedef PRUint32 PK11AttrFlags;
+--- ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47 2012-03-01 12:32:02.922117184 -0800
++++ ./mozilla/security/nss/lib/softoken/secmodt.h 2012-03-01 12:33:04.701241707 -0800
+@@ -342,7 +342,7 @@ typedef PRUint32 PK11AttrFlags;
#define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]"
#define SECMOD_MAKE_NSS_FLAGS(fips,slot) \
--"Flags=internal,critical"fips" slotparams=("#slot"={"SECMOD_SLOT_FLAGS"})"
+-"Flags=internal,critical" fips " slotparams=(" #slot "={" SECMOD_SLOT_FLAGS "})"
+"Flags=internal,critical" fips" slotparams=("#slot"={" SECMOD_SLOT_FLAGS"})"
#define SECMOD_INT_NAME "NSS Internal PKCS #11 Module"
diff --git a/nss-softokn.spec b/nss-softokn.spec
index 82f7019..93d2ab7 100644
--- a/nss-softokn.spec
+++ b/nss-softokn.spec
@@ -1,6 +1,6 @@
-%global nspr_version 4.8.9
+%global nspr_version 4.9
%global nss_name nss
-%global nss_util_version 3.13.1
+%global nss_util_version 3.13.3
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global saved_files_dir %{_libdir}/nss/saved
@@ -16,8 +16,8 @@
Summary: Network Security Services Softoken Module
Name: nss-softokn
-Version: 3.13.1
-Release: 20%{?dist}
+Version: 3.13.3
+Release: 1%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -370,6 +370,9 @@ done
%{_includedir}/nss3/shsign.h
%changelog
+* Thu Mar 01 2012 Elio Maldonado <emaldona at redhat.com> - 3.13.3-1
+- Update to NSS_3_13_3_RTM
+
* Wed Feb 1 2012 Tom Callaway <spot at fedoraproject.org> 3.13.1-20
- re-enable /usrmove changes
diff --git a/nss-split-softokn.sh b/nss-split-softokn.sh
index 390d196..3d5c626 100755
--- a/nss-split-softokn.sh
+++ b/nss-split-softokn.sh
@@ -55,7 +55,6 @@ mkdir ${SOFTOKN_WORK}/${softokn_dir}/mozilla/security/nss/lib
# copy entire freebl and softoken directories recursively
cp -a ${nss_source_dir}/mozilla/security/nss/lib/freebl ${SOFTOKN_WORK}/${softokn_dir}/mozilla/security/nss/lib/freebl
cp -a ${nss_source_dir}/mozilla/security/nss/lib/softoken ${SOFTOKN_WORK}/${softokn_dir}/mozilla/security/nss/lib/softoken
-cp -a ${nss_source_dir}/mozilla/security/nss/lib/softoken ${SOFTOKN_WORK}/${softokn_dir}/mozilla/security/nss/lib/softoken/dbm
# and some Makefiles and related files
cp ${nss_source_dir}/mozilla/security/nss/Makefile ${SOFTOKN_WORK}/${softokn_dir}/mozilla/security/nss
@@ -64,7 +63,7 @@ cp ${nss_source_dir}/mozilla/security/nss/trademarks.txt ${SOFTOKN_WORK}/${softo
cp ${nss_source_dir}/mozilla/security/nss/lib/Makefile ${SOFTOKN_WORK}/${softokn_dir}/mozilla/security/nss/lib
cp ${nss_source_dir}/mozilla/security/nss/lib/manifest.mn ${SOFTOKN_WORK}/${softokn_dir}/mozilla/security/nss/lib
-# we do need shlibsign from cmd
+# we do need bltest, lib, and shlibsign from cmd
mkdir ${SOFTOKN_WORK}/${softokn_dir}/mozilla/security/nss/cmd
# copy some files at the top and the slhlib subdirectory
cp -p ${nss_source_dir}/mozilla/security/nss/cmd/Makefile ${SOFTOKN_WORK}/${softokn_dir}/mozilla/security/nss/cmd
@@ -72,8 +71,22 @@ cp -p ${nss_source_dir}/mozilla/security/nss/cmd/manifest.mn ${SOFTOKN_WORK}/${s
cp -p ${nss_source_dir}/mozilla/security/nss/cmd/platlibs.mk ${SOFTOKN_WORK}/${softokn_dir}/mozilla/security/nss/cmd
cp -p ${nss_source_dir}/mozilla/security/nss/cmd/platrules.mk ${SOFTOKN_WORK}/${softokn_dir}/mozilla/security/nss/cmd
+cp -a ${nss_source_dir}/mozilla/security/nss/cmd/bltest ${SOFTOKN_WORK}/${softokn_dir}/mozilla/security/nss/cmd/bltest
+cp -a ${nss_source_dir}/mozilla/security/nss/cmd/fipstest ${SOFTOKN_WORK}/${softokn_dir}/mozilla/security/nss/cmd/fipstest
+cp -a ${nss_source_dir}/mozilla/security/nss/cmd/lib ${SOFTOKN_WORK}/${softokn_dir}/mozilla/security/nss/cmd/lib
cp -a ${nss_source_dir}/mozilla/security/nss/cmd/shlibsign ${SOFTOKN_WORK}/${softokn_dir}/mozilla/security/nss/cmd/shlibsign
+# plus common and crypto from nss/tests
+mkdir ${SOFTOKN_WORK}/${softokn_dir}/mozilla/security/nss/tests
+topFiles=`find ${nss_source_dir}/mozilla/security/nss/tests/ -maxdepth 1 -mindepth 1 -type f`
+for f in $topFiles; do
+ cp -p $f ${SOFTOKN_WORK}/${softokn_dir}/mozilla/security/nss/tests/
+done
+keepers="cipher common"
+for t in $keepers; do
+ cp -a ${nss_source_dir}/mozilla/security/nss/tests/$t ${SOFTOKN_WORK}/${softokn_dir}/mozilla/security/nss/tests/$t
+done
+
pushd ${SOFTOKN_WORK}
# the compressed tar ball for nss-softokn
tar -cjf ../${name}-softokn-${version}-stripped.tar.bz2 ${softokn_dir}
diff --git a/softoken-minimal-test-dependencies.patch b/softoken-minimal-test-dependencies.patch
index 27f0750..bc31ad1 100644
--- a/softoken-minimal-test-dependencies.patch
+++ b/softoken-minimal-test-dependencies.patch
@@ -1,6 +1,6 @@
-diff -up mozilla/security/nss/cmd/lib/manifest.mn.crypto mozilla/security/nss/cmd/lib/manifest.mn
---- mozilla/security/nss/cmd/lib/manifest.mn.crypto 2011-09-16 12:16:50.000000000 -0700
-+++ mozilla/security/nss/cmd/lib/manifest.mn 2011-10-11 10:40:37.259477337 -0700
+diff -up ./mozilla/security/nss/cmd/lib/manifest.mn.crypto ./mozilla/security/nss/cmd/lib/manifest.mn
+--- ./mozilla/security/nss/cmd/lib/manifest.mn.crypto 2012-03-01 10:38:40.329117418 -0800
++++ ./mozilla/security/nss/cmd/lib/manifest.mn 2012-03-01 10:39:42.340116821 -0800
@@ -48,11 +48,6 @@ PRIVATE_EXPORTS = secutil.h \
$(NULL)
@@ -13,9 +13,9 @@ diff -up mozilla/security/nss/cmd/lib/manifest.mn.crypto mozilla/security/nss/cm
pk11table.c \
$(NULL)
-diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/lib/secutil.c
---- mozilla/security/nss/cmd/lib/secutil.c.crypto 2011-09-16 12:16:50.000000000 -0700
-+++ mozilla/security/nss/cmd/lib/secutil.c 2011-10-11 11:04:17.699269836 -0700
+diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/cmd/lib/secutil.c
+--- ./mozilla/security/nss/cmd/lib/secutil.c.crypto 2012-03-01 10:40:37.022241831 -0800
++++ ./mozilla/security/nss/cmd/lib/secutil.c 2012-03-01 11:20:43.174116443 -0800
@@ -48,10 +48,7 @@
#include "prenv.h"
#include "prnetdb.h"
@@ -27,7 +27,7 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
#include <stdarg.h>
#if !defined(_WIN32_WCE)
#include <sys/stat.h>
-@@ -62,29 +59,9 @@
+@@ -62,37 +59,16 @@
#include <unistd.h>
#endif
@@ -54,11 +54,11 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
-
-#include "nssutil.h"
-#include "ssl.h"
+-
+extern long DER_GetInteger(SECItem *src);
-
void
-@@ -92,7 +69,7 @@ SECU_PrintErrMsg(FILE *out, int level, c
+ SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...)
{
va_list args;
PRErrorCode err = PORT_GetError();
@@ -67,7 +67,7 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
va_start(args, msg);
-@@ -112,7 +89,7 @@ SECU_PrintError(char *progName, char *ms
+@@ -112,7 +88,7 @@ SECU_PrintError(char *progName, char *ms
{
va_list args;
PRErrorCode err = PORT_GetError();
@@ -76,7 +76,7 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
va_start(args, msg);
-@@ -151,436 +128,6 @@ secu_ClearPassword(char *p)
+@@ -151,437 +127,6 @@ secu_ClearPassword(char *p)
}
}
@@ -510,10 +510,11 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
-
- return 0;
-}
-
+-
SECStatus
secu_StdinToItem(SECItem *dst)
-@@ -703,64 +250,6 @@ loser:
+ {
+@@ -703,65 +248,6 @@ loser:
return SECFailure;
}
@@ -575,16 +576,16 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
- }
- return SECSuccess;
-}
-
+-
#define INDENT_MULT 4
void
-@@ -975,2464 +464,86 @@ SECU_PrintInteger(FILE *out, SECItem *i,
+ SECU_Indent(FILE *out, int level)
+@@ -975,769 +461,94 @@ SECU_PrintInteger(FILE *out, SECItem *i,
}
static void
-secu_PrintRawString(FILE *out, SECItem *si, const char *m, int level)
-+secu_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
- {
+-{
- int column;
- unsigned int i;
-
@@ -607,19 +608,13 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
-
- fprintf(out,"%c", printable[val]); column++;
- }
-
+-
- fprintf(out, "\""); column++;
- if (column != level*INDENT_MULT || column > 76) {
- secu_Newline(out);
-+ SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-+ SECU_PrintInteger(out, &pk->u.rsa.modulus, "Modulus", level+1);
-+ SECU_PrintInteger(out, &pk->u.rsa.publicExponent, "Exponent", level+1);
-+ if (pk->u.rsa.publicExponent.len == 1 &&
-+ pk->u.rsa.publicExponent.data[0] == 1) {
-+ SECU_Indent(out, level +1); fprintf(out, "Error: INVALID RSA KEY!\n");
- }
- }
-
+- }
+-}
+-
-void
-SECU_PrintString(FILE *out, SECItem *si, char *m, int level)
-{
@@ -631,10 +626,9 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
-}
-
-/* print an unencoded boolean */
- static void
+-static void
-secu_PrintBoolean(FILE *out, SECItem *i, const char *m, int level)
-+secu_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
- {
+-{
- int val = 0;
-
- if ( i->data && i->len ) {
@@ -646,23 +640,16 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
- }
- SECU_Indent(out, level);
- fprintf(out, "%s: %s\n", m, (val ? "True" : "False"));
-+ SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-+ SECU_PrintInteger(out, &pk->u.dsa.params.prime, "Prime", level+1);
-+ SECU_PrintInteger(out, &pk->u.dsa.params.subPrime, "Subprime", level+1);
-+ SECU_PrintInteger(out, &pk->u.dsa.params.base, "Base", level+1);
-+ SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level+1);
- }
-
+-}
+-
-/*
- * Format and print "time". If the tag message "m" is not NULL,
- * do indent formatting based on "level" and add a newline afterward;
- * otherwise just print the formatted time string only.
- */
-+#ifdef NSS_ENABLE_ECC
- static void
+-static void
-secu_PrintTime(FILE *out, int64 time, char *m, int level)
-+secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
- {
+-{
- PRExplodedTime printableTime;
- char *timeString;
-
@@ -677,30 +664,17 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
- SECU_Indent(out, level);
- fprintf(out, "%s: ", m);
- }
-+ SECItem curveOID = { siBuffer, NULL, 0};
-
+-
- if (PR_FormatTime(timeString, 256, "%a %b %d %H:%M:%S %Y", &printableTime)) {
- fputs(timeString, out);
-+ SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-+ SECU_PrintInteger(out, &pk->u.ec.publicValue, "PublicValue", level+1);
-+ /* For named curves, the DEREncodedParams field contains an
-+ * ASN Object ID (0x06 is SEC_ASN1_OBJECT_ID).
-+ */
-+ if ((pk->u.ec.DEREncodedParams.len > 2) &&
-+ (pk->u.ec.DEREncodedParams.data[0] == 0x06)) {
-+ curveOID.len = pk->u.ec.DEREncodedParams.data[1];
-+ curveOID.data = pk->u.ec.DEREncodedParams.data + 2;
-+ SECU_PrintObjectID(out, &curveOID, "Curve", level +1);
- }
-+}
-+#endif /* NSS_ENABLE_ECC */
-
+- }
+-
- if (m != NULL)
- fprintf(out, "\n");
-
+-
- PORT_Free(timeString);
-}
-
+-
-/*
- * Format and print the UTC Time "t". If the tag message "m" is not NULL,
- * do indent formatting based on "level" and add a newline afterward;
@@ -708,29 +682,17 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
- */
-void
-SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level)
-+#if defined(DEBUG) || defined(FORCE_PR_ASSERT)
-+/* Returns true iff a[i].flag has a duplicate in a[i+1 : count-1] */
-+static PRBool HasShortDuplicate(int i, secuCommandFlag *a, int count)
- {
+-{
- int64 time;
- SECStatus rv;
-
- rv = DER_UTCTimeToTime(&time, t);
- if (rv != SECSuccess)
- return;
-+ char target = a[i].flag;
-+ int j;
-
+-
- secu_PrintTime(out, time, m, level);
-+ /* duplicate '\0' flags are okay, they are used with long forms */
-+ for (j = i+1; j < count; j++) {
-+ if (a[j].flag && a[j].flag == target) {
-+ return PR_TRUE;
-+ }
-+ }
-+ return PR_FALSE;
- }
-
+-}
+-
-/*
- * Format and print the Generalized Time "t". If the tag message "m"
- * is not NULL, * do indent formatting based on "level" and add a newline
@@ -738,36 +700,23 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
- */
-void
-SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m, int level)
-+/* Returns true iff a[i].longform has a duplicate in a[i+1 : count-1] */
-+static PRBool HasLongDuplicate(int i, secuCommandFlag *a, int count)
- {
+-{
- int64 time;
- SECStatus rv;
-
-+ int j;
-+ char *target = a[i].longform;
-
+-
- rv = DER_GeneralizedTimeToTime(&time, t);
- if (rv != SECSuccess)
- return;
-+ if (!target)
-+ return PR_FALSE;
-
+-
- secu_PrintTime(out, time, m, level);
-+ for (j = i+1; j < count; j++) {
-+ if (a[j].longform && strcmp(a[j].longform, target) == 0) {
-+ return PR_TRUE;
-+ }
-+ }
-+ return PR_FALSE;
- }
-
+-}
+-
-/*
- * Format and print the UTC or Generalized Time "t". If the tag message
- * "m" is not NULL, do indent formatting based on "level" and add a newline
- * afterward; otherwise just print the formatted time string only.
-+/* Returns true iff a has no short or long form duplicates
- */
+- */
-void
-SECU_PrintTimeChoice(FILE *out, SECItem *t, char *m, int level)
-{
@@ -1265,7 +1214,8 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
-
-void
-secu_PrintPKCS5V2Params(FILE *out, SECItem *value, char *m, int level)
--{
++secu_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
+ {
- PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- SECStatus rv;
- secuPBEParams param;
@@ -1286,13 +1236,20 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
- if (rv == SECSuccess) {
- SECU_PrintAlgorithmID(out, ¶m.kdfAlg, "KDF", level+1);
- SECU_PrintAlgorithmID(out, ¶m.cipherAlg, "Cipher", level+1);
-- }
++ SECU_Indent(out, level); fprintf(out, "%s:\n", m);
++ SECU_PrintInteger(out, &pk->u.rsa.modulus, "Modulus", level+1);
++ SECU_PrintInteger(out, &pk->u.rsa.publicExponent, "Exponent", level+1);
++ if (pk->u.rsa.publicExponent.len == 1 &&
++ pk->u.rsa.publicExponent.data[0] == 1) {
++ SECU_Indent(out, level +1); fprintf(out, "Error: INVALID RSA KEY!\n");
+ }
- PORT_FreeArena(pool, PR_FALSE);
--}
--
--void
+ }
+
+ void
-secu_PrintPBEParams(FILE *out, SECItem *value, char *m, int level)
--{
++SECU_PrintString(FILE *out, SECItem *si, char *m, int level)
+ {
- PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- SECStatus rv;
- secuPBEParams param;
@@ -1301,13 +1258,18 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
- SECU_Indent(out, level);
- fprintf (out, "%s:\n", m);
- }
--
++ SECItem my = *si;
+
- if (!pool) {
- SECU_Indent(out, level);
- fprintf(out, "Out of memory\n");
- return;
- }
--
++ if (SECSuccess != SECU_StripTagAndLength(&my) || !my.len)
++ return;
++ secu_PrintRawString(out, &my, m, level);
++}
+
- PORT_Memset(¶m, 0, sizeof(secuPBEParams));
- rv = SEC_QuickDERDecodeItem(pool, ¶m, secuPBEParamsTemp, value);
- if (rv == SECSuccess) {
@@ -1316,15 +1278,27 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
- level+1);
- }
- PORT_FreeArena(pool, PR_FALSE);
--}
--
++static void
++secu_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
++{
++ SECU_Indent(out, level); fprintf(out, "%s:\n", m);
++ SECU_PrintInteger(out, &pk->u.dsa.params.prime, "Prime", level+1);
++ SECU_PrintInteger(out, &pk->u.dsa.params.subPrime, "Subprime", level+1);
++ SECU_PrintInteger(out, &pk->u.dsa.params.base, "Base", level+1);
++ SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level+1);
+ }
+
-/* This function does NOT expect a DER type and length. */
-void
-SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, int level)
--{
++#ifdef NSS_ENABLE_ECC
++static void
++secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
+ {
- SECOidTag algtag;
- SECU_PrintObjectID(out, &a->algorithm, m, level);
--
++ SECItem curveOID = { siBuffer, NULL, 0};
+
- algtag = SECOID_GetAlgorithmTag(a);
- if (SEC_PKCS5IsAlgorithmPBEAlgTag(algtag)) {
- switch (algtag) {
@@ -1342,13 +1316,31 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
- break;
- }
- return;
-- }
--
++ SECU_Indent(out, level); fprintf(out, "%s:\n", m);
++ SECU_PrintInteger(out, &pk->u.ec.publicValue, "PublicValue", level+1);
++ /* For named curves, the DEREncodedParams field contains an
++ * ASN Object ID (0x06 is SEC_ASN1_OBJECT_ID).
++ */
++ if ((pk->u.ec.DEREncodedParams.len > 2) &&
++ (pk->u.ec.DEREncodedParams.data[0] == 0x06)) {
++ curveOID.len = pk->u.ec.DEREncodedParams.data[1];
++ curveOID.data = pk->u.ec.DEREncodedParams.data + 2;
++ SECU_PrintObjectID(out, &curveOID, "Curve", level +1);
+ }
++}
++#endif /* NSS_ENABLE_ECC */
+
- if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
- secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level+1);
- return;
- }
--
++#if defined(DEBUG) || defined(FORCE_PR_ASSERT)
++/* Returns true iff a[i].flag has a duplicate in a[i+1 : count-1] */
++static PRBool HasShortDuplicate(int i, secuCommandFlag *a, int count)
++{
++ char target = a[i].flag;
++ int j;
+
- if (a->parameters.len == 0
- || (a->parameters.len == 2
- && PORT_Memcmp(a->parameters.data, "\005\000", 2) == 0)) {
@@ -1357,19 +1349,33 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
- /* Print args to algorithm */
- SECU_PrintAsHex(out, &a->parameters, "Args", level+1);
- }
--}
--
++ /* duplicate '\0' flags are okay, they are used with long forms */
++ for (j = i+1; j < count; j++) {
++ if (a[j].flag && a[j].flag == target) {
++ return PR_TRUE;
++ }
++ }
++ return PR_FALSE;
+ }
++#endif /* defined(DEBUG) || defined(FORCE_PR_ASSERT) */
+
-static void
-secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level)
--{
++/* Returns true iff a[i].longform has a duplicate in a[i+1 : count-1] */
++static PRBool HasLongDuplicate(int i, secuCommandFlag *a, int count)
+ {
- SECItem *value;
- int i;
- char om[100];
--
++ int j;
++ char *target = a[i].longform;
+
- if (m) {
- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
- }
--
++ if (!target)
++ return PR_FALSE;
+
- /*
- * Should make this smarter; look at the type field and then decode
- * and print the value(s) appropriately!
@@ -1392,1761 +1398,73 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
- case SEC_OID_PKCS9_SIGNING_TIME:
- SECU_PrintTimeChoice(out, value, om, level+1);
- break;
-- }
++ for (j = i+1; j < count; j++) {
++ if (a[j].longform && strcmp(a[j].longform, target) == 0) {
++ return PR_TRUE;
+ }
- }
-- }
+ }
- }
--}
--
--static void
--secu_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
--{
++ return PR_FALSE;
+ }
+
++/* Returns true iff a has no short or long form duplicates
++ */
++
+ static void
+ secu_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
+ {
+@@ -3610,145 +2421,6 @@ SECU_PrintPRandOSError(char *progName)
+ }
+ }
+
-
-- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-- SECU_PrintInteger(out, &pk->u.rsa.modulus, "Modulus", level+1);
-- SECU_PrintInteger(out, &pk->u.rsa.publicExponent, "Exponent", level+1);
-- if (pk->u.rsa.publicExponent.len == 1 &&
-- pk->u.rsa.publicExponent.data[0] == 1) {
-- SECU_Indent(out, level +1); fprintf(out, "Error: INVALID RSA KEY!\n");
+-static char *
+-bestCertName(CERTCertificate *cert) {
+- if (cert->nickname) {
+- return cert->nickname;
+- }
+- if (cert->emailAddr && cert->emailAddr[0]) {
+- return cert->emailAddr;
- }
+- return cert->subjectName;
-}
-
--static void
--secu_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
+-void
+-SECU_printCertProblemsOnDate(FILE *outfile, CERTCertDBHandle *handle,
+- CERTCertificate *cert, PRBool checksig,
+- SECCertificateUsage certUsage, void *pinArg, PRBool verbose,
+- PRTime datetime)
-{
-- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-- SECU_PrintInteger(out, &pk->u.dsa.params.prime, "Prime", level+1);
-- SECU_PrintInteger(out, &pk->u.dsa.params.subPrime, "Subprime", level+1);
-- SECU_PrintInteger(out, &pk->u.dsa.params.base, "Base", level+1);
-- SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level+1);
--}
+- CERTVerifyLog log;
+- CERTVerifyLogNode *node;
-
--#ifdef NSS_ENABLE_ECC
--static void
--secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
--{
-- SECItem curveOID = { siBuffer, NULL, 0};
+- PRErrorCode err = PORT_GetError();
-
-- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-- SECU_PrintInteger(out, &pk->u.ec.publicValue, "PublicValue", level+1);
-- /* For named curves, the DEREncodedParams field contains an
-- * ASN Object ID (0x06 is SEC_ASN1_OBJECT_ID).
-- */
-- if ((pk->u.ec.DEREncodedParams.len > 2) &&
-- (pk->u.ec.DEREncodedParams.data[0] == 0x06)) {
-- curveOID.len = pk->u.ec.DEREncodedParams.data[1];
-- curveOID.data = pk->u.ec.DEREncodedParams.data + 2;
-- SECU_PrintObjectID(out, &curveOID, "Curve", level +1);
+- log.arena = PORT_NewArena(512);
+- log.head = log.tail = NULL;
+- log.count = 0;
+- CERT_VerifyCertificate(handle, cert, checksig, certUsage, datetime, pinArg, &log, NULL);
+-
+- SECU_displayVerifyLog(outfile, &log, verbose);
+-
+- for (node = log.head; node; node = node->next) {
+- if (node->cert)
+- CERT_DestroyCertificate(node->cert);
- }
+- PORT_FreeArena(log.arena, PR_FALSE);
+-
+- PORT_SetError(err); /* restore original error code */
-}
--#endif /* NSS_ENABLE_ECC */
-
--static void
--secu_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena,
-- CERTSubjectPublicKeyInfo *i, char *msg, int level)
+-void
+-SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log,
+- PRBool verbose)
-{
-- SECKEYPublicKey *pk;
--
-- SECU_Indent(out, level); fprintf(out, "%s:\n", msg);
-- SECU_PrintAlgorithmID(out, &i->algorithm, "Public Key Algorithm", level+1);
--
-- pk = SECKEY_ExtractPublicKey(i);
-- if (pk) {
-- switch (pk->keyType) {
-- case rsaKey:
-- secu_PrintRSAPublicKey(out, pk, "RSA Public Key", level +1);
-- break;
--
-- case dsaKey:
-- secu_PrintDSAPublicKey(out, pk, "DSA Public Key", level +1);
-- break;
--
--#ifdef NSS_ENABLE_ECC
-- case ecKey:
-- secu_PrintECPublicKey(out, pk, "EC Public Key", level +1);
-- break;
--#endif
--
-- case dhKey:
-- case fortezzaKey:
-- case keaKey:
-- SECU_Indent(out, level);
-- fprintf(out, "unable to format this SPKI algorithm type\n");
-- goto loser;
-- default:
-- SECU_Indent(out, level);
-- fprintf(out, "unknown SPKI algorithm type\n");
-- goto loser;
-- }
-- PORT_FreeArena(pk->arena, PR_FALSE);
-- } else {
-- SECU_PrintErrMsg(out, level, "Error", "Parsing public key");
--loser:
-- if (i->subjectPublicKey.data) {
-- SECU_PrintAny(out, &i->subjectPublicKey, "Raw", level);
-- }
-- }
--}
--
--static SECStatus
--secu_PrintX509InvalidDate(FILE *out, SECItem *value, char *msg, int level)
--{
-- SECItem decodedValue;
-- SECStatus rv;
-- int64 invalidTime;
-- char *formattedTime = NULL;
--
-- decodedValue.data = NULL;
-- rv = SEC_ASN1DecodeItem (NULL, &decodedValue,
-- SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
-- value);
-- if (rv == SECSuccess) {
-- rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue);
-- if (rv == SECSuccess) {
-- formattedTime = CERT_GenTime2FormattedAscii
-- (invalidTime, "%a %b %d %H:%M:%S %Y");
-- SECU_Indent(out, level +1);
-- fprintf (out, "%s: %s\n", msg, formattedTime);
-- PORT_Free (formattedTime);
-- }
-- }
-- PORT_Free (decodedValue.data);
-- return (rv);
--}
--
--static SECStatus
--PrintExtKeyUsageExtension (FILE *out, SECItem *value, char *msg, int level)
--{
-- CERTOidSequence *os;
-- SECItem **op;
--
-- os = CERT_DecodeOidSequence(value);
-- if( (CERTOidSequence *)NULL == os ) {
-- return SECFailure;
-- }
--
-- for( op = os->oids; *op; op++ ) {
-- SECU_PrintObjectID(out, *op, msg, level + 1);
-- }
-- CERT_DestroyOidSequence(os);
-- return SECSuccess;
--}
--
--static SECStatus
--secu_PrintBasicConstraints(FILE *out, SECItem *value, char *msg, int level) {
-- CERTBasicConstraints constraints;
-- SECStatus rv;
--
-- SECU_Indent(out, level);
-- if (msg) {
-- fprintf(out,"%s: ",msg);
-- }
-- rv = CERT_DecodeBasicConstraintValue(&constraints,value);
-- if (rv == SECSuccess && constraints.isCA) {
-- if (constraints.pathLenConstraint >= 0) {
-- fprintf(out,"Is a CA with a maximum path length of %d.\n",
-- constraints.pathLenConstraint);
-- } else {
-- fprintf(out,"Is a CA with no maximum path length.\n");
-- }
-- } else {
-- fprintf(out,"Is not a CA.\n");
-- }
-- return SECSuccess;
--}
--
--static const char * const nsTypeBits[] = {
-- "SSL Client",
-- "SSL Server",
-- "S/MIME",
-- "Object Signing",
-- "Reserved",
-- "SSL CA",
-- "S/MIME CA",
-- "ObjectSigning CA"
--};
--
--/* NSCertType is merely a bit string whose bits are displayed symbolically */
--static SECStatus
--secu_PrintNSCertType(FILE *out, SECItem *value, char *msg, int level)
--{
-- int unused;
-- int NS_Type;
-- int i;
-- int found = 0;
-- SECItem my = *value;
--
-- if ((my.data[0] != SEC_ASN1_BIT_STRING) ||
-- SECSuccess != SECU_StripTagAndLength(&my)) {
-- SECU_PrintAny(out, value, "Data", level);
-- return SECSuccess;
-- }
--
-- unused = (my.len == 2) ? (my.data[0] & 0x0f) : 0;
-- NS_Type = my.data[1] & (0xff << unused);
--
--
-- SECU_Indent(out, level);
-- if (msg) {
-- fprintf(out,"%s: ",msg);
-- } else {
-- fprintf(out,"Netscape Certificate Type: ");
-- }
-- for (i=0; i < 8; i++) {
-- if ( (0x80 >> i) & NS_Type) {
-- fprintf(out, "%c%s", (found ? ',' : '<'), nsTypeBits[i]);
-- found = 1;
-- }
-- }
-- fprintf(out, (found ? ">\n" : "none\n"));
-- return SECSuccess;
--}
--
--static const char * const usageBits[] = {
-- "Digital Signature", /* 0x80 */
-- "Non-Repudiation", /* 0x40 */
-- "Key Encipherment", /* 0x20 */
-- "Data Encipherment", /* 0x10 */
-- "Key Agreement", /* 0x08 */
-- "Certificate Signing", /* 0x04 */
-- "CRL Signing", /* 0x02 */
-- "Encipher Only", /* 0x01 */
-- "Decipher Only", /* 0x0080 */
-- NULL
--};
--
--/* X509KeyUsage is merely a bit string whose bits are displayed symbolically */
--static void
--secu_PrintX509KeyUsage(FILE *out, SECItem *value, char *msg, int level)
--{
-- int unused;
-- int usage;
-- int i;
-- int found = 0;
-- SECItem my = *value;
--
-- if ((my.data[0] != SEC_ASN1_BIT_STRING) ||
-- SECSuccess != SECU_StripTagAndLength(&my)) {
-- SECU_PrintAny(out, value, "Data", level);
-- return;
-- }
--
-- unused = (my.len >= 2) ? (my.data[0] & 0x0f) : 0;
-- usage = (my.len == 2) ? (my.data[1] & (0xff << unused)) << 8
-- : (my.data[1] << 8) |
-- (my.data[2] & (0xff << unused));
--
-- SECU_Indent(out, level);
-- fprintf(out, "Usages: ");
-- for (i=0; usageBits[i]; i++) {
-- if ( (0x8000 >> i) & usage) {
-- if (found)
-- SECU_Indent(out, level + 2);
-- fprintf(out, "%s\n", usageBits[i]);
-- found = 1;
-- }
-- }
-- if (!found) {
-- fprintf(out, "(none)\n");
-- }
--}
--
--static void
--secu_PrintIPAddress(FILE *out, SECItem *value, char *msg, int level)
--{
-- PRStatus st;
-- PRNetAddr addr;
-- char addrBuf[80];
--
-- memset(&addr, 0, sizeof addr);
-- if (value->len == 4) {
-- addr.inet.family = PR_AF_INET;
-- memcpy(&addr.inet.ip, value->data, value->len);
-- } else if (value->len == 16) {
-- addr.ipv6.family = PR_AF_INET6;
-- memcpy(addr.ipv6.ip.pr_s6_addr, value->data, value->len);
-- if (PR_IsNetAddrType(&addr, PR_IpAddrV4Mapped)) {
-- /* convert to IPv4. */
-- addr.inet.family = PR_AF_INET;
-- memcpy(&addr.inet.ip, &addr.ipv6.ip.pr_s6_addr[12], 4);
-- memset(&addr.inet.pad[0], 0, sizeof addr.inet.pad);
-- }
-- } else {
-- goto loser;
-- }
--
-- st = PR_NetAddrToString(&addr, addrBuf, sizeof addrBuf);
-- if (st == PR_SUCCESS) {
-- SECU_Indent(out, level);
-- fprintf(out, "%s: %s\n", msg, addrBuf);
-- } else {
--loser:
-- SECU_PrintAsHex(out, value, msg, level);
-- }
--}
--
--
--static void
--secu_PrintGeneralName(FILE *out, CERTGeneralName *gname, char *msg, int level)
--{
-- char label[40];
-- if (msg && msg[0]) {
-- SECU_Indent(out, level++); fprintf(out, "%s: \n", msg);
-- }
-- switch (gname->type) {
-- case certOtherName :
-- SECU_PrintAny( out, &gname->name.OthName.name, "Other Name", level);
-- SECU_PrintObjectID(out, &gname->name.OthName.oid, "OID", level+1);
-- break;
-- case certDirectoryName :
-- SECU_PrintName(out, &gname->name.directoryName, "Directory Name", level);
-- break;
-- case certRFC822Name :
-- secu_PrintRawString( out, &gname->name.other, "RFC822 Name", level);
-- break;
-- case certDNSName :
-- secu_PrintRawString( out, &gname->name.other, "DNS name", level);
-- break;
-- case certURI :
-- secu_PrintRawString( out, &gname->name.other, "URI", level);
-- break;
-- case certIPAddress :
-- secu_PrintIPAddress(out, &gname->name.other, "IP Address", level);
-- break;
-- case certRegisterID :
-- SECU_PrintObjectID( out, &gname->name.other, "Registered ID", level);
-- break;
-- case certX400Address :
-- SECU_PrintAny( out, &gname->name.other, "X400 Address", level);
-- break;
-- case certEDIPartyName :
-- SECU_PrintAny( out, &gname->name.other, "EDI Party", level);
-- break;
-- default:
-- PR_snprintf(label, sizeof label, "unknown type [%d]",
-- (int)gname->type - 1);
-- SECU_PrintAsHex(out, &gname->name.other, label, level);
-- break;
-- }
--}
--
--static void
--secu_PrintGeneralNames(FILE *out, CERTGeneralName *gname, char *msg, int level)
--{
-- CERTGeneralName *name = gname;
-- do {
-- secu_PrintGeneralName(out, name, msg, level);
-- name = CERT_GetNextGeneralName(name);
-- } while (name && name != gname);
--}
--
--
--static void
--secu_PrintAuthKeyIDExtension(FILE *out, SECItem *value, char *msg, int level)
--{
-- CERTAuthKeyID *kid = NULL;
-- PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
--
-- if (!pool) {
-- SECU_PrintError("Error", "Allocating new ArenaPool");
-- return;
-- }
-- kid = CERT_DecodeAuthKeyID(pool, value);
-- if (!kid) {
-- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
-- SECU_PrintAny(out, value, "Data", level);
-- } else {
-- int keyIDPresent = (kid->keyID.data && kid->keyID.len);
-- int issuerPresent = kid->authCertIssuer != NULL;
-- int snPresent = (kid->authCertSerialNumber.data &&
-- kid->authCertSerialNumber.len);
--
-- if (keyIDPresent)
-- SECU_PrintAsHex(out, &kid->keyID, "Key ID", level);
-- if (issuerPresent)
-- secu_PrintGeneralName(out, kid->authCertIssuer, "Issuer", level);
-- if (snPresent)
-- SECU_PrintInteger(out, &kid->authCertSerialNumber,
-- "Serial Number", level);
-- }
-- PORT_FreeArena(pool, PR_FALSE);
--}
--
--
--static void
--secu_PrintAltNameExtension(FILE *out, SECItem *value, char *msg, int level)
--{
-- CERTGeneralName * nameList;
-- CERTGeneralName * current;
-- PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
--
-- if (!pool) {
-- SECU_PrintError("Error", "Allocating new ArenaPool");
-- return;
-- }
-- nameList = current = CERT_DecodeAltNameExtension(pool, value);
-- if (!current) {
-- if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) {
-- /* Decoder found empty sequence, which is invalid. */
-- PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
-- }
-- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
-- SECU_PrintAny(out, value, "Data", level);
-- } else {
-- do {
-- secu_PrintGeneralName(out, current, msg, level);
-- current = CERT_GetNextGeneralName(current);
-- } while (current != nameList);
-- }
-- PORT_FreeArena(pool, PR_FALSE);
--}
--
--static void
--secu_PrintCRLDistPtsExtension(FILE *out, SECItem *value, char *msg, int level)
--{
-- CERTCrlDistributionPoints * dPoints;
-- PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
--
-- if (!pool) {
-- SECU_PrintError("Error", "Allocating new ArenaPool");
-- return;
-- }
-- dPoints = CERT_DecodeCRLDistributionPoints(pool, value);
-- if (dPoints && dPoints->distPoints && dPoints->distPoints[0]) {
-- CRLDistributionPoint ** pPoints = dPoints->distPoints;
-- CRLDistributionPoint * pPoint;
-- while (NULL != (pPoint = *pPoints++)) {
-- SECU_Indent(out, level); fputs("Distribution point:\n", out);
-- if (pPoint->distPointType == generalName &&
-- pPoint->distPoint.fullName != NULL) {
-- secu_PrintGeneralNames(out, pPoint->distPoint.fullName, NULL,
-- level + 1);
-- } else if (pPoint->distPointType == relativeDistinguishedName &&
-- pPoint->distPoint.relativeName.avas) {
-- SECU_PrintRDN(out, &pPoint->distPoint.relativeName, "RDN",
-- level + 1);
-- } else if (pPoint->derDistPoint.data) {
-- SECU_PrintAny(out, &pPoint->derDistPoint, "Point", level + 1);
-- }
-- if (pPoint->reasons.data) {
-- secu_PrintDecodedBitString(out, &pPoint->reasons, "Reasons",
-- level + 1);
-- }
-- if (pPoint->crlIssuer) {
-- secu_PrintGeneralName(out, pPoint->crlIssuer, "CRL issuer",
-- level + 1);
-- }
-- }
-- } else {
-- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
-- SECU_PrintAny(out, value, "Data", level);
-- }
-- PORT_FreeArena(pool, PR_FALSE);
--}
--
--
--static void
--secu_PrintNameConstraintSubtree(FILE *out, CERTNameConstraint *value,
-- char *msg, int level)
--{
-- CERTNameConstraint *head = value;
-- SECU_Indent(out, level); fprintf(out, "%s Subtree:\n", msg);
-- level++;
-- do {
-- secu_PrintGeneralName(out, &value->name, NULL, level);
-- if (value->min.data)
-- SECU_PrintInteger(out, &value->min, "Minimum", level+1);
-- if (value->max.data)
-- SECU_PrintInteger(out, &value->max, "Maximum", level+1);
-- value = CERT_GetNextNameConstraint(value);
-- } while (value != head);
--}
--
--static void
--secu_PrintNameConstraintsExtension(FILE *out, SECItem *value, char *msg, int level)
--{
-- CERTNameConstraints * cnstrnts;
-- PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
--
-- if (!pool) {
-- SECU_PrintError("Error", "Allocating new ArenaPool");
-- return;
-- }
-- cnstrnts = CERT_DecodeNameConstraintsExtension(pool, value);
-- if (!cnstrnts) {
-- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
-- SECU_PrintAny(out, value, "Raw", level);
-- } else {
-- if (cnstrnts->permited)
-- secu_PrintNameConstraintSubtree(out, cnstrnts->permited,
-- "Permitted", level);
-- if (cnstrnts->excluded)
-- secu_PrintNameConstraintSubtree(out, cnstrnts->excluded,
-- "Excluded", level);
-- }
-- PORT_FreeArena(pool, PR_FALSE);
--}
--
--
--static void
--secu_PrintAuthorityInfoAcess(FILE *out, SECItem *value, char *msg, int level)
--{
-- CERTAuthInfoAccess **infos = NULL;
-- PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
--
-- if (!pool) {
-- SECU_PrintError("Error", "Allocating new ArenaPool");
-- return;
-- }
-- infos = CERT_DecodeAuthInfoAccessExtension(pool, value);
-- if (!infos) {
-- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
-- SECU_PrintAny(out, value, "Raw", level);
-- } else {
-- CERTAuthInfoAccess *info;
-- while (NULL != (info = *infos++)) {
-- if (info->method.data) {
-- SECU_PrintObjectID(out, &info->method, "Method", level);
-- } else {
-- SECU_Indent(out,level);
-- fprintf(out, "Error: missing method\n");
-- }
-- if (info->location) {
-- secu_PrintGeneralName(out, info->location, "Location", level);
-- } else {
-- SECU_PrintAny(out, &info->derLocation, "Location", level);
-- }
-- }
-- }
-- PORT_FreeArena(pool, PR_FALSE);
--}
--
--
--void
--SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
-- char *msg, int level)
--{
-- SECOidTag oidTag;
--
-- if ( extensions ) {
-- if (msg && *msg) {
-- SECU_Indent(out, level++); fprintf(out, "%s:\n", msg);
-- }
--
-- while ( *extensions ) {
-- SECItem *tmpitem;
--
-- tmpitem = &(*extensions)->id;
-- SECU_PrintObjectID(out, tmpitem, "Name", level);
--
-- tmpitem = &(*extensions)->critical;
-- if ( tmpitem->len ) {
-- secu_PrintBoolean(out, tmpitem, "Critical", level);
-- }
--
-- oidTag = SECOID_FindOIDTag (&((*extensions)->id));
-- tmpitem = &((*extensions)->value);
--
-- switch (oidTag) {
-- case SEC_OID_X509_INVALID_DATE:
-- case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME:
-- secu_PrintX509InvalidDate(out, tmpitem, "Date", level );
-- break;
-- case SEC_OID_X509_CERTIFICATE_POLICIES:
-- SECU_PrintPolicy(out, tmpitem, "Data", level );
-- break;
-- case SEC_OID_NS_CERT_EXT_BASE_URL:
-- case SEC_OID_NS_CERT_EXT_REVOCATION_URL:
-- case SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL:
-- case SEC_OID_NS_CERT_EXT_CA_CRL_URL:
-- case SEC_OID_NS_CERT_EXT_CA_CERT_URL:
-- case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL:
-- case SEC_OID_NS_CERT_EXT_CA_POLICY_URL:
-- case SEC_OID_NS_CERT_EXT_HOMEPAGE_URL:
-- case SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL:
-- case SEC_OID_OCSP_RESPONDER:
-- SECU_PrintString(out,tmpitem, "URL", level);
-- break;
-- case SEC_OID_NS_CERT_EXT_COMMENT:
-- SECU_PrintString(out,tmpitem, "Comment", level);
-- break;
-- case SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME:
-- SECU_PrintString(out,tmpitem, "ServerName", level);
-- break;
-- case SEC_OID_NS_CERT_EXT_CERT_TYPE:
-- secu_PrintNSCertType(out,tmpitem,"Data",level);
-- break;
-- case SEC_OID_X509_BASIC_CONSTRAINTS:
-- secu_PrintBasicConstraints(out,tmpitem,"Data",level);
-- break;
-- case SEC_OID_X509_EXT_KEY_USAGE:
-- PrintExtKeyUsageExtension(out, tmpitem, NULL, level);
-- break;
-- case SEC_OID_X509_KEY_USAGE:
-- secu_PrintX509KeyUsage(out, tmpitem, NULL, level );
-- break;
-- case SEC_OID_X509_AUTH_KEY_ID:
-- secu_PrintAuthKeyIDExtension(out, tmpitem, NULL, level );
-- break;
-- case SEC_OID_X509_SUBJECT_ALT_NAME:
-- case SEC_OID_X509_ISSUER_ALT_NAME:
-- secu_PrintAltNameExtension(out, tmpitem, NULL, level );
-- break;
-- case SEC_OID_X509_CRL_DIST_POINTS:
-- secu_PrintCRLDistPtsExtension(out, tmpitem, NULL, level );
-- break;
-- case SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD:
-- SECU_PrintPrivKeyUsagePeriodExtension(out, tmpitem, NULL,
-- level );
-- break;
-- case SEC_OID_X509_NAME_CONSTRAINTS:
-- secu_PrintNameConstraintsExtension(out, tmpitem, NULL, level);
-- break;
-- case SEC_OID_X509_AUTH_INFO_ACCESS:
-- secu_PrintAuthorityInfoAcess(out, tmpitem, NULL, level);
-- break;
--
-- case SEC_OID_X509_CRL_NUMBER:
-- case SEC_OID_X509_REASON_CODE:
--
-- /* PKIX OIDs */
-- case SEC_OID_PKIX_OCSP:
-- case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
-- case SEC_OID_PKIX_OCSP_NONCE:
-- case SEC_OID_PKIX_OCSP_CRL:
-- case SEC_OID_PKIX_OCSP_RESPONSE:
-- case SEC_OID_PKIX_OCSP_NO_CHECK:
-- case SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF:
-- case SEC_OID_PKIX_OCSP_SERVICE_LOCATOR:
-- case SEC_OID_PKIX_REGCTRL_REGTOKEN:
-- case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
-- case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
-- case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
-- case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
-- case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
-- case SEC_OID_PKIX_REGINFO_UTF8_PAIRS:
-- case SEC_OID_PKIX_REGINFO_CERT_REQUEST:
--
-- /* Netscape extension OIDs. */
-- case SEC_OID_NS_CERT_EXT_NETSCAPE_OK:
-- case SEC_OID_NS_CERT_EXT_ISSUER_LOGO:
-- case SEC_OID_NS_CERT_EXT_SUBJECT_LOGO:
-- case SEC_OID_NS_CERT_EXT_ENTITY_LOGO:
-- case SEC_OID_NS_CERT_EXT_USER_PICTURE:
--
-- /* x.509 v3 Extensions */
-- case SEC_OID_X509_SUBJECT_DIRECTORY_ATTR:
-- case SEC_OID_X509_SUBJECT_KEY_ID:
-- case SEC_OID_X509_POLICY_MAPPINGS:
-- case SEC_OID_X509_POLICY_CONSTRAINTS:
--
--
-- default:
-- SECU_PrintAny(out, tmpitem, "Data", level);
-- break;
-- }
--
-- secu_Newline(out);
-- extensions++;
-- }
-- }
--}
--
--/* An RDN is a subset of a DirectoryName, and we already know how to
-- * print those, so make a directory name out of the RDN, and print it.
-- */
--void
--SECU_PrintRDN(FILE *out, CERTRDN *rdn, const char *msg, int level)
--{
-- CERTName name;
-- CERTRDN *rdns[2];
--
-- name.arena = NULL;
-- name.rdns = rdns;
-- rdns[0] = rdn;
-- rdns[1] = NULL;
-- SECU_PrintName(out, &name, msg, level);
--}
--
--void
--SECU_PrintName(FILE *out, CERTName *name, const char *msg, int level)
--{
-- char *nameStr = NULL;
-- char *str;
-- SECItem my;
--
-- if (!name) {
-- PORT_SetError(SEC_ERROR_INVALID_ARGS);
-- return;
-- }
-- if (!name->rdns || !name->rdns[0]) {
-- str = "(empty)";
-- } else {
-- str = nameStr = CERT_NameToAscii(name);
-- }
-- if (!str) {
-- str = "!Invalid AVA!";
-- }
-- my.data = (unsigned char *)str;
-- my.len = PORT_Strlen(str);
--#if 1
-- secu_PrintRawString(out, &my, msg, level);
--#else
-- SECU_Indent(out, level); fprintf(out, "%s: ", msg);
-- fprintf(out, str);
-- secu_Newline(out);
--#endif
-- PORT_Free(nameStr);
--}
--
--void
--printflags(char *trusts, unsigned int flags)
--{
-- if (flags & CERTDB_VALID_CA)
-- if (!(flags & CERTDB_TRUSTED_CA) &&
-- !(flags & CERTDB_TRUSTED_CLIENT_CA))
-- PORT_Strcat(trusts, "c");
-- if (flags & CERTDB_TERMINAL_RECORD)
-- if (!(flags & CERTDB_TRUSTED))
-- PORT_Strcat(trusts, "p");
-- if (flags & CERTDB_TRUSTED_CA)
-- PORT_Strcat(trusts, "C");
-- if (flags & CERTDB_TRUSTED_CLIENT_CA)
-- PORT_Strcat(trusts, "T");
-- if (flags & CERTDB_TRUSTED)
-- PORT_Strcat(trusts, "P");
-- if (flags & CERTDB_USER)
-- PORT_Strcat(trusts, "u");
-- if (flags & CERTDB_SEND_WARN)
-- PORT_Strcat(trusts, "w");
-- if (flags & CERTDB_INVISIBLE_CA)
-- PORT_Strcat(trusts, "I");
-- if (flags & CERTDB_GOVT_APPROVED_CA)
-- PORT_Strcat(trusts, "G");
-- return;
--}
--
--/* callback for listing certs through pkcs11 */
--SECStatus
--SECU_PrintCertNickname(CERTCertListNode *node, void *data)
--{
-- CERTCertTrust *trust;
-- CERTCertificate* cert;
-- FILE *out;
-- char trusts[30];
-- char *name;
--
-- cert = node->cert;
--
-- PORT_Memset (trusts, 0, sizeof (trusts));
-- out = (FILE *)data;
--
-- name = node->appData;
-- if (!name || !name[0]) {
-- name = cert->nickname;
-- }
-- if (!name || !name[0]) {
-- name = cert->emailAddr;
-- }
-- if (!name || !name[0]) {
-- name = "(NULL)";
-- }
--
-- trust = cert->trust;
-- if (trust) {
-- printflags(trusts, trust->sslFlags);
-- PORT_Strcat(trusts, ",");
-- printflags(trusts, trust->emailFlags);
-- PORT_Strcat(trusts, ",");
-- printflags(trusts, trust->objectSigningFlags);
-- } else {
-- PORT_Memcpy(trusts,",,",3);
-- }
-- fprintf(out, "%-60s %-5s\n", name, trusts);
--
-- return (SECSuccess);
--}
--
--int
--SECU_DecodeAndPrintExtensions(FILE *out, SECItem *any, char *m, int level)
--{
-- CERTCertExtension **extensions = NULL;
-- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-- int rv = 0;
--
-- if (!arena)
-- return SEC_ERROR_NO_MEMORY;
--
-- rv = SEC_QuickDERDecodeItem(arena, &extensions,
-- SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate), any);
-- if (!rv)
-- SECU_PrintExtensions(out, extensions, m, level);
-- else
-- SECU_PrintAny(out, any, m, level);
-- PORT_FreeArena(arena, PR_FALSE);
-- return rv;
--}
--
--/* print a decoded SET OF or SEQUENCE OF Extensions */
--int
--SECU_PrintSetOfExtensions(FILE *out, SECItem **any, char *m, int level)
--{
-- int rv = 0;
-- if (m && *m) {
-- SECU_Indent(out, level++); fprintf(out, "%s:\n", m);
-- }
-- while (any && any[0]) {
-- rv |= SECU_DecodeAndPrintExtensions(out, any[0], "", level);
-- any++;
-- }
-- return rv;
--}
--
--/* print a decoded SET OF or SEQUENCE OF "ANY" */
--int
--SECU_PrintSetOfAny(FILE *out, SECItem **any, char *m, int level)
--{
-- int rv = 0;
-- if (m && *m) {
-- SECU_Indent(out, level++); fprintf(out, "%s:\n", m);
-- }
-- while (any && any[0]) {
-- SECU_PrintAny(out, any[0], "", level);
-- any++;
-- }
-- return rv;
--}
--
--int
--SECU_PrintCertAttribute(FILE *out, CERTAttribute *attr, char *m, int level)
--{
-- int rv = 0;
-- SECOidTag tag;
-- tag = SECU_PrintObjectID(out, &attr->attrType, "Attribute Type", level);
-- if (tag == SEC_OID_PKCS9_EXTENSION_REQUEST) {
-- rv = SECU_PrintSetOfExtensions(out, attr->attrValue, "Extensions", level);
-- } else {
-- rv = SECU_PrintSetOfAny(out, attr->attrValue, "Attribute Values", level);
-- }
-- return rv;
--}
--
--int
--SECU_PrintCertAttributes(FILE *out, CERTAttribute **attrs, char *m, int level)
--{
-- int rv = 0;
-- while (attrs[0]) {
-- rv |= SECU_PrintCertAttribute(out, attrs[0], m, level+1);
-- attrs++;
-- }
-- return rv;
--}
--
--int /* sometimes a PRErrorCode, other times a SECStatus. Sigh. */
--SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level)
--{
-- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-- CERTCertificateRequest *cr;
-- int rv = SEC_ERROR_NO_MEMORY;
--
-- if (!arena)
-- return rv;
--
-- /* Decode certificate request */
-- cr = PORT_ArenaZNew(arena, CERTCertificateRequest);
-- if (!cr)
-- goto loser;
-- cr->arena = arena;
-- rv = SEC_QuickDERDecodeItem(arena, cr,
-- SEC_ASN1_GET(CERT_CertificateRequestTemplate), der);
-- if (rv)
-- goto loser;
--
-- /* Pretty print it out */
-- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-- SECU_PrintInteger(out, &cr->version, "Version", level+1);
-- SECU_PrintName(out, &cr->subject, "Subject", level+1);
-- secu_PrintSubjectPublicKeyInfo(out, arena, &cr->subjectPublicKeyInfo,
-- "Subject Public Key Info", level+1);
-- if (cr->attributes)
-- SECU_PrintCertAttributes(out, cr->attributes, "Attributes", level+1);
-- rv = 0;
--loser:
-- PORT_FreeArena(arena, PR_FALSE);
-- return rv;
--}
--
--int
--SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level)
--{
-- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-- CERTCertificate *c;
-- int rv = SEC_ERROR_NO_MEMORY;
-- int iv;
--
-- if (!arena)
-- return rv;
--
-- /* Decode certificate */
-- c = PORT_ArenaZNew(arena, CERTCertificate);
-- if (!c)
-- goto loser;
-- c->arena = arena;
-- rv = SEC_ASN1DecodeItem(arena, c,
-- SEC_ASN1_GET(CERT_CertificateTemplate), der);
-- if (rv) {
-- SECU_Indent(out, level);
-- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
-- SECU_PrintAny(out, der, "Raw", level);
-- goto loser;
-- }
-- /* Pretty print it out */
-- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-- iv = c->version.len ? DER_GetInteger(&c->version) : 0; /* version is optional */
-- SECU_Indent(out, level+1); fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv);
--
-- SECU_PrintInteger(out, &c->serialNumber, "Serial Number", level+1);
-- SECU_PrintAlgorithmID(out, &c->signature, "Signature Algorithm", level+1);
-- SECU_PrintName(out, &c->issuer, "Issuer", level+1);
-- secu_PrintValidity(out, &c->validity, "Validity", level+1);
-- SECU_PrintName(out, &c->subject, "Subject", level+1);
-- secu_PrintSubjectPublicKeyInfo(out, arena, &c->subjectPublicKeyInfo,
-- "Subject Public Key Info", level+1);
-- if (c->issuerID.data)
-- secu_PrintDecodedBitString(out, &c->issuerID, "Issuer Unique ID", level+1);
-- if (c->subjectID.data)
-- secu_PrintDecodedBitString(out, &c->subjectID, "Subject Unique ID", level+1);
-- SECU_PrintExtensions(out, c->extensions, "Signed Extensions", level+1);
--loser:
-- PORT_FreeArena(arena, PR_FALSE);
-- return rv;
--}
--
--int
--SECU_PrintRSAPublicKey(FILE *out, SECItem *der, char *m, int level)
--{
-- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-- SECKEYPublicKey key;
-- int rv = SEC_ERROR_NO_MEMORY;
--
-- if (!arena)
-- return rv;
--
-- PORT_Memset(&key, 0, sizeof(key));
-- rv = SEC_ASN1DecodeItem(arena, &key,
-- SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), der);
-- if (!rv) {
-- /* Pretty print it out */
-- secu_PrintRSAPublicKey(out, &key, m, level);
-- }
--
-- PORT_FreeArena(arena, PR_FALSE);
-- return rv;
--}
--
--int
--SECU_PrintSubjectPublicKeyInfo(FILE *out, SECItem *der, char *m, int level)
--{
-- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-- int rv = SEC_ERROR_NO_MEMORY;
-- CERTSubjectPublicKeyInfo spki;
--
-- if (!arena)
-- return rv;
--
-- PORT_Memset(&spki, 0, sizeof spki);
-- rv = SEC_ASN1DecodeItem(arena, &spki,
-- SEC_ASN1_GET(CERT_SubjectPublicKeyInfoTemplate),
-- der);
-- if (!rv) {
-- if (m && *m) {
-- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-- }
-- secu_PrintSubjectPublicKeyInfo(out, arena, &spki,
-- "Subject Public Key Info", level+1);
-- }
--
-- PORT_FreeArena(arena, PR_FALSE);
-- return rv;
--}
--
--#ifdef HAVE_EPV_TEMPLATE
--int
--SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level)
--{
-- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-- SECKEYEncryptedPrivateKeyInfo key;
-- int rv = SEC_ERROR_NO_MEMORY;
--
-- if (!arena)
-- return rv;
--
-- PORT_Memset(&key, 0, sizeof(key));
-- rv = SEC_ASN1DecodeItem(arena, &key,
-- SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate), der);
-- if (rv)
-- goto loser;
--
-- /* Pretty print it out */
-- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-- SECU_PrintAlgorithmID(out, &key.algorithm, "Encryption Algorithm",
-- level+1);
-- SECU_PrintAsHex(out, &key.encryptedData, "Encrypted Data", level+1);
--loser:
-- PORT_FreeArena(arena, PR_TRUE);
-- return rv;
--}
--#endif
--
--int
--SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, int level)
--{
-- unsigned char fingerprint[20];
-- char *fpStr = NULL;
-- int err = PORT_GetError();
-- SECStatus rv;
-- SECItem fpItem;
--
-- /* print MD5 fingerprint */
-- memset(fingerprint, 0, sizeof fingerprint);
-- rv = PK11_HashBuf(SEC_OID_MD5,fingerprint, derCert->data, derCert->len);
-- fpItem.data = fingerprint;
-- fpItem.len = MD5_LENGTH;
-- fpStr = CERT_Hexify(&fpItem, 1);
-- SECU_Indent(out, level); fprintf(out, "%s (MD5):\n", m);
-- SECU_Indent(out, level+1); fprintf(out, "%s\n", fpStr);
-- PORT_Free(fpStr);
-- fpStr = NULL;
-- if (rv != SECSuccess && !err)
-- err = PORT_GetError();
--
-- /* print SHA1 fingerprint */
-- memset(fingerprint, 0, sizeof fingerprint);
-- rv = PK11_HashBuf(SEC_OID_SHA1,fingerprint, derCert->data, derCert->len);
-- fpItem.data = fingerprint;
-- fpItem.len = SHA1_LENGTH;
-- fpStr = CERT_Hexify(&fpItem, 1);
-- SECU_Indent(out, level); fprintf(out, "%s (SHA1):\n", m);
-- SECU_Indent(out, level+1); fprintf(out, "%s\n", fpStr);
-- PORT_Free(fpStr);
-- fprintf(out, "\n");
--
-- if (err)
-- PORT_SetError(err);
-- if (err || rv != SECSuccess)
-- return SECFailure;
--
-- return 0;
--}
--
--/*
--** PKCS7 Support
--*/
--
--/* forward declaration */
--static int
--secu_PrintPKCS7ContentInfo(FILE *, SEC_PKCS7ContentInfo *, char *, int);
--
--/*
--** secu_PrintPKCS7EncContent
--** Prints a SEC_PKCS7EncryptedContentInfo (without decrypting it)
--*/
--static void
--secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src,
-- char *m, int level)
--{
-- if (src->contentTypeTag == NULL)
-- src->contentTypeTag = SECOID_FindOID(&(src->contentType));
--
-- SECU_Indent(out, level);
-- fprintf(out, "%s:\n", m);
-- SECU_Indent(out, level + 1);
-- fprintf(out, "Content Type: %s\n",
-- (src->contentTypeTag != NULL) ? src->contentTypeTag->desc
-- : "Unknown");
-- SECU_PrintAlgorithmID(out, &(src->contentEncAlg),
-- "Content Encryption Algorithm", level+1);
-- SECU_PrintAsHex(out, &(src->encContent),
-- "Encrypted Content", level+1);
--}
--
--/*
--** secu_PrintRecipientInfo
--** Prints a PKCS7RecipientInfo type
--*/
--static void
--secu_PrintRecipientInfo(FILE *out, SEC_PKCS7RecipientInfo *info, char *m,
-- int level)
--{
-- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-- SECU_PrintInteger(out, &(info->version), "Version", level + 1);
--
-- SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer",
-- level + 1);
-- SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber),
-- "Serial Number", level + 1);
--
-- /* Parse and display encrypted key */
-- SECU_PrintAlgorithmID(out, &(info->keyEncAlg),
-- "Key Encryption Algorithm", level + 1);
-- SECU_PrintAsHex(out, &(info->encKey), "Encrypted Key", level + 1);
--}
--
--/*
--** secu_PrintSignerInfo
--** Prints a PKCS7SingerInfo type
--*/
--static void
--secu_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, char *m, int level)
--{
-- SEC_PKCS7Attribute *attr;
-- int iv;
-- char om[100];
--
-- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-- SECU_PrintInteger(out, &(info->version), "Version", level + 1);
--
-- SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer",
-- level + 1);
-- SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber),
-- "Serial Number", level + 1);
--
-- SECU_PrintAlgorithmID(out, &(info->digestAlg), "Digest Algorithm",
-- level + 1);
--
-- if (info->authAttr != NULL) {
-- SECU_Indent(out, level + 1);
-- fprintf(out, "Authenticated Attributes:\n");
-- iv = 0;
-- while ((attr = info->authAttr[iv++]) != NULL) {
-- sprintf(om, "Attribute (%d)", iv);
-- secu_PrintAttribute(out, attr, om, level + 2);
-- }
-- }
--
-- /* Parse and display signature */
-- SECU_PrintAlgorithmID(out, &(info->digestEncAlg),
-- "Digest Encryption Algorithm", level + 1);
-- SECU_PrintAsHex(out, &(info->encDigest), "Encrypted Digest", level + 1);
--
-- if (info->unAuthAttr != NULL) {
-- SECU_Indent(out, level + 1);
-- fprintf(out, "Unauthenticated Attributes:\n");
-- iv = 0;
-- while ((attr = info->unAuthAttr[iv++]) != NULL) {
-- sprintf(om, "Attribute (%x)", iv);
-- secu_PrintAttribute(out, attr, om, level + 2);
-- }
-- }
--}
--
--/* callers of this function must make sure that the CERTSignedCrl
-- from which they are extracting the CERTCrl has been fully-decoded.
-- Otherwise it will not have the entries even though the CRL may have
-- some */
--
--void
--SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level)
--{
-- CERTCrlEntry *entry;
-- int iv;
-- char om[100];
--
-- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-- /* version is optional */
-- iv = crl->version.len ? DER_GetInteger(&crl->version) : 0;
-- SECU_Indent(out, level+1);
-- fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv);
-- SECU_PrintAlgorithmID(out, &(crl->signatureAlg), "Signature Algorithm",
-- level + 1);
-- SECU_PrintName(out, &(crl->name), "Issuer", level + 1);
-- SECU_PrintTimeChoice(out, &(crl->lastUpdate), "This Update", level + 1);
-- if (crl->nextUpdate.data && crl->nextUpdate.len) /* is optional */
-- SECU_PrintTimeChoice(out, &(crl->nextUpdate), "Next Update", level + 1);
--
-- if (crl->entries != NULL) {
-- iv = 0;
-- while ((entry = crl->entries[iv++]) != NULL) {
-- sprintf(om, "Entry (%x):\n", iv);
-- SECU_Indent(out, level + 1); fputs(om, out);
-- SECU_PrintInteger(out, &(entry->serialNumber), "Serial Number",
-- level + 2);
-- SECU_PrintTimeChoice(out, &(entry->revocationDate),
-- "Revocation Date", level + 2);
-- SECU_PrintExtensions(out, entry->extensions,
-- "Entry Extensions", level + 2);
-- }
-- }
-- SECU_PrintExtensions(out, crl->extensions, "CRL Extensions", level + 1);
--}
--
--/*
--** secu_PrintPKCS7Signed
--** Pretty print a PKCS7 signed data type (up to version 1).
--*/
--static int
--secu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src,
-- const char *m, int level)
--{
-- SECAlgorithmID *digAlg; /* digest algorithms */
-- SECItem *aCert; /* certificate */
-- CERTSignedCrl *aCrl; /* certificate revocation list */
-- SEC_PKCS7SignerInfo *sigInfo; /* signer information */
-- int rv, iv;
-- char om[100];
--
-- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
--
-- /* Parse and list digest algorithms (if any) */
-- if (src->digestAlgorithms != NULL) {
-- SECU_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n");
-- iv = 0;
-- while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {
-- sprintf(om, "Digest Algorithm (%x)", iv);
-- SECU_PrintAlgorithmID(out, digAlg, om, level + 2);
-- }
-- }
--
-- /* Now for the content */
-- rv = secu_PrintPKCS7ContentInfo(out, &(src->contentInfo),
-- "Content Information", level + 1);
-- if (rv != 0)
-- return rv;
--
-- /* Parse and list certificates (if any) */
-- if (src->rawCerts != NULL) {
-- SECU_Indent(out, level + 1); fprintf(out, "Certificate List:\n");
-- iv = 0;
-- while ((aCert = src->rawCerts[iv++]) != NULL) {
-- sprintf(om, "Certificate (%x)", iv);
-- rv = SECU_PrintSignedData(out, aCert, om, level + 2,
-- SECU_PrintCertificate);
-- if (rv)
-- return rv;
-- }
-- }
--
-- /* Parse and list CRL's (if any) */
-- if (src->crls != NULL) {
-- SECU_Indent(out, level + 1);
-- fprintf(out, "Signed Revocation Lists:\n");
-- iv = 0;
-- while ((aCrl = src->crls[iv++]) != NULL) {
-- sprintf(om, "Signed Revocation List (%x)", iv);
-- SECU_Indent(out, level + 2); fprintf(out, "%s:\n", om);
-- SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
-- "Signature Algorithm", level+3);
-- DER_ConvertBitString(&aCrl->signatureWrap.signature);
-- SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",
-- level+3);
-- SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List",
-- level + 3);
-- }
-- }
--
-- /* Parse and list signatures (if any) */
-- if (src->signerInfos != NULL) {
-- SECU_Indent(out, level + 1);
-- fprintf(out, "Signer Information List:\n");
-- iv = 0;
-- while ((sigInfo = src->signerInfos[iv++]) != NULL) {
-- sprintf(om, "Signer Information (%x)", iv);
-- secu_PrintSignerInfo(out, sigInfo, om, level + 2);
-- }
-- }
--
-- return 0;
--}
--
--/*
--** secu_PrintPKCS7Enveloped
--** Pretty print a PKCS7 enveloped data type (up to version 1).
--*/
--static void
--secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src,
-- const char *m, int level)
--{
-- SEC_PKCS7RecipientInfo *recInfo; /* pointer for signer information */
-- int iv;
-- char om[100];
--
-- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
--
-- /* Parse and list recipients (this is not optional) */
-- if (src->recipientInfos != NULL) {
-- SECU_Indent(out, level + 1);
-- fprintf(out, "Recipient Information List:\n");
-- iv = 0;
-- while ((recInfo = src->recipientInfos[iv++]) != NULL) {
-- sprintf(om, "Recipient Information (%x)", iv);
-- secu_PrintRecipientInfo(out, recInfo, om, level + 2);
-- }
-- }
--
-- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
-- "Encrypted Content Information", level + 1);
--}
--
--/*
--** secu_PrintPKCS7SignedEnveloped
--** Pretty print a PKCS7 singed and enveloped data type (up to version 1).
--*/
--static int
--secu_PrintPKCS7SignedAndEnveloped(FILE *out,
-- SEC_PKCS7SignedAndEnvelopedData *src,
-- const char *m, int level)
--{
-- SECAlgorithmID *digAlg; /* pointer for digest algorithms */
-- SECItem *aCert; /* pointer for certificate */
-- CERTSignedCrl *aCrl; /* pointer for certificate revocation list */
-- SEC_PKCS7SignerInfo *sigInfo; /* pointer for signer information */
-- SEC_PKCS7RecipientInfo *recInfo; /* pointer for recipient information */
-- int rv, iv;
-- char om[100];
--
-- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
--
-- /* Parse and list recipients (this is not optional) */
-- if (src->recipientInfos != NULL) {
-- SECU_Indent(out, level + 1);
-- fprintf(out, "Recipient Information List:\n");
-- iv = 0;
-- while ((recInfo = src->recipientInfos[iv++]) != NULL) {
-- sprintf(om, "Recipient Information (%x)", iv);
-- secu_PrintRecipientInfo(out, recInfo, om, level + 2);
-- }
-- }
--
-- /* Parse and list digest algorithms (if any) */
-- if (src->digestAlgorithms != NULL) {
-- SECU_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n");
-- iv = 0;
-- while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {
-- sprintf(om, "Digest Algorithm (%x)", iv);
-- SECU_PrintAlgorithmID(out, digAlg, om, level + 2);
-- }
-- }
--
-- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
-- "Encrypted Content Information", level + 1);
--
-- /* Parse and list certificates (if any) */
-- if (src->rawCerts != NULL) {
-- SECU_Indent(out, level + 1); fprintf(out, "Certificate List:\n");
-- iv = 0;
-- while ((aCert = src->rawCerts[iv++]) != NULL) {
-- sprintf(om, "Certificate (%x)", iv);
-- rv = SECU_PrintSignedData(out, aCert, om, level + 2,
-- SECU_PrintCertificate);
-- if (rv)
-- return rv;
-- }
-- }
--
-- /* Parse and list CRL's (if any) */
-- if (src->crls != NULL) {
-- SECU_Indent(out, level + 1);
-- fprintf(out, "Signed Revocation Lists:\n");
-- iv = 0;
-- while ((aCrl = src->crls[iv++]) != NULL) {
-- sprintf(om, "Signed Revocation List (%x)", iv);
-- SECU_Indent(out, level + 2); fprintf(out, "%s:\n", om);
-- SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
-- "Signature Algorithm", level+3);
-- DER_ConvertBitString(&aCrl->signatureWrap.signature);
-- SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",
-- level+3);
-- SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List",
-- level + 3);
-- }
-- }
--
-- /* Parse and list signatures (if any) */
-- if (src->signerInfos != NULL) {
-- SECU_Indent(out, level + 1);
-- fprintf(out, "Signer Information List:\n");
-- iv = 0;
-- while ((sigInfo = src->signerInfos[iv++]) != NULL) {
-- sprintf(om, "Signer Information (%x)", iv);
-- secu_PrintSignerInfo(out, sigInfo, om, level + 2);
-- }
-- }
--
-- return 0;
--}
--
--int
--SECU_PrintCrl (FILE *out, SECItem *der, char *m, int level)
--{
-- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-- CERTCrl *c = NULL;
-- int rv = SEC_ERROR_NO_MEMORY;
--
-- if (!arena)
-- return rv;
-- do {
-- /* Decode CRL */
-- c = PORT_ArenaZNew(arena, CERTCrl);
-- if (!c)
-- break;
--
-- rv = SEC_QuickDERDecodeItem(arena, c, SEC_ASN1_GET(CERT_CrlTemplate), der);
-- if (rv != SECSuccess)
-- break;
-- SECU_PrintCRLInfo (out, c, m, level);
-- } while (0);
-- PORT_FreeArena (arena, PR_FALSE);
-- return rv;
--}
--
--
--/*
--** secu_PrintPKCS7Encrypted
--** Pretty print a PKCS7 encrypted data type (up to version 1).
--*/
--static void
--secu_PrintPKCS7Encrypted(FILE *out, SEC_PKCS7EncryptedData *src,
-- const char *m, int level)
--{
-- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
--
-- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
-- "Encrypted Content Information", level + 1);
--}
--
--/*
--** secu_PrintPKCS7Digested
--** Pretty print a PKCS7 digested data type (up to version 1).
--*/
--static void
--secu_PrintPKCS7Digested(FILE *out, SEC_PKCS7DigestedData *src,
-- const char *m, int level)
--{
-- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
--
-- SECU_PrintAlgorithmID(out, &src->digestAlg, "Digest Algorithm",
-- level + 1);
-- secu_PrintPKCS7ContentInfo(out, &src->contentInfo, "Content Information",
-- level + 1);
-- SECU_PrintAsHex(out, &src->digest, "Digest", level + 1);
--}
--
--/*
--** secu_PrintPKCS7ContentInfo
--** Takes a SEC_PKCS7ContentInfo type and sends the contents to the
--** appropriate function
--*/
--static int
--secu_PrintPKCS7ContentInfo(FILE *out, SEC_PKCS7ContentInfo *src,
-- char *m, int level)
--{
-- const char *desc;
-- SECOidTag kind;
-- int rv;
--
-- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-- level++;
--
-- if (src->contentTypeTag == NULL)
-- src->contentTypeTag = SECOID_FindOID(&(src->contentType));
--
-- if (src->contentTypeTag == NULL) {
-- desc = "Unknown";
-- kind = SEC_OID_PKCS7_DATA;
-- } else {
-- desc = src->contentTypeTag->desc;
-- kind = src->contentTypeTag->offset;
-- }
--
-- if (src->content.data == NULL) {
-- SECU_Indent(out, level); fprintf(out, "%s:\n", desc);
-- level++;
-- SECU_Indent(out, level); fprintf(out, "<no content>\n");
-- return 0;
-- }
--
-- rv = 0;
-- switch (kind) {
-- case SEC_OID_PKCS7_SIGNED_DATA: /* Signed Data */
-- rv = secu_PrintPKCS7Signed(out, src->content.signedData, desc, level);
-- break;
--
-- case SEC_OID_PKCS7_ENVELOPED_DATA: /* Enveloped Data */
-- secu_PrintPKCS7Enveloped(out, src->content.envelopedData, desc, level);
-- break;
--
-- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: /* Signed and Enveloped */
-- rv = secu_PrintPKCS7SignedAndEnveloped(out,
-- src->content.signedAndEnvelopedData,
-- desc, level);
-- break;
--
-- case SEC_OID_PKCS7_DIGESTED_DATA: /* Digested Data */
-- secu_PrintPKCS7Digested(out, src->content.digestedData, desc, level);
-- break;
--
-- case SEC_OID_PKCS7_ENCRYPTED_DATA: /* Encrypted Data */
-- secu_PrintPKCS7Encrypted(out, src->content.encryptedData, desc, level);
-- break;
--
-- default:
-- SECU_PrintAsHex(out, src->content.data, desc, level);
-- break;
-- }
--
-- return rv;
--}
--
--/*
--** SECU_PrintPKCS7ContentInfo
--** Decode and print any major PKCS7 data type (up to version 1).
--*/
--int
--SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m, int level)
--{
-- SEC_PKCS7ContentInfo *cinfo;
-- int rv;
--
-- cinfo = SEC_PKCS7DecodeItem(der, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
-- if (cinfo != NULL) {
-- /* Send it to recursive parsing and printing module */
-- rv = secu_PrintPKCS7ContentInfo(out, cinfo, m, level);
-- SEC_PKCS7DestroyContentInfo(cinfo);
-- } else {
-- rv = -1;
-- }
--
-- return rv;
--}
--
--/*
--** End of PKCS7 functions
--*/
--
--void
--printFlags(FILE *out, unsigned int flags, int level)
--{
-- if ( flags & CERTDB_TERMINAL_RECORD ) {
-- SECU_Indent(out, level); fprintf(out, "Terminal Record\n");
-- }
-- if ( flags & CERTDB_TRUSTED ) {
-- SECU_Indent(out, level); fprintf(out, "Trusted\n");
-- }
-- if ( flags & CERTDB_SEND_WARN ) {
-- SECU_Indent(out, level); fprintf(out, "Warn When Sending\n");
-- }
-- if ( flags & CERTDB_VALID_CA ) {
-- SECU_Indent(out, level); fprintf(out, "Valid CA\n");
-- }
-- if ( flags & CERTDB_TRUSTED_CA ) {
-- SECU_Indent(out, level); fprintf(out, "Trusted CA\n");
-- }
-- if ( flags & CERTDB_NS_TRUSTED_CA ) {
-- SECU_Indent(out, level); fprintf(out, "Netscape Trusted CA\n");
-- }
-- if ( flags & CERTDB_USER ) {
-- SECU_Indent(out, level); fprintf(out, "User\n");
-- }
-- if ( flags & CERTDB_TRUSTED_CLIENT_CA ) {
-- SECU_Indent(out, level); fprintf(out, "Trusted Client CA\n");
-- }
-- if ( flags & CERTDB_GOVT_APPROVED_CA ) {
-- SECU_Indent(out, level); fprintf(out, "Step-up\n");
-- }
--}
--
--void
--SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m, int level)
--{
-- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-- SECU_Indent(out, level+1); fprintf(out, "SSL Flags:\n");
-- printFlags(out, trust->sslFlags, level+2);
-- SECU_Indent(out, level+1); fprintf(out, "Email Flags:\n");
-- printFlags(out, trust->emailFlags, level+2);
-- SECU_Indent(out, level+1); fprintf(out, "Object Signing Flags:\n");
-- printFlags(out, trust->objectSigningFlags, level+2);
--}
--
--int SECU_PrintDERName(FILE *out, SECItem *der, const char *m, int level)
--{
-- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-- CERTName *name;
-- int rv = SEC_ERROR_NO_MEMORY;
--
-- if (!arena)
-- return rv;
--
-- name = PORT_ArenaZNew(arena, CERTName);
-- if (!name)
-- goto loser;
--
-- rv = SEC_ASN1DecodeItem(arena, name, SEC_ASN1_GET(CERT_NameTemplate), der);
-- if (rv)
-- goto loser;
--
-- SECU_PrintName(out, name, m, level);
--loser:
-- PORT_FreeArena(arena, PR_FALSE);
-- return rv;
--}
--
--int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m,
-- int level, SECU_PPFunc inner)
--{
-- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-- CERTSignedData *sd;
-- int rv = SEC_ERROR_NO_MEMORY;
--
-- if (!arena)
-- return rv;
--
-- /* Strip off the signature */
-- sd = PORT_ArenaZNew(arena, CERTSignedData);
-- if (!sd)
-- goto loser;
--
-- rv = SEC_ASN1DecodeItem(arena, sd, SEC_ASN1_GET(CERT_SignedDataTemplate),
-- der);
-- if (rv)
-- goto loser;
--
-- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-- rv = (*inner)(out, &sd->data, "Data", level+1);
--
-- SECU_PrintAlgorithmID(out, &sd->signatureAlgorithm, "Signature Algorithm",
-- level+1);
-- DER_ConvertBitString(&sd->signature);
-- SECU_PrintAsHex(out, &sd->signature, "Signature", level+1);
-- SECU_PrintFingerprints(out, der, "Fingerprint", level+1);
--loser:
-- PORT_FreeArena(arena, PR_FALSE);
-- return rv;
--}
--
--SECStatus
--SEC_PrintCertificateAndTrust(CERTCertificate *cert,
-- const char *label,
-- CERTCertTrust *trust)
--{
-- SECStatus rv;
-- SECItem data;
--
-- data.data = cert->derCert.data;
-- data.len = cert->derCert.len;
--
-- rv = SECU_PrintSignedData(stdout, &data, label, 0,
-- SECU_PrintCertificate);
-- if (rv) {
-- return(SECFailure);
-- }
-- if (trust) {
-- SECU_PrintTrustFlags(stdout, trust,
-- "Certificate Trust Flags", 1);
-- } else if (cert->trust) {
-- SECU_PrintTrustFlags(stdout, cert->trust,
-- "Certificate Trust Flags", 1);
-- }
--
-- printf("\n");
--
-- return(SECSuccess);
--}
--
--#if defined(DEBUG) || defined(FORCE_PR_ASSERT)
--/* Returns true iff a[i].flag has a duplicate in a[i+1 : count-1] */
--static PRBool HasShortDuplicate(int i, secuCommandFlag *a, int count)
--{
-- char target = a[i].flag;
-- int j;
--
-- /* duplicate '\0' flags are okay, they are used with long forms */
-- for (j = i+1; j < count; j++) {
-- if (a[j].flag && a[j].flag == target) {
-- return PR_TRUE;
-- }
-- }
-- return PR_FALSE;
--}
--
--/* Returns true iff a[i].longform has a duplicate in a[i+1 : count-1] */
--static PRBool HasLongDuplicate(int i, secuCommandFlag *a, int count)
--{
-- int j;
-- char *target = a[i].longform;
--
-- if (!target)
-- return PR_FALSE;
--
-- for (j = i+1; j < count; j++) {
-- if (a[j].longform && strcmp(a[j].longform, target) == 0) {
-- return PR_TRUE;
-- }
-- }
-- return PR_FALSE;
--}
--
--/* Returns true iff a has no short or long form duplicates
-- */
--PRBool HasNoDuplicates(secuCommandFlag *a, int count)
-+PRBool HasNoDuplicates(secuCommandFlag *a, int count)
- {
- int i;
-
-@@ -3611,144 +722,6 @@ SECU_PrintPRandOSError(char *progName)
- }
-
-
--static char *
--bestCertName(CERTCertificate *cert) {
-- if (cert->nickname) {
-- return cert->nickname;
-- }
-- if (cert->emailAddr && cert->emailAddr[0]) {
-- return cert->emailAddr;
-- }
-- return cert->subjectName;
--}
--
--void
--SECU_printCertProblemsOnDate(FILE *outfile, CERTCertDBHandle *handle,
-- CERTCertificate *cert, PRBool checksig,
-- SECCertificateUsage certUsage, void *pinArg, PRBool verbose,
-- PRTime datetime)
--{
-- CERTVerifyLog log;
-- CERTVerifyLogNode *node;
--
-- PRErrorCode err = PORT_GetError();
--
-- log.arena = PORT_NewArena(512);
-- log.head = log.tail = NULL;
-- log.count = 0;
-- CERT_VerifyCertificate(handle, cert, checksig, certUsage, datetime, pinArg, &log, NULL);
--
-- SECU_displayVerifyLog(outfile, &log, verbose);
--
-- for (node = log.head; node; node = node->next) {
-- if (node->cert)
-- CERT_DestroyCertificate(node->cert);
-- }
-- PORT_FreeArena(log.arena, PR_FALSE);
--
-- PORT_SetError(err); /* restore original error code */
--}
--
--void
--SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log,
-- PRBool verbose)
--{
-- CERTVerifyLogNode *node = NULL;
-- unsigned int depth = (unsigned int)-1;
-- unsigned int flags = 0;
-- char * errstr = NULL;
+- CERTVerifyLogNode *node = NULL;
+- unsigned int depth = (unsigned int)-1;
+- unsigned int flags = 0;
+- char * errstr = NULL;
-
- if (log->count > 0) {
- fprintf(outfile,"PROBLEM WITH THE CERT CHAIN:\n");
@@ -3242,10 +1560,11 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
SECOidTag
SECU_StringToSignatureAlgTag(const char *alg)
{
-@@ -3775,298 +748,6 @@ SECU_StringToSignatureAlgTag(const char
+@@ -3776,299 +2448,6 @@ SECU_StringToSignatureAlgTag(const char
+ return hashAlgTag;
}
-
+-
-SECStatus
-SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl, PRFileDesc *outFile,
- PRBool ascii, char *url)
@@ -3541,10 +1860,11 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
/* Caller ensures that dst is at least item->len*2+1 bytes long */
void
SECU_SECItemToHex(const SECItem * item, char * dst)
-@@ -4130,39 +811,3 @@ SECU_SECItemHexStringToBinary(SECItem* s
+@@ -4131,40 +2510,3 @@ SECU_SECItemHexStringToBinary(SECItem* s
+ srcdest->len /= 2;
return SECSuccess;
}
-
+-
-CERTCertificate*
-SECU_FindCertByNicknameOrFilename(CERTCertDBHandle *handle,
- char *name, PRBool ascii,
@@ -3581,9 +1901,9 @@ diff -up mozilla/security/nss/cmd/lib/secutil.c.crypto mozilla/security/nss/cmd/
-}
-
-
-diff -up mozilla/security/nss/cmd/lib/secutil.h.crypto mozilla/security/nss/cmd/lib/secutil.h
---- mozilla/security/nss/cmd/lib/secutil.h.crypto 2011-09-16 12:16:50.000000000 -0700
-+++ mozilla/security/nss/cmd/lib/secutil.h 2011-10-11 10:40:37.266477442 -0700
+diff -up ./mozilla/security/nss/cmd/lib/secutil.h.crypto ./mozilla/security/nss/cmd/lib/secutil.h
+--- ./mozilla/security/nss/cmd/lib/secutil.h.crypto 2012-03-01 11:21:36.547241267 -0800
++++ ./mozilla/security/nss/cmd/lib/secutil.h 2012-03-01 11:31:16.154241651 -0800
@@ -38,7 +38,10 @@
#include "seccomon.h"
@@ -3595,7 +1915,7 @@ diff -up mozilla/security/nss/cmd/lib/secutil.h.crypto mozilla/security/nss/cmd/
#include "prerror.h"
#include "base64.h"
#include "key.h"
-@@ -47,109 +50,6 @@
+@@ -47,23 +50,6 @@
#include "secder.h"
#include <stdio.h>
@@ -3616,15 +1936,13 @@ diff -up mozilla/security/nss/cmd/lib/secutil.h.crypto mozilla/security/nss/cmd/
-#define NS_CRL_HEADER "-----BEGIN CRL-----"
-#define NS_CRL_TRAILER "-----END CRL-----"
-
--#define SECU_Strerror PORT_ErrorToString
--
--#ifdef SECUTIL_NEW
--typedef int (*SECU_PPFunc)(PRFileDesc *out, SECItem *item,
-- char *msg, int level);
--#else
--typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level);
--#endif
--
+ #define SECU_Strerror PORT_ErrorToString
+
+ #ifdef SECUTIL_NEW
+@@ -73,143 +59,23 @@ typedef int (*SECU_PPFunc)(PRFileDesc *o
+ typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level);
+ #endif
+
-typedef struct {
- enum {
- PW_NONE = 0,
@@ -3702,13 +2020,15 @@ diff -up mozilla/security/nss/cmd/lib/secutil.h.crypto mozilla/security/nss/cmd/
-
-/* Returns result of getenv("SSL_DIR") or NULL */
-extern char *SECU_DefaultSSLDir(void);
-
- /*
- ** Should be called once during initialization to set the default
-@@ -159,14 +59,6 @@ extern char *SECU_DefaultSSLDir(void);
- */
- extern char *SECU_ConfigDirectory(const char* base);
-
+-
+-/*
+-** Should be called once during initialization to set the default
+-** directory for looking for cert.db, key.db, and cert-nameidx.db files
+-** Removes trailing '/' in 'base'
+-** If 'base' is NULL, defaults to set to .netscape in home directory.
+-*/
+-extern char *SECU_ConfigDirectory(const char* base);
+-
-/*
-** Basic callback function for SSL_GetClientAuthDataHook
-*/
@@ -3717,10 +2037,10 @@ diff -up mozilla/security/nss/cmd/lib/secutil.h.crypto mozilla/security/nss/cmd/
- struct CERTDistNamesStr *caNames,
- struct CERTCertificateStr **pRetCert,
- struct SECKEYPrivateKeyStr **pRetKey);
-
+-
/* print out an error message */
extern void SECU_PrintError(char *progName, char *msg, ...);
-@@ -174,99 +66,22 @@ extern void SECU_PrintError(char *progNa
+
/* print out a system error message */
extern void SECU_PrintSystemError(char *progName, char *msg, ...);
@@ -3742,7 +2062,7 @@ diff -up mozilla/security/nss/cmd/lib/secutil.h.crypto mozilla/security/nss/cmd/
-extern void
-SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log,
- PRBool verbose);
--
+
/* Read the contents of a file into a SECItem */
extern SECStatus SECU_FileToItem(SECItem *dst, PRFileDesc *src);
extern SECStatus SECU_TextFileToItem(SECItem *dst, PRFileDesc *src);
@@ -3760,13 +2080,10 @@ diff -up mozilla/security/nss/cmd/lib/secutil.h.crypto mozilla/security/nss/cmd/
-/* Print ObjectIdentifier symbolically */
-extern SECOidTag SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level);
-
--/* Print AlgorithmIdentifier symbolically */
--extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m,
-- int level);
--
- /* Print SECItem as hex */
- extern void SECU_PrintAsHex(FILE *out, SECItem *i, const char *m, int level);
-
+ /* Print AlgorithmIdentifier symbolically */
+ extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m,
+ int level);
+@@ -220,53 +86,6 @@ extern void SECU_PrintAsHex(FILE *out, S
/* dump a buffer in hex and ASCII */
extern void SECU_PrintBuf(FILE *out, const char *msg, const void *vp, int len);
@@ -3820,10 +2137,14 @@ diff -up mozilla/security/nss/cmd/lib/secutil.h.crypto mozilla/security/nss/cmd/
/* Dump contents of an RSA public key */
extern int SECU_PrintRSAPublicKey(FILE *out, SECItem *der, char *m, int level);
-@@ -282,52 +97,9 @@ extern int SECU_PrintPrivateKey(FILE *ou
- extern int SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m,
- int level);
+@@ -278,31 +97,9 @@ extern int SECU_PrintSubjectPublicKeyInf
+ extern int SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level);
+ #endif
+-/* Print the MD5 and SHA1 fingerprints of a cert */
+-extern int SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m,
+- int level);
+-
-/* Pretty-print any PKCS7 thing */
-extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m,
- int level);
@@ -3845,13 +2166,13 @@ diff -up mozilla/security/nss/cmd/lib/secutil.h.crypto mozilla/security/nss/cmd/
-extern void
-SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level);
-
--extern void SECU_PrintString(FILE *out, SECItem *si, char *m, int level);
--extern void SECU_PrintAny(FILE *out, SECItem *i, char *m, int level);
--
--extern void SECU_PrintPolicy(FILE *out, SECItem *value, char *msg, int level);
--extern void SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value,
-- char *msg, int level);
--
+ extern void SECU_PrintString(FILE *out, SECItem *si, char *m, int level);
+ extern void SECU_PrintAny(FILE *out, SECItem *i, char *m, int level);
+
+@@ -310,24 +107,6 @@ extern void SECU_PrintPolicy(FILE *out,
+ extern void SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value,
+ char *msg, int level);
+
-extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
- char *msg, int level);
-
@@ -3873,7 +2194,7 @@ diff -up mozilla/security/nss/cmd/lib/secutil.h.crypto mozilla/security/nss/cmd/
extern void SECU_PrintPRandOSError(char *progName);
extern SECStatus SECU_RegisterDynamicOids(void);
-@@ -335,70 +107,6 @@ extern SECStatus SECU_RegisterDynamicOid
+@@ -335,69 +114,6 @@ extern SECStatus SECU_RegisterDynamicOid
/* Identifies hash algorithm tag by its string representation. */
extern SECOidTag SECU_StringToSignatureAlgTag(const char *alg);
@@ -3940,27 +2261,12 @@ diff -up mozilla/security/nss/cmd/lib/secutil.h.crypto mozilla/security/nss/cmd/
-SECU_EncodeAndAddExtensionValue(PRArenaPool *arena, void *extHandle,
- void *value, PRBool criticality, int extenType,
- EXTEN_EXT_VALUE_ENCODER EncodeValueFn);
--
+
/* Caller ensures that dst is at least item->len*2+1 bytes long */
void
- SECU_SECItemToHex(const SECItem * item, char * dst);
-@@ -452,13 +160,6 @@ void printflags(char *trusts, unsigned i
- extern int ffs(unsigned int i);
- #endif
-
--/* Finds certificate by searching it in the DB or by examinig file
-- * in the local directory. */
--CERTCertificate*
--SECU_FindCertByNicknameOrFilename(CERTCertDBHandle *handle,
-- char *name, PRBool ascii,
-- void *pwarg);
- #include "secerr.h"
--#include "sslerr.h"
-
- #endif /* _SEC_UTIL_H_ */
-diff -up mozilla/security/nss/cmd/manifest.mn.crypto mozilla/security/nss/cmd/manifest.mn
---- mozilla/security/nss/cmd/manifest.mn.crypto 2010-12-06 09:22:48.000000000 -0800
-+++ mozilla/security/nss/cmd/manifest.mn 2011-10-11 11:30:54.592692661 -0700
+diff -up ./mozilla/security/nss/cmd/manifest.mn.crypto ./mozilla/security/nss/cmd/manifest.mn
+--- ./mozilla/security/nss/cmd/manifest.mn.crypto 2012-03-01 11:32:10.034117495 -0800
++++ ./mozilla/security/nss/cmd/manifest.mn 2012-03-01 11:34:08.933116471 -0800
@@ -41,46 +41,9 @@ DEPTH = ../..
REQUIRES = nss nspr libdbm
@@ -3978,7 +2284,7 @@ diff -up mozilla/security/nss/cmd/manifest.mn.crypto mozilla/security/nss/cmd/ma
- dbtest \
- derdump \
- digest \
-- fipstest \
+ fipstest \
- makepqg \
- multinit \
- ocspclnt \
@@ -3995,7 +2301,6 @@ diff -up mozilla/security/nss/cmd/manifest.mn.crypto mozilla/security/nss/cmd/ma
- selfserv \
- signtool \
- signver \
-+ fipstest \
shlibsign \
- smimetools \
- ssltap \
@@ -4009,10 +2314,10 @@ diff -up mozilla/security/nss/cmd/manifest.mn.crypto mozilla/security/nss/cmd/ma
$(NULL)
TEMPORARILY_DONT_BUILD = \
-diff -up mozilla/security/nss/cmd/platlibs.mk.crypto mozilla/security/nss/cmd/platlibs.mk
---- mozilla/security/nss/cmd/platlibs.mk.crypto 2010-06-11 17:58:33.000000000 -0700
-+++ mozilla/security/nss/cmd/platlibs.mk 2011-10-11 10:40:37.319478239 -0700
-@@ -92,44 +92,13 @@ DEFINES += -DNSS_USE_STATIC_LIBS
+diff -up ./mozilla/security/nss/cmd/platlibs.mk.crypto ./mozilla/security/nss/cmd/platlibs.mk
+--- ./mozilla/security/nss/cmd/platlibs.mk.crypto 2012-03-01 11:34:45.299116827 -0800
++++ ./mozilla/security/nss/cmd/platlibs.mk 2012-03-01 11:53:15.822241384 -0800
+@@ -92,43 +92,13 @@ DEFINES += -DNSS_USE_STATIC_LIBS
# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
CRYPTOLIB=$(SOFTOKEN_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
@@ -4053,11 +2358,10 @@ diff -up mozilla/security/nss/cmd/platlibs.mk.crypto mozilla/security/nss/cmd/pl
- $(PKIXLIB) \
- $(DBMLIB) \
- $(DIST)/lib/$(LIB_PREFIX)$(SQLITE_LIB_NAME).$(LIB_SUFFIX) \
-- $(DIST)/lib/$(LIB_PREFIX)nssutil3.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)nssutil3.$(LIB_SUFFIX) \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \
- $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \
-@@ -143,30 +112,9 @@ EXTRA_LIBS += \
+@@ -143,30 +113,9 @@ EXTRA_LIBS += \
else
EXTRA_LIBS += \
@@ -4088,30 +2392,28 @@ diff -up mozilla/security/nss/cmd/platlibs.mk.crypto mozilla/security/nss/cmd/pl
$(NULL)
ifeq ($(OS_ARCH), AIX)
-@@ -199,9 +147,6 @@ ifeq (,$(filter-out WINNT WINCE,$(OS_ARC
+@@ -199,8 +148,6 @@ ifeq (,$(filter-out WINNT WINCE,$(OS_ARC
EXTRA_LIBS += \
$(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
$(DIST)/lib/$(IMPORT_LIB_PREFIX)nssutil3$(IMPORT_LIB_SUFFIX) \
- $(DIST)/lib/$(IMPORT_LIB_PREFIX)smime3$(IMPORT_LIB_SUFFIX) \
- $(DIST)/lib/$(IMPORT_LIB_PREFIX)ssl3$(IMPORT_LIB_SUFFIX) \
-- $(DIST)/lib/$(IMPORT_LIB_PREFIX)nss3$(IMPORT_LIB_SUFFIX) \
+ $(DIST)/lib/$(IMPORT_LIB_PREFIX)nss3$(IMPORT_LIB_SUFFIX) \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4$(IMPORT_LIB_SUFFIX) \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4$(IMPORT_LIB_SUFFIX) \
- $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4$(IMPORT_LIB_SUFFIX) \
-@@ -227,9 +172,6 @@ endif
+@@ -227,8 +174,6 @@ endif
# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
EXTRA_SHARED_LIBS += \
-L$(DIST)/lib \
- -lssl3 \
- -lsmime3 \
-- -lnss3 \
+ -lnss3 \
-L$(NSSUTIL_LIB_DIR) \
-lnssutil3 \
- -L$(NSPR_LIB_DIR) \
-diff -up mozilla/security/nss/tests/all.sh.crypto mozilla/security/nss/tests/all.sh
---- mozilla/security/nss/tests/all.sh.crypto 2010-01-29 11:58:40.000000000 -0800
-+++ mozilla/security/nss/tests/all.sh 2011-10-11 11:06:41.884531933 -0700
-@@ -303,18 +303,18 @@ run_cycles()
+diff -up ./mozilla/security/nss/tests/all.sh.crypto ./mozilla/security/nss/tests/all.sh
+--- ./mozilla/security/nss/tests/all.sh.crypto 2012-03-01 11:53:54.442241531 -0800
++++ ./mozilla/security/nss/tests/all.sh 2012-03-01 12:05:47.277116230 -0800
+@@ -303,10 +303,10 @@ run_cycles()
############################## main code ###############################
@@ -4124,16 +2426,6 @@ diff -up mozilla/security/nss/tests/all.sh.crypto mozilla/security/nss/tests/all
TESTS=${NSS_TESTS:-$tests}
ALL_TESTS=${TESTS}
-
--nss_ssl_tests="crl bypass_normal normal_bypass fips_normal normal_fips iopr"
-+nss_ssl_tests=""
- NSS_SSL_TESTS="${NSS_SSL_TESTS:-$nss_ssl_tests}"
-
--nss_ssl_run="cov auth stress"
-+nss_ssl_run=""
- NSS_SSL_RUN="${NSS_SSL_RUN:-$nss_ssl_run}"
-
- SCRIPTNAME=all.sh
@@ -328,13 +328,20 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
fi
diff --git a/sources b/sources
index ce78c5c..3d79706 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-3daa76bcd96fa425dc7efaab6989faa5 nss-softokn-3.13.1-stripped.tar.bz2
+f2cb15dd1e1119bb718de1730a5b6a0f nss-softokn-3.13.3-stripped.tar.bz2
More information about the scm-commits
mailing list