[nss-softokn] Remove move functions that call higher level layers
Elio Maldonado
emaldonado at fedoraproject.org
Thu Mar 1 21:47:27 UTC 2012
commit 9896264dbc20022b780a2eac86233d8ed5848d05
Author: Elio Maldonado Batiz <emaldona at redhat.com>
Date: Thu Mar 1 13:46:36 2012 -0800
Remove move functions that call higher level layers
softoken-minimal-test-dependencies.patch | 2205 ++++++++++++++++++++++++++----
1 files changed, 1955 insertions(+), 250 deletions(-)
---
diff --git a/softoken-minimal-test-dependencies.patch b/softoken-minimal-test-dependencies.patch
index bc31ad1..b03cadf 100644
--- a/softoken-minimal-test-dependencies.patch
+++ b/softoken-minimal-test-dependencies.patch
@@ -1,6 +1,6 @@
diff -up ./mozilla/security/nss/cmd/lib/manifest.mn.crypto ./mozilla/security/nss/cmd/lib/manifest.mn
---- ./mozilla/security/nss/cmd/lib/manifest.mn.crypto 2012-03-01 10:38:40.329117418 -0800
-+++ ./mozilla/security/nss/cmd/lib/manifest.mn 2012-03-01 10:39:42.340116821 -0800
+--- ./mozilla/security/nss/cmd/lib/manifest.mn.crypto 2011-09-16 12:16:50.000000000 -0700
++++ ./mozilla/security/nss/cmd/lib/manifest.mn 2012-03-01 13:22:52.801116867 -0800
@@ -48,11 +48,6 @@ PRIVATE_EXPORTS = secutil.h \
$(NULL)
@@ -14,8 +14,8 @@ diff -up ./mozilla/security/nss/cmd/lib/manifest.mn.crypto ./mozilla/security/ns
$(NULL)
diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/cmd/lib/secutil.c
---- ./mozilla/security/nss/cmd/lib/secutil.c.crypto 2012-03-01 10:40:37.022241831 -0800
-+++ ./mozilla/security/nss/cmd/lib/secutil.c 2012-03-01 11:20:43.174116443 -0800
+--- ./mozilla/security/nss/cmd/lib/secutil.c.crypto 2011-11-16 11:12:30.000000000 -0800
++++ ./mozilla/security/nss/cmd/lib/secutil.c 2012-03-01 13:39:07.618241181 -0800
@@ -48,10 +48,7 @@
#include "prenv.h"
#include "prnetdb.h"
@@ -580,12 +580,37 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
#define INDENT_MULT 4
void
SECU_Indent(FILE *out, int level)
-@@ -975,769 +461,94 @@ SECU_PrintInteger(FILE *out, SECItem *i,
+@@ -914,23 +400,6 @@ SECU_PrintBuf(FILE *out, const char *msg
+ }
+ }
+
+-SECStatus
+-SECU_StripTagAndLength(SECItem *i)
+-{
+- unsigned int start;
+-
+- if (!i || !i->data || i->len < 2) { /* must be at least tag and length */
+- return SECFailure;
+- }
+- start = ((i->data[1] & 0x80) ? (i->data[1] & 0x7f) + 2 : 2);
+- if (i->len < start) {
+- return SECFailure;
+- }
+- i->data += start;
+- i->len -= start;
+- return SECSuccess;
+-}
+-
+
+ /* This expents i->data[0] to be the MSB of the integer.
+ ** if you want to print a DER-encoded integer (with the tag and length)
+@@ -975,2427 +444,126 @@ SECU_PrintInteger(FILE *out, SECItem *i,
}
static void
-secu_PrintRawString(FILE *out, SECItem *si, const char *m, int level)
--{
++secu_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
+ {
- int column;
- unsigned int i;
-
@@ -612,36 +637,63 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
- fprintf(out, "\""); column++;
- if (column != level*INDENT_MULT || column > 76) {
- secu_Newline(out);
-- }
--}
--
++ SECU_Indent(out, level); fprintf(out, "%s:\n", m);
++ SECU_PrintInteger(out, &pk->u.rsa.modulus, "Modulus", level+1);
++ SECU_PrintInteger(out, &pk->u.rsa.publicExponent, "Exponent", level+1);
++ if (pk->u.rsa.publicExponent.len == 1 &&
++ pk->u.rsa.publicExponent.data[0] == 1) {
++ SECU_Indent(out, level +1); fprintf(out, "Error: INVALID RSA KEY!\n");
+ }
+ }
+
-void
-SECU_PrintString(FILE *out, SECItem *si, char *m, int level)
--{
++static void
++secu_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
+ {
- SECItem my = *si;
-
- if (SECSuccess != SECU_StripTagAndLength(&my) || !my.len)
- return;
- secu_PrintRawString(out, &my, m, level);
--}
--
++ SECU_Indent(out, level); fprintf(out, "%s:\n", m);
++ SECU_PrintInteger(out, &pk->u.dsa.params.prime, "Prime", level+1);
++ SECU_PrintInteger(out, &pk->u.dsa.params.subPrime, "Subprime", level+1);
++ SECU_PrintInteger(out, &pk->u.dsa.params.base, "Base", level+1);
++ SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level+1);
+ }
+
-/* print an unencoded boolean */
--static void
++#ifdef NSS_ENABLE_ECC
+ static void
-secu_PrintBoolean(FILE *out, SECItem *i, const char *m, int level)
--{
++secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
+ {
- int val = 0;
-
- if ( i->data && i->len ) {
- val = i->data[0];
- }
--
++ SECItem curveOID = { siBuffer, NULL, 0};
+
- if (!m) {
- m = "Boolean";
-- }
++ SECU_Indent(out, level); fprintf(out, "%s:\n", m);
++ SECU_PrintInteger(out, &pk->u.ec.publicValue, "PublicValue", level+1);
++ /* For named curves, the DEREncodedParams field contains an
++ * ASN Object ID (0x06 is SEC_ASN1_OBJECT_ID).
++ */
++ if ((pk->u.ec.DEREncodedParams.len > 2) &&
++ (pk->u.ec.DEREncodedParams.data[0] == 0x06)) {
++ curveOID.len = pk->u.ec.DEREncodedParams.data[1];
++ curveOID.data = pk->u.ec.DEREncodedParams.data + 2;
++ SECU_PrintObjectID(out, &curveOID, "Curve", level +1);
+ }
- SECU_Indent(out, level);
- fprintf(out, "%s: %s\n", m, (val ? "True" : "False"));
--}
--
+ }
++#endif /* NSS_ENABLE_ECC */
+
-/*
- * Format and print "time". If the tag message "m" is not NULL,
- * do indent formatting based on "level" and add a newline afterward;
@@ -649,7 +701,10 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
- */
-static void
-secu_PrintTime(FILE *out, int64 time, char *m, int level)
--{
++#if defined(DEBUG) || defined(FORCE_PR_ASSERT)
++/* Returns true iff a[i].flag has a duplicate in a[i+1 : count-1] */
++static PRBool HasShortDuplicate(int i, secuCommandFlag *a, int count)
+ {
- PRExplodedTime printableTime;
- char *timeString;
-
@@ -659,33 +714,58 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
- timeString = PORT_Alloc(256);
- if (timeString == NULL)
- return;
--
++ char target = a[i].flag;
++ int j;
+
- if (m != NULL) {
- SECU_Indent(out, level);
- fprintf(out, "%s: ", m);
- }
--
++ /* duplicate '\0' flags are okay, they are used with long forms */
++ for (j = i+1; j < count; j++) {
++ if (a[j].flag && a[j].flag == target) {
++ return PR_TRUE;
++ }
++ }
++ return PR_FALSE;
++}
++#endif /* defined(DEBUG) || defined(FORCE_PR_ASSERT) */
+
- if (PR_FormatTime(timeString, 256, "%a %b %d %H:%M:%S %Y", &printableTime)) {
- fputs(timeString, out);
- }
--
++/* Returns true iff a[i].longform has a duplicate in a[i+1 : count-1] */
++static PRBool HasLongDuplicate(int i, secuCommandFlag *a, int count)
++{
++ int j;
++ char *target = a[i].longform;
+
- if (m != NULL)
- fprintf(out, "\n");
--
++ if (!target)
++ return PR_FALSE;
+
- PORT_Free(timeString);
--}
--
++ for (j = i+1; j < count; j++) {
++ if (a[j].longform && strcmp(a[j].longform, target) == 0) {
++ return PR_TRUE;
++ }
++ }
++ return PR_FALSE;
+ }
+
-/*
- * Format and print the UTC Time "t". If the tag message "m" is not NULL,
- * do indent formatting based on "level" and add a newline afterward;
- * otherwise just print the formatted time string only.
-- */
++/* Returns true iff a has no short or long form duplicates
+ */
-void
-SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level)
-{
- int64 time;
- SECStatus rv;
--
+
- rv = DER_UTCTimeToTime(&time, t);
- if (rv != SECSuccess)
- return;
@@ -1189,134 +1269,1832 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
- SECStatus rv;
- secuPBEParams param;
-
-- if (m) {
-- SECU_Indent(out, level);
-- fprintf (out, "%s:\n", m);
-- }
+- if (m) {
+- SECU_Indent(out, level);
+- fprintf (out, "%s:\n", m);
+- }
+-
+- if (!pool) {
+- SECU_Indent(out, level);
+- fprintf(out, "Out of memory\n");
+- return;
+- }
+-
+- PORT_Memset(¶m, 0, sizeof param);
+- rv = SEC_QuickDERDecodeItem(pool, ¶m, secuKDF2Params, value);
+- if (rv == SECSuccess) {
+- SECU_PrintAsHex(out, ¶m.salt, "Salt", level+1);
+- SECU_PrintInteger(out, ¶m.iterationCount, "Iteration Count",
+- level+1);
+- SECU_PrintInteger(out, ¶m.keyLength, "Key Length", level+1);
+- SECU_PrintAlgorithmID(out, ¶m.kdfAlg, "KDF algorithm", level+1);
+- }
+- PORT_FreeArena(pool, PR_FALSE);
+-}
+-
+-void
+-secu_PrintPKCS5V2Params(FILE *out, SECItem *value, char *m, int level)
+-{
+- PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+- SECStatus rv;
+- secuPBEParams param;
+-
+- if (m) {
+- SECU_Indent(out, level);
+- fprintf (out, "%s:\n", m);
+- }
+-
+- if (!pool) {
+- SECU_Indent(out, level);
+- fprintf(out, "Out of memory\n");
+- return;
+- }
+-
+- PORT_Memset(¶m, 0, sizeof param);
+- rv = SEC_QuickDERDecodeItem(pool, ¶m, secuPBEV2Params, value);
+- if (rv == SECSuccess) {
+- SECU_PrintAlgorithmID(out, ¶m.kdfAlg, "KDF", level+1);
+- SECU_PrintAlgorithmID(out, ¶m.cipherAlg, "Cipher", level+1);
+- }
+- PORT_FreeArena(pool, PR_FALSE);
+-}
+-
+-void
+-secu_PrintPBEParams(FILE *out, SECItem *value, char *m, int level)
+-{
+- PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+- SECStatus rv;
+- secuPBEParams param;
+-
+- if (m) {
+- SECU_Indent(out, level);
+- fprintf (out, "%s:\n", m);
+- }
+-
+- if (!pool) {
+- SECU_Indent(out, level);
+- fprintf(out, "Out of memory\n");
+- return;
+- }
+-
+- PORT_Memset(¶m, 0, sizeof(secuPBEParams));
+- rv = SEC_QuickDERDecodeItem(pool, ¶m, secuPBEParamsTemp, value);
+- if (rv == SECSuccess) {
+- SECU_PrintAsHex(out, ¶m.salt, "Salt", level+1);
+- SECU_PrintInteger(out, ¶m.iterationCount, "Iteration Count",
+- level+1);
+- }
+- PORT_FreeArena(pool, PR_FALSE);
+-}
+-
+-/* This function does NOT expect a DER type and length. */
+-void
+-SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, int level)
+-{
+- SECOidTag algtag;
+- SECU_PrintObjectID(out, &a->algorithm, m, level);
+-
+- algtag = SECOID_GetAlgorithmTag(a);
+- if (SEC_PKCS5IsAlgorithmPBEAlgTag(algtag)) {
+- switch (algtag) {
+- case SEC_OID_PKCS5_PBKDF2:
+- secu_PrintKDF2Params(out, &a->parameters, "Parameters", level+1);
+- break;
+- case SEC_OID_PKCS5_PBES2:
+- secu_PrintPKCS5V2Params(out, &a->parameters, "Encryption", level+1);
+- break;
+- case SEC_OID_PKCS5_PBMAC1:
+- secu_PrintPKCS5V2Params(out, &a->parameters, "MAC", level+1);
+- break;
+- default:
+- secu_PrintPBEParams(out, &a->parameters, "Parameters", level+1);
+- break;
+- }
+- return;
+- }
+-
+- if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
+- secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level+1);
+- return;
+- }
+-
+- if (a->parameters.len == 0
+- || (a->parameters.len == 2
+- && PORT_Memcmp(a->parameters.data, "\005\000", 2) == 0)) {
+- /* No arguments or NULL argument */
+- } else {
+- /* Print args to algorithm */
+- SECU_PrintAsHex(out, &a->parameters, "Args", level+1);
+- }
+-}
+-
+-static void
+-secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level)
+-{
+- SECItem *value;
+- int i;
+- char om[100];
+-
+- if (m) {
+- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- }
+-
+- /*
+- * Should make this smarter; look at the type field and then decode
+- * and print the value(s) appropriately!
+- */
+- SECU_PrintObjectID(out, &(attr->type), "Type", level+1);
+- if (attr->values != NULL) {
+- i = 0;
+- while ((value = attr->values[i++]) != NULL) {
+- sprintf(om, "Value (%d)%s", i, attr->encoded ? " (encoded)" : "");
+- if (attr->encoded || attr->typeTag == NULL) {
+- SECU_PrintAny(out, value, om, level+1);
+- } else {
+- switch (attr->typeTag->offset) {
+- default:
+- SECU_PrintAsHex(out, value, om, level+1);
+- break;
+- case SEC_OID_PKCS9_CONTENT_TYPE:
+- SECU_PrintObjectID(out, value, om, level+1);
+- break;
+- case SEC_OID_PKCS9_SIGNING_TIME:
+- SECU_PrintTimeChoice(out, value, om, level+1);
+- break;
+- }
+- }
+- }
+- }
+-}
+-
+-static void
+-secu_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
+-{
+-
+- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- SECU_PrintInteger(out, &pk->u.rsa.modulus, "Modulus", level+1);
+- SECU_PrintInteger(out, &pk->u.rsa.publicExponent, "Exponent", level+1);
+- if (pk->u.rsa.publicExponent.len == 1 &&
+- pk->u.rsa.publicExponent.data[0] == 1) {
+- SECU_Indent(out, level +1); fprintf(out, "Error: INVALID RSA KEY!\n");
+- }
+-}
+-
+-static void
+-secu_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
+-{
+- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- SECU_PrintInteger(out, &pk->u.dsa.params.prime, "Prime", level+1);
+- SECU_PrintInteger(out, &pk->u.dsa.params.subPrime, "Subprime", level+1);
+- SECU_PrintInteger(out, &pk->u.dsa.params.base, "Base", level+1);
+- SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level+1);
+-}
+-
+-#ifdef NSS_ENABLE_ECC
+-static void
+-secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
+-{
+- SECItem curveOID = { siBuffer, NULL, 0};
+-
+- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- SECU_PrintInteger(out, &pk->u.ec.publicValue, "PublicValue", level+1);
+- /* For named curves, the DEREncodedParams field contains an
+- * ASN Object ID (0x06 is SEC_ASN1_OBJECT_ID).
+- */
+- if ((pk->u.ec.DEREncodedParams.len > 2) &&
+- (pk->u.ec.DEREncodedParams.data[0] == 0x06)) {
+- curveOID.len = pk->u.ec.DEREncodedParams.data[1];
+- curveOID.data = pk->u.ec.DEREncodedParams.data + 2;
+- SECU_PrintObjectID(out, &curveOID, "Curve", level +1);
+- }
+-}
+-#endif /* NSS_ENABLE_ECC */
+-
+-static void
+-secu_PrintSubjectPublicKeyInfo(FILE *out, PRArenaPool *arena,
+- CERTSubjectPublicKeyInfo *i, char *msg, int level)
+-{
+- SECKEYPublicKey *pk;
+-
+- SECU_Indent(out, level); fprintf(out, "%s:\n", msg);
+- SECU_PrintAlgorithmID(out, &i->algorithm, "Public Key Algorithm", level+1);
+-
+- pk = SECKEY_ExtractPublicKey(i);
+- if (pk) {
+- switch (pk->keyType) {
+- case rsaKey:
+- secu_PrintRSAPublicKey(out, pk, "RSA Public Key", level +1);
+- break;
+-
+- case dsaKey:
+- secu_PrintDSAPublicKey(out, pk, "DSA Public Key", level +1);
+- break;
+-
+-#ifdef NSS_ENABLE_ECC
+- case ecKey:
+- secu_PrintECPublicKey(out, pk, "EC Public Key", level +1);
+- break;
+-#endif
+-
+- case dhKey:
+- case fortezzaKey:
+- case keaKey:
+- SECU_Indent(out, level);
+- fprintf(out, "unable to format this SPKI algorithm type\n");
+- goto loser;
+- default:
+- SECU_Indent(out, level);
+- fprintf(out, "unknown SPKI algorithm type\n");
+- goto loser;
+- }
+- PORT_FreeArena(pk->arena, PR_FALSE);
+- } else {
+- SECU_PrintErrMsg(out, level, "Error", "Parsing public key");
+-loser:
+- if (i->subjectPublicKey.data) {
+- SECU_PrintAny(out, &i->subjectPublicKey, "Raw", level);
+- }
+- }
+-}
+-
+-static SECStatus
+-secu_PrintX509InvalidDate(FILE *out, SECItem *value, char *msg, int level)
+-{
+- SECItem decodedValue;
+- SECStatus rv;
+- int64 invalidTime;
+- char *formattedTime = NULL;
+-
+- decodedValue.data = NULL;
+- rv = SEC_ASN1DecodeItem (NULL, &decodedValue,
+- SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
+- value);
+- if (rv == SECSuccess) {
+- rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue);
+- if (rv == SECSuccess) {
+- formattedTime = CERT_GenTime2FormattedAscii
+- (invalidTime, "%a %b %d %H:%M:%S %Y");
+- SECU_Indent(out, level +1);
+- fprintf (out, "%s: %s\n", msg, formattedTime);
+- PORT_Free (formattedTime);
+- }
+- }
+- PORT_Free (decodedValue.data);
+- return (rv);
+-}
+-
+-static SECStatus
+-PrintExtKeyUsageExtension (FILE *out, SECItem *value, char *msg, int level)
+-{
+- CERTOidSequence *os;
+- SECItem **op;
+-
+- os = CERT_DecodeOidSequence(value);
+- if( (CERTOidSequence *)NULL == os ) {
+- return SECFailure;
+- }
+-
+- for( op = os->oids; *op; op++ ) {
+- SECU_PrintObjectID(out, *op, msg, level + 1);
+- }
+- CERT_DestroyOidSequence(os);
+- return SECSuccess;
+-}
+-
+-static SECStatus
+-secu_PrintBasicConstraints(FILE *out, SECItem *value, char *msg, int level) {
+- CERTBasicConstraints constraints;
+- SECStatus rv;
+-
+- SECU_Indent(out, level);
+- if (msg) {
+- fprintf(out,"%s: ",msg);
+- }
+- rv = CERT_DecodeBasicConstraintValue(&constraints,value);
+- if (rv == SECSuccess && constraints.isCA) {
+- if (constraints.pathLenConstraint >= 0) {
+- fprintf(out,"Is a CA with a maximum path length of %d.\n",
+- constraints.pathLenConstraint);
+- } else {
+- fprintf(out,"Is a CA with no maximum path length.\n");
+- }
+- } else {
+- fprintf(out,"Is not a CA.\n");
+- }
+- return SECSuccess;
+-}
+-
+-static const char * const nsTypeBits[] = {
+- "SSL Client",
+- "SSL Server",
+- "S/MIME",
+- "Object Signing",
+- "Reserved",
+- "SSL CA",
+- "S/MIME CA",
+- "ObjectSigning CA"
+-};
+-
+-/* NSCertType is merely a bit string whose bits are displayed symbolically */
+-static SECStatus
+-secu_PrintNSCertType(FILE *out, SECItem *value, char *msg, int level)
+-{
+- int unused;
+- int NS_Type;
+- int i;
+- int found = 0;
+- SECItem my = *value;
+-
+- if ((my.data[0] != SEC_ASN1_BIT_STRING) ||
+- SECSuccess != SECU_StripTagAndLength(&my)) {
+- SECU_PrintAny(out, value, "Data", level);
+- return SECSuccess;
+- }
+-
+- unused = (my.len == 2) ? (my.data[0] & 0x0f) : 0;
+- NS_Type = my.data[1] & (0xff << unused);
+-
+-
+- SECU_Indent(out, level);
+- if (msg) {
+- fprintf(out,"%s: ",msg);
+- } else {
+- fprintf(out,"Netscape Certificate Type: ");
+- }
+- for (i=0; i < 8; i++) {
+- if ( (0x80 >> i) & NS_Type) {
+- fprintf(out, "%c%s", (found ? ',' : '<'), nsTypeBits[i]);
+- found = 1;
+- }
+- }
+- fprintf(out, (found ? ">\n" : "none\n"));
+- return SECSuccess;
+-}
+-
+-static const char * const usageBits[] = {
+- "Digital Signature", /* 0x80 */
+- "Non-Repudiation", /* 0x40 */
+- "Key Encipherment", /* 0x20 */
+- "Data Encipherment", /* 0x10 */
+- "Key Agreement", /* 0x08 */
+- "Certificate Signing", /* 0x04 */
+- "CRL Signing", /* 0x02 */
+- "Encipher Only", /* 0x01 */
+- "Decipher Only", /* 0x0080 */
+- NULL
+-};
+-
+-/* X509KeyUsage is merely a bit string whose bits are displayed symbolically */
+-static void
+-secu_PrintX509KeyUsage(FILE *out, SECItem *value, char *msg, int level)
+-{
+- int unused;
+- int usage;
+- int i;
+- int found = 0;
+- SECItem my = *value;
+-
+- if ((my.data[0] != SEC_ASN1_BIT_STRING) ||
+- SECSuccess != SECU_StripTagAndLength(&my)) {
+- SECU_PrintAny(out, value, "Data", level);
+- return;
+- }
+-
+- unused = (my.len >= 2) ? (my.data[0] & 0x0f) : 0;
+- usage = (my.len == 2) ? (my.data[1] & (0xff << unused)) << 8
+- : (my.data[1] << 8) |
+- (my.data[2] & (0xff << unused));
+-
+- SECU_Indent(out, level);
+- fprintf(out, "Usages: ");
+- for (i=0; usageBits[i]; i++) {
+- if ( (0x8000 >> i) & usage) {
+- if (found)
+- SECU_Indent(out, level + 2);
+- fprintf(out, "%s\n", usageBits[i]);
+- found = 1;
+- }
+- }
+- if (!found) {
+- fprintf(out, "(none)\n");
+- }
+-}
+-
+-static void
+-secu_PrintIPAddress(FILE *out, SECItem *value, char *msg, int level)
+-{
+- PRStatus st;
+- PRNetAddr addr;
+- char addrBuf[80];
+-
+- memset(&addr, 0, sizeof addr);
+- if (value->len == 4) {
+- addr.inet.family = PR_AF_INET;
+- memcpy(&addr.inet.ip, value->data, value->len);
+- } else if (value->len == 16) {
+- addr.ipv6.family = PR_AF_INET6;
+- memcpy(addr.ipv6.ip.pr_s6_addr, value->data, value->len);
+- if (PR_IsNetAddrType(&addr, PR_IpAddrV4Mapped)) {
+- /* convert to IPv4. */
+- addr.inet.family = PR_AF_INET;
+- memcpy(&addr.inet.ip, &addr.ipv6.ip.pr_s6_addr[12], 4);
+- memset(&addr.inet.pad[0], 0, sizeof addr.inet.pad);
+- }
+- } else {
+- goto loser;
+- }
+-
+- st = PR_NetAddrToString(&addr, addrBuf, sizeof addrBuf);
+- if (st == PR_SUCCESS) {
+- SECU_Indent(out, level);
+- fprintf(out, "%s: %s\n", msg, addrBuf);
+- } else {
+-loser:
+- SECU_PrintAsHex(out, value, msg, level);
+- }
+-}
+-
+-
+-static void
+-secu_PrintGeneralName(FILE *out, CERTGeneralName *gname, char *msg, int level)
+-{
+- char label[40];
+- if (msg && msg[0]) {
+- SECU_Indent(out, level++); fprintf(out, "%s: \n", msg);
+- }
+- switch (gname->type) {
+- case certOtherName :
+- SECU_PrintAny( out, &gname->name.OthName.name, "Other Name", level);
+- SECU_PrintObjectID(out, &gname->name.OthName.oid, "OID", level+1);
+- break;
+- case certDirectoryName :
+- SECU_PrintName(out, &gname->name.directoryName, "Directory Name", level);
+- break;
+- case certRFC822Name :
+- secu_PrintRawString( out, &gname->name.other, "RFC822 Name", level);
+- break;
+- case certDNSName :
+- secu_PrintRawString( out, &gname->name.other, "DNS name", level);
+- break;
+- case certURI :
+- secu_PrintRawString( out, &gname->name.other, "URI", level);
+- break;
+- case certIPAddress :
+- secu_PrintIPAddress(out, &gname->name.other, "IP Address", level);
+- break;
+- case certRegisterID :
+- SECU_PrintObjectID( out, &gname->name.other, "Registered ID", level);
+- break;
+- case certX400Address :
+- SECU_PrintAny( out, &gname->name.other, "X400 Address", level);
+- break;
+- case certEDIPartyName :
+- SECU_PrintAny( out, &gname->name.other, "EDI Party", level);
+- break;
+- default:
+- PR_snprintf(label, sizeof label, "unknown type [%d]",
+- (int)gname->type - 1);
+- SECU_PrintAsHex(out, &gname->name.other, label, level);
+- break;
+- }
+-}
+-
+-static void
+-secu_PrintGeneralNames(FILE *out, CERTGeneralName *gname, char *msg, int level)
+-{
+- CERTGeneralName *name = gname;
+- do {
+- secu_PrintGeneralName(out, name, msg, level);
+- name = CERT_GetNextGeneralName(name);
+- } while (name && name != gname);
+-}
+-
+-
+-static void
+-secu_PrintAuthKeyIDExtension(FILE *out, SECItem *value, char *msg, int level)
+-{
+- CERTAuthKeyID *kid = NULL;
+- PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+-
+- if (!pool) {
+- SECU_PrintError("Error", "Allocating new ArenaPool");
+- return;
+- }
+- kid = CERT_DecodeAuthKeyID(pool, value);
+- if (!kid) {
+- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+- SECU_PrintAny(out, value, "Data", level);
+- } else {
+- int keyIDPresent = (kid->keyID.data && kid->keyID.len);
+- int issuerPresent = kid->authCertIssuer != NULL;
+- int snPresent = (kid->authCertSerialNumber.data &&
+- kid->authCertSerialNumber.len);
+-
+- if (keyIDPresent)
+- SECU_PrintAsHex(out, &kid->keyID, "Key ID", level);
+- if (issuerPresent)
+- secu_PrintGeneralName(out, kid->authCertIssuer, "Issuer", level);
+- if (snPresent)
+- SECU_PrintInteger(out, &kid->authCertSerialNumber,
+- "Serial Number", level);
+- }
+- PORT_FreeArena(pool, PR_FALSE);
+-}
+-
+-
+-static void
+-secu_PrintAltNameExtension(FILE *out, SECItem *value, char *msg, int level)
+-{
+- CERTGeneralName * nameList;
+- CERTGeneralName * current;
+- PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+-
+- if (!pool) {
+- SECU_PrintError("Error", "Allocating new ArenaPool");
+- return;
+- }
+- nameList = current = CERT_DecodeAltNameExtension(pool, value);
+- if (!current) {
+- if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) {
+- /* Decoder found empty sequence, which is invalid. */
+- PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
+- }
+- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+- SECU_PrintAny(out, value, "Data", level);
+- } else {
+- do {
+- secu_PrintGeneralName(out, current, msg, level);
+- current = CERT_GetNextGeneralName(current);
+- } while (current != nameList);
+- }
+- PORT_FreeArena(pool, PR_FALSE);
+-}
+-
+-static void
+-secu_PrintCRLDistPtsExtension(FILE *out, SECItem *value, char *msg, int level)
+-{
+- CERTCrlDistributionPoints * dPoints;
+- PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+-
+- if (!pool) {
+- SECU_PrintError("Error", "Allocating new ArenaPool");
+- return;
+- }
+- dPoints = CERT_DecodeCRLDistributionPoints(pool, value);
+- if (dPoints && dPoints->distPoints && dPoints->distPoints[0]) {
+- CRLDistributionPoint ** pPoints = dPoints->distPoints;
+- CRLDistributionPoint * pPoint;
+- while (NULL != (pPoint = *pPoints++)) {
+- SECU_Indent(out, level); fputs("Distribution point:\n", out);
+- if (pPoint->distPointType == generalName &&
+- pPoint->distPoint.fullName != NULL) {
+- secu_PrintGeneralNames(out, pPoint->distPoint.fullName, NULL,
+- level + 1);
+- } else if (pPoint->distPointType == relativeDistinguishedName &&
+- pPoint->distPoint.relativeName.avas) {
+- SECU_PrintRDN(out, &pPoint->distPoint.relativeName, "RDN",
+- level + 1);
+- } else if (pPoint->derDistPoint.data) {
+- SECU_PrintAny(out, &pPoint->derDistPoint, "Point", level + 1);
+- }
+- if (pPoint->reasons.data) {
+- secu_PrintDecodedBitString(out, &pPoint->reasons, "Reasons",
+- level + 1);
+- }
+- if (pPoint->crlIssuer) {
+- secu_PrintGeneralName(out, pPoint->crlIssuer, "CRL issuer",
+- level + 1);
+- }
+- }
+- } else {
+- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+- SECU_PrintAny(out, value, "Data", level);
+- }
+- PORT_FreeArena(pool, PR_FALSE);
+-}
+-
+-
+-static void
+-secu_PrintNameConstraintSubtree(FILE *out, CERTNameConstraint *value,
+- char *msg, int level)
+-{
+- CERTNameConstraint *head = value;
+- SECU_Indent(out, level); fprintf(out, "%s Subtree:\n", msg);
+- level++;
+- do {
+- secu_PrintGeneralName(out, &value->name, NULL, level);
+- if (value->min.data)
+- SECU_PrintInteger(out, &value->min, "Minimum", level+1);
+- if (value->max.data)
+- SECU_PrintInteger(out, &value->max, "Maximum", level+1);
+- value = CERT_GetNextNameConstraint(value);
+- } while (value != head);
+-}
+-
+-static void
+-secu_PrintNameConstraintsExtension(FILE *out, SECItem *value, char *msg, int level)
+-{
+- CERTNameConstraints * cnstrnts;
+- PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+-
+- if (!pool) {
+- SECU_PrintError("Error", "Allocating new ArenaPool");
+- return;
+- }
+- cnstrnts = CERT_DecodeNameConstraintsExtension(pool, value);
+- if (!cnstrnts) {
+- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+- SECU_PrintAny(out, value, "Raw", level);
+- } else {
+- if (cnstrnts->permited)
+- secu_PrintNameConstraintSubtree(out, cnstrnts->permited,
+- "Permitted", level);
+- if (cnstrnts->excluded)
+- secu_PrintNameConstraintSubtree(out, cnstrnts->excluded,
+- "Excluded", level);
+- }
+- PORT_FreeArena(pool, PR_FALSE);
+-}
+-
+-
+-static void
+-secu_PrintAuthorityInfoAcess(FILE *out, SECItem *value, char *msg, int level)
+-{
+- CERTAuthInfoAccess **infos = NULL;
+- PLArenaPool * pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+-
+- if (!pool) {
+- SECU_PrintError("Error", "Allocating new ArenaPool");
+- return;
+- }
+- infos = CERT_DecodeAuthInfoAccessExtension(pool, value);
+- if (!infos) {
+- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+- SECU_PrintAny(out, value, "Raw", level);
+- } else {
+- CERTAuthInfoAccess *info;
+- while (NULL != (info = *infos++)) {
+- if (info->method.data) {
+- SECU_PrintObjectID(out, &info->method, "Method", level);
+- } else {
+- SECU_Indent(out,level);
+- fprintf(out, "Error: missing method\n");
+- }
+- if (info->location) {
+- secu_PrintGeneralName(out, info->location, "Location", level);
+- } else {
+- SECU_PrintAny(out, &info->derLocation, "Location", level);
+- }
+- }
+- }
+- PORT_FreeArena(pool, PR_FALSE);
+-}
+-
+-
+-void
+-SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
+- char *msg, int level)
+-{
+- SECOidTag oidTag;
+-
+- if ( extensions ) {
+- if (msg && *msg) {
+- SECU_Indent(out, level++); fprintf(out, "%s:\n", msg);
+- }
+-
+- while ( *extensions ) {
+- SECItem *tmpitem;
+-
+- tmpitem = &(*extensions)->id;
+- SECU_PrintObjectID(out, tmpitem, "Name", level);
+-
+- tmpitem = &(*extensions)->critical;
+- if ( tmpitem->len ) {
+- secu_PrintBoolean(out, tmpitem, "Critical", level);
+- }
+-
+- oidTag = SECOID_FindOIDTag (&((*extensions)->id));
+- tmpitem = &((*extensions)->value);
+-
+- switch (oidTag) {
+- case SEC_OID_X509_INVALID_DATE:
+- case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME:
+- secu_PrintX509InvalidDate(out, tmpitem, "Date", level );
+- break;
+- case SEC_OID_X509_CERTIFICATE_POLICIES:
+- SECU_PrintPolicy(out, tmpitem, "Data", level );
+- break;
+- case SEC_OID_NS_CERT_EXT_BASE_URL:
+- case SEC_OID_NS_CERT_EXT_REVOCATION_URL:
+- case SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL:
+- case SEC_OID_NS_CERT_EXT_CA_CRL_URL:
+- case SEC_OID_NS_CERT_EXT_CA_CERT_URL:
+- case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL:
+- case SEC_OID_NS_CERT_EXT_CA_POLICY_URL:
+- case SEC_OID_NS_CERT_EXT_HOMEPAGE_URL:
+- case SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL:
+- case SEC_OID_OCSP_RESPONDER:
+- SECU_PrintString(out,tmpitem, "URL", level);
+- break;
+- case SEC_OID_NS_CERT_EXT_COMMENT:
+- SECU_PrintString(out,tmpitem, "Comment", level);
+- break;
+- case SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME:
+- SECU_PrintString(out,tmpitem, "ServerName", level);
+- break;
+- case SEC_OID_NS_CERT_EXT_CERT_TYPE:
+- secu_PrintNSCertType(out,tmpitem,"Data",level);
+- break;
+- case SEC_OID_X509_BASIC_CONSTRAINTS:
+- secu_PrintBasicConstraints(out,tmpitem,"Data",level);
+- break;
+- case SEC_OID_X509_EXT_KEY_USAGE:
+- PrintExtKeyUsageExtension(out, tmpitem, NULL, level);
+- break;
+- case SEC_OID_X509_KEY_USAGE:
+- secu_PrintX509KeyUsage(out, tmpitem, NULL, level );
+- break;
+- case SEC_OID_X509_AUTH_KEY_ID:
+- secu_PrintAuthKeyIDExtension(out, tmpitem, NULL, level );
+- break;
+- case SEC_OID_X509_SUBJECT_ALT_NAME:
+- case SEC_OID_X509_ISSUER_ALT_NAME:
+- secu_PrintAltNameExtension(out, tmpitem, NULL, level );
+- break;
+- case SEC_OID_X509_CRL_DIST_POINTS:
+- secu_PrintCRLDistPtsExtension(out, tmpitem, NULL, level );
+- break;
+- case SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD:
+- SECU_PrintPrivKeyUsagePeriodExtension(out, tmpitem, NULL,
+- level );
+- break;
+- case SEC_OID_X509_NAME_CONSTRAINTS:
+- secu_PrintNameConstraintsExtension(out, tmpitem, NULL, level);
+- break;
+- case SEC_OID_X509_AUTH_INFO_ACCESS:
+- secu_PrintAuthorityInfoAcess(out, tmpitem, NULL, level);
+- break;
+-
+- case SEC_OID_X509_CRL_NUMBER:
+- case SEC_OID_X509_REASON_CODE:
+-
+- /* PKIX OIDs */
+- case SEC_OID_PKIX_OCSP:
+- case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
+- case SEC_OID_PKIX_OCSP_NONCE:
+- case SEC_OID_PKIX_OCSP_CRL:
+- case SEC_OID_PKIX_OCSP_RESPONSE:
+- case SEC_OID_PKIX_OCSP_NO_CHECK:
+- case SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF:
+- case SEC_OID_PKIX_OCSP_SERVICE_LOCATOR:
+- case SEC_OID_PKIX_REGCTRL_REGTOKEN:
+- case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
+- case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
+- case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
+- case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
+- case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
+- case SEC_OID_PKIX_REGINFO_UTF8_PAIRS:
+- case SEC_OID_PKIX_REGINFO_CERT_REQUEST:
+-
+- /* Netscape extension OIDs. */
+- case SEC_OID_NS_CERT_EXT_NETSCAPE_OK:
+- case SEC_OID_NS_CERT_EXT_ISSUER_LOGO:
+- case SEC_OID_NS_CERT_EXT_SUBJECT_LOGO:
+- case SEC_OID_NS_CERT_EXT_ENTITY_LOGO:
+- case SEC_OID_NS_CERT_EXT_USER_PICTURE:
+-
+- /* x.509 v3 Extensions */
+- case SEC_OID_X509_SUBJECT_DIRECTORY_ATTR:
+- case SEC_OID_X509_SUBJECT_KEY_ID:
+- case SEC_OID_X509_POLICY_MAPPINGS:
+- case SEC_OID_X509_POLICY_CONSTRAINTS:
+-
+-
+- default:
+- SECU_PrintAny(out, tmpitem, "Data", level);
+- break;
+- }
+-
+- secu_Newline(out);
+- extensions++;
+- }
+- }
+-}
+-
+-/* An RDN is a subset of a DirectoryName, and we already know how to
+- * print those, so make a directory name out of the RDN, and print it.
+- */
+-void
+-SECU_PrintRDN(FILE *out, CERTRDN *rdn, const char *msg, int level)
+-{
+- CERTName name;
+- CERTRDN *rdns[2];
+-
+- name.arena = NULL;
+- name.rdns = rdns;
+- rdns[0] = rdn;
+- rdns[1] = NULL;
+- SECU_PrintName(out, &name, msg, level);
+-}
+-
+-void
+-SECU_PrintName(FILE *out, CERTName *name, const char *msg, int level)
+-{
+- char *nameStr = NULL;
+- char *str;
+- SECItem my;
+-
+- if (!name) {
+- PORT_SetError(SEC_ERROR_INVALID_ARGS);
+- return;
+- }
+- if (!name->rdns || !name->rdns[0]) {
+- str = "(empty)";
+- } else {
+- str = nameStr = CERT_NameToAscii(name);
+- }
+- if (!str) {
+- str = "!Invalid AVA!";
+- }
+- my.data = (unsigned char *)str;
+- my.len = PORT_Strlen(str);
+-#if 1
+- secu_PrintRawString(out, &my, msg, level);
+-#else
+- SECU_Indent(out, level); fprintf(out, "%s: ", msg);
+- fprintf(out, str);
+- secu_Newline(out);
+-#endif
+- PORT_Free(nameStr);
+-}
+-
+-void
+-printflags(char *trusts, unsigned int flags)
+-{
+- if (flags & CERTDB_VALID_CA)
+- if (!(flags & CERTDB_TRUSTED_CA) &&
+- !(flags & CERTDB_TRUSTED_CLIENT_CA))
+- PORT_Strcat(trusts, "c");
+- if (flags & CERTDB_TERMINAL_RECORD)
+- if (!(flags & CERTDB_TRUSTED))
+- PORT_Strcat(trusts, "p");
+- if (flags & CERTDB_TRUSTED_CA)
+- PORT_Strcat(trusts, "C");
+- if (flags & CERTDB_TRUSTED_CLIENT_CA)
+- PORT_Strcat(trusts, "T");
+- if (flags & CERTDB_TRUSTED)
+- PORT_Strcat(trusts, "P");
+- if (flags & CERTDB_USER)
+- PORT_Strcat(trusts, "u");
+- if (flags & CERTDB_SEND_WARN)
+- PORT_Strcat(trusts, "w");
+- if (flags & CERTDB_INVISIBLE_CA)
+- PORT_Strcat(trusts, "I");
+- if (flags & CERTDB_GOVT_APPROVED_CA)
+- PORT_Strcat(trusts, "G");
+- return;
+-}
+-
+-/* callback for listing certs through pkcs11 */
+-SECStatus
+-SECU_PrintCertNickname(CERTCertListNode *node, void *data)
+-{
+- CERTCertTrust *trust;
+- CERTCertificate* cert;
+- FILE *out;
+- char trusts[30];
+- char *name;
+-
+- cert = node->cert;
+-
+- PORT_Memset (trusts, 0, sizeof (trusts));
+- out = (FILE *)data;
+-
+- name = node->appData;
+- if (!name || !name[0]) {
+- name = cert->nickname;
+- }
+- if (!name || !name[0]) {
+- name = cert->emailAddr;
+- }
+- if (!name || !name[0]) {
+- name = "(NULL)";
+- }
+-
+- trust = cert->trust;
+- if (trust) {
+- printflags(trusts, trust->sslFlags);
+- PORT_Strcat(trusts, ",");
+- printflags(trusts, trust->emailFlags);
+- PORT_Strcat(trusts, ",");
+- printflags(trusts, trust->objectSigningFlags);
+- } else {
+- PORT_Memcpy(trusts,",,",3);
+- }
+- fprintf(out, "%-60s %-5s\n", name, trusts);
+-
+- return (SECSuccess);
+-}
+-
+-int
+-SECU_DecodeAndPrintExtensions(FILE *out, SECItem *any, char *m, int level)
+-{
+- CERTCertExtension **extensions = NULL;
+- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+- int rv = 0;
+-
+- if (!arena)
+- return SEC_ERROR_NO_MEMORY;
+-
+- rv = SEC_QuickDERDecodeItem(arena, &extensions,
+- SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate), any);
+- if (!rv)
+- SECU_PrintExtensions(out, extensions, m, level);
+- else
+- SECU_PrintAny(out, any, m, level);
+- PORT_FreeArena(arena, PR_FALSE);
+- return rv;
+-}
+-
+-/* print a decoded SET OF or SEQUENCE OF Extensions */
+-int
+-SECU_PrintSetOfExtensions(FILE *out, SECItem **any, char *m, int level)
+-{
+- int rv = 0;
+- if (m && *m) {
+- SECU_Indent(out, level++); fprintf(out, "%s:\n", m);
+- }
+- while (any && any[0]) {
+- rv |= SECU_DecodeAndPrintExtensions(out, any[0], "", level);
+- any++;
+- }
+- return rv;
+-}
+-
+-/* print a decoded SET OF or SEQUENCE OF "ANY" */
+-int
+-SECU_PrintSetOfAny(FILE *out, SECItem **any, char *m, int level)
+-{
+- int rv = 0;
+- if (m && *m) {
+- SECU_Indent(out, level++); fprintf(out, "%s:\n", m);
+- }
+- while (any && any[0]) {
+- SECU_PrintAny(out, any[0], "", level);
+- any++;
+- }
+- return rv;
+-}
+-
+-int
+-SECU_PrintCertAttribute(FILE *out, CERTAttribute *attr, char *m, int level)
+-{
+- int rv = 0;
+- SECOidTag tag;
+- tag = SECU_PrintObjectID(out, &attr->attrType, "Attribute Type", level);
+- if (tag == SEC_OID_PKCS9_EXTENSION_REQUEST) {
+- rv = SECU_PrintSetOfExtensions(out, attr->attrValue, "Extensions", level);
+- } else {
+- rv = SECU_PrintSetOfAny(out, attr->attrValue, "Attribute Values", level);
+- }
+- return rv;
+-}
+-
+-int
+-SECU_PrintCertAttributes(FILE *out, CERTAttribute **attrs, char *m, int level)
+-{
+- int rv = 0;
+- while (attrs[0]) {
+- rv |= SECU_PrintCertAttribute(out, attrs[0], m, level+1);
+- attrs++;
+- }
+- return rv;
+-}
+-
+-int /* sometimes a PRErrorCode, other times a SECStatus. Sigh. */
+-SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level)
+-{
+- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+- CERTCertificateRequest *cr;
+- int rv = SEC_ERROR_NO_MEMORY;
+-
+- if (!arena)
+- return rv;
+-
+- /* Decode certificate request */
+- cr = PORT_ArenaZNew(arena, CERTCertificateRequest);
+- if (!cr)
+- goto loser;
+- cr->arena = arena;
+- rv = SEC_QuickDERDecodeItem(arena, cr,
+- SEC_ASN1_GET(CERT_CertificateRequestTemplate), der);
+- if (rv)
+- goto loser;
+-
+- /* Pretty print it out */
+- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- SECU_PrintInteger(out, &cr->version, "Version", level+1);
+- SECU_PrintName(out, &cr->subject, "Subject", level+1);
+- secu_PrintSubjectPublicKeyInfo(out, arena, &cr->subjectPublicKeyInfo,
+- "Subject Public Key Info", level+1);
+- if (cr->attributes)
+- SECU_PrintCertAttributes(out, cr->attributes, "Attributes", level+1);
+- rv = 0;
+-loser:
+- PORT_FreeArena(arena, PR_FALSE);
+- return rv;
+-}
+-
+-int
+-SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level)
+-{
+- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+- CERTCertificate *c;
+- int rv = SEC_ERROR_NO_MEMORY;
+- int iv;
+-
+- if (!arena)
+- return rv;
+-
+- /* Decode certificate */
+- c = PORT_ArenaZNew(arena, CERTCertificate);
+- if (!c)
+- goto loser;
+- c->arena = arena;
+- rv = SEC_ASN1DecodeItem(arena, c,
+- SEC_ASN1_GET(CERT_CertificateTemplate), der);
+- if (rv) {
+- SECU_Indent(out, level);
+- SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+- SECU_PrintAny(out, der, "Raw", level);
+- goto loser;
+- }
+- /* Pretty print it out */
+- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- iv = c->version.len ? DER_GetInteger(&c->version) : 0; /* version is optional */
+- SECU_Indent(out, level+1); fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv);
+-
+- SECU_PrintInteger(out, &c->serialNumber, "Serial Number", level+1);
+- SECU_PrintAlgorithmID(out, &c->signature, "Signature Algorithm", level+1);
+- SECU_PrintName(out, &c->issuer, "Issuer", level+1);
+- secu_PrintValidity(out, &c->validity, "Validity", level+1);
+- SECU_PrintName(out, &c->subject, "Subject", level+1);
+- secu_PrintSubjectPublicKeyInfo(out, arena, &c->subjectPublicKeyInfo,
+- "Subject Public Key Info", level+1);
+- if (c->issuerID.data)
+- secu_PrintDecodedBitString(out, &c->issuerID, "Issuer Unique ID", level+1);
+- if (c->subjectID.data)
+- secu_PrintDecodedBitString(out, &c->subjectID, "Subject Unique ID", level+1);
+- SECU_PrintExtensions(out, c->extensions, "Signed Extensions", level+1);
+-loser:
+- PORT_FreeArena(arena, PR_FALSE);
+- return rv;
+-}
+-
+-int
+-SECU_PrintRSAPublicKey(FILE *out, SECItem *der, char *m, int level)
+-{
+- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+- SECKEYPublicKey key;
+- int rv = SEC_ERROR_NO_MEMORY;
+-
+- if (!arena)
+- return rv;
+-
+- PORT_Memset(&key, 0, sizeof(key));
+- rv = SEC_ASN1DecodeItem(arena, &key,
+- SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), der);
+- if (!rv) {
+- /* Pretty print it out */
+- secu_PrintRSAPublicKey(out, &key, m, level);
+- }
+-
+- PORT_FreeArena(arena, PR_FALSE);
+- return rv;
+-}
+-
+-int
+-SECU_PrintSubjectPublicKeyInfo(FILE *out, SECItem *der, char *m, int level)
+-{
+- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+- int rv = SEC_ERROR_NO_MEMORY;
+- CERTSubjectPublicKeyInfo spki;
+-
+- if (!arena)
+- return rv;
+-
+- PORT_Memset(&spki, 0, sizeof spki);
+- rv = SEC_ASN1DecodeItem(arena, &spki,
+- SEC_ASN1_GET(CERT_SubjectPublicKeyInfoTemplate),
+- der);
+- if (!rv) {
+- if (m && *m) {
+- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- }
+- secu_PrintSubjectPublicKeyInfo(out, arena, &spki,
+- "Subject Public Key Info", level+1);
+- }
+-
+- PORT_FreeArena(arena, PR_FALSE);
+- return rv;
+-}
+-
+-#ifdef HAVE_EPV_TEMPLATE
+-int
+-SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level)
+-{
+- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+- SECKEYEncryptedPrivateKeyInfo key;
+- int rv = SEC_ERROR_NO_MEMORY;
+-
+- if (!arena)
+- return rv;
+-
+- PORT_Memset(&key, 0, sizeof(key));
+- rv = SEC_ASN1DecodeItem(arena, &key,
+- SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate), der);
+- if (rv)
+- goto loser;
+-
+- /* Pretty print it out */
+- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- SECU_PrintAlgorithmID(out, &key.algorithm, "Encryption Algorithm",
+- level+1);
+- SECU_PrintAsHex(out, &key.encryptedData, "Encrypted Data", level+1);
+-loser:
+- PORT_FreeArena(arena, PR_TRUE);
+- return rv;
+-}
+-#endif
+-
+-int
+-SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, int level)
+-{
+- unsigned char fingerprint[20];
+- char *fpStr = NULL;
+- int err = PORT_GetError();
+- SECStatus rv;
+- SECItem fpItem;
+-
+- /* print MD5 fingerprint */
+- memset(fingerprint, 0, sizeof fingerprint);
+- rv = PK11_HashBuf(SEC_OID_MD5,fingerprint, derCert->data, derCert->len);
+- fpItem.data = fingerprint;
+- fpItem.len = MD5_LENGTH;
+- fpStr = CERT_Hexify(&fpItem, 1);
+- SECU_Indent(out, level); fprintf(out, "%s (MD5):\n", m);
+- SECU_Indent(out, level+1); fprintf(out, "%s\n", fpStr);
+- PORT_Free(fpStr);
+- fpStr = NULL;
+- if (rv != SECSuccess && !err)
+- err = PORT_GetError();
+-
+- /* print SHA1 fingerprint */
+- memset(fingerprint, 0, sizeof fingerprint);
+- rv = PK11_HashBuf(SEC_OID_SHA1,fingerprint, derCert->data, derCert->len);
+- fpItem.data = fingerprint;
+- fpItem.len = SHA1_LENGTH;
+- fpStr = CERT_Hexify(&fpItem, 1);
+- SECU_Indent(out, level); fprintf(out, "%s (SHA1):\n", m);
+- SECU_Indent(out, level+1); fprintf(out, "%s\n", fpStr);
+- PORT_Free(fpStr);
+- fprintf(out, "\n");
+-
+- if (err)
+- PORT_SetError(err);
+- if (err || rv != SECSuccess)
+- return SECFailure;
+-
+- return 0;
+-}
+-
+-/*
+-** PKCS7 Support
+-*/
+-
+-/* forward declaration */
+-static int
+-secu_PrintPKCS7ContentInfo(FILE *, SEC_PKCS7ContentInfo *, char *, int);
+-
+-/*
+-** secu_PrintPKCS7EncContent
+-** Prints a SEC_PKCS7EncryptedContentInfo (without decrypting it)
+-*/
+-static void
+-secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src,
+- char *m, int level)
+-{
+- if (src->contentTypeTag == NULL)
+- src->contentTypeTag = SECOID_FindOID(&(src->contentType));
+-
+- SECU_Indent(out, level);
+- fprintf(out, "%s:\n", m);
+- SECU_Indent(out, level + 1);
+- fprintf(out, "Content Type: %s\n",
+- (src->contentTypeTag != NULL) ? src->contentTypeTag->desc
+- : "Unknown");
+- SECU_PrintAlgorithmID(out, &(src->contentEncAlg),
+- "Content Encryption Algorithm", level+1);
+- SECU_PrintAsHex(out, &(src->encContent),
+- "Encrypted Content", level+1);
+-}
+-
+-/*
+-** secu_PrintRecipientInfo
+-** Prints a PKCS7RecipientInfo type
+-*/
+-static void
+-secu_PrintRecipientInfo(FILE *out, SEC_PKCS7RecipientInfo *info, char *m,
+- int level)
+-{
+- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- SECU_PrintInteger(out, &(info->version), "Version", level + 1);
+-
+- SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer",
+- level + 1);
+- SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber),
+- "Serial Number", level + 1);
+-
+- /* Parse and display encrypted key */
+- SECU_PrintAlgorithmID(out, &(info->keyEncAlg),
+- "Key Encryption Algorithm", level + 1);
+- SECU_PrintAsHex(out, &(info->encKey), "Encrypted Key", level + 1);
+-}
+-
+-/*
+-** secu_PrintSignerInfo
+-** Prints a PKCS7SingerInfo type
+-*/
+-static void
+-secu_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, char *m, int level)
+-{
+- SEC_PKCS7Attribute *attr;
+- int iv;
+- char om[100];
+-
+- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- SECU_PrintInteger(out, &(info->version), "Version", level + 1);
+-
+- SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer",
+- level + 1);
+- SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber),
+- "Serial Number", level + 1);
+-
+- SECU_PrintAlgorithmID(out, &(info->digestAlg), "Digest Algorithm",
+- level + 1);
+-
+- if (info->authAttr != NULL) {
+- SECU_Indent(out, level + 1);
+- fprintf(out, "Authenticated Attributes:\n");
+- iv = 0;
+- while ((attr = info->authAttr[iv++]) != NULL) {
+- sprintf(om, "Attribute (%d)", iv);
+- secu_PrintAttribute(out, attr, om, level + 2);
+- }
+- }
+-
+- /* Parse and display signature */
+- SECU_PrintAlgorithmID(out, &(info->digestEncAlg),
+- "Digest Encryption Algorithm", level + 1);
+- SECU_PrintAsHex(out, &(info->encDigest), "Encrypted Digest", level + 1);
+-
+- if (info->unAuthAttr != NULL) {
+- SECU_Indent(out, level + 1);
+- fprintf(out, "Unauthenticated Attributes:\n");
+- iv = 0;
+- while ((attr = info->unAuthAttr[iv++]) != NULL) {
+- sprintf(om, "Attribute (%x)", iv);
+- secu_PrintAttribute(out, attr, om, level + 2);
+- }
+- }
+-}
+-
+-/* callers of this function must make sure that the CERTSignedCrl
+- from which they are extracting the CERTCrl has been fully-decoded.
+- Otherwise it will not have the entries even though the CRL may have
+- some */
+-
+-void
+-SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level)
+-{
+- CERTCrlEntry *entry;
+- int iv;
+- char om[100];
+-
+- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- /* version is optional */
+- iv = crl->version.len ? DER_GetInteger(&crl->version) : 0;
+- SECU_Indent(out, level+1);
+- fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv);
+- SECU_PrintAlgorithmID(out, &(crl->signatureAlg), "Signature Algorithm",
+- level + 1);
+- SECU_PrintName(out, &(crl->name), "Issuer", level + 1);
+- SECU_PrintTimeChoice(out, &(crl->lastUpdate), "This Update", level + 1);
+- if (crl->nextUpdate.data && crl->nextUpdate.len) /* is optional */
+- SECU_PrintTimeChoice(out, &(crl->nextUpdate), "Next Update", level + 1);
+-
+- if (crl->entries != NULL) {
+- iv = 0;
+- while ((entry = crl->entries[iv++]) != NULL) {
+- sprintf(om, "Entry (%x):\n", iv);
+- SECU_Indent(out, level + 1); fputs(om, out);
+- SECU_PrintInteger(out, &(entry->serialNumber), "Serial Number",
+- level + 2);
+- SECU_PrintTimeChoice(out, &(entry->revocationDate),
+- "Revocation Date", level + 2);
+- SECU_PrintExtensions(out, entry->extensions,
+- "Entry Extensions", level + 2);
+- }
+- }
+- SECU_PrintExtensions(out, crl->extensions, "CRL Extensions", level + 1);
+-}
+-
+-/*
+-** secu_PrintPKCS7Signed
+-** Pretty print a PKCS7 signed data type (up to version 1).
+-*/
+-static int
+-secu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src,
+- const char *m, int level)
+-{
+- SECAlgorithmID *digAlg; /* digest algorithms */
+- SECItem *aCert; /* certificate */
+- CERTSignedCrl *aCrl; /* certificate revocation list */
+- SEC_PKCS7SignerInfo *sigInfo; /* signer information */
+- int rv, iv;
+- char om[100];
+-
+- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
+-
+- /* Parse and list digest algorithms (if any) */
+- if (src->digestAlgorithms != NULL) {
+- SECU_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n");
+- iv = 0;
+- while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {
+- sprintf(om, "Digest Algorithm (%x)", iv);
+- SECU_PrintAlgorithmID(out, digAlg, om, level + 2);
+- }
+- }
+-
+- /* Now for the content */
+- rv = secu_PrintPKCS7ContentInfo(out, &(src->contentInfo),
+- "Content Information", level + 1);
+- if (rv != 0)
+- return rv;
+-
+- /* Parse and list certificates (if any) */
+- if (src->rawCerts != NULL) {
+- SECU_Indent(out, level + 1); fprintf(out, "Certificate List:\n");
+- iv = 0;
+- while ((aCert = src->rawCerts[iv++]) != NULL) {
+- sprintf(om, "Certificate (%x)", iv);
+- rv = SECU_PrintSignedData(out, aCert, om, level + 2,
+- SECU_PrintCertificate);
+- if (rv)
+- return rv;
+- }
+- }
+-
+- /* Parse and list CRL's (if any) */
+- if (src->crls != NULL) {
+- SECU_Indent(out, level + 1);
+- fprintf(out, "Signed Revocation Lists:\n");
+- iv = 0;
+- while ((aCrl = src->crls[iv++]) != NULL) {
+- sprintf(om, "Signed Revocation List (%x)", iv);
+- SECU_Indent(out, level + 2); fprintf(out, "%s:\n", om);
+- SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
+- "Signature Algorithm", level+3);
+- DER_ConvertBitString(&aCrl->signatureWrap.signature);
+- SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",
+- level+3);
+- SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List",
+- level + 3);
+- }
+- }
+-
+- /* Parse and list signatures (if any) */
+- if (src->signerInfos != NULL) {
+- SECU_Indent(out, level + 1);
+- fprintf(out, "Signer Information List:\n");
+- iv = 0;
+- while ((sigInfo = src->signerInfos[iv++]) != NULL) {
+- sprintf(om, "Signer Information (%x)", iv);
+- secu_PrintSignerInfo(out, sigInfo, om, level + 2);
+- }
+- }
+-
+- return 0;
+-}
+-
+-/*
+-** secu_PrintPKCS7Enveloped
+-** Pretty print a PKCS7 enveloped data type (up to version 1).
+-*/
+-static void
+-secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src,
+- const char *m, int level)
+-{
+- SEC_PKCS7RecipientInfo *recInfo; /* pointer for signer information */
+- int iv;
+- char om[100];
+-
+- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
+-
+- /* Parse and list recipients (this is not optional) */
+- if (src->recipientInfos != NULL) {
+- SECU_Indent(out, level + 1);
+- fprintf(out, "Recipient Information List:\n");
+- iv = 0;
+- while ((recInfo = src->recipientInfos[iv++]) != NULL) {
+- sprintf(om, "Recipient Information (%x)", iv);
+- secu_PrintRecipientInfo(out, recInfo, om, level + 2);
+- }
+- }
+-
+- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
+- "Encrypted Content Information", level + 1);
+-}
+-
+-/*
+-** secu_PrintPKCS7SignedEnveloped
+-** Pretty print a PKCS7 singed and enveloped data type (up to version 1).
+-*/
+-static int
+-secu_PrintPKCS7SignedAndEnveloped(FILE *out,
+- SEC_PKCS7SignedAndEnvelopedData *src,
+- const char *m, int level)
+-{
+- SECAlgorithmID *digAlg; /* pointer for digest algorithms */
+- SECItem *aCert; /* pointer for certificate */
+- CERTSignedCrl *aCrl; /* pointer for certificate revocation list */
+- SEC_PKCS7SignerInfo *sigInfo; /* pointer for signer information */
+- SEC_PKCS7RecipientInfo *recInfo; /* pointer for recipient information */
+- int rv, iv;
+- char om[100];
+-
+- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
+-
+- /* Parse and list recipients (this is not optional) */
+- if (src->recipientInfos != NULL) {
+- SECU_Indent(out, level + 1);
+- fprintf(out, "Recipient Information List:\n");
+- iv = 0;
+- while ((recInfo = src->recipientInfos[iv++]) != NULL) {
+- sprintf(om, "Recipient Information (%x)", iv);
+- secu_PrintRecipientInfo(out, recInfo, om, level + 2);
+- }
+- }
+-
+- /* Parse and list digest algorithms (if any) */
+- if (src->digestAlgorithms != NULL) {
+- SECU_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n");
+- iv = 0;
+- while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {
+- sprintf(om, "Digest Algorithm (%x)", iv);
+- SECU_PrintAlgorithmID(out, digAlg, om, level + 2);
+- }
+- }
+-
+- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
+- "Encrypted Content Information", level + 1);
+-
+- /* Parse and list certificates (if any) */
+- if (src->rawCerts != NULL) {
+- SECU_Indent(out, level + 1); fprintf(out, "Certificate List:\n");
+- iv = 0;
+- while ((aCert = src->rawCerts[iv++]) != NULL) {
+- sprintf(om, "Certificate (%x)", iv);
+- rv = SECU_PrintSignedData(out, aCert, om, level + 2,
+- SECU_PrintCertificate);
+- if (rv)
+- return rv;
+- }
+- }
+-
+- /* Parse and list CRL's (if any) */
+- if (src->crls != NULL) {
+- SECU_Indent(out, level + 1);
+- fprintf(out, "Signed Revocation Lists:\n");
+- iv = 0;
+- while ((aCrl = src->crls[iv++]) != NULL) {
+- sprintf(om, "Signed Revocation List (%x)", iv);
+- SECU_Indent(out, level + 2); fprintf(out, "%s:\n", om);
+- SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
+- "Signature Algorithm", level+3);
+- DER_ConvertBitString(&aCrl->signatureWrap.signature);
+- SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",
+- level+3);
+- SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List",
+- level + 3);
+- }
+- }
+-
+- /* Parse and list signatures (if any) */
+- if (src->signerInfos != NULL) {
+- SECU_Indent(out, level + 1);
+- fprintf(out, "Signer Information List:\n");
+- iv = 0;
+- while ((sigInfo = src->signerInfos[iv++]) != NULL) {
+- sprintf(om, "Signer Information (%x)", iv);
+- secu_PrintSignerInfo(out, sigInfo, om, level + 2);
+- }
+- }
+-
+- return 0;
+-}
+-
+-int
+-SECU_PrintCrl (FILE *out, SECItem *der, char *m, int level)
+-{
+- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+- CERTCrl *c = NULL;
+- int rv = SEC_ERROR_NO_MEMORY;
+-
+- if (!arena)
+- return rv;
+- do {
+- /* Decode CRL */
+- c = PORT_ArenaZNew(arena, CERTCrl);
+- if (!c)
+- break;
+-
+- rv = SEC_QuickDERDecodeItem(arena, c, SEC_ASN1_GET(CERT_CrlTemplate), der);
+- if (rv != SECSuccess)
+- break;
+- SECU_PrintCRLInfo (out, c, m, level);
+- } while (0);
+- PORT_FreeArena (arena, PR_FALSE);
+- return rv;
+-}
+-
+-
+-/*
+-** secu_PrintPKCS7Encrypted
+-** Pretty print a PKCS7 encrypted data type (up to version 1).
+-*/
+ static void
+-secu_PrintPKCS7Encrypted(FILE *out, SEC_PKCS7EncryptedData *src,
+- const char *m, int level)
++secu_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
+ {
+- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
+
+- secu_PrintPKCS7EncContent(out, &src->encContentInfo,
+- "Encrypted Content Information", level + 1);
+-}
+-
+-/*
+-** secu_PrintPKCS7Digested
+-** Pretty print a PKCS7 digested data type (up to version 1).
+-*/
+-static void
+-secu_PrintPKCS7Digested(FILE *out, SEC_PKCS7DigestedData *src,
+- const char *m, int level)
+-{
+ SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- SECU_PrintInteger(out, &(src->version), "Version", level + 1);
+-
+- SECU_PrintAlgorithmID(out, &src->digestAlg, "Digest Algorithm",
+- level + 1);
+- secu_PrintPKCS7ContentInfo(out, &src->contentInfo, "Content Information",
+- level + 1);
+- SECU_PrintAsHex(out, &src->digest, "Digest", level + 1);
+-}
+-
+-/*
+-** secu_PrintPKCS7ContentInfo
+-** Takes a SEC_PKCS7ContentInfo type and sends the contents to the
+-** appropriate function
+-*/
+-static int
+-secu_PrintPKCS7ContentInfo(FILE *out, SEC_PKCS7ContentInfo *src,
+- char *m, int level)
+-{
+- const char *desc;
+- SECOidTag kind;
+- int rv;
+-
+- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- level++;
+-
+- if (src->contentTypeTag == NULL)
+- src->contentTypeTag = SECOID_FindOID(&(src->contentType));
-
-- if (!pool) {
-- SECU_Indent(out, level);
-- fprintf(out, "Out of memory\n");
-- return;
+- if (src->contentTypeTag == NULL) {
+- desc = "Unknown";
+- kind = SEC_OID_PKCS7_DATA;
+- } else {
+- desc = src->contentTypeTag->desc;
+- kind = src->contentTypeTag->offset;
- }
-
-- PORT_Memset(¶m, 0, sizeof param);
-- rv = SEC_QuickDERDecodeItem(pool, ¶m, secuKDF2Params, value);
-- if (rv == SECSuccess) {
-- SECU_PrintAsHex(out, ¶m.salt, "Salt", level+1);
-- SECU_PrintInteger(out, ¶m.iterationCount, "Iteration Count",
-- level+1);
-- SECU_PrintInteger(out, ¶m.keyLength, "Key Length", level+1);
-- SECU_PrintAlgorithmID(out, ¶m.kdfAlg, "KDF algorithm", level+1);
+- if (src->content.data == NULL) {
+- SECU_Indent(out, level); fprintf(out, "%s:\n", desc);
+- level++;
+- SECU_Indent(out, level); fprintf(out, "<no content>\n");
+- return 0;
- }
-- PORT_FreeArena(pool, PR_FALSE);
--}
-
--void
--secu_PrintPKCS5V2Params(FILE *out, SECItem *value, char *m, int level)
-+secu_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
- {
-- PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-- SECStatus rv;
-- secuPBEParams param;
+- rv = 0;
+- switch (kind) {
+- case SEC_OID_PKCS7_SIGNED_DATA: /* Signed Data */
+- rv = secu_PrintPKCS7Signed(out, src->content.signedData, desc, level);
+- break;
-
-- if (m) {
-- SECU_Indent(out, level);
-- fprintf (out, "%s:\n", m);
+- case SEC_OID_PKCS7_ENVELOPED_DATA: /* Enveloped Data */
+- secu_PrintPKCS7Enveloped(out, src->content.envelopedData, desc, level);
+- break;
+-
+- case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: /* Signed and Enveloped */
+- rv = secu_PrintPKCS7SignedAndEnveloped(out,
+- src->content.signedAndEnvelopedData,
+- desc, level);
+- break;
+-
+- case SEC_OID_PKCS7_DIGESTED_DATA: /* Digested Data */
+- secu_PrintPKCS7Digested(out, src->content.digestedData, desc, level);
+- break;
+-
+- case SEC_OID_PKCS7_ENCRYPTED_DATA: /* Encrypted Data */
+- secu_PrintPKCS7Encrypted(out, src->content.encryptedData, desc, level);
+- break;
+-
+- default:
+- SECU_PrintAsHex(out, src->content.data, desc, level);
+- break;
- }
-
-- if (!pool) {
-- SECU_Indent(out, level);
-- fprintf(out, "Out of memory\n");
-- return;
+- return rv;
+-}
+-
+-/*
+-** SECU_PrintPKCS7ContentInfo
+-** Decode and print any major PKCS7 data type (up to version 1).
+-*/
+-int
+-SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m, int level)
+-{
+- SEC_PKCS7ContentInfo *cinfo;
+- int rv;
+-
+- cinfo = SEC_PKCS7DecodeItem(der, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+- if (cinfo != NULL) {
+- /* Send it to recursive parsing and printing module */
+- rv = secu_PrintPKCS7ContentInfo(out, cinfo, m, level);
+- SEC_PKCS7DestroyContentInfo(cinfo);
+- } else {
+- rv = -1;
- }
-
-- PORT_Memset(¶m, 0, sizeof param);
-- rv = SEC_QuickDERDecodeItem(pool, ¶m, secuPBEV2Params, value);
-- if (rv == SECSuccess) {
-- SECU_PrintAlgorithmID(out, ¶m.kdfAlg, "KDF", level+1);
-- SECU_PrintAlgorithmID(out, ¶m.cipherAlg, "Cipher", level+1);
-+ SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- return rv;
+-}
+-
+-/*
+-** End of PKCS7 functions
+-*/
+-
+-void
+-printFlags(FILE *out, unsigned int flags, int level)
+-{
+- if ( flags & CERTDB_TERMINAL_RECORD ) {
+- SECU_Indent(out, level); fprintf(out, "Terminal Record\n");
+- }
+- if ( flags & CERTDB_TRUSTED ) {
+- SECU_Indent(out, level); fprintf(out, "Trusted\n");
+- }
+- if ( flags & CERTDB_SEND_WARN ) {
+- SECU_Indent(out, level); fprintf(out, "Warn When Sending\n");
+- }
+- if ( flags & CERTDB_VALID_CA ) {
+- SECU_Indent(out, level); fprintf(out, "Valid CA\n");
+- }
+- if ( flags & CERTDB_TRUSTED_CA ) {
+- SECU_Indent(out, level); fprintf(out, "Trusted CA\n");
+- }
+- if ( flags & CERTDB_NS_TRUSTED_CA ) {
+- SECU_Indent(out, level); fprintf(out, "Netscape Trusted CA\n");
+- }
+- if ( flags & CERTDB_USER ) {
+- SECU_Indent(out, level); fprintf(out, "User\n");
+- }
+- if ( flags & CERTDB_TRUSTED_CLIENT_CA ) {
+- SECU_Indent(out, level); fprintf(out, "Trusted Client CA\n");
+- }
+- if ( flags & CERTDB_GOVT_APPROVED_CA ) {
+- SECU_Indent(out, level); fprintf(out, "Step-up\n");
+ SECU_PrintInteger(out, &pk->u.rsa.modulus, "Modulus", level+1);
+ SECU_PrintInteger(out, &pk->u.rsa.publicExponent, "Exponent", level+1);
+ if (pk->u.rsa.publicExponent.len == 1 &&
+ pk->u.rsa.publicExponent.data[0] == 1) {
-+ SECU_Indent(out, level +1); fprintf(out, "Error: INVALID RSA KEY!\n");
++ SECU_Indent(out, level +1); fprintf(out, "Error: INVALID RSA KEY!\n");
}
-- PORT_FreeArena(pool, PR_FALSE);
}
- void
--secu_PrintPBEParams(FILE *out, SECItem *value, char *m, int level)
-+SECU_PrintString(FILE *out, SECItem *si, char *m, int level)
- {
-- PRArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-- SECStatus rv;
-- secuPBEParams param;
--
-- if (m) {
-- SECU_Indent(out, level);
-- fprintf (out, "%s:\n", m);
-- }
-+ SECItem my = *si;
-
-- if (!pool) {
-- SECU_Indent(out, level);
-- fprintf(out, "Out of memory\n");
-- return;
-- }
-+ if (SECSuccess != SECU_StripTagAndLength(&my) || !my.len)
-+ return;
-+ secu_PrintRawString(out, &my, m, level);
-+}
-
-- PORT_Memset(¶m, 0, sizeof(secuPBEParams));
-- rv = SEC_QuickDERDecodeItem(pool, ¶m, secuPBEParamsTemp, value);
-- if (rv == SECSuccess) {
-- SECU_PrintAsHex(out, ¶m.salt, "Salt", level+1);
-- SECU_PrintInteger(out, ¶m.iterationCount, "Iteration Count",
-- level+1);
-- }
-- PORT_FreeArena(pool, PR_FALSE);
+-void
+-SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m, int level)
+static void
+secu_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
-+{
-+ SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+ {
+ SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- SECU_Indent(out, level+1); fprintf(out, "SSL Flags:\n");
+- printFlags(out, trust->sslFlags, level+2);
+- SECU_Indent(out, level+1); fprintf(out, "Email Flags:\n");
+- printFlags(out, trust->emailFlags, level+2);
+- SECU_Indent(out, level+1); fprintf(out, "Object Signing Flags:\n");
+- printFlags(out, trust->objectSigningFlags, level+2);
+-}
+-
+-int SECU_PrintDERName(FILE *out, SECItem *der, const char *m, int level)
+-{
+- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+- CERTName *name;
+- int rv = SEC_ERROR_NO_MEMORY;
+-
+- if (!arena)
+- return rv;
+-
+- name = PORT_ArenaZNew(arena, CERTName);
+- if (!name)
+- goto loser;
+-
+- rv = SEC_ASN1DecodeItem(arena, name, SEC_ASN1_GET(CERT_NameTemplate), der);
+- if (rv)
+- goto loser;
+-
+- SECU_PrintName(out, name, m, level);
+-loser:
+- PORT_FreeArena(arena, PR_FALSE);
+- return rv;
+ SECU_PrintInteger(out, &pk->u.dsa.params.prime, "Prime", level+1);
+ SECU_PrintInteger(out, &pk->u.dsa.params.subPrime, "Subprime", level+1);
+ SECU_PrintInteger(out, &pk->u.dsa.params.base, "Base", level+1);
+ SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level+1);
}
--/* This function does NOT expect a DER type and length. */
--void
--SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, int level)
+-int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m,
+- int level, SECU_PPFunc inner)
+#ifdef NSS_ENABLE_ECC
+static void
+secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
{
-- SECOidTag algtag;
-- SECU_PrintObjectID(out, &a->algorithm, m, level);
+- PRArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+- CERTSignedData *sd;
+- int rv = SEC_ERROR_NO_MEMORY;
+-
+- if (!arena)
+- return rv;
+-
+- /* Strip off the signature */
+- sd = PORT_ArenaZNew(arena, CERTSignedData);
+- if (!sd)
+- goto loser;
+-
+- rv = SEC_ASN1DecodeItem(arena, sd, SEC_ASN1_GET(CERT_SignedDataTemplate),
+- der);
+- if (rv)
+- goto loser;
+ SECItem curveOID = { siBuffer, NULL, 0};
-- algtag = SECOID_GetAlgorithmTag(a);
-- if (SEC_PKCS5IsAlgorithmPBEAlgTag(algtag)) {
-- switch (algtag) {
-- case SEC_OID_PKCS5_PBKDF2:
-- secu_PrintKDF2Params(out, &a->parameters, "Parameters", level+1);
-- break;
-- case SEC_OID_PKCS5_PBES2:
-- secu_PrintPKCS5V2Params(out, &a->parameters, "Encryption", level+1);
-- break;
-- case SEC_OID_PKCS5_PBMAC1:
-- secu_PrintPKCS5V2Params(out, &a->parameters, "MAC", level+1);
-- break;
-- default:
-- secu_PrintPBEParams(out, &a->parameters, "Parameters", level+1);
-- break;
-- }
-- return;
-+ SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+ SECU_Indent(out, level); fprintf(out, "%s:\n", m);
+- rv = (*inner)(out, &sd->data, "Data", level+1);
+-
+- SECU_PrintAlgorithmID(out, &sd->signatureAlgorithm, "Signature Algorithm",
+- level+1);
+- DER_ConvertBitString(&sd->signature);
+- SECU_PrintAsHex(out, &sd->signature, "Signature", level+1);
+- SECU_PrintFingerprints(out, der, "Fingerprint", level+1);
+-loser:
+- PORT_FreeArena(arena, PR_FALSE);
+- return rv;
+-}
+-
+-SECStatus
+-SEC_PrintCertificateAndTrust(CERTCertificate *cert,
+- const char *label,
+- CERTCertTrust *trust)
+-{
+- SECStatus rv;
+- SECItem data;
+-
+- data.data = cert->derCert.data;
+- data.len = cert->derCert.len;
+-
+- rv = SECU_PrintSignedData(stdout, &data, label, 0,
+- SECU_PrintCertificate);
+- if (rv) {
+- return(SECFailure);
+- }
+- if (trust) {
+- SECU_PrintTrustFlags(stdout, trust,
+- "Certificate Trust Flags", 1);
+- } else if (cert->trust) {
+- SECU_PrintTrustFlags(stdout, cert->trust,
+- "Certificate Trust Flags", 1);
+ SECU_PrintInteger(out, &pk->u.ec.publicValue, "PublicValue", level+1);
+ /* For named curves, the DEREncodedParams field contains an
+ * ASN Object ID (0x06 is SEC_ASN1_OBJECT_ID).
@@ -1327,94 +3105,16 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
+ curveOID.data = pk->u.ec.DEREncodedParams.data + 2;
+ SECU_PrintObjectID(out, &curveOID, "Curve", level +1);
}
-+}
-+#endif /* NSS_ENABLE_ECC */
-
-- if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
-- secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level+1);
-- return;
-- }
-+#if defined(DEBUG) || defined(FORCE_PR_ASSERT)
-+/* Returns true iff a[i].flag has a duplicate in a[i+1 : count-1] */
-+static PRBool HasShortDuplicate(int i, secuCommandFlag *a, int count)
-+{
-+ char target = a[i].flag;
-+ int j;
-
-- if (a->parameters.len == 0
-- || (a->parameters.len == 2
-- && PORT_Memcmp(a->parameters.data, "\005\000", 2) == 0)) {
-- /* No arguments or NULL argument */
-- } else {
-- /* Print args to algorithm */
-- SECU_PrintAsHex(out, &a->parameters, "Args", level+1);
-- }
-+ /* duplicate '\0' flags are okay, they are used with long forms */
-+ for (j = i+1; j < count; j++) {
-+ if (a[j].flag && a[j].flag == target) {
-+ return PR_TRUE;
-+ }
-+ }
-+ return PR_FALSE;
- }
-+#endif /* defined(DEBUG) || defined(FORCE_PR_ASSERT) */
-
--static void
--secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level)
-+/* Returns true iff a[i].longform has a duplicate in a[i+1 : count-1] */
-+static PRBool HasLongDuplicate(int i, secuCommandFlag *a, int count)
- {
-- SECItem *value;
-- int i;
-- char om[100];
-+ int j;
-+ char *target = a[i].longform;
-
-- if (m) {
-- SECU_Indent(out, level); fprintf(out, "%s:\n", m);
-- }
-+ if (!target)
-+ return PR_FALSE;
-
-- /*
-- * Should make this smarter; look at the type field and then decode
-- * and print the value(s) appropriately!
-- */
-- SECU_PrintObjectID(out, &(attr->type), "Type", level+1);
-- if (attr->values != NULL) {
-- i = 0;
-- while ((value = attr->values[i++]) != NULL) {
-- sprintf(om, "Value (%d)%s", i, attr->encoded ? " (encoded)" : "");
-- if (attr->encoded || attr->typeTag == NULL) {
-- SECU_PrintAny(out, value, om, level+1);
-- } else {
-- switch (attr->typeTag->offset) {
-- default:
-- SECU_PrintAsHex(out, value, om, level+1);
-- break;
-- case SEC_OID_PKCS9_CONTENT_TYPE:
-- SECU_PrintObjectID(out, value, om, level+1);
-- break;
-- case SEC_OID_PKCS9_SIGNING_TIME:
-- SECU_PrintTimeChoice(out, value, om, level+1);
-- break;
-+ for (j = i+1; j < count; j++) {
-+ if (a[j].longform && strcmp(a[j].longform, target) == 0) {
-+ return PR_TRUE;
- }
-- }
- }
-- }
-+ return PR_FALSE;
+-
+- printf("\n");
+-
+- return(SECSuccess);
}
++#endif /* NSS_ENABLE_ECC */
-+/* Returns true iff a has no short or long form duplicates
-+ */
-+
- static void
- secu_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
- {
-@@ -3610,145 +2421,6 @@ SECU_PrintPRandOSError(char *progName)
+ #if defined(DEBUG) || defined(FORCE_PR_ASSERT)
+ /* Returns true iff a[i].flag has a duplicate in a[i+1 : count-1] */
+@@ -3610,145 +778,6 @@ SECU_PrintPRandOSError(char *progName)
}
}
@@ -1560,7 +3260,7 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
SECOidTag
SECU_StringToSignatureAlgTag(const char *alg)
{
-@@ -3776,299 +2448,6 @@ SECU_StringToSignatureAlgTag(const char
+@@ -3776,299 +805,6 @@ SECU_StringToSignatureAlgTag(const char
return hashAlgTag;
}
@@ -1860,7 +3560,7 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
/* Caller ensures that dst is at least item->len*2+1 bytes long */
void
SECU_SECItemToHex(const SECItem * item, char * dst)
-@@ -4131,40 +2510,3 @@ SECU_SECItemHexStringToBinary(SECItem* s
+@@ -4131,40 +867,3 @@ SECU_SECItemHexStringToBinary(SECItem* s
srcdest->len /= 2;
return SECSuccess;
}
@@ -1902,8 +3602,8 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.c.crypto ./mozilla/security/nss/
-
-
diff -up ./mozilla/security/nss/cmd/lib/secutil.h.crypto ./mozilla/security/nss/cmd/lib/secutil.h
---- ./mozilla/security/nss/cmd/lib/secutil.h.crypto 2012-03-01 11:21:36.547241267 -0800
-+++ ./mozilla/security/nss/cmd/lib/secutil.h 2012-03-01 11:31:16.154241651 -0800
+--- ./mozilla/security/nss/cmd/lib/secutil.h.crypto 2011-11-16 11:12:30.000000000 -0800
++++ ./mozilla/security/nss/cmd/lib/secutil.h 2012-03-01 13:43:17.979116817 -0800
@@ -38,7 +38,10 @@
#include "seccomon.h"
@@ -1915,7 +3615,7 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.h.crypto ./mozilla/security/nss/
#include "prerror.h"
#include "base64.h"
#include "key.h"
-@@ -47,23 +50,6 @@
+@@ -47,226 +50,31 @@
#include "secder.h"
#include <stdio.h>
@@ -1938,11 +3638,13 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.h.crypto ./mozilla/security/nss/
-
#define SECU_Strerror PORT_ErrorToString
- #ifdef SECUTIL_NEW
-@@ -73,143 +59,23 @@ typedef int (*SECU_PPFunc)(PRFileDesc *o
- typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level);
- #endif
-
+-#ifdef SECUTIL_NEW
+-typedef int (*SECU_PPFunc)(PRFileDesc *out, SECItem *item,
+- char *msg, int level);
+-#else
+-typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level);
+-#endif
+-
-typedef struct {
- enum {
- PW_NONE = 0,
@@ -2080,10 +3782,13 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.h.crypto ./mozilla/security/nss/
-/* Print ObjectIdentifier symbolically */
-extern SECOidTag SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level);
-
- /* Print AlgorithmIdentifier symbolically */
- extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m,
- int level);
-@@ -220,53 +86,6 @@ extern void SECU_PrintAsHex(FILE *out, S
+-/* Print AlgorithmIdentifier symbolically */
+-extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m,
+- int level);
+-
+ /* Print SECItem as hex */
+ extern void SECU_PrintAsHex(FILE *out, SECItem *i, const char *m, int level);
+
/* dump a buffer in hex and ASCII */
extern void SECU_PrintBuf(FILE *out, const char *msg, const void *vp, int len);
@@ -2137,7 +3842,7 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.h.crypto ./mozilla/security/nss/
/* Dump contents of an RSA public key */
extern int SECU_PrintRSAPublicKey(FILE *out, SECItem *der, char *m, int level);
-@@ -278,31 +97,9 @@ extern int SECU_PrintSubjectPublicKeyInf
+@@ -278,55 +86,10 @@ extern int SECU_PrintSubjectPublicKeyInf
extern int SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level);
#endif
@@ -2167,12 +3872,12 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.h.crypto ./mozilla/security/nss/
-SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level);
-
extern void SECU_PrintString(FILE *out, SECItem *si, char *m, int level);
- extern void SECU_PrintAny(FILE *out, SECItem *i, char *m, int level);
-
-@@ -310,24 +107,6 @@ extern void SECU_PrintPolicy(FILE *out,
- extern void SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value,
- char *msg, int level);
-
+-extern void SECU_PrintAny(FILE *out, SECItem *i, char *m, int level);
+-
+-extern void SECU_PrintPolicy(FILE *out, SECItem *value, char *msg, int level);
+-extern void SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value,
+- char *msg, int level);
+-
-extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
- char *msg, int level);
-
@@ -2190,11 +3895,10 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.h.crypto ./mozilla/security/nss/
-extern SECStatus DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw);
-
-extern char *SECU_SECModDBName(void);
--
+
extern void SECU_PrintPRandOSError(char *progName);
- extern SECStatus SECU_RegisterDynamicOids(void);
-@@ -335,69 +114,6 @@ extern SECStatus SECU_RegisterDynamicOid
+@@ -335,70 +98,6 @@ extern SECStatus SECU_RegisterDynamicOid
/* Identifies hash algorithm tag by its string representation. */
extern SECOidTag SECU_StringToSignatureAlgTag(const char *alg);
@@ -2261,12 +3965,13 @@ diff -up ./mozilla/security/nss/cmd/lib/secutil.h.crypto ./mozilla/security/nss/
-SECU_EncodeAndAddExtensionValue(PRArenaPool *arena, void *extHandle,
- void *value, PRBool criticality, int extenType,
- EXTEN_EXT_VALUE_ENCODER EncodeValueFn);
-
+-
/* Caller ensures that dst is at least item->len*2+1 bytes long */
void
+ SECU_SECItemToHex(const SECItem * item, char * dst);
diff -up ./mozilla/security/nss/cmd/manifest.mn.crypto ./mozilla/security/nss/cmd/manifest.mn
---- ./mozilla/security/nss/cmd/manifest.mn.crypto 2012-03-01 11:32:10.034117495 -0800
-+++ ./mozilla/security/nss/cmd/manifest.mn 2012-03-01 11:34:08.933116471 -0800
+--- ./mozilla/security/nss/cmd/manifest.mn.crypto 2010-12-06 09:22:48.000000000 -0800
++++ ./mozilla/security/nss/cmd/manifest.mn 2012-03-01 13:22:52.805116456 -0800
@@ -41,46 +41,9 @@ DEPTH = ../..
REQUIRES = nss nspr libdbm
@@ -2315,8 +4020,8 @@ diff -up ./mozilla/security/nss/cmd/manifest.mn.crypto ./mozilla/security/nss/cm
TEMPORARILY_DONT_BUILD = \
diff -up ./mozilla/security/nss/cmd/platlibs.mk.crypto ./mozilla/security/nss/cmd/platlibs.mk
---- ./mozilla/security/nss/cmd/platlibs.mk.crypto 2012-03-01 11:34:45.299116827 -0800
-+++ ./mozilla/security/nss/cmd/platlibs.mk 2012-03-01 11:53:15.822241384 -0800
+--- ./mozilla/security/nss/cmd/platlibs.mk.crypto 2010-06-11 17:58:33.000000000 -0700
++++ ./mozilla/security/nss/cmd/platlibs.mk 2012-03-01 13:22:52.806116691 -0800
@@ -92,43 +92,13 @@ DEFINES += -DNSS_USE_STATIC_LIBS
# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
CRYPTOLIB=$(SOFTOKEN_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
@@ -2411,8 +4116,8 @@ diff -up ./mozilla/security/nss/cmd/platlibs.mk.crypto ./mozilla/security/nss/cm
-L$(NSSUTIL_LIB_DIR) \
-lnssutil3 \
diff -up ./mozilla/security/nss/tests/all.sh.crypto ./mozilla/security/nss/tests/all.sh
---- ./mozilla/security/nss/tests/all.sh.crypto 2012-03-01 11:53:54.442241531 -0800
-+++ ./mozilla/security/nss/tests/all.sh 2012-03-01 12:05:47.277116230 -0800
+--- ./mozilla/security/nss/tests/all.sh.crypto 2010-01-29 11:58:40.000000000 -0800
++++ ./mozilla/security/nss/tests/all.sh 2012-03-01 13:22:52.807116712 -0800
@@ -303,10 +303,10 @@ run_cycles()
############################## main code ###############################
More information about the scm-commits
mailing list